What's a sensible theft-event strategy (encryption?)

el_pedr0

Member
Sep 6, 2016
41
1
8
43
Hi all,

As my Proxmox/ZFS setup is taking shape, I'm starting to feel quite grown up about how seriously I'm taking my data (mirrors/backups etc). A weak point would be in the event of theft. There's one dataset with finances and stuff which someone could probably use for identity fraud. What are my sensible options here?

It's only a home deployment with just a few family members, so speed performance of that dataset of documents probably isn't a big issue. Convenience and reliability are probably higher priorities. This is a headless server which runs 24/7 and I often don't look at the admin of it for weeks on end.
 

ecosse

Active Member
Jul 2, 2013
376
64
28
I know nothing about Proxmox but in theory I think you have a few choices - disk encryption, data encryption, or a half way house using a virtual disk. First one is all about encryption at the disk level. That guards against physical theft of the disk but you also need to encrypt any backup disk as well but doesn't guard against online theft. According to wikipedia supported in ZFS since release 30? Other option is to use something like EFS - that encrypts at the file system level. I find that preferable as backed-up correctly that encryption should survive media changes such as backup - it also means that if someone were to get hold of the files through any other method they are useless unless they have the encryption key. I don't know enough about Linux/ZFS to comment on this one fully tho. Last one something like veracrypt or PGP - create a small virtual drive and put your most precious files in there. The physical theft issue is solved and arguably the online one mostly solved i.e. only open the precious dataset when you need it, or drop your internet connection when you do for example (if you are paranoid)

So basically a lot of words and not much help :)