Hello All,
I have read that system encryption slows a computer down. However, I am more interested in when to use it. Consider the following scenarios:
1. You have a server in a secured server room on a rack (is there any need and advantage to having system encryption in this particular case) 2. you have a server sitting in an office that is accessible by everyone 2. You have a desktop 3. You have a laptop
So my questions are: What situations/scenarios do you consider before implementing system encryption? I guess at the end of the day, I am trying to figure out the best practices.
Regards, B.I.
On Mon, 10 Oct 2011, Bade Iriabho wrote:
Hello All,
I have read that system encryption slows a computer down. However, I am more interested in when to use it. Consider the following scenarios:
- You have a server in a secured server room on a rack (is there any need
and advantage to having system encryption in this particular case) 2. you have a server sitting in an office that is accessible by everyone 2. You have a desktop 3. You have a laptop
So my questions are: What situations/scenarios do you consider before implementing system encryption? I guess at the end of the day, I am trying to figure out the best practices.
The real question is your risk. The situation or scenario is at best a mitigation of the risk.
That is, how valuable to is the data on any of those machines? How much of your time, money, and/or reputation be consumed if your data are stolen? What will the impact on you (and your customers) be if your data's confidentiality, integrity, or availability is threatened? Who are the threats: employees? random visitors to your office? thieves? business competitors?
Answer those questions first.
At that point, you're in a better position to assess the vulnerabilities of each platform. You might decide that a locked room in a locked building (e.g., a server room) is sufficient mitigation against your threats -- or not.
I have a hard time imagining a situation where data on a business laptop should NOT be encrypted, but it may be that a good backup is all you need.
On Mon, Oct 10, 2011 at 9:43 PM, Bade Iriabho ebade@mathbiol.org wrote:
Hello All,
I have read that system encryption slows a computer down. However, I am more interested in when to use it. Consider the following scenarios:
- You have a server in a secured server room on a rack (is there any need
and advantage to having system encryption in this particular case) 2. you have a server sitting in an office that is accessible by everyone 2. You have a desktop 3. You have a laptop
So my questions are: What situations/scenarios do you consider before implementing system encryption? I guess at the end of the day, I am trying to figure out the best practices.
I always encrypt the hdd of my laptops, I don't notice much overhead; on servers I encrypt partitions with very sensitive information.
Bade Iriabho wrote:
Hello All,
I have read that system encryption slows a computer down. However, I am more interested in when to use it. Consider the following scenarios:
Some, but not that much (depending on how you're using the system).
- You have a server in a secured server room on a rack (is there any need
and advantage to having system encryption in this particular case)
Only if there's requirements from above... or if you're going to be pulling drives as backups, say, and taking them out of there.
- you have a server sitting in an office that is accessible by everyone
It would be a good idea.
- You have a desktop
Depends on who has access, and how much your data's worth.
- You have a laptop
<snip> The US gov't, and federal contractors, require encryption on all laptops. Many companies are starting to go that way. Do *you* really want to read in the papers, or have your manager call you in (if it's a work laptop), and tell you what happened to all the information on your laptop? Or how someone broke into it, and used it to get to *their* network?
mark
Thanks guys, Paul you make very good points. Noted...
- You have a server in a secured server room on a rack (is there any
need
and advantage to having system encryption in this particular case)
Only if there's requirements from above... or if you're going to be pulling drives as backups, say, and taking them out of there.
Very interesting, Your response just gave me another question :) If I have system encrytion on a server with RAID (dont think the type matters, but lets say RAID 5) and hot-swappable drives and one drive fails. What happens when you replace the drive, how do you handle rebuilding the data on the new drive with system encryption? are there online resources/links for handling rebuilding the data on new drives when the server/PC already had system encryption. Or are my questions/thoughts on this way of course.
B.I.
On Tue, Oct 11, 2011 at 8:10 AM, m.roth@5-cent.us wrote:
Bade Iriabho wrote:
Hello All,
I have read that system encryption slows a computer down. However, I am more interested in when to use it. Consider the following scenarios:
Some, but not that much (depending on how you're using the system).
- You have a server in a secured server room on a rack (is there any
need
and advantage to having system encryption in this particular case)
Only if there's requirements from above... or if you're going to be pulling drives as backups, say, and taking them out of there.
- you have a server sitting in an office that is accessible by everyone
It would be a good idea.
- You have a desktop
Depends on who has access, and how much your data's worth.
- You have a laptop
<snip> The US gov't, and federal contractors, require encryption on all laptops. Many companies are starting to go that way. Do *you* really want to read in the papers, or have your manager call you in (if it's a work laptop), and tell you what happened to all the information on your laptop? Or how someone broke into it, and used it to get to *their* network?
mark
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Vreme: 10/11/2011 04:43 PM, Bade Iriabho piše:
Thanks guys, Paul you make very good points. Noted...
- You have a server in a secured server room on a rack (is there any
need
and advantage to having system encryption in this particular case)
Only if there's requirements from above... or if you're going to be pulling drives as backups, say, and taking them out of there.
Very interesting, Your response just gave me another question :) If I have system encrytion on a server with RAID (dont think the type matters, but lets say RAID 5) and hot-swappable drives and one drive fails. What happens when you replace the drive, how do you handle rebuilding the data on the new drive with system encryption? are there online resources/links for handling rebuilding the data on new drives when the server/PC already had system encryption. Or are my questions/thoughts on this way of course.
As I understand it, RAID is lower lever then partition, and encryption is partition based, so RAID will not care what you have above, it will do it's job regardless.
Ljubomir Ljubojevic wrote:
Vreme: 10/11/2011 04:43 PM, Bade Iriabho pie:
Thanks guys, Paul you make very good points. Noted...
- You have a server in a secured server room on a rack (is there
any need and advantage to having system encryption in this particular case)
Only if there's requirements from above... or if you're going to be pulling drives as backups, say, and taking them out of there.
<snip> Oh, another requirement: PCI DSS (it's been two and a half years since I worked for a co that does managed security and was also a root CA). Look at https://www.pcisecuritystandards.org/index.php, and the docs. For any credit card information, ALL DATA between two systems *must* be encrypted, and positively, if you need to pull a drive to replace it, you're going to have to sanitize it, since someone could take it apart and rebuild it, and get data off it.
So, if credit card transactions might be on it - any kind of PII (personal identifying information) or HIPAA (for those in the US, medical data) - you need encryption.
Or if you don't want anyone seeing your pr0n collection.... <g>
mark
-
Bade Iriabho -
Ljubomir Ljubojevic -
Lucian -
m.roth@5-cent.us -
Paul Heinlein