Considering recent firmware attacks like Cloudborne that target bare metal servers, I'm curious about the trustworthiness of bare metal dedicated server providers. I understand that well-known providers like Oracle and AWS have built-in hardware safeguards against these vulnerabilities. However, I'm uncertain about cheaper alternatives such as OVH, Hetzner, or Scaleway. Since my budget doesn't allow for larger cloud companies like Oracle, AWS, Google, or Microsoft, what should I consider when deciding whether to trust these more affordable options?
5 Answers
Honestly, trusting the cloud is a big gamble. You don't have control or oversight of your servers, and there's always a risk of physical tampering. But some people are okay with that risk, I guess.
You should really trust no one! Smaller providers have experienced serious vulnerabilities too. Just look at the NordVPN issue with unauthorized access back in the day. These breaches can happen again without warning.
If you're really on a tight budget, one option is to purchase your own hardware and just rent space at a data center, but I get that's not ideal for everyone.
Yeah, that’s not really feasible for me right now.
Absolutely, trusting smaller providers can be a mixed bag. Just stay informed and do your research on their security practices.
The big dedicated server providers usually have ISO certifications and are subjected to regular security audits. Their IPMI management interfaces are in private networks, not facing the internet. However, it's still up to you to manage your firewall, AV, and other security systems on your end.
But some smaller providers, like InterServer and Scaleway, just use IP allowlisting instead of those isolated networks. That can be a concern.
I'm not worried about physical tampering. I trust my provider's security measures; it's the previous users of my rented servers that concern me.