Mounting encrypted ZFS datasets/GELI for users?
Steffen Nurpmeso
steffen at sdaoden.eu
Mon Oct 5 17:58:56 UTC 2020
Eric McCorkle wrote in
<00dbfac0-6c6f-355e-c21b-db2cae3a87e4 at metricspace.net>:
|On 10/5/20 11:50 AM, Alan Somers wrote:
|> On Mon, Oct 5, 2020 at 9:40 AM Eric McCorkle <eric at metricspace.net
|> <mailto:eric at metricspace.net>> wrote:
|>
|> On 10/5/20 11:12 AM, Alan Somers wrote:
|>
|>> First of all, what kind of thread are you concerned with? Disk
|>> encryption does not protect against an attacker with access to a live
|>> machine; it only protects against an attacker with access to an off
|>> machine, or to the bare HDDs. Per-user encryption would presumably
|>> protect one user from another user who has physical access to the off
|>> server. Is that what you're worried about? If not, then you
|> shouldn't
|>> bother with per-user encryption. Just encrypt all of /home or all of
|>> the pool with a single key.
|>>
|>> -Alan
|>
|> I am evaluating options for domains where use of per-user encryption \
|> is
|> mandated, often as a means of protecting against insider threats.
|>
|>
|> But if the victim user and the aggressor user are logged in at the same
|> time, then both users' home directories will be decrypted, and unix
|> permissions will be the only thing protecting the victim, right? That
|> situation doesn't sound any better than no encryption at all. And
|> insiders who have offline access to the HDDs would be thwarted by global
|> encryption just as much as per-user encryption. I'm not denying that
|> you may be under some legal mandate for per-user encryption; I just
|> don't understand the motivation.
|
|Per-user encryption is not perfect, but that's not the goal of
|requirements like this. First of all, this can be used to protect
|secure workstations, where it's reasonable to expect only one person to
|be logged in at a time.
|
|Beyond that, the goal is to shrink the window of possible attacks and to
|aid detection. If the Adversary has to be active while a particular
|user is logged in, then they have a much smaller window of attack.
|Moreover, this helps with forensics, as you can look at what else was
|going on in the system in the much shorter window while a compromised
|user was active.
That project is very cool.
I also want to thank for importing ZFS with encryption, i am not
using it yet, but am looking forward to it.
One important aspect of such (additional, on top of block
encrypted disks) per-user-home encryption is that you can simply
backup the entire directory without additional protection, if you
have access to the unmounted content.
I personally use several different encrypted directories, not the
/home/steffen as such but sec.arena and sic therein, which get
only mounted as necessary, and automatically unmounted (for all
users) when the LID is closed.
--steffen
|
|Der Kragenbaer, The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runter wa.ks himself off
|(By Robert Gernhardt)
More information about the freebsd-hackers
mailing list