Hi Nathan,
In the past when I've done file servers with sensitive data I have used
dm-crypt and LUKS. My strategy is generally to make a loopback "device"
(actually a sparse file) with dd and encrypt that. You have to enter a
password and manually mount the partition on boot (I use custom init
scripts for samba), but it does encrypt the sensitive data without the
performance hit and headache associated with encrypting the whole
system/root drive.
There definitely is a performance hit here, so if you have misc data that
doesn't need encryption it might be in your best interest to not do so. I
generally have shares like Public or Media unencrypted with other more
secured shares that are.
--
Paul Mooring
Systems Engineer and Customer Advocate
www.opscode.com
On 4/2/13 8:20 AM, "Nathan England" <
nathan@nmecs.com> wrote:
>
>Hello Hello,
>
>I will soon be building a new server for my home office. I do various
>consulting jobs and have access to data that my customers consider
>highly personal or private, some of which I've signed NDA's in order to
>have access to. The current server stores my client data, various source
>code files, but it also doubles as my personal data store. All my
>personal projects along with videos and pictures, audio files and
>everything that all of us parents and geeks would want to store.
>
>My new hardware will have multiple drives in a raid configuration. I
>have not completely decided on how that will be configured. I would like
>your opinions on the best methods of securing a server. I am not against
>having to type in an encryption passphrase each time the machine boots,
>but as it will be headless, I'd really rather not, but hoping beyond
>setup I will not need to reboot it often it is an option.
>
>What options should I consider for protecting the data on the hard
>drives and still provide some sane level of usability from a workstation
>somewhere else?
>
>I appreciate your thoughts!
>
>Nathan
>---------------------------------------------------
>PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
>To subscribe, unsubscribe, or to change your mail settings:
>http://lists.phxlinux.org/mailman/listinfo/plug-discuss
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss