On Tue, 7 Oct 2014 07:08:54 +0000 "C. L. Martinez" <[email protected]> wrote:
> On Mon, Oct 6, 2014 at 11:52 PM, Duncan Patton a Campbell > <[email protected]> wrote: > > The most basic consideration in computer security has nothing to > > do with technology and computers. Do the people you need to keep > > out of the know need to know enough to come and break legs? > > > > If so, don't bother encrypting. They may not just break legs. > > > > Dhu > > > > On Mon, 06 Oct 2014 13:48:33 -0600 > > [email protected] wrote: > > > >> Very true, filling your subterranean data server with angry hornets > >> certainly seems like a good idea but it's really not, most AC > >> maintenance contractors will charge you extra (usually per sting!). > >> > >> Chester T. Field > >> > >> And remember when I left all the meat out because I saw Mr. David Lynch > >> “I’m on TV” do it, > >> and he got on TV from doin’ it, and I did it and didn’t get on TV from > >> doin’ it? - Gandhi > >> > >> On 10/6/2014 at 1:37 PM, "Matti Karnaattu" <[email protected]> wrote: > >> > > >> >>Yes, my goal is to secure the > >> >>infrastructure as much as possible. > >> > > >> >I don't know details but it sounds overly complex. And complexity > >> >may cause other issues, without any benefit for security. > >> > > >> >Example, you don't have to encrypt your whole hard disk if the hard > >> >disk is located in guarded bunker. But if you do that, it will > >> >increase > >> >security in theory but that may cause service outtage if you have > >> >to > >> >always locally type your crypt password if machine crashes. > >> > > >> >I would put this effort to ease maintainability, ease monitoring, > >> >use stateful firewall, deploy honeypot etc. and avoid complexity. > >> > > Thanks guys for your answers. I know it: our it sec. dept. adds a > complexity to our infrastructure, but they are determined to do so. > > Searching via google I found this: > > http://www.safenet-inc.com/data-encryption/ > > HSM: hardware security modules ... But exists another problem. If I > would like to use some SSL/TLS or IPSec based solution, how can I > authenticate these servers between them without compromise host > security?? > > Any ideas?? > > Is "man 8 iked" what you are looking for? Dhu -- Ne obliviscaris, vix ea nostra voco.
