[CentOS] Deciding when to do system encryption
m.roth at 5-cent.us
m.roth at 5-cent.usTue Oct 11 15:19:41 UTC 2011
- Previous message: [CentOS] Deciding when to do system encryption
- Next message: [CentOS] {Q} Relate to daylight saving time on Nov. 6 cron job
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Ljubomir Ljubojevic wrote: > Vreme: 10/11/2011 04:43 PM, Bade Iriabho pie: >> Thanks guys, Paul you make very good points. Noted... >> >>>> 1. You have a server in a secured server room on a rack (is there >>>> any need and advantage to having system encryption in this >>>> particular case) >> >>> Only if there's requirements from above... or if you're going to be >>> pulling drives as backups, say, and taking them out of there. <snip> Oh, another requirement: PCI DSS (it's been two and a half years since I worked for a co that does managed security and was also a root CA). Look at <https://www.pcisecuritystandards.org/index.php>, and the docs. For any credit card information, ALL DATA between two systems *must* be encrypted, and positively, if you need to pull a drive to replace it, you're going to have to sanitize it, since someone could take it apart and rebuild it, and get data off it. So, if credit card transactions might be on it - any kind of PII (personal identifying information) or HIPAA (for those in the US, medical data) - you need encryption. Or if you don't want anyone seeing your pr0n collection.... <g> mark
- Previous message: [CentOS] Deciding when to do system encryption
- Next message: [CentOS] {Q} Relate to daylight saving time on Nov. 6 cron job
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list