[PLUG] looking for secure space for a mail server

Tomas Kuchta tomas.kuchta.lists at gmail.com
Mon Jun 18 20:49:57 UTC 2018


I have heard that security versus physical HW in colo argument so many
times.

In my opinion, a padlock is way less secure than well implemented crypto.

The only security benefit I see from physical HW would be hosting it on
premises - if your threat vector is suponea. Both VM or HW in colo can be
legally accessed without your knowledge, which shouldn't be possible when
hosting on premises.

Cost or special snowflake HW would be another consideration. If one gets to
rent 15U for $300 a month and if you can fully utilize that volume - you
could save considerable $$ in certain load scenarios.

Just my thoughts on possible value of real HW outside mainstream and
home/office.

Tomas

On Mon, Jun 18, 2018, 12:41 PM Louis Kowolowski <louisk at cryptomonkeys.org>
wrote:

>
>
> > On Jun 18, 2018, at 1:38 PM, Michael Rasmussen <michael at michaelsnet.us>
> wrote:
> >
> > To stress "As others have suggested, you may be able to use a VM" - at
> my final job before retirement (Large bank, Fortune 500, etc) everything
> possible was migrated to in-house VMs.
> > I want to say mail services were an early migration. In any case, the
> entire mail infrastructure was run on virtual servers.
> >
> > There's no need for a physical server.
> >
> This is your opinion. We're not trying to determine if a VM is capable of
> running *a* mail server. We're trying to determine what the requirements of
> *his* mail server are, because that drives whether a physical server is
> required.
>
> There may be a security requirement such as "no AES key leakage to other
> tenants". In this case, he may not be able to use a VM. There are people in
> the crypto community who believe that any system that needs secure crypto
> should not be virtualized.
>
> Again, I'm trying to gather what the requirements are before stating what
> the solution is.
>
> --
> Louis Kowolowski                                louisk at cryptomonkeys.org
> Cryptomonkeys:
> http://www.cryptomonkeys.com/
>
> Making life more interesting for people since 1977
>
> _______________________________________________
> PLUG mailing list
> PLUG at pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>



More information about the PLUG mailing list