Lance Reed
2014-Feb-26 15:47 UTC
[Gluster-users] Secure Setup / Separate GlusterFS / Encryption
I was wondering if anyone has any working examples of the below reference of setting up ecryptfs with Gluster? My attempts so far have failed to work correctly and I am looking to ee if it is actually an option with the most recent versions of glusterfs? Thanks in advance for any thoughts!> Finally also on the topic of security how would people suggest handling > encryption of client data and working with a storage server hosting > different encrypted dataServer-side encryption is possible now, using mechanisms outside of *GlusterFS* (e.g. LUKS or *ecryptfs*). The weakness of such approaches is that the same entity - the server operator - will have access to both the encrypted data and keys. In far too many cases, this means both will be equally available to an attacker (or even more likely insider). You might as well not bother encrypting at all IMO. A more robust solution was developed for HekaFS (my now-dormant flavor of*GlusterFS*). In that solution, encryption is done *on the client* using keys that never exist on servers. This provides both security and deniability, either of which can be critical in current environments. A medium-strength version of this encryption has existed for about two years in HekaFS, though enough has changed that it would probably require a refresh before it could even build. A stronger version - developed in concert with security experts at Red Hat and on par with anything else that's out there - has been in review for a while and might appear in the next *GlusterFS* release or two. Bear in mind that even the "medium-strength" version is far more secure in practice than any server-side encryption method. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://supercolony.gluster.org/pipermail/gluster-users/attachments/20140226/604293e7/attachment.html>
On 26.02.2014 15:47, Lance Reed wrote:> I was wondering if anyone has any working examples of the below > reference > of setting up ecryptfs with Gluster? My attempts so far have failed > to > work correctly and I am looking to ee if it is actually an option with > the > most recent versions of glusterfs?I do not know how Glusterfs works well enough to say why ecryptfs doesn't function properly. What I would try though is to create a raw file on that NFS share and either: 1. loop mount it and put ecryptfs on it OR 2. format it with luks and mount it I think luks is more performant, though less flexible. This could be set per user somehow, probably using pam_mount etc. HTH Lucian -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro
Vijay Bellur
2014-Feb-28 03:29 UTC
[Gluster-users] Secure Setup / Separate GlusterFS / Encryption
On 02/26/2014 09:17 PM, Lance Reed wrote:> I was wondering if anyone has any working examples of the below > reference of setting up ecryptfs with Gluster? My attempts so far have > failed to work correctly and I am looking to ee if it is actually an > option with the most recent versions of glusterfs? > > Thanks in advance for any thoughts!Slightly OT, The HekaFS encryption translator [1] has found its way into GlusterFS 3.5 beta releases. We expect the feature to be in beta for 3.5 but if you can evaluate it and let us know your feedback, that would be very helpful to us! -Vijay [1] https://www.gluster.org/community/documentation/index.php/Features/disk-encryption> >> Finally also on the topic of security how would people suggest handling >> encryption of client data and working with a storage server hosting >> different encrypted data > > Server-side encryption is possible now, using mechanisms outside of*GlusterFS* > (e.g. LUKS or*ecryptfs*). The weakness of such approaches is that the same > entity - the server operator - will have access to both the encrypted data and > keys. In far too many cases, this means both will be equally available to an > attacker (or even more likely insider). You might as well not bother > encrypting at all IMO. > > A more robust solution was developed for HekaFS (my now-dormant flavor of > *GlusterFS*). In that solution, encryption is done *on the client* using keys > that never exist on servers. This provides both security and deniability, > either of which can be critical in current environments. A medium-strength > version of this encryption has existed for about two years in HekaFS, though > enough has changed that it would probably require a refresh before it could > even build. A stronger version - developed in concert with security experts at > Red Hat and on par with anything else that's out there - has been in review for > a while and might appear in the next*GlusterFS* release or two. Bear in mind > that even the "medium-strength" version is far more secure in practice than any > server-side encryption method. > > > > > _______________________________________________ > Gluster-users mailing list > Gluster-users at gluster.org > http://supercolony.gluster.org/mailman/listinfo/gluster-users >