 |
|
|
|
Next: Connection Timeout
|
| Author |
Message |
External
Since: Dec 23, 2004
Posts: 29
|
(Msg. 1) Posted: Fri Oct 21, 2005 1:09 pm
Post subject: Encrypted file system / web server usage.
Archived from groups: alt>apache>configuration, others (more info?)
|
|
|
A friend wants to store some documents so that he can retrieve them
wherever he is in the world. These are confidential. Being able to down
them via SSL would be preferred, but perhaps retrieval via an SSH client
would do.
Is there any way data can be stored on a web server such that even if
someone gained root access they can not read the data? I know you can
use SSL to encrypt the data during transmission, but if someone manages
to get root access on the server, perhaps by a bug in Apache, Solaris,
SSL , secure shell etc, they can just read the files.
Since he wants me to set this up, I'd prefer to use Solaris, but I will
consider Linux. Windoze is out.
It needs to be compatible with Windoze computers.
Just to add a complication to the problem, he would like others to be
able to access the data too. But he wants multiple levels of privileges,
such that someone with level 1 privileges can get at all documents,
someone with level 2 less, someone with level 3 even less and someone at
level 5 only a few documents that are not really confidential (probably
his MP3 collection!!)
As if that is not enough, he wants people to be able to upload documents
too.
I know UNIX supports the concept of owner and a group, but can a user be
a member of multiple groups, such that he a single user can access files
in groups 4 and 5, but not 1, 2 or 3, whereas someone else can read
documents in groups 3, 4 and 5, but not group 1 and 2, and so on?
I think a weak link is always going to be the fact that if he lets
people download word documents to their PC, there is a good chance
others will get access to them - not deleted properly, left on a
printer, or their computer hacked. It is known in the environment he
works, others attempt to hack your computer for commercial gain.
He is quite happy to dedicate the task to multiple computers. I suspect
the way to do this might be to have one server as a web server, and
another to store the documents on. I'm not sure how be to do that, but I
can find out if that is a practical method.
Any suggestions - other than the obvious one that he hires someone with
more knowledge on these issues than me? |
|
| Back to top |
|
 | |
External
Since: Oct 21, 2005
Posts: 1
|
(Msg. 2) Posted: Fri Oct 21, 2005 1:09 pm
Post subject: Re: Encrypted file system / web server usage. [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
On Fri, 21 Oct 2005 13:09:50 +0100 Dave <nospam.RemoveThis@nowhere.com> wrote:
> Is there any way data can be stored on a web server such that even if
> someone gained root access they can not read the data?
Only if the data is sent encrypted to the web browser and decrypted
locally (at the web browser). If the data is decrypted by the web
server and served in plaintext (even over SSL or other encryption),
root can get to it.
If the data is served encrypted and decrypted at the client, it's
trivial. Just encrypt it and use a strong key.
-frank |
|
| Back to top |
|
| |
External
Since: Oct 21, 2005
Posts: 2
|
(Msg. 3) Posted: Fri Oct 21, 2005 1:49 pm
Post subject: Re: Encrypted file system / web server usage. [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
Dave wrote:
> Is there any way data can be stored on a web server such that even if
> someone gained root access they can not read the data?
I would suggest your friend encrypts the files with his public key
either on his own system or on upload to server and then decrypts on his
own machine after download or by pasting the key into a web form
protected by SSL. Of course that means carrying the private key around
with him - probably too hard for most people to memorise but easily
storable on a flash rom or similar.
> Just to add a complication to the problem, he would like others to be
> able to access the data too. But he wants multiple levels of privileges,
> such that someone with level 1 privileges can get at all documents,
> someone with level 2 less, someone with level 3 even less and someone at
> level 5 only a few documents that are not really confidential (probably
> his MP3 collection!!)
He could encrypt each file for each user that he wants to read. Whether
this is practical depends on how many users there are.
> As if that is not enough, he wants people to be able to upload documents
> too.
OK, well that could still work if the server software encrypted the
files after upload.
> Any suggestions - other than the obvious one that he hires someone with
> more knowledge on these issues than me?
The other option might be to have an encrypted filesystem image on the
server, but then you'd still have to have the key to that somewhere on
the system for it to be read - so I think unless you did go the PKI
route you'd always have to trust root (or whoever found themselves being
root).
--
Richard Watson >> Stay informed about: Encrypted file system / web server usage. |
|
| Back to top |
|
| |
External
Since: Dec 23, 2004
Posts: 29
|
(Msg. 4) Posted: Fri Oct 21, 2005 1:55 pm
Post subject: Re: Encrypted file system / web server usage. [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
Richard Watson wrote:
Thanks Richard for your suggestions.
> Dave wrote:
>
>
>>Is there any way data can be stored on a web server such that even if
>>someone gained root access they can not read the data?
>
>
> I would suggest your friend encrypts the files with his public key
> either on his own system or on upload to server and then decrypts on his
> own machine after download or by pasting the key into a web form
> protected by SSL. Of course that means carrying the private key around
> with him - probably too hard for most people to memorise but easily
> storable on a flash rom or similar.
I know with ssh it is possible to have a pass phrase on the private key,
so having the key is not sufficient, you need the pass phrase too. I see
that relying on a private key not being lost when it is stored on a USB
key or similar is perhaps a bit much.
>>Just to add a complication to the problem, he would like others to be
>>able to access the data too. But he wants multiple levels of privileges,
>>such that someone with level 1 privileges can get at all documents,
>>someone with level 2 less, someone with level 3 even less and someone at
>>level 5 only a few documents that are not really confidential (probably
>>his MP3 collection!!)
> He could encrypt each file for each user that he wants to read. Whether
> this is practical depends on how many users there are.
Yes, I never thought of that one. I know the amount of data is 100's of
GB, so it might be impractical. I suspect he is looking at half a dozen
or so users, but I don't know. This might soon eat into TB of disk
space, which is not cheap.
>>As if that is not enough, he wants people to be able to upload documents
>>too.
>
>
> OK, well that could still work if the server software encrypted the
> files after upload.
Any suggestions how best to do that? One obvious one (to me) is perhaps
a cron job that looks for new files every 15 minutes or so then encrypts
them.
>>Any suggestions - other than the obvious one that he hires someone with
>>more knowledge on these issues than me?
>
>
> The other option might be to have an encrypted filesystem image on the
> server, but then you'd still have to have the key to that somewhere on
> the system for it to be read - so I think unless you did go the PKI
> route you'd always have to trust root (or whoever found themselves being
> root).
Perhaps relying on a web server to store files and a second server to
copy the files off the server, securely delete them on the web server,
encrypt them, then put them back on the web server in an encrypted form.
That way the encryption key for the files does not need to be stored on
the web server, so if someone does manage to hack it, they can't find
any key.
Thanks for the ideas. >> Stay informed about: Encrypted file system / web server usage. |
|
| Back to top |
|
| |
External
Since: Dec 23, 2004
Posts: 29
|
(Msg. 5) Posted: Fri Oct 21, 2005 8:55 pm
Post subject: Re: Encrypted file system / web server usage. [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
Owen Rees wrote:
> On Fri, 21 Oct 2005 13:09:50 +0100, Dave <nospam.RemoveThis@nowhere.com> wrote in
> <4358da8f.RemoveThis@212.67.96.135>:
>
>
>>Any suggestions - other than the obvious one that he hires someone with
>>more knowledge on these issues than me?
>
>
> Given the issues you have said he is concerned about, I think that
> hiring a real expert to analyse the problem would be a good start.
I tend to agree with you, but I know he will not do it.
> The
> danger of focusing on specific mechanisms is that you may end up with a
> steel door in a paper wall solution.
I'll try to avoid that, but any help appreciated.
I can't help feeling the "paper wall" is going to be the fact that there
are going to 50 users, working for different organisations, all
accessing the system from different countries on laptops. I think it is
almost inevitable the passwords will get shared.
He has a fairly large collection of mp3's on a server and is surprised
someone from the USA has accessed some of them. Even though they are
password protected, it does not surprise me. It seems quite likely
someone in the USA has the password.
> Deciding whether or not you should be trying to hire Bruce Schneier as a
> consultant would be a good way to think about just how important the
> security is, and how much your friend is willing to pay for a solution.
>
I know he is willing to pay zero, relying on me to do it for him. >> Stay informed about: Encrypted file system / web server usage. |
|
| Back to top |
|
| |
External
Since: Oct 18, 2005
Posts: 3
|
(Msg. 6) Posted: Fri Oct 21, 2005 8:55 pm
Post subject: Re: Encrypted file system / web server usage. [Login to view extended thread Info.]
Imported from groups: per prev. post (more info?)
|
|
|
|
|
| Back to top |
|
| |
External
Since: Jan 01, 2004
Posts: 89
|
(Msg. 7) Posted: Sat Oct 22, 2005 8:55 am
Post subject: Re: Encrypted file system / web server usage. [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
On Fri, 21 Oct 2005 13:09:50 +0100, Dave <nospam DeleteThis @nowhere.com> wrote:
>A friend wants to store some documents so that he can retrieve them
>wherever he is in the world. These are confidential. Being able to down
>them via SSL would be preferred, but perhaps retrieval via an SSH client
>would do.
Buy in a consultant who's competent with security, They are of course
almost impossible to find and the three or four big names are of course
far too busy, but you might get a recomendation for someone in the UK if
you politely asked Ross Anderson. You will of course have already read
his "Security Engineering" Don't read Schneier, I doubt you have the
time to read both and Anderson is a bit more hands-on.
If someone has root on the web server, then it's still easy to prevent
them gaining anything useful. But you'll need to do it by not having
anything on there worth having - ie. everything is stored securely, not
just transferred securely. If you're concerned about this, then you
might not even need SSL - if the documents are "useless until
decrypted", then it doesn't much matter who sees them. However SSL is
easy and off the shelf, so it's a shame not to use it. There's also the
issue of traffic analysis, which it would either help to obfuscate, or
make into a glaring flag of "dirty secrets over here".
Much more concerning would be someone who has root on the CMS (the
production process). If they have access at _that_ level, then you're
pretty much snookered.
By the sounds of things, you need a secure document reader
(acrobat-like) which decrypted on the fly and was careful about tidying
up after itself. It's not a huge piece of work to code such a thing,
built around PGP.
I'd be amazed if this stuff wasn't an instant download already. >> Stay informed about: Encrypted file system / web server usage. |
|
| Back to top |
|
| |
External
Since: Oct 27, 2005
Posts: 1
|
(Msg. 8) Posted: Thu Oct 27, 2005 2:55 pm
Post subject: Re: Encrypted file system / web server usage. [Login to view extended thread Info.]
Imported from groups: per prev. post (more info?)
|
|
|
|
|
| Back to top |
|
| |
| Related Topics: | restricted file system - Anyone please......... I know it can be done.. I don't wont people to be able to leave there homedir from a cgi script..... i need a per-virtualhost chroot type system.... help.... thanks
NFS-mouted file system problem - Dear All, I have a problem with my Apache 2 Server (Linux machine) which is an NIS client and the home folders are NFS-mounted file system from Windows server that runns SFU 3.5. I have enabled the root access in the NFS share, and I am able to cd the....
SSL-encrypted login for non-encrypted pages - What I want to do is something I've seen on probably hundreds of sites, but I don't know how they do it... I know how to setup mod_ssl to encrypt *everything*, the actual userid and password exchange during login, *and* all the actual online content. ...
Unable to read txt file on server - I'm running a search page on my web server which reads a txt file and should then sent the results back to a web page on the same machine. The cgi script runs fine from the command line but not from the web page. A test line at the top of the script does...
how to hide the file and tree in use on server to the client - i want to know how to hide the file and tree in use on server to the client i use a isp witch name is FREE.FR. when a client comme onto a page, the browser can't see what page is in use. i want to reproduce this. thanks excuse me for my english :( .. |
|
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
|
|
|
FAQ
Profile
Private Messages
Log in
