If the computer is powered off, moved or confiscated, there is no data to retrieve.
We get the operational benefits of having fewer breakable parts. Disks are among the components that break often. Therefore, switching away from them makes our infrastructure more reliable.
The operational tasks of setting up and upgrading package versions on servers become faster and easier.
While mostly true, there are ways to preserve ram if the device is confiscated.
Your local PD likely couldn’t pull it off, but if one of the larger abbreviation agencies were to get involved, data on RAM isn’t a huge hurdle. Assuming no one flips the power switch, at least.
Yeah, freezing and dumping RAM is a well known attack, even happening at some airports with laptops. But it still requires very recently powered ram, basically still in operation before extraction. It’s a big step toward security at least.
I guess it’s going to stop any standard agencies with a warrant. Confiscating the machine for it to sit in a warehouse until some forensic techs get their hands on it.
Sure, but how often does that happen to servers running 24/7? They’d have to set up some sort of dead man’s switch, movement sensors, or something. It’s unlikely they’d get a day’s notice that the servers are going to be confiscated for forensic analysis.
How long do you think would you have? Also, any manual action on your part would be obstruction, while an automated system could be defended as anti-theft protection.
It’s also possible to seize equipment without powering it down: They literally cut out the outlet the servers are connected to, switching them to their own portable power supply before severing the connection to the wall. Kinda crazy, but they cut right into the wall and attach stuff to power it.
If whoever wants that data has the resources, it’s possible. Likely it would be a coordinated state agency takedown, where the data center operator assists, and a huge squad de-racks and dumps whole servers into vats of liquid nitrogen.
More likely is they try to get access to the systems while running via the CPU’s backdoor management subsystem
What does “without any disks in use” mean?
https://mullvad.net/en/blog/2022/1/12/diskless-infrastructure-beta-system-transparency-stboot/
While mostly true, there are ways to preserve ram if the device is confiscated.
Your local PD likely couldn’t pull it off, but if one of the larger abbreviation agencies were to get involved, data on RAM isn’t a huge hurdle. Assuming no one flips the power switch, at least.
Yeah, freezing and dumping RAM is a well known attack, even happening at some airports with laptops. But it still requires very recently powered ram, basically still in operation before extraction. It’s a big step toward security at least.
I guess it’s going to stop any standard agencies with a warrant. Confiscating the machine for it to sit in a warehouse until some forensic techs get their hands on it.
There are devices that allow moving and confiscating computers without powering them off.
The rest are true.
That’s assuming those computers weren’t already powered off first.
Sure, but how often does that happen to servers running 24/7? They’d have to set up some sort of dead man’s switch, movement sensors, or something. It’s unlikely they’d get a day’s notice that the servers are going to be confiscated for forensic analysis.
How long do you think it takes to broadcast a network wide shutdown command over the management network?
How long do you think would you have? Also, any manual action on your part would be obstruction, while an automated system could be defended as anti-theft protection.
deleted by creator
It’s also possible to seize equipment without powering it down: They literally cut out the outlet the servers are connected to, switching them to their own portable power supply before severing the connection to the wall. Kinda crazy, but they cut right into the wall and attach stuff to power it.
Is it possible or just theoretically possible? It doesn’t seem much of an attack vector?
I also guess it’s more from law enforcement siezing equipment too?
deleted by creator
https://en.wikipedia.org/wiki/Cold_boot_attack
If whoever wants that data has the resources, it’s possible. Likely it would be a coordinated state agency takedown, where the data center operator assists, and a huge squad de-racks and dumps whole servers into vats of liquid nitrogen.
More likely is they try to get access to the systems while running via the CPU’s backdoor management subsystem