Results 1 to 4 of 4
Thread: KVM poses security threats?
-
04-05-2015, 12:48 AM #1Junior Guru Wannabe
- Join Date
- Aug 2014
- Posts
- 73
KVM poses security threats?
Hi,
I'm dealing with a host that frankly has a good reputation.
The problem comes when we use dedicated servers with them.
They installed me Windiws 2008 R2 and didn't install it on the correct disk (wanted the OS on the SSD, not on a magnetic drive), so I asked them to redo the install (which they are willing to, not too worried about that), so at the end of my tick request I told them
You know, if I would have 1 suggestion to give you guys, would be to support KVM for customers. I'm coming from a dedi provider supporting it, and it makes things a lot easier for everyone.
We would do this if it did not have serious security problems.
If yes, what security problems does this pose exactly? And beside, why so many providers offer KVM absolutely free of charge, as a 'must' package, and have it running just fine?
They basically tell me IPMI/KVM access is only given to their techs.
Thanks!
-
04-05-2015, 01:06 AM #2Junior Guru Wannabe
- Join Date
- Jun 2014
- Posts
- 76
Well, the short answer is yes. I've run into a few security problems with KVM mostly related to exploits resulting in all passwords being changed and the server in question - powered off. All sorts of nasty stuff can be done via kvm - they can adjust bios settings, boot your OS in single-user mode (linux), change your login passwords, download your files, etc.
All my kvms are IP-restricted.
-
04-05-2015, 04:21 AM #3Web Hosting Master
- Join Date
- Aug 2007
- Location
- L.A., CA
- Posts
- 3,710
That's because they do not have the proper infrastructure and network setup to provide it to you securely, over a private network.
They most likely just run a single public network and run IPMI just for themselves on their own internal network accessed by a VPN -- they haven't built it out to offer clients access to their own private networks.EasyDCIM.com - DataCenter Infrastructure Management - HELLO DEDICATED SERVER & COLO PROVIDERS! - Reach Me: chris@easydcim.com
Bandwidth Billing | Inventory & Asset Management | Server Control
Order Forms | Reboots | IPMI Control | IP Management | Reverse&Forward DNS | Rack Management
-
04-05-2015, 09:16 AM #4Web Hosting Master
- Join Date
- Oct 2007
- Posts
- 2,349
Hi,
Yes, I agree if they are using it in unsafe way, security risk increases too, but again if you are using KVM in an non-secure way like discussed above, about changing the bios and all, well there is a way to deal this too. You can give a password to grub and this will not let anyone go into single user mode to boot it. If you are a server provider, giving the KVM access is most important, as the clients are responsible fully to manage their server.
Most of them provide a session based KVM java files through the panel. You need to download, however, when you close java connection, the session expires and you cannot get to the server with the same KVM file again. OVH does this and doing great.
The way we use this defines whether its secure or not.www.24x7servermanagement.com
Server Management, Server Security, Server Monitoring.
India's Leading Managed Service Provider !! Skype: techs24x7
Similar Threads
-
"Internet Password Minder" - The Answer to End-User Security Threats
By Johnny Cache in forum Web Hosting LoungeReplies: 2Last Post: 12-08-2013, 05:06 PM -
Managing Email Security Threats: Learn from the Experts
By HostingConRSS in forum From the HostingCon BlogReplies: 0Last Post: 03-22-2013, 10:20 AM -
Most common security threats
By lalog00 in forum Hosting Security and TechnologyReplies: 10Last Post: 08-05-2011, 12:36 PM -
Security Threats
By Irbo in forum Hosting Security and TechnologyReplies: 3Last Post: 09-09-2008, 04:28 AM -
/_Virus Poses as Microsoft Security Patch_/
By gina_ in forum Web Hosting LoungeReplies: 27Last Post: 09-29-2003, 12:32 PM