You are not logged in.
Pages: 1
Hi.
I am sharing a Virtual Machine with someone and I would like to make sure the my data belongs to me ![]()
My plan is to use VM with a LUKS-encrypted partition including my personal data (mail server in this case) and have it set up using LVM. The VM host is using LVM also.
Do you see any security concern with this approach?
I read this article also
https://wiki.archlinux.org/title/Removi … encryption
Is there anything I am not aware off, i.e. is the password for LUKS stored in memory somewhere or are there other issues?
Thanks for your help.
_fuz
Offline
Offline
Yes, it must be completely be unlocked for operations.
I am more concerned about internal security than external. I do not want someone to copy the image of my virtual machine an get it working on a different vm host.
Offline
LUKS basically only provides at-rest encryption. If someone else has access to the VM host, they can dump memory, and grab keys.
Even so I also encrypt my VPS simply because I have no control over what happens with the hard drives after failure. Plus there is the human/configuration error component, like another VM might run with access to my drive, also without my knowledge. Things like that.
So if you need encryption it might be better than nothing, just don't expect it to be secure against a determined person who you already know has access to the system because you're sharing them. Essentially you should only share if you have a very high level of trust.
Offline
Offline
@frostschutz
It is definitivly not what I would have liked to hear but I am afraid you are right. As with todays high energy prices I would have tried to avoid running another host...
@Slithery
Right, not sharing VM, sharing VM host instead.
Thanks to both of you for your help ![]()
Offline
@frostschutz
I like your nick - it is cool in any sense ![]()
Offline
Pages: 1