On Wed, 24 Aug 2011, Singer X.J. Wang wrote:
How often do you reboot your database servers?
you better reboot them frequently or your system will be out of date and
vunerable to known secruity holes.
never mind the other unplanned type of reboot (datacenter wide power
outage due to a UPS blowing up for example) In a situation like this, you
_really_ don't want to have to have your admins touch each box
individually (and in the right order) before they are functional.
unless you are the NSA, in which case you want to require that three
different people (out of a pool of 7 possible people) all be physically in
the room to unlock the encryption keys, and are willing to have the
systems down for several extra hours while these people gather.
It also protects if someone hacks into the system and gets root or the
server is physically stolen.
if someone has root they can get at the data, because they can reconfigrue
MySQL to give them access.
if the server is physically stolen then (unless the key must be
entered/unlocked manually) they have access to the key to decrypt the
data. It's only if the data drives are physically stolen, but the OS
drives are not that you are protected. This situation can exist in a mixed
local/SAN environment.
if you don't bother to encrypt your backups, or erase drives you dispose
of, this may protect you (depending on if the key is on those
drives/backups)
I still stand by my statement that the only real value of this is in
satisfying auditors, not in real security.
David Lang
On Wed, Aug 24, 2011 at 23:44, <[email protected]> wrote:
it only protects against the machine being stolen if the decryption key is
not also stored on the machine. This would mean that there needs to be a
manual step (either to enter the key or to unlock the key) every time the
machine boots. Since nobody does that (everyone wants the machine to boot up
without requireing a sysadmin login to it) it's snake oil in that case as
well.
the only time this actually works is if you have the drives remote from the
system that's using them (in a SAN for example), in which case it can
protect you from the case where someone steals the drives (or if you don't
properly wipe the drives when you dispose of them)
really, the only thing that this solves is the audit checkbox labeled
'database encryption'
David Lang
On Wed, 24 Aug 2011, Singer X.J. Wang wrote:
Is it snake oil or is it not the solution for your problem? Just because
its
not the solution to your problem does not mean its snake oil and from
reading your problem, it is not the solution for you.
This is the solution for people who has a box at SoftLayer or RackSpace,
or
some VMs at Amazon EC2, or a rack at the colo facility themselves. It lets
them ensure that if the box/server is compromised or stole, there is no
data
leak.
Does it provide a valuable service? IMHO Yes. Is it what you need? No.
S
On Wed, Aug 24, 2011 at 20:38, Paul <[email protected]> wrote:
The general manager is getting concerned about how we're encrypting data
in
our databases (all sensitive data is encrypted in the database, with
tight
access restrictions and so on), and asked me to look at further options,
giving me the following url:
http://blog.gazzang.com/out-****of-the-box-data-security-for-****mysql/<http://blog.gazzang.com/out-**of-the-box-data-security-for-**mysql/>
<http://blog.gazzang.**com/out-of-the-box-data-**security-for-mysql/<http://blog.gazzang.com/out-of-the-box-data-security-for-mysql/>
It rather reads almost like snake-oil to me, or at least solving the
problem at the wrong level. If it operates between storage engine and
file
system so it's transparent to clients connecting to it... surely all
anyone
needs to do is then connect to a suitable machine and just dump the MySQL
data? Given the data is on servers inside a datacenter at a bank
processing
facility, and behind all their security, if someone has either gained
root
or physical access, I'm assuming the technology would be fairly moot.
Disturbingly the one review I see for it is over on a rackspace page
where
someone is glad it's stopping credit card details from being visible to
root
users on the machine... so presumable well done to him storing cc details
in
the database unencrypted.
I'm going to see if I can get a trial version and play a game of 'dodge
the
salesman', but I was wondering if anyone has any observations about it,
or
is using it and willing to share about it?
Paul
______________________________****_________________
Tech mailing list
[email protected]
https://lists.lopsa.org/cgi-****bin/mailman/listinfo/tech<https://lists.lopsa.org/cgi-**bin/mailman/listinfo/tech>
<http**s://lists.lopsa.org/cgi-bin/**mailman/listinfo/tech<https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech>
This list provided by the League of Professional System Administrators
http://lopsa.org/
--
The best compliment you could give Pythian for our service is a referral.
_______________________________________________
Tech mailing list
[email protected]
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
--
The best compliment you could give Pythian for our service is a referral.
_______________________________________________
Tech mailing list
[email protected]
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
