![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
My assignment here asks about data security; it poses the question of how to store data on a server in a secure manner. This perplexes me somewhat. Say we use some fancy-schmancy data encryption algorithm to encrypt all the data files on the server. Then we need a key to decrypt them back again when we need them, and... where do we store that? It doesn't seem any more secure than just leaving the data plaintext; the key file could just as well be stolen by some attacker as any other file. (Or if we hard-code the key into the program, then the object code could be stolen and reverse-engineered.)
So: is it a stupid question? Is there any way of securing data on a server, or should we concentrate on not giving the attacker access to the file system in the first place?
So: is it a stupid question? Is there any way of securing data on a server, or should we concentrate on not giving the attacker access to the file system in the first place?
Tags:
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
From:
no subject
It gets spectacularly worse when the software is engineered by idiots by the way. As a case in point, with Grid, we use a system of proxy certificates because typing in a 20-odd character pass-phrase every time you want to do anything is a real PITA. When you log in, you sign a short duration time-limited proxy certificate with your real key. This is stored somewhere and used to do all your work. This used to be in /tmp, but because another part of Globus was brain-dead and allowed this to be exploited using symlinks, they moved to storing the proxy certificate in your home directory. The proxy certificate is not encrypted, but is owned and only readable by you (and root).
Most home directories are mounted across a network (whereas /tmp is not) using something like NFS which is not encrypted, so people's proxy certificates are transmitted in the clear across ethernet. If someone were to intercept one of them (a trivial exercise), they would be able to access any machine that that person could log into with that certificate anywhere in the world for the duration of that certificate.
Let's not even go into the issue of unencrypted keys ending up in swap space (or in the case of proxy certificates) and not being securely deleted.
From:
no subject
Having a key encrypted with a pass-phrase seems like it might provide enough security for the purposes of this practical. How would you go about doing it, and can you do it to an AES key? (Apologies for the cheeky "please help me with my homework"-style questioning!)
From:
no subject
From:
no subject
I had a quick look at the documentation but it doesn't say. It's all done automagically using the tools in OpenSSL though, so I imagine it's whatever that uses.
From:
no subject
From:
no subject
Security by Obsolescence? Not good either...
There is a dead easy way to make sure the data on a computer is secure: nick the power lead; hide the monitor; put the computer in a locked filing cabinet stuck in a disused lavatory with a sign outside the door saying "Beware of the Leopard."; take the disk out the computer.
Software wise, nothing has really got better than PGP :-(
From:
no subject
I am invincible.
From:
no subject
<chuckle />
From:
no subject
Hell, pico is far superior.
<grin type="evil" />
From:
no subject
From:
no subject
The assignment tells us that "This information is to be kept secure, both as stored on the server and in the SOAP messages", which implies that the lecturer things that encrypting your data is a good thing. I don't really want to risk antagonising him by contradicting his opinion... 8^P