Community mailing list archives

Re: Encrypcion

- 08/24/2014 16:53:39

If you wont Encryption on transport is SSL a good idea. There are 2 variants to run a SSL socket.
* The simple is with a server-certificate. There are only a authentication of the Server.
* The second is with client-certificates. There get each person an certificate (software or on a secure card) and can so establish the connection. This is more secure but make a lord of work to manage the certificate infrastructure.

A SSL connection over SSH is a bad idea. It works but its have a load of legacy because of the TCP resyncs.
If you wont an additional secure layer use a vpn but down use it instant ssl. An end2end encryption is the best solution.

If you wont a encryption of the system you cane use disc encryption (I recommend LUKS) but that is not real performance on bigger systems.
And don't forgot the encryption of the backups...


On 24.08.2014 18:34, David Arnold wrote:
<blockquote cite="" type="cite">
​ Hi Anders

thanks for your answer​! If we want to go even further, are there recommendations?


Post to: