Home Office Server Security

Nathan England nathan at nmecs.com
Tue Apr 2 09:07:18 MST 2013


Could you give an example of what you mean by a "performance hit" ?

Nathan


On 4/2/2013 8:56 AM, Paul Mooring wrote:
> Hi Nathan,
>
> In the past when I've done file servers with sensitive data I have used
> dm-crypt and LUKS.  My strategy is generally to make a loopback "device"
> (actually a sparse file) with dd and encrypt that.  You have to enter a
> password and manually mount the partition on boot (I use custom init
> scripts for samba), but it does encrypt the sensitive data without the
> performance hit and headache associated with encrypting the whole
> system/root drive.
>
> There definitely is a performance hit here, so if you have misc data that
> doesn't need encryption it might be in your best interest to not do so.  I
> generally have shares like Public or Media unencrypted with other more
> secured shares that are.
>



More information about the PLUG-discuss mailing list