[ale] [OT] securing sensitive data

[Greg Freemyer]

the file level.On Fri, 2004-01-23 at 14:04, Dow Hurst wrote:
> Can you use ACLs in the C2 certified environment to control 
> access to files?  The NSA has a Linux that is C2 certified 
> now.  I don't know much about ACL's but that seems like one 
> option to avoid the encryption at the file level.  You can 
> always encrypt the filesystem itself.
> Dow
> 
> 
ACLs are just a better method of doing rwxrw-r-- type permissions.

ie. Without ACLs you can do:
owner        = rwx
owning_group = rw-
other        = r--

With ACLs, you can specify permissions for specific users and groups
bob          = rwx
joe          = ---
admin_group  = rwx
backup_group = rw-

The hard part about ACLs is the inheritance and default settings logic. 
(I don't understand it, so don't ask.)

I don't see how ACLs would help with database security.

I don't know anything about the NSA security logic, but I think it made
in into the 2.6.x kernel, so if it useful you don't even have to patch
up kernel yourself.

I doubt if any database that can utilize the NSA logic, but who knows.

If anyone does want to do a encrypted filesystem, an encrypting DM
target for 2.6.x is available.  Supposidly it is likely to get put into
the 2.6.x kernel at some point.  It is included in the unstable DM
series.  They claim it is better than using the loopback approach that
is more typical.

Since encryption/decryption is cpu intensive, I have looked into using 
ATA encryption hardware.  It is not too expensive (IIRC less than $200
ea.).  I have bought a couple of brands.  Unfortunately, I need it to
work with 3ware raid cards, and I have not had any success.  They may
work with normal ATA controllers.

Greg
-- 
Greg Freemyer

> J.M. Taylor wrote:
> > All:
> > 
> > I'm building an application that at the very minimum needs to be HIPAA 
> > compliant (HIPPAA? i can't remember the stupid acronym).  I have the 
> > luxury of a private, non-internet-connected network and plan to do a hardened 
> > linux server running mysql to store the data.  As to the front-end, I 
> > would prefer a web app but it's up to my client and how they feel that 
> > would be percieved security-wise.  If I don't do a web app, I'm going to 
> > do a perlTK app, because I know I can secure either of those things.  The 
> > clients are all Windows of various vintages.  Physical security is nearly 
> > nil, but I can probably manage to store the server in a locked closet.
> > 
> > Now. Here's the fun part.  Everybody has access to certain sensitive data, 
> > and only certain people have access to other sensitive data.  I would 
> > ideally like to keep all sensitive data encrypted (PGP/GPG) in the 
> > database.  My first quandry is -- putting a private key on the client machine 
> > seems like a BAD and non-secure method of protecting the data.  I'm almost 
> > equally nervous about storing their private keys on the server, which at 
> > least I know will be maintained primarily by me.  
> > 
> > My second quandry is, how on earth do I protect both shared and 
> > individualized sensitive data?  Would just a shared secret key and 2-way 
> > encryption be enough for the shared data?   
> > 
> > My third quandry is, if I store all the data encrypted, searching will be 
> > an absolute nightmare.  Encrypting and decrypting will be expensive, 
> > and when I say "linux server" I mean a discared PII400 with 512Mb RAM 
> > at absolute best.  The app is only going to be used by a couple dozen 
> > people, but still...12 people simultaneously trying to encrypt and 
> > decrypt would be horrible.
> > 
> > I know nothing about this kind of thing...I know what to be worried about, 
> > but I'm totally tying myself up in knots trying to sort all of this out.  
> > Any resources, pointers to howtos, thoughts and experiences would be 
> > greatly appreciated.
> > 
> > Thanks
> > Jenn
> > 
> > 
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://www.ale.org/mailman/listinfo/ale
> >