Re: PGP scripting...

From: Andrew MacKenzie (amackenzat_private)
Date: Wed Jan 08 2003 - 11:08:10 PST

  • Next message: Andrew MacKenzie: "Re: PGP scripting..."

    > > > I think that client is probably worried about regular users 
    > > > that will have access to the file system, rather than a
    > > > determined external hacker.
    > > 
    > > How does the encrypting improve the security of storing the 
    > > files in a directory, which is only readable by selected users, then?
    > > 
    > > They can only manage to read them, if they obtain that 
    > > particular user's UID. But if they do it, they can probably 
    > > also read /proc/N/mem, effectively bypassing the encryption.
    > 
    > 
    > I was assuming that the files were sitting in a shared file system
    > somewhere and were world readable.  Now I realise I was going out on a
    > limb trying to guess the clients reasoning, but I couldn't think of any
    > another reasons that explained the original request.
    In my scenario, the files are not in a shared location, per se.  They are
    being sent by an outside source to a sftp server, and then downloaded to an
    internal machine where the processing will be done.  The production machine
    won't be multi-user per se (we'll be the only ones on it).  We're also more
    interested in 'external cracker' than 'internal sabotage'.  This was a
    decision made by the client as well.  
    
    I have made it clear to my client time and time again that the security of
    that box will make a bigger difference in the long run than PGP encrypting
    the files on it ever will (they implemented this PGP everything policy
    before any other security policies).  
    
    What I'm trying to do is determine for the future the best way to keep
    files encrypted while still being able to access them through batch jobs
    (no human interaction), and process their data (un-encrypt them only while
    using them, but not storing a temporary un-encrypted form of the file).
    
    It sounds like having a separate 'secure' box to handle the encryption
    seems like a good way to go.  This at least centralizes ones private
    key(s), and thus administration.  
    
    
    -- 
    // Andrew MacKenzie  |  http://www.edespot.com
    // An intellectual snob is someone who can listen to the William Tell
    // Overture and not think of The Lone Ranger.
    
    
    



    This archive was generated by hypermail 2b30 : Wed Jan 08 2003 - 11:20:01 PST