+ Post New Thread
Results 1 to 8 of 8
Windows Thread, Data encryption for servers in Technical; Alright, so I'm running the network for a school [duh, it's why we're here :P ] but I'm wondering about ...
  1. #1
    link470's Avatar
    Join Date
    Nov 2007
    Location
    Canada
    Posts
    250
    Thank Post
    85
    Thanked 8 Times in 6 Posts
    Rep Power
    15

    Data encryption for servers

    Alright, so I'm running the network for a school [duh, it's why we're here :P ] but I'm wondering about encryption. I'm only 20, and back when I was in high school before University, our board office got broken into and they went for the IT department and took a ton of hard drives and backup tapes. All of which were encrypted. As Network Administrator in the school district now, I want to make sure the same thing doesn't happen here at this high school.

    I love TrueCrypt, everything I've ever heard about that program completely owns. However I'm curious as to how it does with encrypting a full hard drive, and what would prevent an attacker from just booting that hard drive up. Does TrueCrypt load before the OS loads? How does that work in your experience?

    Basically I just want to have all our servers encrypted, so in the event of someone getting a hold of them, they wouldn't be able to login of course from a secure windows password, but what would prevent them from stealing the drive and reading it at home? If there's an encryption method that you guys use for encrypting the entire server, please do share!

    Also any client encryption would be great, but not as needed since all files are saved to the server and not locally.

    I found PGP online, they look like an excellent company. But we're running out of money here in the IT budget for this year since a lot of things needed to be changed. Truecrypt attracts me because it's open source, but PGP attracts me because of how easy and managable it looks. However at a little over 100 bucks per machine [it looks like, unless I'm reading wrong] it could get very pricey.

    Thanks for any advice!
    Last edited by link470; 23rd January 2008 at 01:40 AM.

  2. #2
    nicholab's Avatar
    Join Date
    Nov 2006
    Location
    Birmingham
    Posts
    1,453
    Thank Post
    4
    Thanked 97 Times in 93 Posts
    Blog Entries
    1
    Rep Power
    50
    May be on backups but your server room should have addition physical security.

  3. #3

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,273
    Thank Post
    614
    Thanked 1,567 Times in 1,407 Posts
    Rep Power
    412
    Ok so they wouldn't be able to boot your server if they stole a whole machine.

    But if they just take the backup tapes these are copies of the live system data which isn't encrypted, unless you encrypt before or as you backup?

    Ben

  4. #4

    Join Date
    Mar 2007
    Posts
    323
    Thank Post
    6
    Thanked 7 Times in 6 Posts
    Rep Power
    16
    This is a concern of mine also. Since the loss of sensitive data in the government im always wondering what measures we have in place.

    We have CCTV, locked doors, safe, seperate alarm system etc but should a tape get stolen then how would we ensure it cannot be opened.

    I thought that if a user encyripted a file then that file would never be accessable again if the user account was removed. Which happens.

    Also with TrueCyrpt, encyrpting an entire HDD would have performance issues and issues about recovery. Seems very long winded and difficult to implement whilst on a live system.

    Fortunatily the really sensitive data is on sims and only read remotely, nothing is stored on users laptops.

    Would you all agree that as long as the physical security is in place and that folder permissions are maintained and tight then extreme attempts to get this data are required. e.g someone breaking into the office and ripping the safe from the wall?

    How far do we go?

  5. #5
    bizzel's Avatar
    Join Date
    Jul 2007
    Location
    Cambridge
    Posts
    654
    Thank Post
    102
    Thanked 204 Times in 72 Posts
    Rep Power
    51
    You need to consider the performance hit that live encryption will take. Also, will it mess with your antivirus? I know some encrypted files can't be scanned.

  6. #6


    Join Date
    Dec 2005
    Location
    In the server room, with the lead pipe.
    Posts
    4,619
    Thank Post
    275
    Thanked 777 Times in 604 Posts
    Rep Power
    223
    Quote Originally Posted by techyphil View Post
    I thought that if a user encyripted a file then that file would never be accessable again if the user account was removed. Which happens.
    I would hope that the encryption solution chosen would work in a similar way to (properly set up) Windows encryption - domain admins would have the ability to unencrypt any file, either through a recovery certificate or assigned rights.

  7. #7


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    word on slashdot is that truecrypt5 now does full disk encryption
    http://it.slashdot.org/it/08/02/06/1333216.shtml

  8. #8

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,779
    Thank Post
    865
    Thanked 1,665 Times in 1,450 Posts
    Blog Entries
    11
    Rep Power
    442
    This has crossed my mind before to. Although there is physical security its not impossible to get through. Plus it only takes one person to leave the door unlocked (Site manager, Techies & a few others have access to the room).

    Quote Originally Posted by bizzel View Post
    You need to consider the performance hit that live encryption will take. Also, will it mess with your antivirus? I know some encrypted files can't be scanned.
    I donít normally but AV on a server

    Z

SHARE:
+ Post New Thread

Similar Threads

  1. Programatic data extraction from SIMS.net Data Base
    By NetworkGeezer in forum MIS Systems
    Replies: 108
    Last Post: 16th February 2010, 09:22 PM
  2. Data Encryption Memory sticks
    By witch in forum Educational Software
    Replies: 44
    Last Post: 7th May 2009, 11:59 AM
  3. IBM 335 servers
    By wesleyw in forum How do you do....it?
    Replies: 4
    Last Post: 19th July 2007, 10:01 AM
  4. What should I do with my new servers?
    By sidewinder in forum Wireless Networks
    Replies: 12
    Last Post: 21st November 2006, 10:35 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •