On 2016-08-12 11:06, Duncan wrote:
Austin S. Hemmelgarn posted on Fri, 12 Aug 2016 08:04:42 -0400 as
excerpted:
On a file server? No, I'd ensure proper physical security is
established and make sure it's properly secured against network based
attacks and then not worry about it. Unless you have things you want to
hide from law enforcement or your government (which may or may not be
legal where you live) or can reasonably expect someone to steal the
system, you almost certainly don't actually need whole disk encryption.
There are two specific exceptions to this though:
1. If your employer requires encryption on this system, that's their
call.
2. Encrypted swap is a good thing regardless, because it prevents
security credentials from accidentally being written unencrypted to
persistent storage.
In the US, medical records are pretty well protected under penalty of law
(HIPPA, IIRC?). Anyone storing medical records here would do well to
have full filesystem encryption for that reason.
Of course financial records are sensitive as well, or even just forum
login information, and then there's the various industrial spies from
various countries (China being the one most frequently named) that would
pay good money for unencrypted devices from the right sources.
Medical and even financial records really fall under my first exception,
but it's still no substitute for proper physical security. As far as
user account information, that depends on what your legal or PR
department promised, but in many cases there, there's minimal
improvement in security when using full disk encryption in place of just
encrypting the database file used to store the information.
In either case though, it's still a better investment in terms of both
time and money to properly secure the network and physical access to the
hardware. All that disk encryption protects is data at rest, and for a
_server_ system, the data is almost always online, and therefore lack of
protection of the system as a whole is usually more of a security issue
in general than lack of protection for a single disk that's powered off.
--
To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
