Results 1 to 4 of 4
  1. #1
    Join Date
    Aug 2014
    Posts
    73

    KVM poses security threats?

    Hi,

    I'm dealing with a host that frankly has a good reputation.
    The problem comes when we use dedicated servers with them.

    They installed me Windiws 2008 R2 and didn't install it on the correct disk (wanted the OS on the SSD, not on a magnetic drive), so I asked them to redo the install (which they are willing to, not too worried about that), so at the end of my tick request I told them

    You know, if I would have 1 suggestion to give you guys, would be to support KVM for customers. I'm coming from a dedi provider supporting it, and it makes things a lot easier for everyone.
    They replied me with
    We would do this if it did not have serious security problems.
    Is this just an excuse to hide some truth not stated in their answer, or because it's true and common to have KVM security problems?

    If yes, what security problems does this pose exactly? And beside, why so many providers offer KVM absolutely free of charge, as a 'must' package, and have it running just fine?
    They basically tell me IPMI/KVM access is only given to their techs.

    Thanks!

  2. #2
    Join Date
    Jun 2014
    Posts
    76
    Well, the short answer is yes. I've run into a few security problems with KVM mostly related to exploits resulting in all passwords being changed and the server in question - powered off. All sorts of nasty stuff can be done via kvm - they can adjust bios settings, boot your OS in single-user mode (linux), change your login passwords, download your files, etc.

    All my kvms are IP-restricted.

  3. #3
    Join Date
    Aug 2007
    Location
    L.A., CA
    Posts
    3,710
    That's because they do not have the proper infrastructure and network setup to provide it to you securely, over a private network.
    They most likely just run a single public network and run IPMI just for themselves on their own internal network accessed by a VPN -- they haven't built it out to offer clients access to their own private networks.
    EasyDCIM.com - DataCenter Infrastructure Management - HELLO DEDICATED SERVER & COLO PROVIDERS! - Reach Me: chris@easydcim.com
    Bandwidth Billing | Inventory & Asset Management | Server Control
    Order Forms | Reboots | IPMI Control | IP Management | Reverse&Forward DNS | Rack Management

  4. #4
    Hi,

    Yes, I agree if they are using it in unsafe way, security risk increases too, but again if you are using KVM in an non-secure way like discussed above, about changing the bios and all, well there is a way to deal this too. You can give a password to grub and this will not let anyone go into single user mode to boot it. If you are a server provider, giving the KVM access is most important, as the clients are responsible fully to manage their server.

    Most of them provide a session based KVM java files through the panel. You need to download, however, when you close java connection, the session expires and you cannot get to the server with the same KVM file again. OVH does this and doing great.

    The way we use this defines whether its secure or not.
    www.24x7servermanagement.com
    Server Management, Server Security, Server Monitoring.
    India's Leading Managed Service Provider !! Skype: techs24x7

Similar Threads

  1. "Internet Password Minder" - The Answer to End-User Security Threats
    By Johnny Cache in forum Web Hosting Lounge
    Replies: 2
    Last Post: 12-08-2013, 05:06 PM
  2. Managing Email Security Threats: Learn from the Experts
    By HostingConRSS in forum From the HostingCon Blog
    Replies: 0
    Last Post: 03-22-2013, 10:20 AM
  3. Most common security threats
    By lalog00 in forum Hosting Security and Technology
    Replies: 10
    Last Post: 08-05-2011, 12:36 PM
  4. Security Threats
    By Irbo in forum Hosting Security and Technology
    Replies: 3
    Last Post: 09-09-2008, 04:28 AM
  5. /_Virus Poses as Microsoft Security Patch_/
    By gina_ in forum Web Hosting Lounge
    Replies: 27
    Last Post: 09-29-2003, 12:32 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •