What's a sensible theft-event strategy (encryption?)

Discussion in 'Linux Admins, Storage and Virtualization' started by el_pedr0, Mar 22, 2017.

  1. el_pedr0

    el_pedr0 Member

    Joined:
    Sep 6, 2016
    Messages:
    41
    Likes Received:
    1
    Hi all,

    As my Proxmox/ZFS setup is taking shape, I'm starting to feel quite grown up about how seriously I'm taking my data (mirrors/backups etc). A weak point would be in the event of theft. There's one dataset with finances and stuff which someone could probably use for identity fraud. What are my sensible options here?

    It's only a home deployment with just a few family members, so speed performance of that dataset of documents probably isn't a big issue. Convenience and reliability are probably higher priorities. This is a headless server which runs 24/7 and I often don't look at the admin of it for weeks on end.
     
    #1
  2. ecosse

    ecosse Active Member

    Joined:
    Jul 2, 2013
    Messages:
    354
    Likes Received:
    59
    I know nothing about Proxmox but in theory I think you have a few choices - disk encryption, data encryption, or a half way house using a virtual disk. First one is all about encryption at the disk level. That guards against physical theft of the disk but you also need to encrypt any backup disk as well but doesn't guard against online theft. According to wikipedia supported in ZFS since release 30? Other option is to use something like EFS - that encrypts at the file system level. I find that preferable as backed-up correctly that encryption should survive media changes such as backup - it also means that if someone were to get hold of the files through any other method they are useless unless they have the encryption key. I don't know enough about Linux/ZFS to comment on this one fully tho. Last one something like veracrypt or PGP - create a small virtual drive and put your most precious files in there. The physical theft issue is solved and arguably the online one mostly solved i.e. only open the precious dataset when you need it, or drop your internet connection when you do for example (if you are paranoid)

    So basically a lot of words and not much help :)
     
    #2
Similar Threads: What's sensible
Forum Title Date
Linux Admins, Storage and Virtualization What's the go-to NVMe AIC Dec 12, 2017
Linux Admins, Storage and Virtualization What's better for Ryzen now? CentOS or Ubuntu? Aug 2, 2017

Share This Page