Posted by: Administrator
on June 16, 2004 01:47 PM
Encrypted filesystems are not for protection while the machine is up and running, but for protection when the machine is off.
Couple examples of where encrypted filesystems come into play:
You have a laptop with client source code on it, and you want to make sure that even though its covered by theft insurance, you want to make sure a thief has no access to the contents.
You have some very sensitive work projects on a multi-user server that you want separated, where one user that happens to get root on a machine cannot access the contents. (This example fails somewhat, as its not hard for a root user to make a keylogger utility though.)
You have a coloc box at an ISP which you may not trust 100%, but is giving a good deal for access that has some security at the console.
You are sending CDs to friends whose contents need to be encrypted, so you make a mountable encrypted images.
You use hard disks or removable storage for access, and want some means of protecting the contents when they are stored offsite.
This isn't a be all and end all for security, but it is a lock on another door that may be normally wide open. For example, even the best network security can't stop a local user from sticking a hard disk on another machine and booting it, the best hard drive encryption can't stop an intrusion while the machine is on.
Learn about Linux
Download Linux
Get Linux help
For cold (offline) storage, this is excellent.
Posted by: Administrator on June 16, 2004 01:47 PMCouple examples of where encrypted filesystems come into play:
You have a laptop with client source code on it, and you want to make sure that even though its covered by theft insurance, you want to make sure a thief has no access to the contents.
You have some very sensitive work projects on a multi-user server that you want separated, where one user that happens to get root on a machine cannot access the contents. (This example fails somewhat, as its not hard for a root user to make a keylogger utility though.)
You have a coloc box at an ISP which you may not trust 100%, but is giving a good deal for access that has some security at the console.
You are sending CDs to friends whose contents need to be encrypted, so you make a mountable encrypted images.
You use hard disks or removable storage for access, and want some means of protecting the contents when they are stored offsite.
This isn't a be all and end all for security, but it is a lock on another door that may be normally wide open. For example, even the best network security can't stop a local user from sticking a hard disk on another machine and booting it, the best hard drive encryption can't stop an intrusion while the machine is on.
#