Other Does disk encryption provide security for hacked-over-network attacks?

F

freebuser

Hi,
My understanding of disk encryption is if the hard disk is stolen physically then the data won't be accessible.

Unless the government wanted my data, the chances of someone stealing my server and they knowing BSD will be minimal.

But it is not true for someone breaking into the system through network/internet.

Will the encryption help in that case too. That is, if someone copied a files from my system over the network, will that be encrypted in the copied file in their system?
I think it won't be and the contents of the copied file will be freely visible, but I like to know for sure and also if there is any available options to achieve this.
 
Short answer: no.

Except of course if it's in an encrypted container that's not attached/mounted.

Additional scenario for FDE: law enforcement confiscating your hardware. Yep, this can happen without you doing anything wrong. Of course, you could face sanctions trying to get the decryption key from you.
 
This is something I've been looking at but it's hard!

As the answer above - encryption of the machine only protects you from one vector.

Another example: with MySQL encryption - with the Community edition you can encrypt the database, but the key has to be on the same machine. If you want the key to be elsewhere, then you pay for the Enterprise version.

But if someone can find your MySQL connection details, they can slurp all the data anyway, so the encryption provides no help for a connection.

If you've used the Community edition with the local key and someone steals the machine then if the hard disk itself isn't encrypted - then my understanding is that the MySQL encryption is pretty much useless (for that attack vector).

By the time you tighten all the screws down, you end up like Facebook the other day - six plus hours of downtime because no-one has the right permissions to do anything (remotely), and someone with the right permissions has to travel to the DC to fire things up again.

One common mistake seems to be to lock down the production hardware, then copy unencrypted backups to "the Cloud" and forget to lock it down. So you have to treat all dev/test/DR/backup machines to the same level of security (seems obvious but don't think everyone does it!)
 
freebuser said:
My understanding of disk encryption is if the hard disk is stolen physically then the data won't be accessible.
Click to expand...
True, if and only if the encryption key is not stolen at the same time. For example, storing the encryption key on the same disk is pointless; it's like hanging the key to your house visibly on the front door.

So where yo you propose to store the encryption key? Beware of rubber hose attack: The person who steals you disk also steals you, and hits you with a rubber hose until you give up the key.

Unless the government wanted my data, ...
Click to expand...
If a big government (US, China, Russia, Israel...) really wants your data, and is willing to invest some manpower into it, they are likely to get it. Don't waste any time protecting against that.

...the chances of someone stealing my server and they knowing BSD will be minimal.
Click to expand...
Random burglar comes into your house, takes jewelry, cash, guns, and your computer. Back at home, they plug it in, it's not a normal window box. They sell it for $100 to a specialist. That specialist is pretty much guaranteed to know Linux and BSD and Mac. And with physical access to the machine, they can single-user boot, and they have your data.

Old story, from 20 years ago, before whole-disk encryption was common: Any laptop stolen from a major company (IBM, HP, Oracle, Sun, ...) was automatically worth $250K. Yes, two hundred fifty thousand. If the laptop was identifiable to be from a senior engineer, VP, or director, double that to half a million. This is how valuable data is. Today, whole-disk encryption (which is the default on all laptops in corporate environment, at least those that run real operating systems) has changed that game; stolen laptops are back to being worth hundreds of dollars, not hundreds of thousands.

But it is not true for someone breaking into the system through network/internet. Will the encryption help in that case too.
Click to expand...
As Zirias already said: No. Once the encyrpted disk has been un-encrypted or opened, a whole new set of attack vectors opens up.

I think it won't be and the contents of the copied file will be freely visible, but I like to know for sure and also if there is any available options to achieve this.
Click to expand...
Security. Make sure hackers don't get into your system. Easiest way to accomplish that: Unplug the network cable. This is commonly done in military and national security applications. But it is quite impractical for individuals.

Another approach: Store data in the cloud. Why? Because it forces you to think about encryption, and how to handle keys. But most cloud storage solutions come with tools and guidelines for how to organize encryption, so they make it easy. Once you have done that, you can be sure that the stuff in the cloud is managed better and more professionally than anything amateurs can do at home.

By the way, my server at home is not encrypted, nor does it use self-encrypting disks. I know this is a vulnerability (burglars!), but I have so many other things on my to-do list, this is low priority.
 
ralphbsz said:
True, if and only if the encryption key is not stolen at the same time. For example, storing the encryption key on the same disk is pointless; it's like hanging the key to your house visibly on the front door.

So where yo you propose to store the encryption key? Beware of rubber hose attack: The person who steals you disk also steals you, and hits you with a rubber hose until you give up the key.
..............
Click to expand...

Thanks for the informative insight, some I never thought of before.
 
Geezer a cloud service worth its money will defend its customer's data in every way possible. This includes technical measures for data redundancy/integrity, physical access security, and even defending against unsolicited governmental / law enforcement requests to turn over data.

Yes, as a customer, you have to trust your provider. But the key advantage is: they are specialized and can do many things much better than you ever could yourself (for a somewhat sane cost).

edit: might be different with all these "free hosting services". There's almost never a "free" service, so you have to consider: how would they make their money? ?
 
Zirias said:
... defend its customer's data in every way possible. This includes technical measures for data redundancy/integrity, physical access security, and even defending against unsolicited governmental / law enforcement requests to turn over data.
Click to expand...

That is what you and I (all members of this forum) are supposed to do ourselves.
 
Sure ?

Well, of course, it depends on your actual requirements. I'm fine operating myself what I need.

If you actually need things like
  • multi-level data redundancy including sync to different physical locations
  • environmental disaster protections
  • guarded locations
  • electronic locks with strict and modification-proof ID tracking
  • ...
Then have fun to pay for your own infrastructure.

In a nutshell, ralphbsz's suggestion to use some cloud service was meant for high-security demands. It makes sense if satisfying these demands with your own staff and infrastructure would be ridiculously expensive.
 
I use cloud services because I need access to some data no matter where I am. I am not setting up my own infrastructure to do this because frankly, it will never be as secure as one I purchase commercially. I keep sensitive data locally but if I need access remotely, I keep the data in an encrypted container. I have had data in a cloud (the same cloud) for over 11 years with zero data loss.
 
I'm actually thinking about installing some "private cloud" software locally, so I can have access even to sensitive data (for me and family members) without having to trust a 3rd party. But so far, I just didn't find the time to do it ;)

Of course, my security/safety measures are minimal, compared to what I outlined above. They consist of
  • A Firewall VM (exclusive PCI access to NICs) with different "zones"
  • A ZFS raidz storage with 4 disks, FDE with GELI
  • Regular (~1/month) full incremental backups to an external disk stored on a different floor
Well, I hope it's "enough" for my private stuff ;)
 
Aha what? If you have these high security and safety needs, you WILL trust a 3rd party. It will be one you'll pay a lot of money (but still a lot less than your own comparable infrastructure would cost) and trust is the foundation of their business, so they will make sure to keep it ;)
 
I will never trust a 3rd party offering me "free" services, that's for sure. But I guess you somehow want to find an inconsistency that isn't there…
 
Which is why I pay for cloud hosting. I tell my wife this all the time: if something is free, you are the product...well, more accurately, your data is the product.
 
ralphbsz said:
Random burglar comes into your house, takes jewelry, cash, guns, and your computer. Back at home, they plug it in, it's not a normal window box. They sell it for $100 to a specialist. That specialist is pretty much guaranteed to know Linux and BSD and Mac. And with physical access to the machine, they can single-user boot, and they have your data.
Click to expand...
Random burglars after cash and jewelry will most likely toss the hard drive into garbage. If they steal the computer - it will be most likely for the nice specs, not the data that they can't really monetize. If only the laptop is stolen by a random burglar - somebody who can actually monetize the data is behind that burglary. Well, it's not out of question that the 'specialist' cannot account for where the hard drives are coming from - they'd just say that they bought it off some random transients with cash way below market value.
 
Securing your data (or anything in that matter) is not the hardest part of the equation.
The real question is how far you are willing to go to secure your data and how long can you repeat this process without getting false sense of safety and skipping required steps one day.

Security is easy:

Worried someone can access your device over network:
Use proper firewall, access sites/emails from vm etc...

Worried if your device can be stolen:
Encrypt dataset / partition mount when you have to use it then unmount.

Worried your device can be seized by agency:
Keep your data in tarsnap (or similar service) download and decrypt before using it when done synchronize it and delete from harddrive (ie: bcwipe)
Remove any logs vs from your device which can trace to your remote data ever existed on your device.
Also use some security measure before downloading/uploading your data (to avoid ip traffic logs/traces)
This way you don't have to carry data with you thus nobody can force you to give password etc...
If you like create a environment in ram-disk and do all above on that.
Also find a service (instead of tarsnap) which accepts cryptocurrency to avoid financial traces

Not enough:
Develop your project on a offline machine and use a security measure which will activate on breach such as :
hackaday.com

How-to: Thermite Hard Drive Destruction

After the overwhelming response to the Hackit we posted about automated hard drive destruction last fall, we finally decided to test out some thermite hard drive destruction ourselves. This has bee…
hackaday.com hackaday.com

Basically you can come up with a lot of effective security measures and probably will be bullet proof but question is how long can you keep up with this process????
 
Geezer said:
No!

'The Cloud' [RHETORICAL] What an absolutely not technical mish-mash of an expression? [/RHETORICAL]

For security, you would want to entrust your data to completely unknown third parties.
Click to expand...
So you are willing to trust your security to Seagate, Supermicro and Cisco, but not to Amazon, Backblaze, Google and Microsoft? In spite of the fact that the first three on this list have had serious security incidents, where the hardware they shipped had spying added to it (firmware in the case of Seagate and Cisco, hardware in the case of Supermicro)?

SirDice said:
If the service is free it means that you are their product.
Click to expand...
While that's mostly true, there is an exception: Many companies (including all the major cloud providers) have either a "try before you buy" or "you can use a little bit for free" service. For example, I use cloud services at both AWS and Google without paying, because in both cases my usage is below the minimum for their free tier, or because I got a $300 credit when signing up, and haven't used up all the credit yet (and won't in the next few years).

Now, these providers do this with an intent: They are hoping that you like their service so much that you end up using A LOT of it. Or that you recommend it to all your friends and colleagues.

dd_ff_bb said:
Security is easy:
...
Worried if your device can be stolen:
Encrypt dataset / partition mount when you have to use it then unmount.

Worried your device can be seized by agency:
...
This way you don't have to carry data with you thus nobody can force you to give password etc...
Click to expand...
For securing a device: Where do you store the encryption key? That storage has to be at least as secure as the device itself. So the encryption key can't be stored in cleartext, it has to be itself encrypted. That chain of encryptions has to end somewhere (no, it's not turtles all the way down). At that lowest level, you have two options: (a) Rely on physical security. That means steel, concrete, and firearms. There is a reason high-security data centers have people with machine guns standing at the door. For amateurs, this approach is impractical. (b) Rely on humans: store the ultimate key in the brain of a person (or a few), without ever having it in a physical artifact. The problem is that humans are very vulnerable to a variety of cryptoattacks. One is the well-known "rubber hose attack": Hit the person with a rubber hose (which REALLY hurts but doesn't kill you), until they divulge the key. Another is the legal attack: In most jurisdictions, if a court orders you to provide an encryption key, and you refuse, you will go to jail until you do so. In the US, you might think the 5th amendment protects you, but it doesn't: All the agency has to say is that they are investigating someone other than you. And most European countries (for example Britain) don't even have a fifth amendment, and releasing encryption keys is required by law. So you'll be sharing the Tower of London with the ravens and dead princes, until you sing like a bird.

The other thing is: Agencies have technical means that amateurs have few defenses against. Sure, modern encryption at rest is de-facto uncrackable. But most data has flowed around the globe at some point in its life. To actually secure against an agency, you need to think through your encryption end-to-end. For example, any person you have communicated the data with or over needs to have encryption at least as strong and reliable as yours. Ultimately, this means that all really secure communication has to occur via human couriers that do not rely on physical artifacts (paper notes, electronic devices, cell- or satellite phones). Again, for amateurs that is patently impractical.

I'm not saying that encryption is useless. On the contrary, you should use it. But you need to think about attack vectors and defenses in detail, not just say "I've used rot13 or PGP and it's all good". For example, if you put your password on a yellow stickie at the bottom of your laptop screen, and ever use that laptop in a coffee shop, your encryption is now gone (security cameras!).
 
ralphbsz said:
Another is the legal attack: In most jurisdictions, if a court orders you to provide an encryption key, and you refuse, you will go to jail until you do so. In the US, you might think the 5th amendment protects you, but it doesn't: All the agency has to say is that they are investigating someone other than you.
Click to expand...
I mostly agree with you, but I think this area of the law is still changing:
www.eff.org

Victory: Indiana Supreme Court Rules that Police Can’t Force Smartphone User to Unlock Her Phone

In courts across the country, EFF has been arguing that the police cannot constitutionally require you to unlock your phone or give them your password, and today the Indiana Supreme Court issued a strong opinion agreeing with us. In the case, Seo v. State, the court found that the Fifth Amendment...
www.eff.org www.eff.org
www.eff.org

Know Your Rights

Last Updated October 2014. By Hanni Fakhoury and Dia Kayyali Your computer, phone, and other digital devices hold vast amounts of personal information about you and your family. This sensitive data is worth protecting from prying eyes, including those of the government. The Fourth Amendment to...
www.eff.org www.eff.org
 
Nice cases, demonstrating that the fifth amendment still gets some respect. Alas, those were pretty clear-cut cases: The police was clearly trying to get person A do divulge the password, because the police is investigating person A; and person A refuses, because they don't have to incriminate themselves. But what if the police instead is seeking the password because they are investigating person B? What if the police doesn't even say who they are investigating, but makes it clear to the court that they can not and will not use any evidence found after description against person A (because of the fruit of the poisoned tree doctrine)? In that case, they can compel person A to unlock the encryption, because the 5th doesn't get any traction.
 
ralphbsz said:
So you are willing to trust your security to Seagate, Supermicro and Cisco, but not to Amazon, Backblaze, Google and Microsoft? In spite of the fact that the first three on this list have had serious security incidents, where the hardware they shipped had spying added to it (firmware in the case of Seagate and Cisco, hardware in the case of Supermicro)?
Click to expand...
Would the average Joe User have anything of enough value to even target? Maybe if you steal enough hard drives (like to the tune of a few million), only to discover that they typically belong to some unemployed guys who are using them to stash browser caches of youtube cat videos. ?
 
astyle said:
Would the average Joe User have anything of enough value to even target? Maybe if you steal enough hard drives (like to the tune of a few million), only to discover that they typically belong to some unemployed guys who are using them to stash browser caches of youtube cat videos. ?
Click to expand...

This is more of a small business scenario question for me. Just wanted to make sure I am doing everything within my capability and control to protect the data.

I understand on the big budgets from big companies for securing the data, which we never be able to match.
But I am also not keen on locking my data with a particular product as if (and when) it get changed or discontinued I don't want to spend time in converting to something else - reason for the opensource products and self hosting. At least I can still run it in parallel until I can change over to a newer system.
 
You must log in or register to reply here.
Back
Top