|
Sam Gleske on 17 Apr 2012 14:15:22 -0700
|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] Server credential storage best practices
|
- From: Sam Gleske <sam.mxracer@gmail.com>
- To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
- Subject: Re: [PLUG] Server credential storage best practices
- Date: Tue, 17 Apr 2012 17:14:55 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type; bh=q7ZWBzffWdc//b6OLFUY7JwNlpOYklGDsX5xGUdvBdk=; b=clSEzslrtf7SqKgaTJb9HXVXhTJTzKnPpFXOwlhQozlaNWF/mWf/6zT4M6CK42tISh YDlD1nQExWrS0mk/g84Fyb2KYUnIVEQlyrlqURu9AZHXC1TFJcqNNL+VE1k5fnxxrxdZ KgulP/YPdjuy08vfYkH961noWSJjFW2T48a0hqOtOZK2ZttTRsm+dCEWIgTasQIXdSyP X8qg9jAa09JIjbnc73YbNQ5RT+knHM5ct0IWe1t7zslOOmk3nedP1K1PVr5ruAPDWZVG aHlxhggUAL1vZOBFGFgkGWHLk4RQM/6yU7qf0XS7wuFrPCZuA4oCNIlGm7sjbtDxFVNU UQ6g==
- Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
- Sender: plug-bounces@lists.phillylinux.org
As for passwords and account information you should use something like
Keepass. It's a great utility, secure, and designed for just that. As
for client information and other misc files (word documents, financial
data, spreadsheets, etc.) which you can't keep in a keepass database
(nor should you) I recommend using TrueCrypt. TrueCrypt allows you to
create mountable volumes which are encrypted. Using software like that which is designed and battle tested should have higher weight than homebrew scripts. As much as I like openssl, it's not really intended for hundreds of documents at once. Use the right tool for the right job.
Before storing anything off-site on servers which you don't control you should be aware of the risks. I notice people are recommending DropBox but around June of last year there was failure in which all user files were open to world without authentication nor notice to the user.
http://itknowledgeexchange.techtarget.com/cio/vulnerability-in-dropbox-security-leaves-user-accounts-wide-open/
Also Dropbox has stated that their service is not intended as a backup
service but a file syncing service. So if you store your files there as
a backup there's no guarantee that they'll be there the next day if XYZ
dropbox server goes down. I'm not saying Dropbox is a bad idea, as long as you secure your files before storing them on Dropbox, but you should be aware of the implications. Dropbox shouldn't be your only backup copy. Preferably use something off-site that you control as a back-up only for
your encrypted files. You should imagine if someone stole your laptop,
would you be in dire straights? Make lots of secure copies (i.e. secure first in truecrypt and then backup the tc volume). It is best to evaluate all of your options and make your own informed
decision. You should put security above all else since it's business
data.
To reiterate and emphasize again:
- Keepass for password and account information - http://keepass.info/
- TrueCrypt for storing all business related data (including the keepass file) - http://www.truecrypt.org/
SAM
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug