RE:Encrypting data on fileserver

["Eric Furman" <ericfurman () fastmail net>]

> On Tue, 16 May 2006 08:39:42 -0500, "Nick Vaernhoej"
> <nick.vaernhoej () capitalcardservices com> said:
> > We have VPN connections in place to prevent sniffing of traffic. I am
> > actually trying to prevent data theft happening in case of someone
> > walking out with a fileserver.
> > Sometimes management just knows better.....
>
> Tell management that there are dangers in encrypting  filesystems.
> No matter the OS, with encrypted filesystems there is always the
> possibility of something going wrong and losing all of your data.
> I won't go into details. Google it, there are many.
> A much more foolproof and safer method is called 'Physical Security'.
On Wed, 17 May 2006 08:13:54 -0500, "Nick Vaernhoej"
<nick.vaernhoej () capitalcardservices com> said:
> We have a server room behind a keypass locked door. I am being told we
> need to encrypt the fileserver because of PCI requirements. It seems we
> have cardholder information in Excel spreadsheets....

As I stated earlier, encrypted filesystems carry the potential risk
of data loss. You are *much* more likely to lose all of your data
from an encryption key being hosed, or one of many other potentially
disastrous accidents happening, than in someone walking out of your
data center with a server. If someone did that, even if all of your
data 'was' encrypted, there is no guarantee that it will stop them.
Do you actually imagine that if a group of people were resourceful
enough to actually steal a server from a physically secure data
center that they are not going to have someone who can over come
your encryption scheme? The risks *far* out way the benefits.
The above scenario is an absolute fantasy, anyway.
Unfortunately, I used to work for a large bank so I understand a large
corporations management in strictly adhering to some draconian
security policy, even if it doesn't make any sense.
Good luck, your going to need it.
-- 
  Eric Furman
  ericfurman () fastmail net