• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: WebObjects and Security in case of a physical breach
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: WebObjects and Security in case of a physical breach

  • Subject: Re: WebObjects and Security in case of a physical breach
  • From: Miguel Arroz <email@hidden>
  • Date: Fri, 7 Aug 2009 19:32:04 +0100
Hi!

Just to mention performance: I didn't run any tests before and after encrypting my drive. Anyway, during normal usage, I didn't notice any slowdown compared to before, although this 5400 rpm portable drives are terribly slow for themselves. The PGP process rarely takes more than 2 or 3 percent (of 200%) on my 2,5 Ghz Core 2 Duo mac. If your server is hit very hard, I encourage you to run some tests, but you should not note any difference.

BTW, PGP may encrypt and decrypt a boot disk while the system is running, so you may have a very reduced downtime (just the reboot to load the PGP kernel extension). Of course, your I/O will be saturated, but at least the system will be up. And you can decrypt the disk again (while running) if you think PGP is killing your performance.

I wrote a blog article about this, you may find there some more info: <http://terminalapp.net/pgp-desktop-99-mini-review/>. And make sure your RAM is working fine, or else funny stuff may happen...

  Yours

Miguel Arroz

On 2009/08/07, at 19:10, David Holt wrote:


On 7-Aug-09, at 11:06 AM, Miguel Arroz wrote:

Hi!

You can use PGP Whole Disk Encryption. 

Great minds think alike :-)

Thanks for explaining your experience, Miguel!

David

I use it on my MacBook Pro and it's perfect so far. The only problem is that it requires a password to be inserted *before* the system boots (as the OS itself is encrypted). If you have easy access to your server, that's not a problem. If not, it might be.

I have used this since it was launched for the Mac, and I have zero problems. It's so smooth that I keep forgetting it's installed and I always spend a few seconds on "what the heck is this" mode when the password window pops up on reboots.

The only way to break this (besides knowing the password) is to get the machine running, freezing it's memory with some cooler chemicals, transferring it to another computer as fast as possible, before the content degrades, and run some nasty software that will look for the encryption key among your RAM.

Also, I think the enterprise editions of PGP support authentication using password and/or an USB token for increased security, but I'm not sure if that's supported on Macs.

 Yours

Miguel Arroz

On 2009/08/07, at 18:07, David Holt wrote:

Hi all,

I am looking for suggestions for how to lock down data and files associated with my WebObjects application on a MacOS X 10.5.8 box in case someone physically walks away with the box. We have biometric encrypted external harddrives for rotating off-site backup, but now we are turning our attention to the server itself. Other than the WebObjects application and associated resources (which I am not all that concerned about), we have a FrontBase database and files that have been uploaded and are accessible by client users. The data and files will almost certainly contain confidential and private data that would have serious ramifications if stolen and accessed.

Do any of the following ideas make sense?

1. FrontBase disk encryption - my assumption is that encrypted database files are stored encrypted at /Library/FrontBase/Databases
My worry is that with physical access to the machine, a competent hacker might be able to find the secure keys that FrontBase uses to encrypt/decrypt the data. Also, I am uncertain whether backups from an encrypted database are also encrypted.

2. Move all the FrontBase files into a user account secured by a mechanism such as file vault. Is there a way to start up Frontbase databases automatically on login using such a scheme?

3. The Uploads/Downloads folders are currently in subfolders of the WebServer root. Is there any reason not to serve the files from a user account secured by a mechanism such as file vault?

4. Is there some other method that you are using that securely encrypts the entire system in case of theft of the box?

Thanks,

David
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden



_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden

Attachment: smime.p7s
Description: S/MIME cryptographic signature

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
References: 
 >WebObjects and Security in case of a physical breach (From: David Holt <email@hidden>)
 >Re: WebObjects and Security in case of a physical breach (From: Miguel Arroz <email@hidden>)
 >Re: WebObjects and Security in case of a physical breach (From: David Holt <email@hidden>)

  • Prev by Date: Re: WebObjects and Security in case of a physical breach
  • Next by Date: Missing Contents in Resource Manager / URLs
  • Previous by thread: Re: WebObjects and Security in case of a physical breach
  • Next by thread: Re: WebObjects and Security in case of a physical breach
  • Index(es):
    • Date
    • Thread