Home Office Server Security

Stephen cryptworks at gmail.com
Tue Apr 2 10:42:53 MST 2013


some food for thought on hardware acceleration and encryption

http://www.truecrypt.org/docs/?s=hardware-acceleration


On Tue, Apr 2, 2013 at 10:40 AM, Nathan England <nathan at nmecs.com> wrote:

>
> What about using solid state drives with AES chips built in? would that
> remove the performance hit of a highly used server?
>
> Would a server with several SSD's providing enough storage for the needs
> sufficiently handle the encryption and raid without a performance hit? Or
> is that not what the AES chips in the newer SSD's handle?
>
>
> On 4/2/2013 9:48 AM, Paul Mooring wrote:
>
>> You could run some tests yourself, but due to the nature of encryption I
>> strongly suspect that the overhead added by LVM is negligible.  Encryption
>> is supposed to be CPU intensive, like everything else involve security
>> it's a tradeoff.  The most important thing to keep in mind is that you
>> don't need to care about CPU overhead, if it's lightly used getting your
>> files 0.25 seconds later and averaging 60% CPU rather than 40% just
>> doesn't matter.
>>
>> Stepping on my soapbox for a minute here, network/server security is far
>> less magical than many make it out to be.  It's really up to you to
>> determine how much risk is involved in something and what the costs are to
>> mitigate that risk.  In your case if the server isn't heavily used so the
>> CPU overhead isn't a problem, the only cost is having to put in a password
>> to mount the encrypted drive.  The risk of having sensitive files makes it
>> a no brainer to set this up.  Contrast that to a file server being used
>> for just public files (say free exes and isos from the internet) that's
>> heavily used by an office of people.  In that case setting up encryption
>> is definitely more secure and also a very bad idea because the costs are
>> greater than the risk.
>>
>> All that to say, don't pay too much attention to those numbers.  Setting
>> this up is pretty straightforward and moving data off the encrypted drive
>> is also pretty easy, so just set it up and if it works for you don't worry
>> about trying to squeeze that last drop of performance out until you need
>> to.
>>
>
> ------------------------------**---------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.**org<PLUG-discuss at lists.phxlinux.org>
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/**mailman/listinfo/plug-discuss<http://lists.phxlinux.org/mailman/listinfo/plug-discuss>
>



-- 
A mouse trap, placed on top of your alarm clock, will prevent you from
rolling over and going back to sleep after you hit the snooze button.

Stephen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20130402/b94035eb/attachment.html>


More information about the PLUG-discuss mailing list