2

I'm looking at implementing a mirrored pair of FreeNAS servers as file repositories. The only question still to be answered is the physical security. I typically encrypt the underlying drives on all of my servers, but it looks like that is a legacy-only feature for FreeNAS, and ZFS doesn't have an open solution to that yet.

Are there other admins with this issue who have figured out acceptable ways to solve it?

Bryan Agee
  • 1,209
  • 2
  • 11
  • 27

1 Answers1

3

FreeBSD's geom_bde or geom_eli modules allow transparent disk encryption, ZFS wouldn't even know that the underlying block storage is encrypted. Setting either up is not trivial however, there is a Handbook page describing the process. Both require the passphrase to be entered on every boot.

I personally detest the idea of FDE for servers. Physical security always trumps logical. Extending that, your servers should either be physically secure at all times, or not contain sensitive information.

Chris S
  • 77,945
  • 11
  • 124
  • 216
  • 2
    The damage of simple theft is the attack vector server FDE cuts down usefully. The typical case when hardware is stolen doesn't involve someone physically hacking the device. They grab and go. If you can prove something was turned off then, the data will be useless too. I've seen servers disappear while being moved between otherwise secure buildings before. FDE turns that from a catastrophe to a nuisance. Not using FDE *in addition* to worrying about physical security is just sloppy, as well as very legally risky. The problem case is considering FDE a replacement for other security. – Greg Smith Jan 20 '13 at 00:39
  • I don't know what kind of company you work for, but I've never had a server "disappear while being moved". *That* is the kind of "sloppy" I could not tolerate. I've never kept servers in unsecured areas, I suppose if you have *valid business requirements that mandate keeping a server with critically important data in an unsecured location*, where smash-n-grab is possible, then FDE starts to makes sense... But only in the way a tourniquet helps bleeding until you obtain a proper solution (eg, a hospital). Every system administration worth their oats knows physical security trumps logical. – Chris S Jan 20 '13 at 14:10