[NBLUG/talk] Crypt Filesystems

Sat Jul 29 21:28:15 PDT 2006

Jacob Appelbaum wrote:
> Walter Hansen wrote:
>>> I suggest not having a copy of the passphrase on the system in question --
>>> if you need it to be automated, perhaps storing it on another system,
>>> available via inetd, with tcp.wrappers only allowing its IP to get the
>>> passphrase...
>>>
>>> The idea is that the bad guy who physically removes the drive will find
>>> that
>>> the key is nowhere to be found on the drive -- and, can't get the key
>>> without
>>> being (at the very least) on the backup system's network.
>>>
>>> Just more 2cents...
>>>
>>>  -Scott
>>
>> You missed the one detail that makes it a non issue. We're not looking for
>> on the server security. The backup drive is swappable (almost hot). The
>> concern is that a backup drive could be lost or stolen off prem and the
>> backup used for evil intent. The solution is to encrypt the data and not
>> keep the key and passphrase with the backup drive. In the solution I make
>> a couple CDs with the passphrase/key and store them to a different
>> loacations (send one home with each of two bosses). Then if the building
>> burns down I take one of the backup drives, get a key cd from one of the
>> bosses and (with $20,000) re-create our entire business in a new location
>> in one week. At least that's the idea.
>>
> 
> 
> I think that Scott has a pretty solid idea actually. Though I'd use a
> combination of iptables and ssh-keys for authentication and access.
> 
> This way you could keep the drive encrypted on site and the drive
> encrypted off site as well. This would help prevent with an issue of
> theft of your backup server and if the information is important enough
> to encrypt in the first place, it's probably best to not let it touch
> the disk unencrypted.
> 
> Protecting against one threat is good but the extra effort it takes to
> protect against several more in this case is just a few more minutes of
> setup (namely setting a second device to be encrypted rather than just one).

???

Does sonic.net encrypt the drives of the servers in it's data room?

It's a high performance machine. It would be a waste to encrypt the 
drives on it. The security guard, locks and alarm system protect the 
actual machine.

Also the drive in question is a mirror of a non-removable drive on the 
system that is not and never was encrypted.

And if the drives were encrypted it would offer little or no protection 
for an online attack as the drives would be mounted. Funny thing is you 
can encrypt and protect the drive or use it; when it's physically 
connected and in use it's not protected.

The possibility of having a drive lost or stolen in transit or off site 
is very real. I'm trying to protect against that possibility.

At this point though this is all for nothing though as I haven't been 
able to get encryption to work ever. I haven't given up on it, but I 
think I may have to re-compile the kernel and have concerns about things 
working the debian way. I'm wondering about other encryption mechanisms. 
I wonder if there is even just a program that I could use as the backup 
disk could just be standard ext3 with a single encrypted backup file 
that would be useless without a considerable key.