Home Office Server Security

Paul Mooring paul at opscode.com
Tue Apr 2 09:48:26 MST 2013 

You could run some tests yourself, but due to the nature of encryption I
strongly suspect that the overhead added by LVM is negligible.  Encryption
is supposed to be CPU intensive, like everything else involve security
it's a tradeoff.  The most important thing to keep in mind is that you
don't need to care about CPU overhead, if it's lightly used getting your
files 0.25 seconds later and averaging 60% CPU rather than 40% just
doesn't matter.

Stepping on my soapbox for a minute here, network/server security is far
less magical than many make it out to be.  It's really up to you to
determine how much risk is involved in something and what the costs are to
mitigate that risk.  In your case if the server isn't heavily used so the
CPU overhead isn't a problem, the only cost is having to put in a password
to mount the encrypted drive.  The risk of having sensitive files makes it
a no brainer to set this up.  Contrast that to a file server being used
for just public files (say free exes and isos from the internet) that's
heavily used by an office of people.  In that case setting up encryption
is definitely more secure and also a very bad idea because the costs are
greater than the risk.

All that to say, don't pay too much attention to those numbers.  Setting
this up is pretty straightforward and moving data off the encrypted drive
is also pretty easy, so just set it up and if it works for you don't worry
about trying to squeeze that last drop of performance out until you need
to.
-- 
Paul Mooring
Systems Engineer and Customer Advocate

www.opscode.com






On 4/2/13 9:36 AM, "Nathan England" <nathan at nmecs.com> wrote:

>
>Paul,
>
>Thanks for the article. Interesting. The server will be an AMD with AES
>extensions, but I wonder how that same machine in the article would have
>performed with a hardware raid controller verses using a software raid.
>I know certain raid configurations are a bit faster with the software
>raid but I would imagine this is not one of them. If the server has the
>basic over-head of encryption on top of the over-head of managing raid
>on top of the over-head of managing the LVM I could see a lot more CPU
>use than if the CPU was only dealing with encryption on a hardware raid
>without LVM.
>
>Nathan
>
>On 4/2/2013 9:11 AM, Paul Mooring wrote:
>> Not really, encrypting data has overhead in terms of CPU:
>>
>> Benchmarks are generally awful as you care about real world impact (like
>> it use to take .3 seconds now it takes .5) and benchmarks are the
>>quickest
>> route to getting hung up on theoretical numbers rather than worthwhile
>> metrics.  That being said, here's one anyway:
>>
>> http://dentarg.it64.com/content/luks-ext4-performance
>>
>>
>>
>
>---------------------------------------------------
>PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>To subscribe, unsubscribe, or to change your mail settings:
>http://lists.phxlinux.org/mailman/listinfo/plug-discuss

More information about the PLUG-discuss mailing list