Re: Home Office Server Security

Top Page
This message is part of the following thread:
M+\the complete thread tree sorted by date
MMMNathan England at <-
MGeorge Toft at ->
Attachments:
Message as email
+ (text/plain)
+ (text/html)
+ (text/plain)
Delete this message
Reply to this message
Author: Stephen
Date:  
To: nathan, Main PLUG discussion list
New-Topics: SSDs
Subject: Re: Home Office Server Security
some food for thought on hardware acceleration and encryption

http://www.truecrypt.org/docs/?s=hardware-acceleration


On Tue, Apr 2, 2013 at 10:40 AM, Nathan England <> wrote:

>
> What about using solid state drives with AES chips built in? would that
> remove the performance hit of a highly used server?
>
> Would a server with several SSD's providing enough storage for the needs
> sufficiently handle the encryption and raid without a performance hit? Or
> is that not what the AES chips in the newer SSD's handle?
>
>
> On 4/2/2013 9:48 AM, Paul Mooring wrote:
>
>> You could run some tests yourself, but due to the nature of encryption I
>> strongly suspect that the overhead added by LVM is negligible. Encryption
>> is supposed to be CPU intensive, like everything else involve security
>> it's a tradeoff. The most important thing to keep in mind is that you
>> don't need to care about CPU overhead, if it's lightly used getting your
>> files 0.25 seconds later and averaging 60% CPU rather than 40% just
>> doesn't matter.
>>
>> Stepping on my soapbox for a minute here, network/server security is far
>> less magical than many make it out to be. It's really up to you to
>> determine how much risk is involved in something and what the costs are to
>> mitigate that risk. In your case if the server isn't heavily used so the
>> CPU overhead isn't a problem, the only cost is having to put in a password
>> to mount the encrypted drive. The risk of having sensitive files makes it
>> a no brainer to set this up. Contrast that to a file server being used
>> for just public files (say free exes and isos from the internet) that's
>> heavily used by an office of people. In that case setting up encryption
>> is definitely more secure and also a very bad idea because the costs are
>> greater than the risk.
>>
>> All that to say, don't pay too much attention to those numbers. Setting
>> this up is pretty straightforward and moving data off the encrypted drive
>> is also pretty easy, so just set it up and if it works for you don't worry
>> about trying to squeeze that last drop of performance out until you need
>> to.
>>
>
> ------------------------------**---------------------
> PLUG-discuss mailing list - .**org<>
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/**mailman/listinfo/plug-discuss<http://lists.phxlinux.org/mailman/listinfo/plug-discuss>
>



--
A mouse trap, placed on top of your alarm clock, will prevent you from
rolling over and going back to sleep after you hit the snooze button.

Stephen
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss
This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-Re: Home Office Server SecuritySSDs->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)