Windows Thread, Data encryption for servers in Technical; Alright, so I'm running the network for a school [duh, it's why we're here :P ] but I'm wondering about ...
23rd January 2008, 01:25 AM #1
Data encryption for servers
Alright, so I'm running the network for a school [duh, it's why we're here :P ] but I'm wondering about encryption. I'm only 20, and back when I was in high school before University, our board office got broken into and they went for the IT department and took a ton of hard drives and backup tapes. All of which were encrypted. As Network Administrator in the school district now, I want to make sure the same thing doesn't happen here at this high school.
I love TrueCrypt, everything I've ever heard about that program completely owns. However I'm curious as to how it does with encrypting a full hard drive, and what would prevent an attacker from just booting that hard drive up. Does TrueCrypt load before the OS loads? How does that work in your experience?
Basically I just want to have all our servers encrypted, so in the event of someone getting a hold of them, they wouldn't be able to login of course from a secure windows password, but what would prevent them from stealing the drive and reading it at home? If there's an encryption method that you guys use for encrypting the entire server, please do share!
Also any client encryption would be great, but not as needed since all files are saved to the server and not locally.
I found PGP online, they look like an excellent company. But we're running out of money here in the IT budget for this year since a lot of things needed to be changed. Truecrypt attracts me because it's open source, but PGP attracts me because of how easy and managable it looks. However at a little over 100 bucks per machine [it looks like, unless I'm reading wrong] it could get very pricey.
Thanks for any advice!
Last edited by link470; 23rd January 2008 at 02:40 AM.
24th January 2008, 11:09 AM #2
May be on backups but your server room should have addition physical security.
24th January 2008, 11:14 AM #3
Ok so they wouldn't be able to boot your server if they stole a whole machine.
But if they just take the backup tapes these are copies of the live system data which isn't encrypted, unless you encrypt before or as you backup?
25th January 2008, 02:20 AM #4
- Rep Power
This is a concern of mine also. Since the loss of sensitive data in the government im always wondering what measures we have in place.
We have CCTV, locked doors, safe, seperate alarm system etc but should a tape get stolen then how would we ensure it cannot be opened.
I thought that if a user encyripted a file then that file would never be accessable again if the user account was removed. Which happens.
Also with TrueCyrpt, encyrpting an entire HDD would have performance issues and issues about recovery. Seems very long winded and difficult to implement whilst on a live system.
Fortunatily the really sensitive data is on sims and only read remotely, nothing is stored on users laptops.
Would you all agree that as long as the physical security is in place and that folder permissions are maintained and tight then extreme attempts to get this data are required. e.g someone breaking into the office and ripping the safe from the wall?
How far do we go?
25th January 2008, 09:52 AM #5
You need to consider the performance hit that live encryption will take. Also, will it mess with your antivirus? I know some encrypted files can't be scanned.
25th January 2008, 02:36 PM #6
I would hope that the encryption solution chosen would work in a similar way to (properly set up) Windows encryption - domain admins would have the ability to unencrypt any file, either through a recovery certificate or assigned rights.
Originally Posted by techyphil
6th February 2008, 04:13 PM #7
word on slashdot is that truecrypt5 now does full disk encryption
6th February 2008, 06:48 PM #8
This has crossed my mind before to. Although there is physical security its not impossible to get through. Plus it only takes one person to leave the door unlocked (Site manager, Techies & a few others have access to the room).
I donít normally but AV on a server
Originally Posted by bizzel
By NetworkGeezer in forum MIS Systems
Last Post: 16th February 2010, 10:22 PM
By witch in forum Educational Software
Last Post: 7th May 2009, 12:59 PM
By wesleyw in forum How do you do....it?
Last Post: 19th July 2007, 11:01 AM
By sidewinder in forum Wireless Networks
Last Post: 21st November 2006, 11:35 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Tags for this Thread