I have a Debian Lenny server running a production application. Recently, we are being asked by a consultant to enable disk encryption for data security. He believes full disk encryption will require us to wipe disks clean and start the server setup from ground, so encrypting the storage of the MySQL and web root files would suffice.
So, I am thinking of creating a new partition and moving the apache site root there, along with MySQL data files and have it encrypted with some package/tool.
Now, my questions are straight-forward:
- Is my plan correct or there are better solution?
- Which package/tool should I be looking out for this scenario?
- How can I move the MySQL data folder to the new partition if that's the approach to follow?
Appreciate your time and help, thanks in advance!
Regards,
Emran
Best Answer
The first thing to remember is that the consultant isn't the one bearing the burden here in terms of both performance and bother. Unattended reboots will no longer be possible, and to avoid security compromises, there should be very few users who have the encryption password that allows the reboot. Blanket recommendations for encryption are often misplaced.
Data encryption protects against one specific attack scenario, and it's probably not the most likely vulnerability. Data encryption protects you against an attacker who physically walks out with your data drives. If you're concerned about this scenario, consider better physical safeguards - locking panels on the front of the rack, for instance.
Data Encryption does not usually provide much protection against an attacker who compromises your web app over the wire. An attacker is most likely to have at least the same privileges as your web app, which include reading and writing to the database, even if it is encrypted on the disk.
Don't forget to account for the performance hit this is going to cause to your MySQL database. Reading and writing to the encrypted disks will be significantly slower. If you are already running into performance issues, this is likely to break things horribly.
MadHatter and JanC have given you good advice. As JanC said, it is possible to do this without wiping the machine, but for your purposes it doesn't sound necessary.
One other thing you need to remember to do is to encrypt your swap partition. To do that, you'll need to disable swap, reboot to make it go away, securely delete the swap partition, encrypt it, re-enable swap, and then restart the machine. I'm not quite sure how to set this up in Debian, but you'll need to enter the password fairly early in the boot process.
If you fail to encrypt the swap partition (and your /tmp dir and any other locations to which your apps may write), portions of your sensitive data will get written unencrypted to disk.