This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
sensitive_data [2022/01/26 09:38] root |
sensitive_data [2022/01/26 09:40] (current) root [Encrypted Disk Volumes] |
||
---|---|---|---|
Line 22: | Line 22: | ||
==== Encrypted Disk Volumes ==== | ==== Encrypted Disk Volumes ==== | ||
- | One way in which sensitive data can be protected is by only storing it on encrypted disk volumes. Currently, of the cluster disk volumes, only /home1, /home6, and /scratch are encrypted | + | One way in which sensitive data can be protected is by only storing it on encrypted disk volumes. Currently, of the cluster disk volumes, only /home1, /home6, and /scratch are encrypted (i.e. all the data is encrypted before being written to disk and decrypted when read). (This is also known as encryption "at rest" |
If you have a project that includes the use of sensitive data please talk to the system administrators to see whether you should store that data on /home1, /home6, or have your entire home directory moved to an encrypted volume. | If you have a project that includes the use of sensitive data please talk to the system administrators to see whether you should store that data on /home1, /home6, or have your entire home directory moved to an encrypted volume. | ||
Line 28: | Line 28: | ||
The /scratch volume is not backed up, but is encrypted. | The /scratch volume is not backed up, but is encrypted. | ||
- | If you have sensitive data you should ensure that your home directory, or the directories containing the sensitive data are not world readable. | + | If you have sensitive data you should ensure that your home directory, or the directories containing the sensitive data, or the data files themselves |
+ | |||
+ | For example: | ||
+ | |||
+ | < | ||
+ | chmod o-rwx sensitive_directory | ||
+ | </ | ||
+ | |||
+ | will stop general users of the cluster accessing files in " | ||