LUKS Encryption for RAID5/LVM2

[Joris Dobbelsteen]

Dear,

This is just my personal vision on the issue. What my personal opinion
is that FOR A SERVER you will get NO benefit from (entire) disk
encryption. However, you will get an administrative nightmare as added
bonus.

For understanding the added benefit you must look at the entire security
system you are implementing. In this case prevent an adversery
(attacker) from accessing any data after stealing your physical hardware
(when it gets powered down or locked). Effectively, I believe that laws
that prevent unauthorized entry into someones properly are far more
effective means to protect your system. Also note that it will only
protect the adversery from using your data. It will not prevent you from
losing it.

Another remark is that disk encryption does not provide any added
security when the system it running. (In fact, it can degrade as
explained later). Any existing security flaw in the software you run
will not benefit from the encryption used.

Furthermore, for the system to be secure, the key to access the
(encrypted) data must NOT be stored on that system. Effectively this
means the system will not be able to boot (after power failure or
upgrade) without having an administrator typing in a password or
supplying a key in using any other means. Of course, if you loose you
password, you loose you data. If you choose a weak password, you
security will be easy to crack.

Lastly, encryption takes a huge performance hit when accessing the disk.
You can minimize this performance hit by needing less disk accesses
(more cache and efficient software) or have hardware for offloading the
encryption (Via C3 and C7 processors have a hardware AES cipher
built-in).
As mentioned before, this performance hit can make your system less
secure by making it more vulnerable to a DoS attack. The attack only
needs to trigger excessive I/O to disk.

Last, but not least, if someone has physical access to your system a
very wide range of attacks are possible, which software cannot prevent
or protect against. In general you take precautions to prevent physical
access and the law will help you enforce these up to a certain point.
In general, its much better to locate your server at a secure location.


Are you really sure you want to have your disk encrypted on your server?

For a laptop is probably a better choice. Though, I should mention that
all harddisk can prevent access to their data by requiring a password.
Most, if not all, laptops support this.


- Joris

>-----Original Message-----
>From: ubuntu-users-bounces at lists.ubuntu.com 
>[mailto:ubuntu-users-bounces at lists.ubuntu.com] On Behalf Of chris
>Sent: zondag 21 oktober 2007 18:12
>To: ubuntu-users at lists.ubuntu.com
>Subject: LUKS Encryption for RAID5/LVM2
>
>I have a Gentoo server that is running with 8x400 drives in a 
>Raid5 set. /dev/md0 is then 'carved' up using LVM2.
>
>I noticed while playing with Gutsy in a vm that it has the 
>encrypt option at install for / and /swap. And since I've been 
>thinking of moving my server to Ubuntu this comes at a great time.
>
>How can I go about using the encryption that is there after 
>the install of the base server to encrypt md0 or the lvm2 'partitions'?
>Currently I have 10 lvm2 'partitions' on my server and would 
>really like to not have to enter the luks passwd in all 10 times.
>
>My thoughts are to encrypt /dev/md0 and then after it is 
>unencrypted and running, carve it up via lvm2. That way if I 
>want to resize, add space, etc to the lvm2 logical volumes I 
>can and not be affected by each 'partition' being encrypted.
>
>I found this 
>http://ubuntuforums.org/showthread.php?t=578667&highlight=gutsy+luks
> and it looks like what I need to do to /dev/md0. But I'm not sure.
>
>Can someone please point me in the right direction or offer 
>comments/advice?
>
>Thanks