Date: Tue, 27 Sep 2016 13:49:23 -0500 From: CyberLeo Kitsana <cyberleo@cyberleo.net> To: zhaghzhagh@openmailbox.org, freebsd-geom@freebsd.org Subject: Re: GELI on remotely hosted FreeBSD VM Message-ID: <429fb95a-27c0-46f7-e7be-faa77e31414c@cyberleo.net> In-Reply-To: <c1fb16ed32ccb40a0bb86d1af322d6eb@openmailbox.org> References: <c1fb16ed32ccb40a0bb86d1af322d6eb@openmailbox.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 09/27/2016 09:13 AM, zhaghzhagh@openmailbox.org wrote: > Hello > > Wonder if there is any security implication with GELI based full disk > encryption and FreeBSD running on Xen based VM? <snip> > In general, would like to have a clearer picture about the effectiveness > of full disk encryption in case of VM hosted at an 'unknown' physical > location. Disk encryption only protects against offline attacks, or certain attacks on remote storage where the key is nowhere near the storage. If an attacker has access to the host side of a running or paused VM, it is equivalent to having physical access to a running machine; there is little you can do to secure a machine against such an attacker. -- Fuzzy love, -CyberLeo Technical Administrator CyberLeo.Net Webhosting http://www.CyberLeo.Net <CyberLeo@CyberLeo.Net> Furry Peace! - http://www.fur.com/peace/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?429fb95a-27c0-46f7-e7be-faa77e31414c>