At 03:21 PM 3/21/2010, John Daisley wrote:
Mike,
Encrypted filesystems can seriously impact performance of MySQL.
Its an entirely different issue to MySQL encryption but one would hope
that, if you are going to go to all the trouble of using two part keys and
the strongest encryption available in your database, you would also take
as much care of your hardware by ensuring that it is kept secure and not
left in the hands of an untrustworthy isp, disposed of in an insecure
manner or kept in an insecure office.
John,
ensuring that it is kept secure and not left in the hands of an
untrustworthy isp, disposed of in an insecure manner or kept in an
insecure office
In theory that makes sense. But how you would know your ISP is trustworthy
and vigilant?
As many of you already know, the Homeland Security act revoked all
expectation of privacy for data that is stored on a 3rd party server like
an ISP. The ISP is obligated to turn over any and all data at the request
of a federal employee without need for a warrant. Refusal to comply or if
your ISP tells you or anyone else the information was released, they are
subject to a long federal prison sentence. Not too many ISP's will go up
against the fed gov't. E-Bay for instance consistently turns over their
customer data every month, not only on what items people are buying and
selling, but also what they are looking at.on E-Bay. Sprint was discovered
giving GPS data on all of their phone customers to the gov't without
telling their customers. Ouch! As a result the gov't knows exactly where
you've been every minute of the day and who you've been meeting with
(provided they also had a GPS capable cell phone) because you'll have the
same gps coordinates at the same time of day. They also know how long the
meeting took place. All this without any of the parties making a cell call
from the location. Clever.
Have you ever heard of an ISP informing their clients that their site was
hacked into by an outside source (hacker from another country or one of
your competitors) and that your data may have been compromised? Of course
not. Security breaches happens all the time and your information could be
on its way to China for all you know, and your ISP certainly isn't going
to tell you. There is no such thing as a safe machine running at an ISP. I
would definitely store part of the password off the ISP and on a machine
that I controlled.
I'm really surprised MySQL doesn't have table-wide encryption like so many
other databases do. This will prevent at least the low to medium level
hacker from accessing your data. I've used other databases with AES256 with
no noticeable reduction in speed.
In conclusion, I wouldn't store anything at an ISP that I wouldn't write on
the back of a postcard (unless it was encrypted). :-)
Mike
-----Original Message-----
From: mos <mo...@fastmail.fm>
Sent: Sunday, March 21, 2010 3:40 AM
To: mysql@lists.mysql.com
Subject: RE: MySQL Encryption
At 05:54 PM 3/20/2010, John Daisley wrote:
>Jim
>
>In the case of our encrypted data no user, application or script is given
>access to the tables in question. Access is only granted via a couple of
>stored procedures and to be honest if you didn't know which ones you would
>have a hard job finding them as we have hundreds.
>
>Problem with keeping any part of the key in a place other than the mysql
>server is you add complexity and give yourself a whole bunch of new
>security concerns as you then have to transmit the 'key part' to the mysql
>server over a network.
>
>For someone to take complete control of our mysql server and compromise
>our data they would need to guess a username and password for the box in
>under 3 attempts, then guess the root password and then guess a valid
>mysql username and password.
>
>The biggest headache for us, and one which is often overlooked is 'How do
>we keep our backups secure'
Or they can find your drive in the local swap shop after the ISP retires
your drive for a new one. Or if you are doing your own hosting, the local
bne artist will do a smash and grab if they find out you have computers in
your office. It happens all the time over here, even government offices
aren't immune. Of course if your competitors want your information bad
enough, they'll bribe one of the support staff to make an extra backup, or
your competitor will hire people to recover your drive. Corporate and
intra-country espionage is growing rapidly and is largely unreported by the
ISP and the companies that were hit.
There are many ways your drive can grow legs and walk out of there. So
storing all of the passwords on the drive isn't secure enough, unless the
drive itself is encrypted with a password known only to a few people in
your company. Never trust the internet service provider to be your only
means to protect your data or your drives.
Mike
>-----Original Message-----
>From: Jim <j...@lowcarbfriends.com>
>Sent: Friday, March 19, 2010 4:22 PM
>To: John Daisley <daisleyj...@googlemail.com>; mysql@lists.mysql.com
>Subject: Re: MySQL Encryption
>
>Thanks for the reply, John.
>
>What you are describing seems to be the approach I've seen on the few
>places I've seen this topic discussed.
>
>I've been considering something along those lines, essentially a two
>part key.
>
>Part one of the key is made from some data that is in the record I want
>to protect and it is different for each record, very much like you suggest
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/mysql?unsub=arch...@jab.org
