Posted by: Administrator
on June 16, 2004 01:47 PM
Encrypted filesystems are not for protection while the machine is up and running, but for protection when the machine is off.
Couple examples of where encrypted filesystems come into play:
You have a laptop with client source code on it, and you want to make sure that even though its covered by theft insurance, you want to make sure a thief has no access to the contents.
You have some very sensitive work projects on a multi-user server that you want separated, where one user that happens to get root on a machine cannot access the contents. (This example fails somewhat, as its not hard for a root user to make a keylogger utility though.)
You have a coloc box at an ISP which you may not trust 100%, but is giving a good deal for access that has some security at the console.
You are sending CDs to friends whose contents need to be encrypted, so you make a mountable encrypted images.
You use hard disks or removable storage for access, and want some means of protecting the contents when they are stored offsite.
This isn't a be all and end all for security, but it is a lock on another door that may be normally wide open. For example, even the best network security can't stop a local user from sticking a hard disk on another machine and booting it, the best hard drive encryption can't stop an intrusion while the machine is on.