[kwlug disc.] Protecting confidential data on a server

[Richard Weait]

On Thu, 2008-08-28 at 19:18 -0700, Paul Nijjar wrote:
> Dear Ann Landers, 
> 
> I have a bad feeling about asking this question, but here goes: I have
> some data on a Linux server that needs to stay confidential even if
> the computer in question is stolen.

First, evaluate.  "Needs to stay confidential" as in what?  What if it
doesn't stay confidential?  Will this cost you time, money, standing
among your peers?  Or prison time?  Will people die?  Can you back it
up?  If the bad guys get the machine but can't read the data, and you no
longer have access to the data, is that "bad"?  As bad as disclosing the
data or worse?  Is it better for everybody if you just shred the data
and don't have it at all?  

Second, secure a raise.  Not kidding.  Really.  Remind your boss that
you are responsible for building and maintaining the system that will
keep her out of prison.  Get small non-sequential bills.  Count them.   

Third.  Get good locks for all of the doors and control the keys with
signatures and death lasers.  Okay, you can skip the signatures.  

Fourth.  Why is the data on a remote server and how will it be used?  Is
it read from one of your local devices periodically?  How is it
protected on that device when read?  How is the confidential data
updated?  Remotely?  How is it protected on the origin when it is sent
to the server?   

Fifth.  I'm thinking remote encrypted filesystem owned by a remote user
who can only log in with a certificate.  Lock the certificate with a
password.  So now you are two-factor for the connection, then password
to the encrypted fs.  

But it might just be better to plain-text it on a USB drive and lock it
in the safe.