Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [encryption]

Encryption is transforming information through a cipher to protect it from unauthorized access.

Encryption is the process of taking some information (the plain text), and transforming it (usually with a cypher and a key) so that it is secure. Assuming a sufficiently strong cypher and key have been chosen, this cyphertext can be shared widely, without the information being compromised.

The reverse of Encryption is Decryption, where the process is reversed (normally by someone holding the key and cypher details) to return the information.

See the Wikipedia Page for more details.

775 questions
4
votes
3 answers

PostgreSQL encrypted backups

Is it possible to ensure that dumps taken from a PostgreSQL db are always encrypted? The data in the database is highly sensitive and we cannot afford un-authorized personnel, including Sys Admins who need to backup the db, to access the actual…
Nikhil Gupte
4
votes
3 answers

Backup security: Why same keys to backup and restore?

I'm evaluating some backup tools to find a good solution for my scenario and I was wondering about a common security choice in a lot of these tools. I've noticed that backup software commonly encrypt backups and restore files from encrypted backups…
Andrea Zilio
  • 173
  • 5
4
votes
3 answers

How to encrypt traffic between two Amazon EC2 instances?

We are building a web app using Amazon EC2 instances running Linux. All the traffic to the client browser is encrypted with SSL. What should be used to encrypt the traffic between the instances. The traffic will include connections to a MySQL…
Peter Hoven
  • 319
  • 3
  • 7
4
votes
2 answers

Encrypt at rest existing AWS EFS instances - is it possible?

Based on my understanding of AWS documentation it appears that the only way to encrypt at rest existing EFS instances with some data is to create new EFS instances with encryption enabled and copy the files from unencrypted EFS to encrypted EFS and…
Darko Miletic
  • 195
  • 1
  • 1
  • 8
3
votes
1 answer

How can I disable TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 cipher in Apache2?

In SSL labs, I got that I'm using this "weak cipher": TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Now in Apache, this is the set of suites I have enabled: SSLCipherSuite…
The Quantum Physicist
  • 658
  • 2
  • 11
  • 26
3
votes
0 answers

How to disallow SMB1 and SMB2 but still allow connections from Linux smbclient and list shares using Thunar?

Running a Samba server, I guess it is a good idea to require encryption and SMB3. So I tried setting these two options in /etc/samba/smb.conf (see documentation) in the [global] section: smb encrypt = mandatory min protocol = SMB3 After a sudo…
lumbric
  • 234
  • 2
  • 9
3
votes
1 answer

AWS: SES Rule: S3 Action: fails when choosing bucket that has encryption enabled

I can not create a SES rule to put emails into a S3 bucket that has encryption enabled (on the bucket). Created a bucket and enabled encryption. Add a SESPut bucket policy to allow SES.…
eugenevd
  • 419
  • 5
  • 12
3
votes
1 answer

Mount LUKS-encrypted drive at boot, but only if drive is present

I have a series of drives that are are all encrypted with LUKS/dm-crypt. They are not all guaranteed to be plugged in at the time the system boots, but if they are, I would like to ensure they are mounted. At the moment, I can specify the devices in…
chimeracoder
  • 133
  • 5
3
votes
2 answers

Is it safe for Windows remote desktop ask for username/password first before check certificate?

When connecting to a Remote Desktop on the client side: (in my case Windows 8.1 RD client to a Windows 10 Enterprise 1709/16299.98) We need to enter&transfer username/password on the client first BEFORE check server's certificate. 1\If…
imoc
  • 53
  • 5
3
votes
1 answer

How to change GELI passphrase on FreeBSD 11 Root-On-ZFS system with mirror RAID?

How to change GELI passphrase on FreeBSD 11 Root-On-ZFS system with mirror RAID? Swap devices are also mirrored and ancrypted. I have /dev/ada0p5.eli /dev/ada1p5.eli and /dev/mirror/swap.eli devices. Thank You.
Norbert
  • 31
  • 2
3
votes
2 answers

Reason for TPM lockout

We have several Surface Pro 3 devices deployed with BitLocker enabled in TPM + PIN mode. The devices have a TPM 2.0 chip and are running Windows 8.1 Pro. We have an issue where users are occasionally presented with the "Too many incorrect PIN…
dbr
  • 1,852
  • 3
  • 23
  • 38
3
votes
1 answer

Sharing keys and certificates between SQL Server 2014 server for encrypted backup and restoration

I have six SQL Server 2014 servers. I am not using TDE, Transparent Data Encryption, on any server. I would like to be able to take an encrypted backup of a database on ANY server and restore that backup to ANY OTHER server. What actions do I…
John Lofgren
  • 31
  • 1
3
votes
2 answers

How can I decrypt an SSH session with both public and private keys?

Is it possible to decrypt an SSH session with the public AND private key used for the session? I have a network capture of the packets, and I have no idea what tools I'd be able to use to do so. Can anyone point me in the right direction? I've tried…
munchybunch
3
votes
1 answer

Use postfix through a proxy. How should it be configured?

Postfix by default uses ports 25, 465 and 587. In my configuration, I enabled TLS encryption using the option smtpd_use_tls=yes in postfix's main.cf. This makes all smtp communications encrypted as far as I understand. Since postfix takes only 1…
The Quantum Physicist
  • 658
  • 2
  • 11
  • 26
3
votes
0 answers

gmail this message was not encrypted

I just moved my site to another hosting provider. I use SSL/TLS for connection security and port 995. It sends my messages but the problem is that gmail shows This message was not encrypted red flag. I contacted hosting provider and they replied…
ernest1a
  • 131
  • 1
  • 5
1 2 3
51 52