as the attacker can mount the file system and copy any file to any location when booting from external media.
Another mega fail: not using an encrypted file system on his server.
The problem with Full Disk Encryption (FDE) on remote managed servers is that FDE significantly lengthens server outages. Every scheduled outage by the facility now requires your input to bring up your server.
This is especially problematic if your hosting facility does not provide remote admin tools like Dell iDRAC or HP iLO.
So effectively for every scheduled and non-scheduled outage your server experiences you would need to drive over to the remote facility to input your FHD password. That is an annoyance most would rather live without.
tl;dr FDE is great for mobile devices and VMs in public cloud, but a pita for physical servers in remote colo. Remember: There is no perfect security. There are only tradeoffs.
reply
He possesses the technical acumen to create a boot partition that remains unencumbered by encryption, while concurrently crafting another partition that is safeguarded by cryptographic means, which can then be accessed through the utilization of the cryptsetup utility
reply
Most providers have some sort of KVM you can use without needing to drive over there.
Granted - I don't know what Luke was running on this "server", but it sounds like it was an old school single machine setup and not some ephemeral k8s cluster or anything, so IMO I'd still like to know why he wasn't using FDE. Perhaps his hosting company doesn't have FDE, but that's a good reason not to use them IMO
reply