Hi I hope this was not asked before. What methods can be used to secure the "tinc" config files? If for example using a VPS provider like digital ocean , how can one be sure that the local admins dont access your container and read the contents of the tinc config files? Is there a better solution , should full drive encryption be used and dedicated servers? Regards Yazeed Fataar <yazeedfataar at hotmail.com> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> This email has been sent from a virus-free computer protected by Avast. www.avast.com <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> <#DDB4FAA8-2DD7-40BB-A1B8-4E2AA1F9FDF2> -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20160124/7d0c2dbe/attachment.html>
On Sun, Jan 24, 2016 at 10:01:23AM +0300, Yazeed Fataar wrote:> I hope this was not asked before. What methods can be used to secure the > "tinc" config files? If for example using a VPS provider like digital ocean > , how can one be sure that the local admins dont access your container and > read the contents of the tinc config files? Is there a better solution , > should full drive encryption be used and dedicated servers?You should consider any VPS compromised from the very start. Even full-drive encryption on a dedicated server won't help unless you can somehow make absolutely sure that someone with physical access to the machine cannot access the encryption key or just log in. That is harder than it sounds. -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20160124/fad271eb/attachment.sig>
Hi Guus Can you recommend a good strategy in securely managing the config and hosts files please? <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> This email has been sent from a virus-free computer protected by Avast. www.avast.com <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> <#DDB4FAA8-2DD7-40BB-A1B8-4E2AA1F9FDF2> Regards Yazeed Fataar <yazeedfataar at hotmail.com> On Sun, Jan 24, 2016 at 11:50 AM, Guus Sliepen <guus at tinc-vpn.org> wrote:> On Sun, Jan 24, 2016 at 10:01:23AM +0300, Yazeed Fataar wrote: > > > I hope this was not asked before. What methods can be used to secure the > > "tinc" config files? If for example using a VPS provider like digital > ocean > > , how can one be sure that the local admins dont access your container > and > > read the contents of the tinc config files? Is there a better solution , > > should full drive encryption be used and dedicated servers? > > You should consider any VPS compromised from the very start. Even > full-drive encryption on a dedicated server won't help unless you can > somehow make absolutely sure that someone with physical access to the > machine cannot access the encryption key or just log in. That is harder > than it sounds. > > -- > Met vriendelijke groet / with kind regards, > Guus Sliepen <guus at tinc-vpn.org> > > _______________________________________________ > tinc mailing list > tinc at tinc-vpn.org > http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc > >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20160124/eeccf26a/attachment-0001.html>