Обсуждение: Encrypted Disks

Поиск
Список
Период
Сортировка

Encrypted Disks

От
"Peter Darley"
Дата:
Folks,

    A client is asking us about data security, and keeping data encrypted on
disk.  I recall there was some discussion about this before, including
things like for it to be secure an operator would need to put in a key when
the disk is mounted, that once it is mounted anyone with permissions to the
disk can read it, etc.

    Given these drawbacks, I'm wondering if anyone has used an encrypted fs for
PostgreSQL and if so, what they found in terms of speed.  Would this be a
big hit, or would it be pretty low impact?  Also, does it cause any
potential problems with recovery from a crash, etc?

Thanks,
Peter Darley


Re: Encrypted Disks

От
Scott Marlowe
Дата:
On Thu, 2005-09-22 at 17:18, Peter Darley wrote:
> Folks,
>
>     A client is asking us about data security, and keeping data encrypted on
> disk.  I recall there was some discussion about this before, including
> things like for it to be secure an operator would need to put in a key when
> the disk is mounted, that once it is mounted anyone with permissions to the
> disk can read it, etc.
>
>     Given these drawbacks, I'm wondering if anyone has used an encrypted fs for
> PostgreSQL and if so, what they found in terms of speed.  Would this be a
> big hit, or would it be pretty low impact?  Also, does it cause any
> potential problems with recovery from a crash, etc?

You and your client need to back up and figure out which scenario you're
trying to protect against.

Encrypting the drive (with an external key) ensures that if someone
steals the disks, or gets hold of the raw db files that they can't get
the data out.

However, if they hack into the machine that is accessing the database,
encrypting the drives doesn't nothing for you.

So, which scenario are they trying to protect against?  Once you know
the answer to that question, then you can look at different ways of
encrypting the data you are storing.

Re: Encrypted Disks

От
"Peter Darley"
Дата:
Scott,

    The only potential scenario for us is encrypting the disks so if they are
stollen the data is safe.  It's a small project and it would not be worth it
to redesign our system to the extent it would need to be to have data in the
fields encrypted while the db is running.  So, long and short, I understand
that it only protects the data while the drive is not mounted.

Thanks,
Peter

-----Original Message-----
From: Scott Marlowe [mailto:smarlowe@g2switchworks.com]
Sent: Friday, September 23, 2005 8:24 AM
To: Peter Darley
Cc: Pgsql-Admin
Subject: Re: [ADMIN] Encrypted Disks


On Thu, 2005-09-22 at 17:18, Peter Darley wrote:
> Folks,
>
>     A client is asking us about data security, and keeping data encrypted on
> disk.  I recall there was some discussion about this before, including
> things like for it to be secure an operator would need to put in a key
when
> the disk is mounted, that once it is mounted anyone with permissions to
the
> disk can read it, etc.
>
>     Given these drawbacks, I'm wondering if anyone has used an encrypted fs
for
> PostgreSQL and if so, what they found in terms of speed.  Would this be a
> big hit, or would it be pretty low impact?  Also, does it cause any
> potential problems with recovery from a crash, etc?

You and your client need to back up and figure out which scenario you're
trying to protect against.

Encrypting the drive (with an external key) ensures that if someone
steals the disks, or gets hold of the raw db files that they can't get
the data out.

However, if they hack into the machine that is accessing the database,
encrypting the drives doesn't nothing for you.

So, which scenario are they trying to protect against?  Once you know
the answer to that question, then you can look at different ways of
encrypting the data you are storing.


Re: Encrypted Disks

От
Scott Marlowe
Дата:
Well then, a loop back mounted encrypted file system should do the
trick.

Note that other methods could work as well, but not require an encrypted
file system, such as two key (public/private i.e. pki) encryption, where
the key used for encrypting could be kept on the server, and the
decryption key is kept in the client side, so that the data on the
server is also rendered useless should the server / drives get stolen.

I've found the page for encfs here:

http://arg0.net/wiki/encfs

There are other sites, but they appear fairly old, circa 1999 or so, and
based on the linux 2.2 kernel.

On Fri, 2005-09-23 at 12:39, Peter Darley wrote:
> Scott,
>
>     The only potential scenario for us is encrypting the disks so if they are
> stollen the data is safe.  It's a small project and it would not be worth it
> to redesign our system to the extent it would need to be to have data in the
> fields encrypted while the db is running.  So, long and short, I understand
> that it only protects the data while the drive is not mounted.
>
> Thanks,
> Peter
>
> -----Original Message-----
> From: Scott Marlowe [mailto:smarlowe@g2switchworks.com]
> Sent: Friday, September 23, 2005 8:24 AM
> To: Peter Darley
> Cc: Pgsql-Admin
> Subject: Re: [ADMIN] Encrypted Disks
>
>
> On Thu, 2005-09-22 at 17:18, Peter Darley wrote:
> > Folks,
> >
> >     A client is asking us about data security, and keeping data encrypted on
> > disk.  I recall there was some discussion about this before, including
> > things like for it to be secure an operator would need to put in a key
> when
> > the disk is mounted, that once it is mounted anyone with permissions to
> the
> > disk can read it, etc.
> >
> >     Given these drawbacks, I'm wondering if anyone has used an encrypted fs
> for
> > PostgreSQL and if so, what they found in terms of speed.  Would this be a
> > big hit, or would it be pretty low impact?  Also, does it cause any
> > potential problems with recovery from a crash, etc?
>
> You and your client need to back up and figure out which scenario you're
> trying to protect against.
>
> Encrypting the drive (with an external key) ensures that if someone
> steals the disks, or gets hold of the raw db files that they can't get
> the data out.
>
> However, if they hack into the machine that is accessing the database,
> encrypting the drives doesn't nothing for you.
>
> So, which scenario are they trying to protect against?  Once you know
> the answer to that question, then you can look at different ways of
> encrypting the data you are storing.
>

Re: Encrypted Disks

От
"Peter Darley"
Дата:
Scott,
    I was hoping that someone with some experience could comment on how much
this would slow down PostgreSQL, or weither it is likely to introduce some
instabilities...
Thanks,
Peter Darley

-----Original Message-----
From: pgsql-admin-owner@postgresql.org
[mailto:pgsql-admin-owner@postgresql.org]On Behalf Of Scott Marlowe
Sent: Friday, September 23, 2005 11:47 AM
To: Peter Darley
Cc: Pgsql-Admin
Subject: Re: [ADMIN] Encrypted Disks


Well then, a loop back mounted encrypted file system should do the
trick.

Note that other methods could work as well, but not require an encrypted
file system, such as two key (public/private i.e. pki) encryption, where
the key used for encrypting could be kept on the server, and the
decryption key is kept in the client side, so that the data on the
server is also rendered useless should the server / drives get stolen.

I've found the page for encfs here:

http://arg0.net/wiki/encfs

There are other sites, but they appear fairly old, circa 1999 or so, and
based on the linux 2.2 kernel.

On Fri, 2005-09-23 at 12:39, Peter Darley wrote:
> Scott,
>
>     The only potential scenario for us is encrypting the disks so if they are
> stollen the data is safe.  It's a small project and it would not be worth
it
> to redesign our system to the extent it would need to be to have data in
the
> fields encrypted while the db is running.  So, long and short, I
understand
> that it only protects the data while the drive is not mounted.
>
> Thanks,
> Peter
>
> -----Original Message-----
> From: Scott Marlowe [mailto:smarlowe@g2switchworks.com]
> Sent: Friday, September 23, 2005 8:24 AM
> To: Peter Darley
> Cc: Pgsql-Admin
> Subject: Re: [ADMIN] Encrypted Disks
>
>
> On Thu, 2005-09-22 at 17:18, Peter Darley wrote:
> > Folks,
> >
> >     A client is asking us about data security, and keeping data encrypted
on
> > disk.  I recall there was some discussion about this before, including
> > things like for it to be secure an operator would need to put in a key
> when
> > the disk is mounted, that once it is mounted anyone with permissions to
> the
> > disk can read it, etc.
> >
> >     Given these drawbacks, I'm wondering if anyone has used an encrypted fs
> for
> > PostgreSQL and if so, what they found in terms of speed.  Would this be
a
> > big hit, or would it be pretty low impact?  Also, does it cause any
> > potential problems with recovery from a crash, etc?
>
> You and your client need to back up and figure out which scenario you're
> trying to protect against.
>
> Encrypting the drive (with an external key) ensures that if someone
> steals the disks, or gets hold of the raw db files that they can't get
> the data out.
>
> However, if they hack into the machine that is accessing the database,
> encrypting the drives doesn't nothing for you.
>
> So, which scenario are they trying to protect against?  Once you know
> the answer to that question, then you can look at different ways of
> encrypting the data you are storing.
>

---------------------------(end of broadcast)---------------------------
TIP 9: In versions below 8.0, the planner will ignore your desire to
       choose an index scan if your joining column's datatypes do not
       match