OT: Newbie questions on security

On Wed, Mar 7, 2012 at 6:42 PM, Stayvoid wrote:

What is more secure: dedicated server or VPS?
I've been told that a hoster has an ability to look through the files on the VM.
Why people use this solution for MTAs?  Do they care about privacy? Is
it possible to hide your data from the staff?

For an MTA, there's not really any difference.  If the email isn't
encrypted using something like OpenPGP, etc, then it's basically an
electronic postcard readable to anybody along the cables and mail
relays it passes through. Doesn't make a lick of difference.


To UNSUBSCRIBE, email to
with a subject of "unsubscribe". Trouble? Contact
Archive: http://lists.debian.org/CAMPM96pAYn9Cd22q=

On Jo, 08 mar 12, 05:42:51, Stayvoid wrote:

Hi there.

I've recently read Securing Debian Manual and I have some newbie
questions connected with security.
I've thought that debian-security is the right list
for them, but I was wrong.
What is the proper list for such questions?

debian-user is a good start.

Here is an example:
What is more secure: dedicated server or VPS?
I've been told that a hoster has an ability to look through the files on the VM.

A machine (including any virtual hosts on it) can not be 100% secured
from people having physical access to it.

Why people use this solution for MTAs?

Why not? (see also Paul's message)

Do they care about privacy?

Unknown.

Is it possible to hide your data from the staff?

No[1].

P.S. I have more questions to ask and I don't really know where to
post them. So I need your advice. Sorry for the OT.

You can post them here as long as they are Debian related[2]. If there
is a better list for any specific question you will get hints.

[1] It is possible to deposit data on a remote host (e.g. encrypted), if
it is just for storage reasons, but if the host can access the
un-encrypted data, the staff can read it too.

[2] if you actually run gNewSense or any other Debian derivative you
should ask there instead, since the developers may have made
customizations we are not aware of and our advice may be completely
wrong.

Kind regards,
Andrei
Offtopic discussions among Debian users and developers:
http://lists.alioth.debian.org/mail...y-offtopic





To UNSUBSCRIBE, email to
with a subject of "unsubscribe". Trouble? Contact
Archive: http://lists.debian.org/

A machine (including any virtual hosts on it) can not be 100% secured
from people having physical access to it.

So the only solution in this case is to run the server at my place. Right?


To UNSUBSCRIBE, email to
with a subject of "unsubscribe". Trouble? Contact
Archive: http://lists.debian.org/CAK5fS_Ff7z...3n8SgJU-K=

On Jo, 08 mar 12, 14:56:03, Stayvoid wrote:

> A machine (including any virtual hosts on it) can not be 100% secured
> from people having physical access to it.
So the only solution in this case is to run the server at my place. Right?

Depends on your paranoia, since your place is not 100% secure either ;)

Kind regards,
Andrei
Offtopic discussions among Debian users and developers:
http://lists.alioth.debian.org/mail...y-offtopic





To UNSUBSCRIBE, email to
with a subject of "unsubscribe". Trouble? Contact
Archive: http://lists.debian.org/

On Jo, 08 mar 12, 12:52:01, Andrei POPESCU wrote:

You can post them here as long as they are Debian related[2]. If there
is a better list for any specific question you will get hints.

Sorry list, I didn't expect what was about to come...

Kind regards,
Andrei
Offtopic discussions among Debian users and developers:
http://lists.alioth.debian.org/mail...y-offtopic





To UNSUBSCRIBE, email to
with a subject of "unsubscribe". Trouble? Contact
Archive: http://lists.debian.org/