Re: Database Encryption (now required by law in Italy)

Alle 15:11, venerdì 5 marzo 2004, Alex Page ha scritto:
> If you're trying to protect against somebody taking down your server
> room door with a sledgehammer, lifting your server out of the rack,
> driving it away and booting off an alternative medium to avoid needing
> to know your root password, then a loopback encrypted partition (or data
> encrypted in GPG where the decryption key is not stored on the database
> server) is a sensible precaution.

Unfortunately, the new Italian law forces us to take seriously into account
this catastrophic scenario and another one that is almost as worring: an
unfaithful SysAdmin that copies your data and sells them to KGB. So, database
encryption (and not disk encryption) is the _only_ answer.

> - I expect that most of the situations we attempt to prevent are
> unlikely in the extreme, but we have various contractual and legal
> obligations which mean we have to defend against them anyway.

This is the point.

> Of course, this loopback encryption with a boot-time passphrase may fail
> if they take the rackmount UPS as *well*, and keep the machine powered
> at all times ;)

The server should listen to the (encrypted/digitally signed) "Heartbeat" of a
password server through the net to prevent this kind of attack.

See you

-----------------------------------------
Alessandro Bottoni and Silvana Di Martino
alessandrobottoni(at)interfree(dot)it
silvanadimartino(at)tin(dot)it