On Tue, 16 May 2006 08:39:42 -0500, "Nick Vaernhoej"
<nick.vaernhoej@capitalcardservices.com> said:
We have VPN connections in place to prevent sniffing of traffic. I am
actually trying to prevent data theft happening in case of someone
walking out with a fileserver.
Sometimes management just knows better.....
Tell management that there are dangers in encrypting filesystems.
No matter the OS, with encrypted filesystems there is always the
possibility of something going wrong and losing all of your data.
I won't go into details. Google it, there are many.
A much more foolproof and safer method is called 'Physical Security'.
On Wed, 17 May 2006 08:13:54 -0500, "Nick Vaernhoej"
<nick.vaernhoej@capitalcardservices.com> said:
We have a server room behind a keypass locked door. I am being told we
need to encrypt the fileserver because of PCI requirements. It seems we
have cardholder information in Excel spreadsheets....
As I stated earlier, encrypted filesystems carry the potential risk
of data loss. You are *much* more likely to lose all of your data
from an encryption key being hosed, or one of many other potentially
disastrous accidents happening, than in someone walking out of your
data center with a server. If someone did that, even if all of your
data 'was' encrypted, there is no guarantee that it will stop them.
Do you actually imagine that if a group of people were resourceful
enough to actually steal a server from a physically secure data
center that they are not going to have someone who can over come
your encryption scheme? The risks *far* out way the benefits.
The above scenario is an absolute fantasy, anyway.
Unfortunately, I used to work for a large bank so I understand a large
corporations management in strictly adhering to some draconian
security policy, even if it doesn't make any sense.
Good luck, your going to need it.
--
Eric Furman
ericfurman@fastmail.net
