BRC Cluster Workshop

User Tools

Site Tools

Trace:
sensitive_data

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
sensitive_data [2021/06/16 13:10]
root 		sensitive_data [2022/01/26 09:40] (current)
root [Encrypted Disk Volumes]
Line 16: Line 16:
   * The cluster does not expire passwords (although unused accounts are locked after 6 months). Newer best practices do not consider complexity requirements and expiration of passwords to be worthwhile (e.g. 2019 NIST 800-63).   * The cluster does not expire passwords (although unused accounts are locked after 6 months). Newer best practices do not consider complexity requirements and expiration of passwords to be worthwhile (e.g. 2019 NIST 800-63).
   * The cluster does not limit copying of data which you have permission to read.   * The cluster does not limit copying of data which you have permission to read.
-  * The cluster does not yet have 2-factor authentication (this is planned for implementation soon - as of early 2021).+  * The cluster does not yet have 2-factor authentication.
  
-==== Encrypted Disk Volume /home6 ====+**It is your responsibility to ensure that your sensitive data is adequately protected (the system administrators can't determine which data are sensitive): but you can let the administrators know about specific needs and get help with making sure that the data are secure.** 
  
-One way in which sensitive data can be protected is by only storing it on encrypted disk volumes. Currently, of the cluster disk volumes, only /home1, /home6, and /scratch are encrypted by default (i.e. all the data is encrypted before being written to disk and decrypted when read). (This is also known as encryption "at rest".) This encryption protects against the server being stolen, or being improperly disposed of (with the disks and data intact) at some point in the future. The backup volumes to which the data on /home1 and /home6 are copied are also encrypted.+==== Encrypted Disk Volumes ====
  
-If you have a project that includes the use of sensitive data please talk to the system administrators to see whether you should store that data on /home1, /home6, or have your entire home directory moved to /home6.+One way in which sensitive data can be protected is by only storing it on encrypted disk volumes. Currently, of the cluster disk volumes, only /home1, /home6, and /scratch are encrypted (i.e. all the data is encrypted before being written to disk and decrypted when read). (This is also known as encryption "at rest".) This encryption protects against the server being stolen, or being improperly disposed of (with the disks and data intact) at some point in the future. The backup volumes to which the data on /home1 and /home6 are copied are also encrypted. 
 + 
 +If you have a project that includes the use of sensitive data please talk to the system administrators to see whether you should store that data on /home1, /home6, or have your entire home directory moved to an encrypted volume.
  
 The /scratch volume is not backed up, but is encrypted. The /scratch volume is not backed up, but is encrypted.
  
-If you have sensitive data you should ensure that your home directory, or the directories containing the sensitive data are not world readable.+If you have sensitive data you should ensure that your home directory, or the directories containing the sensitive data, or the data files themselves are not world readable. 
 + 
 +For example: 
 + 
 +<code> 
 +chmod o-rwx sensitive_directory 
 +</code> 
 + 
 +will stop general users of the cluster accessing files in "sensitive_directory"
  
sensitive_data.1623863424.txt.gz · Last modified: 2021/06/16 13:10 by root

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: Public Domain
Public Domain Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki