Security Basics mailing list archives
RE:Encrypting data on fileserver
From: "Eric Furman" <ericfurman () fastmail net>
Date: Wed, 17 May 2006 16:05:02 -0400
On Tue, 16 May 2006 08:39:42 -0500, "Nick Vaernhoej" <nick.vaernhoej () capitalcardservices com> said:We have VPN connections in place to prevent sniffing of traffic. I am actually trying to prevent data theft happening in case of someone walking out with a fileserver. Sometimes management just knows better.....Tell management that there are dangers in encrypting filesystems. No matter the OS, with encrypted filesystems there is always the possibility of something going wrong and losing all of your data. I won't go into details. Google it, there are many. A much more foolproof and safer method is called 'Physical Security'.
On Wed, 17 May 2006 08:13:54 -0500, "Nick Vaernhoej" <nick.vaernhoej () capitalcardservices com> said:
We have a server room behind a keypass locked door. I am being told we need to encrypt the fileserver because of PCI requirements. It seems we have cardholder information in Excel spreadsheets....
As I stated earlier, encrypted filesystems carry the potential risk of data loss. You are *much* more likely to lose all of your data from an encryption key being hosed, or one of many other potentially disastrous accidents happening, than in someone walking out of your data center with a server. If someone did that, even if all of your data 'was' encrypted, there is no guarantee that it will stop them. Do you actually imagine that if a group of people were resourceful enough to actually steal a server from a physically secure data center that they are not going to have someone who can over come your encryption scheme? The risks *far* out way the benefits. The above scenario is an absolute fantasy, anyway. Unfortunately, I used to work for a large bank so I understand a large corporations management in strictly adhering to some draconian security policy, even if it doesn't make any sense. Good luck, your going to need it. -- Eric Furman ericfurman () fastmail net
Current thread:
- Re: Encrypting data on fileserver, (continued)
- Re: Encrypting data on fileserver Frederic Jaeckel (May 15)
- Re: Encrypting data on fileserver Ow Mun Heng (May 15)
- RE: Encrypting data on fileserver Adrian Floarea (May 15)
- Re: Encrypting data on fileserver Rodrigo Ramos (May 15)
- Re: Encrypting data on fileserver John Punzalan (May 16)
- Re: Encrypting data on fileserver Sven Édouard (May 17)
- RE: Encrypting data on fileserver Ramsdell, Scott (May 15)
- RE: Encrypting data on fileserver David Gillett (May 15)
- RE: Encrypting data on fileserver Nick Vaernhoej (May 16)
- FW: Encrypting data on fileserver Nick Vaernhoej (May 16)
- RE:Encrypting data on fileserver Eric Furman (May 19)
- RE: Encrypting data on fileserver Nick Vaernhoej (May 20)