On Mon, Oct 6, 2014 at 11:52 PM, Duncan Patton a Campbell <campb...@neotext.ca> wrote: > The most basic consideration in computer security has nothing to > do with technology and computers. Do the people you need to keep > out of the know need to know enough to come and break legs? > > If so, don't bother encrypting. They may not just break legs. > > Dhu > > On Mon, 06 Oct 2014 13:48:33 -0600 > chester.t.fi...@hushmail.com wrote: > >> Very true, filling your subterranean data server with angry hornets >> certainly seems like a good idea but it's really not, most AC >> maintenance contractors will charge you extra (usually per sting!). >> >> Chester T. Field >> >> And remember when I left all the meat out because I saw Mr. David Lynch “I’m >> on TV” do it, >> and he got on TV from doin’ it, and I did it and didn’t get on TV from doin’ >> it? - Gandhi >> >> On 10/6/2014 at 1:37 PM, "Matti Karnaattu" <mkarnaa...@gmail.com> wrote: >> > >> >>Yes, my goal is to secure the >> >>infrastructure as much as possible. >> > >> >I don't know details but it sounds overly complex. And complexity >> >may cause other issues, without any benefit for security. >> > >> >Example, you don't have to encrypt your whole hard disk if the hard >> >disk is located in guarded bunker. But if you do that, it will >> >increase >> >security in theory but that may cause service outtage if you have >> >to >> >always locally type your crypt password if machine crashes. >> > >> >I would put this effort to ease maintainability, ease monitoring, >> >use stateful firewall, deploy honeypot etc. and avoid complexity. >>
Thanks guys for your answers. I know it: our it sec. dept. adds a complexity to our infrastructure, but they are determined to do so. Searching via google I found this: http://www.safenet-inc.com/data-encryption/ HSM: hardware security modules ... But exists another problem. If I would like to use some SSL/TLS or IPSec based solution, how can I authenticate these servers between them without compromise host security?? Any ideas??
