On Sep 2, 2013, at 23:13, LuKreme <krem...@kreme.com> wrote: > For servers? Encrypting the drive on a always-on server seems a bit > pointless. Once the machine is up and running, the drive is, as you said, > unencrypted. However, if someone comes in to seize the machines, they will > have to power them off and then the contents of the drives are protected.
Not true. For servers with redundant power supplies, one just swaps in a UPS one power lead at a time. For servers with a single PSU, you can splice in power from a UPS, and still move the server without powering it down. Once they have direct access, you are pretty much fooked. And when it concerned No Such Agency, you might be fooked regardless if you're targeted directly. So in terms of 'NSA proofing' your e-mail server, all you can do as a server administrator is what you should have been doing already. Mvg, Joni
