[plug] Encrypted WD Mybook Live
brad at fnarfbargle.com
Tue Nov 13 13:29:22 WST 2012
I was recently away on holiday and had a nasty thought. "What if someone
broke in and stole all my computers". It's not the loss of the machines,
they are covered by insurance. It's not the loss of the data as it is
comprehensively backed up and rotated off site.
The issue is the potential leakage of sensitive information.
I have systems in two geographically close, but individually secured
buildings and they cross backup. The desktop machines (being MacOS,
Linux & Windows) all back up to a local WD Mybook Live (with afs, nfs &
Poking around inside the Mybook showed it to be a relatively standard
Debian lenny install, so I compiled up dm-crypt modules and set about
replacing the standard data volume mount with an encrypted version.
The device runs a script from /etc/crypttab that brings up the network
interface and obtains the passphrase from a remote server. Aside from a
significant reduction in the IO speed the device works just as it did
out of the box, however now if it gets nicked I know the data is useless.
Along the same vein, I have a server with 6 240GB SSD's configured as
RAID10,n2 and using dm-crypt on that array has made a negligible
difference in throughput and latency.
This is my first time playing with dm-crypt, and I've been pleasantly
surprised at how fast it is on machines with AES-NI, and how easy to use
it is in general.
It's not going to protect me against someone gaining physical access to
the network, however at least I'm covered against the common thug.
More information about the plug