Bitlocker on RAID a good thing?

[ICBM]

I haven't found alot of information pertaining to this exact topic here or elsewhere. I am just curious if it is safe(or a good idea) to use Window's Bitlocker on a RAID array.

On the current system I am working on I have a RAID1 array setup. Lets say the machine is stolen, Bitlocker should keep my data relatively safe. What if I have a drive go down, can I just let the controller rebuild itself with Bitlocker not caring one way or the other? Are there any other downsides to using Bitlocker on a small server? Performance is not a big concern. I look forward to input.

 

[theevilsharpie]

What if I have a drive go down, can I just let the controller rebuild itself with Bitlocker not caring one way or the other?

Yes.

Are there any other downsides to using Bitlocker on a small server? Performance is not a big concern. I look forward to input.

If the operating system stops functioning, BitLocker (or any full-disk encryption application, for that matter) will prevent you from using third party tools to recover any data stored on the encrypted volume. Consequently, backups are critical; however, this data needs to be secured as well.

 

[Fayd]

I'd go with truecrypt instead of bitlocker, but it's fine. the array doesnt care what's on it, the encrypted volume doesnt care what it's on.

 

[0roo0roo]

bitlocker is for machines that are not physically secure. for a server or regular machine you are better off making sure the thing can't be carried away

 

[theevilsharpie]

bitlocker is for machines that are not physically secure. for a server or regular machine you are better off making sure the thing can't be carried away

"Servers" are increasingly being run inside virtual machines, which can be considered an insecure environment.

 

[yinan]

I love bitlocker for my offsite DVD rip backups

 

[yinan]

"Servers" are increasingly being run inside virtual machines, which can be considered an insecure environment.

Why are VMs considered insecure? You have to take all the same precautions as you would a physical box. This is more FUD that security folks like to spread.

 

[imagoon]

Why are VMs considered insecure? You have to take all the same precautions as you would a physical box. This is more FUD that security folks like to spread.

In theory, you can security exploit a VM and compromise the running VM server processes, which then be used to exploit other machines that the VM server hosts.

Thing is, you need to exploit a VM enough to get it to run the attack on the hypervisor in such a way that it doesn't bomb the VM and the hypervisor and then still exploit the other VM's again with out bombing the whole system. Also once you get down to the hypervisor you still need to break out of the VM's process (VM's are basically processes) in to the hardware's core then hop back in to another VM process.

I would generally guess there is a much more direct and less intensive attack than this....

There is also the "shared memory" path but that is also a long shot because most hypervisors do memory scrubbing to reduce the memory load of the VM's themselves.

 

[theevilsharpie]

Why are VMs considered insecure?

Because the host is capable of bypassing the security functionality of the guest operating system.

 

[imagoon]

Which isn't any different than say a root kit on a machine. Also so can the baseband management controllers on most servers can also do this. Running on the hardware isn't automatically more secure, just a different attack vector.

 

[theevilsharpie]

Which isn't any different than say a root kit on a machine. Also so can the baseband management controllers on most servers can also do this. Running on the hardware isn't automatically more secure, just a different attack vector.

The security issues with virtualization don't look any different because you're viewing it strictly from a technical perspective.

Virtualization's big advantage is its economies of scale due to the pooling of IT resources. From the perspective of an individual organization, this may involve moving sensitive data from a server that they maintain to a centralized IT organization that they may not trust. Full-disk encryption can provide security for data when the virtual infrastructure and/or the people that manage it aren't trusted.