FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 10-10-2011, 08:43 PM
Bade Iriabho
 
Default Deciding when to do system encryption

Hello All,

I have read that system encryption slows a computer down. However, I am more
interested in when to use it. Consider the following scenarios:

1. You have a server in a secured server room on a rack (is there any need
and advantage to having system encryption in this particular case)
2. you have a server sitting in an office that is accessible by everyone
2. You have a desktop
3. You have a laptop

So my questions are: What situations/scenarios do you consider before
implementing system encryption? I guess at the end of the day, I am trying
to figure out the best practices.

Regards,
B.I.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 10-11-2011, 04:31 AM
Paul Heinlein
 
Default Deciding when to do system encryption

On Mon, 10 Oct 2011, Bade Iriabho wrote:

> Hello All,
>
> I have read that system encryption slows a computer down. However, I am more
> interested in when to use it. Consider the following scenarios:
>
> 1. You have a server in a secured server room on a rack (is there any need
> and advantage to having system encryption in this particular case)
> 2. you have a server sitting in an office that is accessible by everyone
> 2. You have a desktop
> 3. You have a laptop
>
> So my questions are: What situations/scenarios do you consider
> before implementing system encryption? I guess at the end of the
> day, I am trying to figure out the best practices.

The real question is your risk. The situation or scenario is at best a
mitigation of the risk.

That is, how valuable to is the data on any of those machines? How
much of your time, money, and/or reputation be consumed if your data
are stolen? What will the impact on you (and your customers) be if
your data's confidentiality, integrity, or availability is threatened?
Who are the threats: employees? random visitors to your office?
thieves? business competitors?

Answer those questions first.

At that point, you're in a better position to assess the
vulnerabilities of each platform. You might decide that a locked room
in a locked building (e.g., a server room) is sufficient mitigation
against your threats -- or not.

I have a hard time imagining a situation where data on a business
laptop should NOT be encrypted, but it may be that a good backup is
all you need.

--
Paul Heinlein <> heinlein@madboa.com <> http://www.madboa.com/
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 10-11-2011, 05:26 AM
Lucian
 
Default Deciding when to do system encryption

On Mon, Oct 10, 2011 at 9:43 PM, Bade Iriabho <ebade@mathbiol.org> wrote:
> Hello All,
>
> I have read that system encryption slows a computer down. However, I am more
> interested in when to use it. Consider the following scenarios:
>
> 1. You have a server in a secured server room on a rack (is there any need
> and advantage to having system encryption in this particular case)
> 2. you have a server sitting in an office that is accessible by everyone
> 2. You have a desktop
> 3. You have a laptop
>
> So my questions are: What situations/scenarios do you consider before
> implementing system encryption? I guess at the end of the day, I am trying
> to figure out the best practices.
>

I always encrypt the hdd of my laptops, I don't notice much overhead;
on servers I encrypt partitions with very sensitive information.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 10-11-2011, 01:10 PM
 
Default Deciding when to do system encryption

Bade Iriabho wrote:
> Hello All,
>
> I have read that system encryption slows a computer down. However, I am
> more interested in when to use it. Consider the following scenarios:

Some, but not that much (depending on how you're using the system).
>
> 1. You have a server in a secured server room on a rack (is there any need
> and advantage to having system encryption in this particular case)

Only if there's requirements from above... or if you're going to be
pulling drives as backups, say, and taking them out of there.

> 2. you have a server sitting in an office that is accessible by everyone

It would be a good idea.

> 2. You have a desktop

Depends on who has access, and how much your data's worth.

> 3. You have a laptop
<snip>
The US gov't, and federal contractors, require encryption on all laptops.
Many companies are starting to go that way. Do *you* really want to read
in the papers, or have your manager call you in (if it's a work laptop),
and tell you what happened to all the information on your laptop? Or how
someone broke into it, and used it to get to *their* network?

mark

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 10-11-2011, 02:43 PM
Bade Iriabho
 
Default Deciding when to do system encryption

Thanks guys, Paul you make very good points. Noted...

>> 1. You have a server in a secured server room on a rack (is there any
need
>> and advantage to having system encryption in this particular case)

> Only if there's requirements from above... or if you're going to be
> pulling drives as backups, say, and taking them out of there.

Very interesting, Your response just gave me another question If I have
system encrytion on a server with RAID (dont think the type matters, but
lets say RAID 5) and hot-swappable drives and one drive fails. What happens
when you replace the drive, how do you handle rebuilding the data on the new
drive with system encryption? are there online resources/links for handling
rebuilding the data on new drives when the server/PC already had system
encryption. Or are my questions/thoughts on this way of course.

B.I.

On Tue, Oct 11, 2011 at 8:10 AM, <m.roth@5-cent.us> wrote:

> Bade Iriabho wrote:
> > Hello All,
> >
> > I have read that system encryption slows a computer down. However, I am
> > more interested in when to use it. Consider the following scenarios:
>
> Some, but not that much (depending on how you're using the system).
> >
> > 1. You have a server in a secured server room on a rack (is there any
> need
> > and advantage to having system encryption in this particular case)
>
> Only if there's requirements from above... or if you're going to be
> pulling drives as backups, say, and taking them out of there.
>
> > 2. you have a server sitting in an office that is accessible by everyone
>
> It would be a good idea.
>
> > 2. You have a desktop
>
> Depends on who has access, and how much your data's worth.
>
> > 3. You have a laptop
> <snip>
> The US gov't, and federal contractors, require encryption on all laptops.
> Many companies are starting to go that way. Do *you* really want to read
> in the papers, or have your manager call you in (if it's a work laptop),
> and tell you what happened to all the information on your laptop? Or how
> someone broke into it, and used it to get to *their* network?
>
> mark
>
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 10-11-2011, 03:09 PM
Ljubomir Ljubojevic
 
Default Deciding when to do system encryption

Vreme: 10/11/2011 04:43 PM, Bade Iriabho piše:
> Thanks guys, Paul you make very good points. Noted...
>
>>> 1. You have a server in a secured server room on a rack (is there any
> need
>>> and advantage to having system encryption in this particular case)
>
>> Only if there's requirements from above... or if you're going to be
>> pulling drives as backups, say, and taking them out of there.
>
> Very interesting, Your response just gave me another question If I have
> system encrytion on a server with RAID (dont think the type matters, but
> lets say RAID 5) and hot-swappable drives and one drive fails. What happens
> when you replace the drive, how do you handle rebuilding the data on the new
> drive with system encryption? are there online resources/links for handling
> rebuilding the data on new drives when the server/PC already had system
> encryption. Or are my questions/thoughts on this way of course.

As I understand it, RAID is lower lever then partition, and encryption
is partition based, so RAID will not care what you have above, it will
do it's job regardless.

--

Ljubomir Ljubojevic
(Love is in the Air)
PL Computers
Serbia, Europe

Google is the Mother, Google is the Father, and traceroute is your
trusty Spiderman...
StarOS, Mikrotik and CentOS/RHEL/Linux consultant
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 10-11-2011, 03:19 PM
 
Default Deciding when to do system encryption

Ljubomir Ljubojevic wrote:
> Vreme: 10/11/2011 04:43 PM, Bade Iriabho pi?e:
>> Thanks guys, Paul you make very good points. Noted...
>>
>>>> 1. You have a server in a secured server room on a rack (is there
>>>> any need and advantage to having system encryption in this
>>>> particular case)
>>
>>> Only if there's requirements from above... or if you're going to be
>>> pulling drives as backups, say, and taking them out of there.
<snip>
Oh, another requirement: PCI DSS (it's been two and a half years since I
worked for a co that does managed security and was also a root CA). Look
at <https://www.pcisecuritystandards.org/index.php>, and the docs. For any
credit card information, ALL DATA between two systems *must* be encrypted,
and positively, if you need to pull a drive to replace it, you're going to
have to sanitize it, since someone could take it apart and rebuild it, and
get data off it.

So, if credit card transactions might be on it - any kind of PII (personal
identifying information) or HIPAA (for those in the US, medical data) -
you need encryption.

Or if you don't want anyone seeing your pr0n collection.... <g>

mark

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 12:49 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org