Re: WebObjects and Security in case of a physical breach
Re: WebObjects and Security in case of a physical breach
- Subject: Re: WebObjects and Security in case of a physical breach
- From: David Holt <email@hidden>
- Date: Fri, 7 Aug 2009 11:10:18 -0700
On 7-Aug-09, at 11:06 AM, Miguel Arroz wrote:
Hi!
You can use PGP Whole Disk Encryption.
Great minds think alike :-)
Thanks for explaining your experience, Miguel!
David
I use it on my MacBook Pro and it's perfect so far. The only
problem is that it requires a password to be inserted *before* the
system boots (as the OS itself is encrypted). If you have easy
access to your server, that's not a problem. If not, it might be.
I have used this since it was launched for the Mac, and I have
zero problems. It's so smooth that I keep forgetting it's installed
and I always spend a few seconds on "what the heck is this" mode
when the password window pops up on reboots.
The only way to break this (besides knowing the password) is to
get the machine running, freezing it's memory with some cooler
chemicals, transferring it to another computer as fast as possible,
before the content degrades, and run some nasty software that will
look for the encryption key among your RAM.
Also, I think the enterprise editions of PGP support
authentication using password and/or an USB token for increased
security, but I'm not sure if that's supported on Macs.
Yours
Miguel Arroz
On 2009/08/07, at 18:07, David Holt wrote:
Hi all,
I am looking for suggestions for how to lock down data and files
associated with my WebObjects application on a MacOS X 10.5.8 box
in case someone physically walks away with the box. We have
biometric encrypted external harddrives for rotating off-site
backup, but now we are turning our attention to the server itself.
Other than the WebObjects application and associated resources
(which I am not all that concerned about), we have a FrontBase
database and files that have been uploaded and are accessible by
client users. The data and files will almost certainly contain
confidential and private data that would have serious
ramifications if stolen and accessed.
Do any of the following ideas make sense?
1. FrontBase disk encryption - my assumption is that encrypted
database files are stored encrypted at /Library/FrontBase/Databases
My worry is that with physical access to the machine, a competent
hacker might be able to find the secure keys that FrontBase uses
to encrypt/decrypt the data. Also, I am uncertain whether backups
from an encrypted database are also encrypted.
2. Move all the FrontBase files into a user account secured by a
mechanism such as file vault. Is there a way to start up Frontbase
databases automatically on login using such a scheme?
3. The Uploads/Downloads folders are currently in subfolders of
the WebServer root. Is there any reason not to serve the files
from a user account secured by a mechanism such as file vault?
4. Is there some other method that you are using that securely
encrypts the entire system in case of theft of the box?
Thanks,
David
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
40guiamac.com
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden