Trust rack space provider?

["Marsh J. Ray" <marsh-obsd_(_at_)_mysteray_(_dot_)_com>]

Richard Welty wrote:

> On Tue, 25 May 2004 19:00:44 -0400 "Marsh J. Ray" <marsh-obsd_(_at_)_mysteray_(_dot_)_com> wrote:
>  
>
> > Write the root password on the front of the CPU box. Put it on the back 
> > of a business card and tape it on upside down and backwards so you can 
> > flip it up to read it.
> >    
>
> that's fine as long as there is decent access control to the password, but
> you'll never catch me doing that.
>  
Access control to the password is pointless if you don't control access 
to a the box itself that can be compromised with a boot floppy.

> i'm familiar with an incident where a "friendly" foreign power infiltrated agents
> onto the staff of a janitorial firm that did the outsourced service for a US Army
> research facility. they got quite a lot of data out of the trash cans.
>  
And how hard would it have been for them to use a boot medium to vacuum 
the data, insert a backdoor, etc., and explain later that they 
accidentally "tripped" over the power cord or something?

from http://text.staticfree.info/computer.folklore.from.net.rumors.html :
   Reminds me of the Arpanet site that used to crash frequently
   right around the end of the day.  Seems the cleaner plugged the
   floor buffer into a convenient 100AC outlet - the one inside the
   IMP cabinet.

> this is why i'm hell on people who put passwords on postits on their monitors.
>  
[]

I didn't suggest putting them on the user's monitor, I said the server 
box itself.
Your physical safe idea is a good one, too.

I guess this is security related, maybe a little off-topic, but a 
serious question.

Question: how (or even) can I host a server at a "rack space" provider 
without complete trust in their staff?

- Marsh