Secure data on server

Question

Hi,

I am setting up a server where some important code will reside. I want to make sure the code is unreachable, in case the HD is stolen. Well I know you never can be sure, but reasonably secure. Which method could I use? How to i.e. mount a crypted filesystem at bootup without human interaction?

Thank you very much for your help.

Answer 1

What you want is called Full Disk Encryption. A complete partition/filesystem is encrypted, it is decrypted by the OS (or 3rd-party-software) when it's mounted.

There are many implementations, and at least MS Windows & Linux have it as part of the OS. See the Wikipedia article for details.

Being able to mount it w/o human intervention could be problematic; after all the whole point is that you cannot read the HD without human (i.e. your) intervention :-). You might be able to do this with some hardware token, but then that could also be stolen. So that requirement might not be doable.

Answer 2

Mounting an encrypted file-system without human intervention will ultimately weaken your security. The thief would just need to steal your server. It is perfectly doable with any Linux based system using dm_crypt. There are many online tutorials showing you how to do it.

If this is for a file-server, you may want to consider using FreeNAS. It is a BSD based NAS operating system and it includes the ability to encrypt the disks, amongst other things. You will need to enter a password through the web-interface to mount the disks.

Answer 3

Without human interaction is possible using a hardware token but you need to guard against someone stealing the token along with your server.

You could accomplish some safety with built-in GPS and a 10-minute backup battery or something (forget the key if power is lost for >10 minutes or the server is moved). You can make it work somehow but it will be insanely expensive.

You propably want a less involved solution like this:

1. Boot from a regular partition
2. Set up encrypted swap with a randomized key on startup (important!)
3. Set up /tmp and similar locations on an encrypted partition or in RAM (important!)
4. Mount the encrypted data partition by logging in over ssh

Still human intervention required, but you can stay at home while doing it.

Answer 4

I do not know if any of the encrypted filesystem solutions support this, but one solution would be to have the server contact another server to get the key. You could even imagine splitting the key between several servers, so the server would have to contact n out of m servers to get the key.

If you place the servers in different locations that would make you safe against (n-1) out of the servers being stolen.

An attacker would however of course be able to get access to the encryption key if he performs the attack while the server is still connected to the network, but this implementation would make you secure against simple theft.

Answer 5

The open source TrueCrypt creates a virtual disk within a file and mounts it like a real drive, or it can encrypt an entire drive. Encryption is transparent and fast. I have used it; it works in real time. It might make things easier.

Answer 6

Thank you very much for your helping answers.

I'll try a truecrypt container wich uses several distributed keyfiles (and no password). A script will retrieve the keyfiles, then mount the volume, then delete the keyfiles.

Since we are only a small bunch, another option could be to programatically crypt/decrypt the data on the client side just before writing/reading. But this seems to me somehow tiresome.

Then, what about having a keyfile on a terminal server? So many questions!

Thank you once more for your help.

Answer 7

Now... I just remembered about cold boot attacks. Do we really need guns? Are we that doomed?