[PLUG] Secure filesystem?
Bear Giles
bgiles at coyotesong.com
Wed Nov 20 02:48:07 UTC 2002
Alex Daniloff wrote:
> I'm not trying to comply with anything. This solution should solve
> data security problems in some business operations.
I understand that, but if you get 3 people together you'll have at least
4 different opinions on what the "data security problems" are. We need
to know what YOU consider to be the problem before we can give specific
advice.
> Imagine situation, when burglars,FBI,CIA or other crooks are breaking
> into your office and taking your server or hard drive away to look
> into your secret data files.
If you're worried about the FBI or CIA, I'm not sure how much I want to
help.... It's not that I trust them, but if they have a search warrant
they can demand the decryption key and search the disk anyway. If you
want to prevent this, you want to be ready to commit obstruction of
justice and that makes me wonder why.
At the same time, I fully understand the need to protect legally
confidential material (financial, medical, etc. People have found
highly sensitive material, e.g., names and HIV test results, on
discarded disks) or trade secrets from competitors and have no problem
helping you protect this information.
(BTW, if you're serious you'll also store the disk's serial number
inyour safe. Why should the bad guys bother stealing your disk, copying
it, and then risking getting it back into your machine when they could
just swap in a bad disk?)
Anyway, this means your solution must involve one of the on-disk
encryption approaches. I tend to favor the loopback filesystem with
encryption, but once mounted anyone with access to your filesystem can
see all of the files on the encrypted disk, modulo the regular
permissions. Others prefer the CFS approach, which uses a specialized
NFS server, since it doesn't make the contents available to everyone on
the system and it doesn't require you to set aside dedicated space for
it. (That also means that somebody can immediately identify all of the
space consumed by encrypted files - with the loopback device you don't
know if an encrypted GB partition is empty or full.)
The other concern is that you need to be able to export whatever
solution you use. I think a "loopback" approach is much lower than a
CFS approach - you can probably export a loopback FS via NFS or Samba,
but may not be able to do so with CFS. But I could easily be wrong
about this. (As a rule "like can't export like," so I doubt NFS can
export a partition mounted by NFS/CFS.)
> Securing data in transit is also very important, but there are many
> different concepts were developed already to cover this area.
That's not the only concern. What about somebody who copies the
exported files to ZIP disk or CD-R file on the client system? Or email
a copy of the file to somebody outside of the company? It makes no
sense to install a heavy steel door while you leave the windows wide open.
Bear
More information about the PLUG
mailing list