I’m relatively new to Linux disk encryption theory and practice, and am researching it, but would like to hear from experienced users as well.
Disk encryption on a remote server?
The setup I’m considering involves encrypting a partition which will hold Postgres database, on a Xen powered OpenSuse VPS.
What am I trying to accomplish? Prevent curious datacenter techies from seeing the data, if they mount the Xen image. Also, who knows where the discs that fail in RAIDs end up…
I don’t know, and so I’m asking, if something like that is worth the trouble, in your experience?
Please note I am concerned here only with protecting from physical access. The data will be available to clients through a webapp, and that’s entirely different security story involving strong passwords, SSL, webappsec, etc…
Also note that the sensitivity of data is relative. If I can help it, I’d like to prevent any leakage. If the leakage happens, well, the data is really in the class of Business Secrets, no CC data that would, if leaked, harm a number of people.
I’m just wondering if I should bother at all. One big drawback I see here is that I’d have to manually mount the partition and start the database after each reboot… Not good if the server restarts while I’m not within 5 minutes from logging back in…
Since the setup I’m considering is a Xen VPS Guest, RAID is really hidden from it, implemented on the host, so the guest does not see it. The issue is then whether guest OS encryption through Xen host RAID is troublesome.
i don’t know whether openSUSE has now supported automount for encrypted disk or not,
but you can do it with debian and ubuntu.
That kinda defeats the purpose. If the encrypted partitions are automounted, then anyone can simply mount the disk image and boot it.
lol, no, it asks for the passphrase on boot/mounting.
The only problem with that is rebooting/restarting the server remotely, although I did see someone address that issue somewhere and got it to work.
You can also use a passkey file apparently, ie keep the “key” on, say, a USB stick, and (in theory) it can read the passphrase from there. No USB “key” - no boot!
On my server I use an encrypted /home partition and have my webserver and any other web-related stuff in a sub-folder of /home.
So if someone steals the server, it can boot, but none of the data will be available.
You can also use the “encrypted home folder” option when adding a user through yast (or yast2 gui). That simply creates a great big file of a specified size, but that only mounts when a user logs in. You can get around that by simply mounting it manually if you like. That can also be done remotely.
And thinking about the remote mounting issue, I guess you could also do that for a standard encrypted /home partition quite simply by mounting it manually after boot! Because the prompt asking for the passphrase times-out after about 30 seconds (as a guess), and the machine then continues to boot normally apart from mounting the encrypted partition.
As long as you can get remote access (ssh or even telnet!), then you can manually mount the encrypted partition :).