Koozali.org: home of the SME Server

Obsolete Releases => SME Server 9.x => Topic started by: schweidj on April 02, 2017, 09:28:07 PM

Title: full disk encryption
Post by: schweidj on April 02, 2017, 09:28:07 PM: Hi

can anybody tell me if there is an install option for full disk encryption in SME Server 9.x?

Regards,
Joachim
Title: Re: full disk encryption
Post by: Stefano on April 02, 2017, 10:04:20 PM: AFAIK no ATM

what are you thinking about? any hint? it could be a great improvement
Title: Re: full disk encryption
Post by: schweidj on April 03, 2017, 11:39:38 PM: I use a esxi box so I can access the console on restart to enter the password on startup.
From my point of view it´s a knock-out criterion for some-server. I would never store sensible data on a non encrypted device.
Title: Re: full disk encryption
Post by: schweidj on April 03, 2017, 11:42:00 PM: Quote from: schweidj on April 03, 2017, 11:39:38 PM
I use a esxi box so I can access the console on restart to enter the password on startup.
From my point of view it´s a knock-out criterion for sme-server. I would never store sensible data on a non encrypted device.
Title: Re: full disk encryption
Post by: Daniel B. on April 04, 2017, 12:37:43 AM: You can use the graphical installation menu with which you have all the centos partitioning options. Encryption should work (I have not tested). I should also add that full disk encryption on a 24/7 powered server is nearly useless (unless it's not physically protected)
Title: Re: full disk encryption
Post by: brianr on April 04, 2017, 08:25:51 AM: Quote from: Daniel B. on April 04, 2017, 12:37:43 AM
You can use the graphical installation menu with which you have all the centos partitioning options. Encryption should work (I have not tested). I should also add that full disk encryption on a 24/7 powered server is nearly useless (unless it's not physically protected)

I can see partly what you mean here, but I think a link or paragraph explaining this point would be very instructive.
Title: Re: full disk encryption
Post by: Daniel B. on April 04, 2017, 09:12:47 AM: Well, that's easy: once you entered the password to unlock the drive, the data is available just as if it was unencrypted for as long as the server stay powered on. The only protection it brings is if someone physically takes your server (or the image disk if it's a VM)
Title: Re: full disk encryption
Post by: schweidj on April 04, 2017, 09:32:26 AM: Of course that´s what I mean, it´s protected if someone steals the hardware.

Thank you, I´ll try the graphical installation menu...

Joe
Title: Re: full disk encryption
Post by: brianr on April 04, 2017, 10:41:04 AM: Quote from: schweidj on April 04, 2017, 09:32:26 AM
Of course that´s what I mean, it´s protected if someone steals the hardware.

Thank you, I´ll try the graphical installation menu...

Joe

Please keep us up to date with your progress, I am also interested in this..
Title: Re: full disk encryption
Post by: CharlieBrady on April 04, 2017, 09:14:47 PM: Quote from: Daniel B. on April 04, 2017, 09:12:47 AM
once you entered the password to unlock the drive, the data is available just as if it was unencrypted for as long as the server stay powered on.

A corollary is that if the system reboots, and you are not physically present to enter the password, then the system is unusable.