| From: | Tim Cross <theophilusx(at)gmail(dot)com> |
|---|---|
| To: | Ron <ronljohnsonjr(at)gmail(dot)com> |
| Cc: | Stephen Frost <sfrost(at)snowman(dot)net>, pgsql-general(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Postgresql database encryption |
| Date: | 2018-04-21 00:16:52 |
| Message-ID: | 87muxx5s7f.fsf@gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Ron <ronljohnsonjr(at)gmail(dot)com> writes:
> On 04/20/2018 06:11 PM, Stephen Frost wrote:
>> Greetings,
>>
>> * Ron (ronljohnsonjr(at)gmail(dot)com) wrote:
>>> On 04/20/2018 03:55 PM, Vick Khera wrote:
>>>> On Fri, Apr 20, 2018 at 11:24 AM, Vikas Sharma <shavikas(at)gmail(dot)com
>>>> For anyone to offer a proper solution, you need to say what purpose your
>>>> encryption will serve. Does the data need to be encrypted at rest? Does it
>>>> need to be encrypted in memory? Does it need to be encrypted at the
>>>> database level or at the application level? Do you need to be able to
>>>> query the data? There are all sorts of scenarios and use cases, and you
>>>> need to be more specific.
>>>>
>>>> For me, using whole-disk encryption solved my need, which was to ensure
>>>> that the data on disk cannot be read once removed from the server.
>>> Someone really needs to explain that to me. My company-issued laptop has
>>> WDE, and that's great for when the machine is shut down and I'm carrying it
>>> from place to place, but when it's running, all the data is transparently
>>> decrypted for every process that wants to read the data, including malware,
>>> industrial spies,
>>>
>>> Thus, unless you move your DB server on a regular basis, I can't see the
>>> usefulness of WDE on a static machine.
>> The typical concern (aka, attack vector) isn't around moving the DB
>> server on a regular basis or about someone breaking into your data
>> center and stealing your drives, it's making sure that disposal of
>> equipment doesn't result in valuable data being retained on the
>> drives when they leave the data center for replacement or disposal.
>
> That makes some sense, but years of added CPU overhead to mitigate a problem
> that could be solved by writing zeros to the disk as a step in the decomm
> process seems more than a bit wasteful.
Problem is that decomm process relies on someone actually following the
process. Too often, this part fails. The overhead with WDE these days is
minimal anyway. Good security is always about layers of protection and
should never just rely on a single control.
Tim
--
Tim Cross
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Ozz Nixon | 2018-04-21 00:19:33 | Re: Postgresql database encryption |
| Previous Message | Tim Cross | 2018-04-21 00:13:33 | Re: Postgresql database encryption |