Home Office Server Security
Paul Mooring
paul at opscode.com
Tue Apr 2 09:11:05 MST 2013
Not really, encrypting data has overhead in terms of CPU:
Benchmarks are generally awful as you care about real world impact (like
it use to take .3 seconds now it takes .5) and benchmarks are the quickest
route to getting hung up on theoretical numbers rather than worthwhile
metrics. That being said, here's one anyway:
http://dentarg.it64.com/content/luks-ext4-performance
--
Paul Mooring
Systems Engineer and Customer Advocate
www.opscode.com
On 4/2/13 9:07 AM, "Nathan England" <nathan at nmecs.com> wrote:
>
>Could you give an example of what you mean by a "performance hit" ?
>
>Nathan
>
>
>On 4/2/2013 8:56 AM, Paul Mooring wrote:
>> Hi Nathan,
>>
>> In the past when I've done file servers with sensitive data I have used
>> dm-crypt and LUKS. My strategy is generally to make a loopback "device"
>> (actually a sparse file) with dd and encrypt that. You have to enter a
>> password and manually mount the partition on boot (I use custom init
>> scripts for samba), but it does encrypt the sensitive data without the
>> performance hit and headache associated with encrypting the whole
>> system/root drive.
>>
>> There definitely is a performance hit here, so if you have misc data
>>that
>> doesn't need encryption it might be in your best interest to not do so.
>> I
>> generally have shares like Public or Media unencrypted with other more
>> secured shares that are.
>>
>
>---------------------------------------------------
>PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>To subscribe, unsubscribe, or to change your mail settings:
>http://lists.phxlinux.org/mailman/listinfo/plug-discuss
More information about the PLUG-discuss
mailing list