Protecting against the guy who has physical access to the servers and all the
time in the world is the nightmare case because he has the keys in his
possession.
That's where you start buying expensive FIPS-140 cryptomodules that keep the
keys in a tight little box that self-destructs when opened.
So, you can
1.
Ignore the problem
2.
Just do something with the word "encryption in it" to make his job a little
harder and dispel questions from above about security
3.
Spend some very serious time and money trying to solve the problem in earnest
I would recommend taking the lowest number you can get away with on the list.
I'm not a hadoop expert yet, but what you found is the best approach I'm aware
of to #2.
- Tim.
________________________________
From: Koert Kuipers [ko...@tresata.com]
Sent: Friday, January 20, 2012 3:55 PM
To: hdfs-user@hadoop.apache.org
Subject: Re: encryption
agreed.
many forms of data require encryption to be stored on any system. i do know now
the exact motivation(s) for that, but i do know we have to conform to this.
my assumption was that i want to protect against access to the data by someone
stealing the harddrives or the servers. so physical access. it seems to me that
there are better ways to protect agains digital access (firewall in front of
cluster). but then again, i do now know much about this at all so i could
completely off.
On Fri, Jan 20, 2012 at 6:36 PM, Tim Broberg
<tim.brob...@exar.com<mailto:tim.brob...@exar.com>> wrote:
I guess the first question is the threat model: What kind of bad guy are you
trying to keep out? Is Ukrainian hackers? Local users, but the servers are
locked up? Is it somebody who has physical access to the machines? Does the
information have to be secure forever or just for a while?
Once you know what you're trying to protect from, you can start thinking about
how to protect yourself.
- Tim.
________________________________
From: Koert Kuipers [ko...@tresata.com<mailto:ko...@tresata.com>]
Sent: Friday, January 20, 2012 1:09 PM
To: hdfs-user@hadoop.apache.org<mailto:hdfs-user@hadoop.apache.org>
Subject: encryption
Does anyone know of any work/ideas to encrypt data stored on hdfs?
Ideally both temporary files and final files would be encrypted. Or there would
have to be a mechanism in hdfs to securely wipe temporary files, like shred in
linux.
So far this is what i found:
https://github.com/geisbruch/HadoopCryptoCompressor
Best,
Koert
________________________________
The information and any attached documents contained in this message
may be confidential and/or legally privileged. The message is
intended solely for the addressee(s). If you are not the intended
recipient, you are hereby notified that any use, dissemination, or
reproduction is strictly prohibited and may be unlawful. If you are
not the intended recipient, please contact the sender immediately by
return e-mail and destroy all copies of the original message.
________________________________
The information and any attached documents contained in this message
may be confidential and/or legally privileged. The message is
intended solely for the addressee(s). If you are not the intended
recipient, you are hereby notified that any use, dissemination, or
reproduction is strictly prohibited and may be unlawful. If you are
not the intended recipient, please contact the sender immediately by
return e-mail and destroy all copies of the original message.
