-   Linux - Security (
-   -   file system encryption on servers (

Synesthesia 06-05-2006 03:27 AM

file system encryption on servers
Have any of you used file system encryption on a server? Encrypted file systems, of course, have a higher rate of corruption. what do you do to protect against that? Have you found certain file systems to have better checksumming (e.g. EncFS). Thanks for your imput.

ledow 06-05-2006 08:04 AM

I've used filesystem encryption but if I were you, I'd think carefully before using it.

Why are you using it? If someone can get in and steal your hard disk, what do you lose in terms of what's useful to them and detrimental to you? If they can get that same data unencrypted (via an intranet, stealing a client machine, searching histories etc.) then you've gained nothing.

Second, a performance hit can be quite large. Are you sure you NEED it to be encrypted and that having it encrypted is worthwhile (i.e. do your workers regularly copy the drive onto a laptop and take it home with them? Then you're wasting your time).

"Encrypted file systems, of course, have a higher rate of corruption."

Er... I don't quite get what you mean. If you mean that a single-bit change (i.e. a hardware failure) is detrimental to the filesystem, then yes. But many modern journalling filesystems are extremely difficult to recover anyway (usually so difficult and expensive that it's easier to just rely on backups... I was quoted 1000/Gb as a standard price for basic recovery from simple filesystems for many years - I don't know if that's changed) so this is a much more general issue.

EFS's don't "corrupt" any more often than a normal JFS, pretty much the same number of writes are done to any sector you care to choose. You will, of course, have tape backup for anything worth preserving anyway. Anything that RELIES on a filesystem checksum to stay intact is not going to hold ANY DATA of mine unless it's got full-recovery (i.e. I know that I can definitely lose X Kb of data and STILL the information is perfect, like PAR archives etc.), and even then the disksspace/time tradeoff buys you *another* decent backup system.

If you are getting filesystem corruption, your hardware is faulty or your filesystem is, itself, faulty. Neither have anything to do with encryption except that to then RECOVER your data is infinitely more difficult.

You will, however, have to be 100% certain that you have stored your keys (TWICE!) and other necessary information (filesystem type and version, for instance) somewhere safe too. If you are doing backups properly, they will be encrypted and require the same information (although storing that information with the backup is just as secure as having no encryption at all).

What, exactly, are you trying to achieve by encrypting your filesystem? Stopping your little brother using Knoppix to browse your files/change your root password? Stopping people who steal the harddrive from EVER discovering what's on it? You have to consider the trade-offs at each point (usually performance and recoverability with EFS's).

Home desktop use? Waste of time, pointless, going to cause you much, much more hassle than it's worth (especially if you don't backup or you have faulty hardware). You might lose your bookmarks, maybe a cookie or two. Cancel your credit card to be safe, then get on with life.

Office use? Possibly worthwhile as part of a much larger security scheme (i.e. making sure people don't copy the data somehow, take it offsite etc.) but it's still going to cause you an awful lot of headaches - unless you are storing credit card numbers or other extremely VITAL data, you have to consider if it's worth it (and then you should be asking yourself WHY are you storing that information and what measures should you also have in place to prevent abuse?).

Cover for something you shouldn't be doing? Some countries will jail you for NOT supplying your private key if they come across an encrypted filesystem. Any EFS can be cracked given enough time and you lose all deniability if you've deliberately hidden things.

Weigh it up before you even consider it. Ask yourself, what if the power goes off and my hard drive isn't completely written to. What would happen and how much hassle would it be to get it all back?

Synesthesia 06-05-2006 04:03 PM

"You have to consider the trade-offs at each point" -ledow
I, of course, have already done this. The issue of whether or not I should be using encryption at all is not what I want to debate...

I know if a file is not completely written to the EFS, and the (e.g.) power goes out, the file being written will become corrupted. But am I correct to say that only the file being written to will become corrupt, and the rest of the encrypted file system will remain intact? The server will be most like a file server. With that in mind, is there a specific EFS you recommend (loop-aes, encfs)? And what are your thoughts on which file system it should be used in combination with (XFS, reiserfs3, JFS, how about reiserfs4 which supposedly has EFS benefits)? Do you suggest that I need something like raid-1 with an EFS because of the higher chance of data loss?

Thanks for your imput.

P.S. If you have ever used an EFS for server use, I would like to hear your performance comparisons (like EFS vs FS, and server specs, etc).

All times are GMT -5. The time now is 10:10 AM.