Hard Drive Encryption
I've been considering encrypting a hard drive (well, more accurately, the hard drive housing my prototype) to check performance after said encryption. But I have a more general question for the brains on TDWTF:
Does hard drive encryption have any real use outside of protecting data from physical theft? If the server is 'Always on' doesn't the encryption key get stored in memory, and basically prevent any safe guards you might get if you didn't encrypt the drive?
The particular VM I am encrypting will be an 'always on' type of hardware, and the data it will be housing won't contain sensitive data (no credit card details, payments, user contact information) - it will store things like general analytics data (usage statistics of the software, error messages/access logs for public pages) - I realize my hard drive doesn't need encrypting in this instance and it's mostly just to measure performance... but...
In a more general sense: What benefit, if any does whole disk encryption give to a computer that is always on, and located in a secure environment? (No physical access for the 'bad guy')
What benefit, if any does whole disk encryption give to a computer that is always on, and located in a secure environment? (No physical access for the 'bad guy')
Assuming you're in a secure environment is a mistake. But if there's really nothing valuable to begin with, who cares?
I understand assuming you're in a secure environment is an incorrect assumption - but the question is more 'Assuming perfect physical access security, what does hardware encryption net you for an always on environment'.
It's more around just understanding the pros/cons of encryption, and why hard drive encryption has (from what i've seen) so much more regulation around it, but little has been said in terms of in-memory encryption / isolation.
The main thing about encryption on disk is physical access. Obviously super important for things that move around. Less important for servers stuck in one place. A lot of organizations have been bitten by break ins and the potential disclosures involved.
So basically the reason why hard drive encryption ranks higher on the 'To Do' list over things like memory encryption is ease of access/ease of attack surface, rather than in-memory encryption, which tends to rely on exploits that can be difficult/near impossible to do (assuming correct firewalls, correct coding, etc - the digital equivalent to locking your front door)?
Probably. It's also super easy to detect when someone has walked off with hardware vs snuck in and took a peek. So squeaky wheel and nails that stick up and all that.
Hard drive encryption IMO is only useful for portable systems and/or removable media.
Actually useful only in those cases sure, but there are a bunch of standards out there that don't make the distinction. Thus doing it on the machines in your server room can have the use "now you are allowed to check a box on a certification".
In terms of practical use, rather than certification checkboxes, would it make sense that the real time application works on an unencrypted drive, then writes data for long term storage to an encrypted drive? (Again, in this scenario, the data in question isn't actually sensitive, but the design is to test performance and scale out potential - but I digress)
Theoretically the storage platform would be 'always on' as well, but at least has a better argument for having it encrypted at rest, as it wouldn't be regularly accessed. Still theoretically vulnerable while turned on, but if the physical drive is stolen you could at least be more comfortable the data isn't being accessed.
In terms of practical use, rather than certification checkboxes, would it make sense that the real time application works on an unencrypted drive, then writes data for long term storage to an encrypted drive?
Still theoretically vulnerable while turned on, but if the physical drive is stolen you could at least be more comfortable the data isn't being accessed.
If they can take the encrypted drive they could take the unencrypted one too (unless they are in different server rooms I guess, but...).
So squeaky wheel and nails that stick up and all that.
That's exactly it. The place where I work has mandatory encryption on all laptops because one sales guy had his laptop stolen on a business trip.
Encrypted back ups make quite a bit of sense. Creating a secure (as in attack resistant) environment is expensive. You can lower costs by doing it with software, and just providing a safe place to keep backups. Think "vault" versus "shelf".
Your server room should still be a "vault", if the business requires it.
The concept here would be running your application (binaries/whatever) on the unencrypted drive(s), with the actual data being pushed to the encrypted drives for storage. (think the 50gb SSD and 1TB 15k drive)
Mostly this is just philosophical style discussion about hardware encryption. I keep seeing people harp about it, I understand it for at-rest storage, but (to me) it makes significantly less sense for always on servers that don't store data. Encrypting a hard drive that doesn't store data to meet a 'we encrypt everything' requirement doesn't actually help anyone in that scenario.
If you do not worry about your hardware being stolen, then there is no reason to encrypt the drives. Datacenter security ranges from "Fort Knox" to "WTF". We routinely work in three different datacenters. In two datacenters used by clients, the security is more towards WTF. You could gain access with a good story. "I forgot my key and my boss will kill me if I do not get this done ASAP."
In the datacenter that we use (which is also cheaper than the others, go figure that one out), I cannot even get around security when I am with the CEO of said datacenter. They seriously made him come in separate from me because there is the standard no-tailgating policy. Our cage is right in the middle of cages owned by several Fortune 100 companies, with several health care companies right there. I have no worries about my stuff walking off, and when you choose a datacenter you should look for the same things.
What everyone else has told you is correct, encryption is unnecessary if your hardware is secure, and it damned well better be. The only thing I recommend encrypting is laptops. You may not think there is anything valuable on there, but just imagine how much damage a person could do with unfettered access to your email for a few hours. Email passwords open the doors to most of the other passwords.
How do you use the data if it's encrypted?
Well, you decrypt it first.
Where do you put the decrypted version?
What do you have to do to all the stuff you're putting in memory?
Memory encryption is a thing!
But generally it focuses on better sandboxing / virtualization.
That, and things like NVM
The particular VM I am encrypting will be an 'always on' type of hardware,
Encrypting a VM is mostly pointless unless you also encrypt the host. Remember that anybody who has access to the host while the VM is running can extract the encryption key from the VM's memory.