Am 28.10.2013 20:14, schrieb Douglas Mortensen: > So.... given that type of scenario, if filesystem permissions weren't > correct, or some new exploit surfaced that allowed someone bypass or elevate > to root, then they could theoretically have access to the entire fileystem > including where emails are stored. > I hope to never have this sort of thing happen. We patch our systems > regularly and have other security measures we follow to prevent this. We also > are managing most of the PHP scripts customers use ourselves now and are > updating those for the CMS' and other systems proactively.
how would enryption help here? > However, it would be nice to know that even if we were breached, the emails > on the server were encrypted and would be completely useless to an attacker. > This type of encryption is ideal and some regulations prefer (although don't > require) it impossible and useless if someone comes that far he can also read whatever configuration containing the keys encryption is nice in case of disks got stolen but not for protection against intrusion on the running machine > -----Original Message----- > From: dovecot-boun...@dovecot.org [mailto:dovecot-boun...@dovecot.org] On > Behalf Of Michael Orlitzky > Sent: Monday, October 28, 2013 11:52 AM > To: dovecot > Subject: Re: [Dovecot] Encryption solution for messages at rest > > On 10/28/2013 12:02 PM, Douglas Mortensen wrote: >> Hi, >> >> We have clients with various security & compliance requirements. >> Although not required, it would be ideal to have messages encrypted at >> rest. > > You can rule out a lot of the crazier options by answering the questions, > > (a) What attack scenario do you have in mind? > > (b) How will encryption help?
signature.asc
Description: OpenPGP digital signature
