Security Management Strategies for the CIOOur organization has come up against a couple of problems when encrypting production servers. Using TruCrypt (our current favorite) we lose the ability to do remote reboots, absent a DRAC or iLO2, as well as the ability to do any automated, middle-of-the-night reboots for updates, etc. Also, the processing overhead for the constant encrypt-decrypt cycles is taking a toll. Is encrypting these servers worthwhile? If so, what's the best strategy to mitigate these problems?
Requires Free Membership to View
SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!
Michael S. Mimoso, Editorial Director
Full-disk encryption is most useful when there is a threat of loss of data due to the device being mobile. A server is typically designed to run constantly and will not benefit from data encryption when the system is powered down, unless there is a threat from physical theft.
A combination of a good endpoint security product, which brings together antivirus/antispyware, with a host-based intrusion prevention system (IPS), rather than full server encryption software, would go a long way to keeping the server secure. Adding a file integrity monitoring product, like those from Tripwire Inc. or the free OSSEC, would provide real-time alerts on modifications to critical files on the servers as well.
This was first published in August 2011
Join the conversationComment
Share
Comments
Results
Contribute to the conversation