Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Security on my Server


  • Please log in to reply
5 replies to this topic

#1 Mickey3

Mickey3

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 08 January 2017 - 03:47 PM

Hello

 

I have a server which consists of an SSD and 2 x 2TB hard drives.

 

I want to encrypt the 2 x 2TB hard drives only as there is not much sensitive data is stored on the SSD - The 2TB drive letters are D and E

 

Once a day ALL data on D are replicated on E using Robocopy, the server is RDP only so it would be very hard for me to enter  password at boot. I have a few programs which will access data on D on bootup. 

 

A few questions:

 

Which encryption method do you recommend?

If my drives are encrypted, will they be slower?

Will the server use more CPU (on average) if drives are encrypted? if so, by how much?



BC AdBot (Login to Remove)

 


#2 Crazy Cat

Crazy Cat

  • Members
  • 808 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lunatic Asylum
  • Local time:10:23 AM

Posted 09 January 2017 - 05:26 PM

Veracrypt or TrueCrypt container, not full D and E hard drive encryption.

TrueCrypt User Guide. https://www.grc.com/misc/truecrypt/TrueCrypt%20User%20Guide.pdf

TrueCrypt is now discontinued, but the project has been continued by a new team under a new name: VeraCrypt. http://www.howtogeek.com/108501/the-how-to-geek-guide-to-getting-started-with-truecrypt/
 

Two things are infinite: the universe and human stupidity; and I'm not sure about the universe. ― Albert Einstein ― Insanity is doing the same thing, over and over again, but expecting different results.

 

InternetDefenseLeague-footer-badge.png


#3 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,638 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:23 AM

Posted 10 January 2017 - 06:31 PM

Is this a Windows server?


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:23 PM

Posted 11 January 2017 - 07:52 PM

Since you mentioned security...Remote Desktop Protocol (RDP) brute force based attacks are on the rise especially by those involved with the development and spread of ransomware. IT folks should close/disable RDP if they don't use it. If they must use RDP, the best way to secure it is to either whitelist IP's on a firewall or not expose it to the Internet. Put RDP behind a firewall, only allow RDP from local traffic, setup a VPN to the firewall and enforce strong password policies, especially on any admin accounts or those with RDP privileges.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Mickey3

Mickey3
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 12 January 2017 - 04:02 AM

Crazy Cat - Why do you not recommend encrypting the whole drive?

 

Yes it is a Windows Server and in regards to RDP. I only RDP from my laptop. I do something far worse and that is connect via TeamViewer when not at home! I have been thinking about setting up a VPN and then RDP to the server when away from home. Which method do you guys recommend?



#6 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,638 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:23 AM

Posted 12 January 2017 - 05:47 AM

Take a look at EFS https://en.wikipedia.org/wiki/Encrypting_File_System


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users