Hardware Encryption - What/Where?

S

SilenceEchoed

n00b
Joined
Apr 23, 2004
Messages
48
I'm looking to lock up one of my boxes, affectionately known around here as the 'Cabinet', and I've run into a few snags along the way. After some research, I'm still at a loss for what solution I'll be following, so I was hoping to pick the collective brains here for some help. I'm trying to secure all data on this system, preferably but not limited to, on the hardware level. The system is accessable over our internal network by multiple users, so a passworded software encryption is undesireable. Basically, if someone were to be able to walk out of here, hard drive in hand, I need to make sure that drive is USELESS to them.

The solution must:

1) Protect against physical tampering. My main concern is if this box grows legs and walks off.
2) Be simple. This system is part of a closed internal network, with multiple users that require access. Them, I trust, as do I trust the network security. Like I said before, I'm only concerned now with securing the data in the event of a physical theft of the system.
3) Support multiple drives, for obvious reasons there. All drives are IDE at the moment, so that is my current focus, though I'm also interested in other interfaces as well for future projects.

I've been looking at eNova's X-Wall chip's, but there is a definate lacking in product availability from other manufacturers. Abit makes the Secure IDE card using this chipset, but I haven't been able to find them readily available anywhere, not to mention that each card only secures a single drive. Then again, I'd forgive them of this could I actually find them in them in the first place being that it is currently my best available solution. eNova also makes a RAID card (not really RAID, just multiple drives, but then again it's ussually the marketing department that names these things), but from what I can tell absolutely no one currently manufactures them.

Does anyone have a suggestion, product, or solution they would like to make known?
 
http://www.cooldrives.com/usdriv.html

But no encryption/security is perfect. On top of this if you are worried about employees stealing data.. if they are putting the data in, they have to be able to see it, so they can access it unencrypted, at least at the level that they are entering data.. so they could save it unencrypted to a local device.. no need to steal the server.

What are you trying to accomplish?

==>Lazn
 
It's a bit tricky to explain the how's and why's on this...

To put it simply, I am trying to ensure that if somehow you were to come into possession of one of the hard drives out of this system, that it would be of no use to you other than the fact that it is a high speed drive that you didn't have yesterday. I need the data on it to be absolute garbage from their standpoint, and if that means the data is destroyed rather than viewed, I have little problem with that. (assuming, or course, that all copies of this data isnt' destroyed simultaneously, but that's for me to worry about)

It was pointed out that one of the authorized users could very well just sit down with their credentials and copy the information off the system. There have already been some steps made to prevent this from happening, and as I said before the authorized users are not my concern.

Lazn: I found that site myself... They carry a few solutions, all implimenting the same chipset, though none of these seems to extend past the idea of a single drive, and most are IDE. At least to me, it seems pretty narrow thinking to envision a data protection system for a single drive, possibly with USB interface... just me though...

I may be forced to use numerous single drive encryption chips, though this doesn't help me any when the system moves away from IDE drives. Well, to be more accurate, this could be something to further delay the system moving away from IDE drives...
 
I belive most places use software encryption.. And physical security to deal with their needs.

Linux 2.6 added encryption to Device Mapper..

Not sure if it is even related, but you could look up crypto accelerator cards.

==>Lazn
 
Lazn_Work said:
I belive most places use software encryption.. And physical security to deal with their needs.

Linux 2.6 added encryption to Device Mapper..
Click to expand...
I vote for it. A hardware raid card may be useful, but if it's a dedicated box just for file serving you should be able to get a plain old IDE card and put the disks on that, then software raid them and add a crypto layer and have decent performance.

Good luck with it.
 
You must log in or register to reply here.
Back
Top