On Thu, Oct 9, 2014 at 7:21 AM, Duncan Patton a Campbell <campb...@neotext.ca> wrote: > On Tue, 7 Oct 2014 07:08:54 +0000 > "C. L. Martinez" <carlopm...@gmail.com> wrote: > >> On Mon, Oct 6, 2014 at 11:52 PM, Duncan Patton a Campbell >> <campb...@neotext.ca> wrote: >> > The most basic consideration in computer security has nothing to >> > do with technology and computers. Do the people you need to keep >> > out of the know need to know enough to come and break legs? >> > >> > If so, don't bother encrypting. They may not just break legs. >> > >> > Dhu >> > >> > On Mon, 06 Oct 2014 13:48:33 -0600 >> > chester.t.fi...@hushmail.com wrote: >> > >> >> Very true, filling your subterranean data server with angry hornets >> >> certainly seems like a good idea but it's really not, most AC >> >> maintenance contractors will charge you extra (usually per sting!). >> >> >> >> Chester T. Field >> >> >> >> And remember when I left all the meat out because I saw Mr. David Lynch >> >> “I’m on TV” do it, >> >> and he got on TV from doin’ it, and I did it and didn’t get on TV from >> >> doin’ it? - Gandhi >> >> >> >> On 10/6/2014 at 1:37 PM, "Matti Karnaattu" <mkarnaa...@gmail.com> wrote: >> >> > >> >> >>Yes, my goal is to secure the >> >> >>infrastructure as much as possible. >> >> > >> >> >I don't know details but it sounds overly complex. And complexity >> >> >may cause other issues, without any benefit for security. >> >> > >> >> >Example, you don't have to encrypt your whole hard disk if the hard >> >> >disk is located in guarded bunker. But if you do that, it will >> >> >increase >> >> >security in theory but that may cause service outtage if you have >> >> >to >> >> >always locally type your crypt password if machine crashes. >> >> > >> >> >I would put this effort to ease maintainability, ease monitoring, >> >> >use stateful firewall, deploy honeypot etc. and avoid complexity. >> >> >> >> Thanks guys for your answers. I know it: our it sec. dept. adds a >> complexity to our infrastructure, but they are determined to do so. >> >> Searching via google I found this: >> >> http://www.safenet-inc.com/data-encryption/ >> >> HSM: hardware security modules ... But exists another problem. If I >> would like to use some SSL/TLS or IPSec based solution, how can I >> authenticate these servers between them without compromise host >> security?? >> >> Any ideas?? >> >> > > Is "man 8 iked" what you are looking for? > > Dhu
Uhmm . .. I don't understand your question Duncan... To use IPsec is a possibility.
