BRC Cluster Workshop

User Tools

Site Tools

Trace:
sensitive_data

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
sensitive_data [2022/01/26 09:38]
root 		sensitive_data [2022/01/26 09:40] (current)
root [Encrypted Disk Volumes]
Line 22: Line 22:
 ==== Encrypted Disk Volumes ==== ==== Encrypted Disk Volumes ====
  
-One way in which sensitive data can be protected is by only storing it on encrypted disk volumes. Currently, of the cluster disk volumes, only /home1, /home6, and /scratch are encrypted by default (i.e. all the data is encrypted before being written to disk and decrypted when read). (This is also known as encryption "at rest".) This encryption protects against the server being stolen, or being improperly disposed of (with the disks and data intact) at some point in the future. The backup volumes to which the data on /home1 and /home6 are copied are also encrypted.+One way in which sensitive data can be protected is by only storing it on encrypted disk volumes. Currently, of the cluster disk volumes, only /home1, /home6, and /scratch are encrypted (i.e. all the data is encrypted before being written to disk and decrypted when read). (This is also known as encryption "at rest".) This encryption protects against the server being stolen, or being improperly disposed of (with the disks and data intact) at some point in the future. The backup volumes to which the data on /home1 and /home6 are copied are also encrypted.
  
 If you have a project that includes the use of sensitive data please talk to the system administrators to see whether you should store that data on /home1, /home6, or have your entire home directory moved to an encrypted volume. If you have a project that includes the use of sensitive data please talk to the system administrators to see whether you should store that data on /home1, /home6, or have your entire home directory moved to an encrypted volume.
Line 28: Line 28:
 The /scratch volume is not backed up, but is encrypted. The /scratch volume is not backed up, but is encrypted.
  
-If you have sensitive data you should ensure that your home directory, or the directories containing the sensitive data are not world readable.+If you have sensitive data you should ensure that your home directory, or the directories containing the sensitive data, or the data files themselves are not world readable. 
 + 
 +For example: 
 + 
 +<code> 
 +chmod o-rwx sensitive_directory 
 +</code> 
 + 
 +will stop general users of the cluster accessing files in "sensitive_directory"
  
sensitive_data.1643207882.txt.gz · Last modified: 2022/01/26 09:38 by root

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: Public Domain
Public Domain Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki