views:

117

answers:

7

Hi,

I am setting up a server where some important code will reside. I want to make sure the code is unreachable, in case the HD is stolen. Well I know you never can be sure, but reasonably secure. Which method could I use? How to i.e. mount a crypted filesystem at bootup without human interaction?

Thank you very much for your help.

+1  A: 

What you want is called Full Disk Encryption. A complete partition/filesystem is encrypted, it is decrypted by the OS (or 3rd-party-software) when it's mounted.

There are many implementations, and at least MS Windows & Linux have it as part of the OS. See the Wikipedia article for details.

Being able to mount it w/o human intervention could be problematic; after all the whole point is that you cannot read the HD without human (i.e. your) intervention :-). You might be able to do this with some hardware token, but then that could also be stolen. So that requirement might not be doable.

sleske
+2  A: 

Mounting an encrypted file-system without human intervention will ultimately weaken your security. The thief would just need to steal your server. It is perfectly doable with any Linux based system using dm_crypt. There are many online tutorials showing you how to do it.

If this is for a file-server, you may want to consider using FreeNAS. It is a BSD based NAS operating system and it includes the ability to encrypt the disks, amongst other things. You will need to enter a password through the web-interface to mount the disks.

sybreon
+1  A: 

Without human interaction is possible using a hardware token but you need to guard against someone stealing the token along with your server.

You could accomplish some safety with built-in GPS and a 10-minute backup battery or something (forget the key if power is lost for >10 minutes or the server is moved). You can make it work somehow but it will be insanely expensive.

You propably want a less involved solution like this:

  1. Boot from a regular partition
  2. Set up encrypted swap with a randomized key on startup (important!)
  3. Set up /tmp and similar locations on an encrypted partition or in RAM (important!)
  4. Mount the encrypted data partition by logging in over ssh

Still human intervention required, but you can stay at home while doing it.

Gerco Dries
+2  A: 

I do not know if any of the encrypted filesystem solutions support this, but one solution would be to have the server contact another server to get the key. You could even imagine splitting the key between several servers, so the server would have to contact n out of m servers to get the key.

If you place the servers in different locations that would make you safe against (n-1) out of the servers being stolen.

An attacker would however of course be able to get access to the encryption key if he performs the attack while the server is still connected to the network, but this implementation would make you secure against simple theft.

Rasmus Faber
+2  A: 

The open source TrueCrypt creates a virtual disk within a file and mounts it like a real drive, or it can encrypt an entire drive. Encryption is transparent and fast. I have used it; it works in real time. It might make things easier.

R Ubben
+1  A: 

Thank you very much for your helping answers.

I'll try a truecrypt container wich uses several distributed keyfiles (and no password). A script will retrieve the keyfiles, then mount the volume, then delete the keyfiles.

Since we are only a small bunch, another option could be to programatically crypt/decrypt the data on the client side just before writing/reading. But this seems to me somehow tiresome.

Then, what about having a keyfile on a terminal server? So many questions!

Thank you once more for your help.

Schnuffus T. Firefly
Don't store the keyfiles on the drive, that'll make the system vulnerable. Store them on tmpfs, ram or other volatile storage, that at least will do more for protecting against stolen equipment as is your concern.
piotr
Thank you piotr. The idea is that the keyfiles will reside remotely, and will only remain on the server the short moment that takes to mount the crypted volume.
Schnuffus T. Firefly
But still I will need to learn about preventing presence security breaches, like using the single-user-mode and whatever other ways.
Schnuffus T. Firefly
If the keyfiles are *ever* written to the disk, they will be there for posterity (and thieves). You must write them to tmpfs or something similar and *use encrypted swap*. If you don't, you run the risk of the keys being written out to disk anyway (in the swapfile for example).
Gerco Dries
OK. I get it. I will mount a tmpfs to which retrieve the keyfiles.It is wonderful how fast and useful you react, guys.
Schnuffus T. Firefly
Please also remember that tmpfs lives in virtual memory, that is: Your swap file. Using tmpfs is just as unsafe as writingany other filesystem unless you encrypt your swapfile with a random key on startup.
Gerco Dries
Thank you all. It works!
Schnuffus T. Firefly
A: 

Now... I just remembered about cold boot attacks. Do we really need guns? Are we that doomed?

Schnuffus T. Firefly