Full Disk Encryption

[sgoldtho]

I'm running OPNsense as a cloud base installation to provide a VPN responder, as such there are private keys etc. stored in a datacenter that's not under my control.

If for some reason my virtual server was copied and fell into the wrong hands, would full disk encryption provide protection from data loss?

Is it possible to install OPNsense with full disk encryption (if so how)?

Does OPNsense already have builtin protection for this?

Any thoughts or feedback on this scenario gratefully accepted...

Thanks,
Steve

 

[bartjsmit]

I would decouple the PKI from the VPN server. If the latter gets compromised, you revoke its cert and build a new one. None of the user private keys need be stored on it.

I'm not sure how easy this is with OPNsense, but you could run a separate OpenVPN server would certainly fit the bill.

Bart...

[fabian]

It is quite simple: just import the certificates you need with the private key. For the others leave the private key out and just paste the public part (certificate).

[sgoldtho]

Thanks for your thoughts, I will definitely move the PKI to a host under my control.

I'm still interested to know if OPNsense can be used with disk encryption (bioctl, gbde or geli)?

Thanks,
Steve

[jaispirit]

Nowadays, an installation without hard disk encryption is indispensable. Hopefully this will be taken into account in future versions.

PfSense: Without root access but with disk encryption
OPNsense: With root access but without disk encryption

The intentions behind are obviously!

SAFETY FIRST!!!

[franco]

> Nowadays, an installation without hard disk encryption is indispensable.

[citation needed]

> PfSense: Without root access but with disk encryption
> OPNsense: With root access but without disk encryption

Sorry but... WTF did I just read?

You can bootstrap into any sort of disk environment if you really want. And you should check your "without root access" claim because it is untrue and merely used here for exposition.


Cheers,
Franco

[banym]

I am a fan of full disk encryption in many areas but network devices is not one.

Full disk encryption in a virtual cloud environment in my opinion does only add security for a small number of attacks. If someone owns the hypervisor he could make a snapshot including the memory that contains the key for decrypting the disk.

Offline backups and exposed storage attacks are addressed by disk encryption. For me this would be the only reason. To not store sensitive data on the box or in the cloud is a better way with less drawbacks.

Starting the VM could only be done when entering the password. This in the most cases is not easily possible and makes it complicated to administrate.

If you have such security concerns you should not use a Cloud Firewall in first place. If you want protection against physical access of the box there are products out there that are engineered against such scenarios, maybe it is a better fit.

[franco]

I agree with this. It's nice to have, but if you have a computer like a firewall that is always on it doesn't bring anything to the table because the disk encryption is only effective if the device is turned off when someone tries to steal it physically...


Cheers,
Franco

[random1104]

How would you cover that case?, I would like to block attackers trying to steal openvpn or zerotier credentials from a stolen device.

I would need tk deploy several sites, many remote and mostly sale points with very basic physical security.