Contact Us
Sales Enquiry
Tech Support


	Current Document and Section		Other Documents
	Documentation User Guide		DNS and Domains Gateway Services Guide Release Notes Howtos

System - Encrypted File Systems

1 Overview
2 Installation
3 Configuration
- 3.1 Adding an Encrypted Volume
4 Troubleshooting
- 4.1 What if I forget my password?
- 4.2 How can I auto-mount my encrypted volumes on bootup?
5 Links

[edit] Overview

Encrypted File Systems	Information
Description	Encrypted file system manager.
Package Name	cc-dmcrypt
Availability	4.2 and above
Configuration Page	System > Tools > Encrypted File Systems

The encrypted volume module allows the creation of encrypted volumes that can be used to protect confidential data from unauthorized access in the event the server is physically removed from the premise or a portable mass storage device is lost/stolen while in transit.

Data is stored in an encrypted format when a volume has not been mounted. Mounting a volume requires the password. With a strong password, gaining access to the decrypted data (i.e. usable information) is impossible in the event the volume is unmounted. A volume is unmounted whenever a server is restarted (i.e. a shutdown, loss of power etc.) and must be mounted by an administrator having both webconfig access and the volume password.

It is important to note that this module does not provide protection against unauthorized access to data when a volume is mounted (i.e. the state the volume would normally be in during every day use). This module does not replace the need to maintain software updates, use of a properly configured firewall, IDS/IPS etc.

[edit] Installation

If you did not select this module to be included during the installation process, you must first install the module.

[edit] Configuration

[edit] Adding an Encrypted Volume

Any number of encrypted volumes can be created on the server - either on the local hard disk or an external mass storage devices.

	Warning!

Volumes created on the local disk reside in parallel with other system/user data. By contrast, volumes created on unmounted devices (i.e. a USB attached hard disk) fill the entire physical disk size...formatting any/all data that may be on an existing filesystem.

[edit] Volume Name

A unique name that describes the volume (i.e. ArchivedMail, ExternalUSB etc.)

[edit] Mount Point

The location the volume will be accessible. By default, the mount point is created in /mnt/dmcrypt/<VolumeName>

[edit] Storage Device

The physical device location.

[edit] Size

The size (in MB) of the encrypted volume. Keep in mind, encrypted volumes have an encryption overhead approximately equal to 1-5% of the total defined size of the volume.

[edit] Password

The password required to mount the encrypted volume.

[edit] Verify Password

Re-enter the password to verify.

[edit] Troubleshooting

[edit] What if I forget my password?

In a word: don't. If you forget a volume encryption password, there is absolutely no way to recover the data.

[edit] How can I auto-mount my encrypted volumes on bootup?

You cannot...this would defeat the purpose of creating an encrypted volume.

[edit] Links

DM-Crypt Project Home Page

Retrieved from "http://www.clarkconnect.com/docs/System_-_Encrypted_File_Systems"

This page has been accessed 2,266 times. This page was last modified 16:37, 9 October 2007.