You are not logged in.

#1 2018-05-03 00:12:41

KylieGS
Member
Registered: 2018-02-19
Posts: 53

Good Encryption Practices on Servers

So I'm building this hypothetical server, used to handle backup (Borg over SSH), webserver, and fileserver. I want to keep much if the data on there encrypted (not too hard). But if it's a server, the key has to be on the machine. So if the machine is compromised so is the key. How should this be mitigated? Human security is likely good enough if I secure the networking aspect but I obviously wouldn't be happy with that if it was a large (enterprise) service (it's not I was just curious)

Offline

#2 2018-05-03 07:41:38

Haller
Member
Registered: 2018-04-08
Posts: 45

Re: Good Encryption Practices on Servers

Password should be stored as hashes. If someone is getting the "password file", he has to brute force the original passwords first...

should: This holds for the linux logging password (i.e.).
Others, like NetworkManager, don't do that (by default).
--> NetworkManager stores the password in clear text by default.

If there might be a problem depends on "the password" you refering to.

Offline

#3 2018-05-03 10:41:32

jaergenoth
Member
Registered: 2015-01-16
Posts: 85

Re: Good Encryption Practices on Servers

Having the encryption key stored on the server is basically the same as not encrypting the files at all.
Borg already supports encryption, but if you want some kind of file upload interface, I guess the best would just be to do the encryption client-side (e.g. Protonmail).
You could do full-disk encryption on the server maybe, but that offers no protection when the server is turned on.

Last edited by jaergenoth (2018-05-03 10:44:28)

Offline

#4 2018-05-03 14:17:46

ewaller
Administrator
From: Pasadena, CA
Registered: 2009-07-13
Posts: 19,739

Re: Good Encryption Practices on Servers

Haller wrote:

Password should be stored as salted hashes. If someone is getting the "password file", he has to brute force the original passwords first...

FTFY.   By salting your hashes, an attacker cannot use a collection of precomputed hashes from a rainbow list.  The upshot being, that if someone reuses passwords, the hash of the password would be the same on different servers.  By each server adding its own random salt to a password prior to hashing, comparing hashes between servers is pointless.   Linux does this for /etc/shadow.

As to keys, keep them on an SD card.  And separate it from the system when you don't want it to boot.

Last edited by ewaller (2018-05-03 14:18:37)


Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way

Offline

#5 2018-05-03 17:35:17

loqs
Member
Registered: 2014-03-06
Posts: 17,195

Re: Good Encryption Practices on Servers

@KylieGS are you interested in data at rest on a remote system (backup),  data at rest on a local system,  live data in a system (container/vm/bare metal) in a single instance or at scale,  physical security in a data centre?

Offline

#6 2018-05-03 19:18:21

KylieGS
Member
Registered: 2018-02-19
Posts: 53

Re: Good Encryption Practices on Servers

ewaller wrote:

FTFY.   By salting your hashes, an attacker cannot use a collection of precomputed hashes from a rainbow list.  The upshot being, that if someone reuses passwords, the hash of the password would be the same on different servers.  By each server adding its own random salt to a password prior to hashing, comparing hashes between servers is pointless.   Linux does this for /etc/shadow.

As to keys, keep them on an SD card.  And separate it from the system when you don't want it to boot.


It's not that relevant as I'm looking at backing up data, not using passwords for authentication so theres no reason to store passwords at all. I did read a good article on salting hashes a few years ago though so if that ever comes up I think I know what to do.


@KylieGS are you interested in data at rest on a remote system (backup),  data at rest on a local system,  live data in a system (container/vm/bare metal) in a single instance or at scale,  physical security in a data centre?

It's a hypothetical so I'm interested in all of it but the particular instance I was thinking of is encrypted rest data on a remote. The current thought is to do all the encryption clientside, possibly also with a whole disk backup on a removable key that is only used in boot (so if it is physically stolen it is protected somewhat additionally).

I don't really know how these things scale so I wasn't thinking of that yet and I think the amount of explanation needed would take it beyond the scope of the thread. So I'm just thinking of a single machine storing backup data.

Last edited by KylieGS (2018-05-03 19:25:56)

Offline

#7 2018-05-03 19:22:49

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 29,445
Website

Re: Good Encryption Practices on Servers

If you are using it to back up data, why would the encryption key need to be on the server.  Encrypt locally and backup the encryped data.


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Online

#8 2018-05-03 19:29:11

KylieGS
Member
Registered: 2018-02-19
Posts: 53

Re: Good Encryption Practices on Servers

Trilby wrote:

If you are using it to back up data, why would the encryption key need to be on the server.  Encrypt locally and backup the encryped data.

Yeah I can see the benefit of client-side encryption here.

Offline

#9 2018-05-03 21:15:37

progandy
Member
Registered: 2012-05-17
Posts: 5,184

Re: Good Encryption Practices on Servers

KylieGS wrote:
Trilby wrote:

If you are using it to back up data, why would the encryption key need to be on the server.  Encrypt locally and backup the encryped data.

Yeah I can see the benefit of client-side encryption here.

And borg should support that already.

Webservices should be at least isolated in containers, with only the data necessary for their operation accessible to them.


| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |

Offline

#10 2018-05-03 21:22:40

KylieGS
Member
Registered: 2018-02-19
Posts: 53

Re: Good Encryption Practices on Servers

progandy wrote:
KylieGS wrote:
Trilby wrote:

If you are using it to back up data, why would the encryption key need to be on the server.  Encrypt locally and backup the encryped data.

Yeah I can see the benefit of client-side encryption here.

And borg should support that already.

Webservices should be at least isolated in containers, with only the data necessary for their operation accessible to them.

Yeah, plan is to have a separated key on a the client (which obviously I'd have to backup in some other way, like a usb stick)

Can you expand on the second part please?

Offline

#11 2018-05-03 21:42:20

progandy
Member
Registered: 2012-05-17
Posts: 5,184

Re: Good Encryption Practices on Servers

If you run your servers in virtual machines or containers like systemd-nspawn, lxc, or docker, then a successful attack on one server does not directly compromise all other servers, the attacker also has to deal with escaping the container or virtual machine, but that is not encryption and is a bit off topic.


| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |

Offline

Board footer

Powered by FluxBB