I appreciate what you have said here Paul. This was the kind of insight
I was looking for. Very true.
I have lots of large files I will be transferring back and forth, but
the majority of my use will be with mysql and apache on this particular
machine. I would be well off keeping the apache and mysql stuff on a
non-encrypted partition and place my sensitive data on an encrypted
partition.
I was considering something like this already. I would like to have my
apache docroot and mysql databases stored somewhere secure, but on boot
mount a tmpfs to /var/lib/mysql and /var/www/html and copy the necessary
files from the encrypted location to the tmpfs mounts. Then run a script
to update or backup what ever is needed. The server will have plenty of
ram so using 4 GB for tmpfs like this would not be an issue. Regardless,
it would be a fun project anyway.
Thanks again Paul.
Nathan
On 4/2/2013 9:48 AM, Paul Mooring wrote:
> You could run some tests yourself, but due to the nature of encryption I
> strongly suspect that the overhead added by LVM is negligible. Encryption
> is supposed to be CPU intensive, like everything else involve security
> it's a tradeoff. The most important thing to keep in mind is that you
> don't need to care about CPU overhead, if it's lightly used getting your
> files 0.25 seconds later and averaging 60% CPU rather than 40% just
> doesn't matter.
>
> Stepping on my soapbox for a minute here, network/server security is far
> less magical than many make it out to be. It's really up to you to
> determine how much risk is involved in something and what the costs are to
> mitigate that risk. In your case if the server isn't heavily used so the
> CPU overhead isn't a problem, the only cost is having to put in a password
> to mount the encrypted drive. The risk of having sensitive files makes it
> a no brainer to set this up. Contrast that to a file server being used
> for just public files (say free exes and isos from the internet) that's
> heavily used by an office of people. In that case setting up encryption
> is definitely more secure and also a very bad idea because the costs are
> greater than the risk.
>
> All that to say, don't pay too much attention to those numbers. Setting
> this up is pretty straightforward and moving data off the encrypted drive
> is also pretty easy, so just set it up and if it works for you don't worry
> about trying to squeeze that last drop of performance out until you need
> to.
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss