[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Gnumed-devel] Re: GNUmed (debian) servers and security

From: Andreas Tille
Subject: [Gnumed-devel] Re: GNUmed (debian) servers and security
Date: Tue, 29 Jan 2008 08:02:47 +0100 (CET)
User-agent: Alpine 1.00 (DEB 882 2007-12-20)

On Mon, 28 Jan 2008, James Busser wrote:

Encryption of the whole hard disk is simple, it is just extremely limiting because it requires that a suitable person must be physically present to input the key from the console any time that the system is rebooted. This would mean that


Sure, that is what I said in my first posting.  It's a trade-off between
security (against thieves) and flexibility (no remote reboot).

- if the server is in your office / praxis, the reboot can only be done while there is someone in the office who can input the key from the console... this means that if the computer should reboot in the evening or on the weekend when the doctors may be on call from home (e.g. rebooting after a power brownout) the server will remain offline until the needed person(s) can be available to physically come/go into the office

You must know whether this is acceptable or not - I just wanted to give
the information that its implemented brain dead easy to use.

- the server would also be unable to be kept headless, so you are now talking having to keep a monitor and keyboard attached along with the ability for someone to interact directly in the physical space which sometimes closets poorly allow :-)

Well, if you wait a minute and type the password you should be safe.  If the
box is not up and running you will probably have misstyped the password and
should retype.  This is no real argument.

... this is why previous discussion suggested that for a production server that would run in a medical praxis, the boot volume with the OS could be unencrypted (this would permit tech support to access the machine for system maintenance and to permit ssh remote login to then so that the IT support people (if trusted with the data partition key) or one of the doctors or administrators can remotely supply the key to mount the data partitions.

Well, you have to devide what fits your use case best ...

In one other variation described by Tim Churches, the data partition mount key could be kept on USB sticks and these could be kept under special on-site lockup.

And where is the main difference to full harddisk encryption.  You
need physical access as well if you want to plug in the USB stick, right?

Kind regards



reply via email to

[Prev in Thread] Current Thread [Next in Thread]