[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: Question related to FDE (Full Disk Encryption) solution under Linux Debian Lenny

On lun., 2011-01-24 at 08:27 +0000, Jeroen van Dongen wrote:
> If your server can reboot without a human being present to enter a
> password, what's to stop someone who steals your server to obtain
> access to the data? 
>  
> 
> The FDE does NOT protect your data against hackers - if they hack your
> running system, they have access to all data that your application has
> access to as well.
> 
>  
> 
> FDE only has something to offer against an adversary getting physical
> access to an *in-active*/un-mounted disk. And even then, only if the
> required credentials are *not* stored on/with the same system.
> 

We don't have information against which type of threat the OP wants to
protect against so I'm not sure we can speculate on this (maybe it'd be
worth giving precision so people can give a more specific answer
though).

Anyway, FDE on a server isn't usually needed to protect against hackers
but more for physical intrusion, like someone removing hard disk from
the system (be it a random people passing by in your datacenter or a
Dell/IBM/Oracle/whatever support people).

Regards,
-- 
Yves-Alexis
Reply to: