encrypt apache and mysql servers

Question

I have a question about encrypting disks.

I have 2 servers: 1 is apache for web/frontend and it talks to server 2 which is mysql. They are all for intranet only; no external access. I was looking into using PGP or GnuPG to encrypt the disks. I'm not clear, though, as to exactly how this would work.

Where would the keys be stored? On the client? On apache? If there is a key on apache to access mysql, does there need to be a key for each user? If so, if key 1 is used to alter some data, would then that data be inaccessible to a user using key 2? And the apache key, would that only be accessible to users with local keys?

Is encryption done on the fly? Does it degrade performance?

What would be the best approach to encrypt the data on these servers, but have them accessible to users?

Thanks!

Answer 1

In the setup you describe there can be many places and ways the data can be encrypted. If you want to encrypt all transferred data between servers, setting up a Virtual Private Network (VPN) between them would to the trick. If you want to encrypt the actual data on the disk, you can use a crypto filesystem like CFS on Linux. If you are a bit more paranoid you might want to encrypt the swap space too.

It's probably not efficient to encrypt all data all the time, considering encryption operations can be quite heavy on the CPU. I'm guessing encrypting everything is not necessary and you just want to encrypt some of your data which is sensitive. I think the most straightforward way to do that would be to use the user's password plus a random salt (generated once for each user) as a key and use a symmetric key algorithm like AES.

Your web application should store and retrieve the data in the database in an encrypted form, and take care not to keep the unencrypted data in memory for any longer than strictly necessary. To (try to) make sure it stays secret when you send it out to the client after that, you should use TLS.