Re: Encrypting data on fileserver

[Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>]

On 2006-05-15 Christian.Assfalg () bc boehringer-ingelheim com wrote:
> You can, depending on the OS, encrypt the data on the disks itself.
> This would be transparent to the clients, because the fileserver would
> decrypt the data. In effect, this would only protect the data against
> someone stealing your disk drives. I don't think this is an isue?

If it was, then indeed filesystem or harddisk encryption would be the
appropriate countermeasure.

> More interresting would probably be to encrypt the data over the
> network. I guess this should at least be possivle via ssh tunnel or
> so. This would protect the data against someone sniffing on your
> network.

That depends on what protocol is used for accessing the shares. Many
network filesystems use not only TCP ports but also UDP ports and can
therefore not be tunneled through SSH. A VPN would be a more fitting
solution there.

Regards
Ansgar Wiechers
-- 
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq