Jane Q obviously doesn't know what they are talking about.
I second the opinion of the first poster who recommended you wait, for several reasons.
First, most methods of encryption are a pain in the butt. If you want to encrypt only some data, then yes I would say Truecrypt. But then it has to be manually un-encrypted before use.
You can cache the keys upon boot so that all your files are accessible on the fly. Use a keyring, encrypted volumes or system encryption.
If you want to encrypt whole drives, your network, everything, and have it work transparently, you are in for a headache combined with a nightmare. Headache because getting it set up and working is a major project fraught with problems.
What system wide project isn't frought with problems, don't blame the encryption. Additionally what does networking have to do with encryption on the drives? NOTHING!
Nightmare because you will lose whole drives worth of data when something goes wrong, unless you have a very serious, robust, and reliable backup scheme that you use often.
Last time I checked you can lose data without a backup scheme either way.
However, drive manufacturers will be coming out soon with new drives that incorporate DES encryption via hardware. This eliminates the delays and problems with software encryption, and will go a very long way toward making whole-network encryption a lot more practical.
DES? Are you freaking kidding me. I think you are incorrectly referring to Seagates BlackArmor Drives which don't use DES, nor does anything these days except some misguided vpn admins. Additionally items like Seagates are not compatible with Linux per their own website.
My company has been encrypting everything for some time. We have used Truecrypt with no issues for around 1.5 years I believe. Our linux machines are all encrypted. It's easy to implement with Fedora 9+ and Ubuntu 8.10 alternate installer as Anaconda handles it for you. I also have several encrypted RAID arrays. If you want pm me for a write up on it. I don't want my site getting slashdotted;) . I'll be happy to give you my how-tos'
Just remember, nothing is 100% secure. Document everything.
As far as performance is concerned. We have noticed no significant impact from disk encryption. Let all the naysayers whine and say I'm full of it. TOP reports that our encryption from cryptsetup consumes about 5% of our procs on our older IBM celerons 2ghz, that's while writing to an array. The array (mdadm) consumes about another 5 %. It consumes around the same on a single core of our new machines. Our new machines, i.e. Core2Duo 2.2's, Xeon Quads 2.13's and an AMD dual core 2.2 you don't even notice it.
Frankly it's so easy to encrypt a system drive these days I am of the mind you are foolish not to do so.
The only downside I have come across with system encryption is that I can't do remote reboots. There is a way around it I've read but it's not really an issue for us. Message me if you want, or can. I never have pm'd anyone here before.
Slashdot Mirror
I second the opinion of the first poster who recommended you wait, for several reasons. First, most methods of encryption are a pain in the butt. If you want to encrypt only some data, then yes I would say Truecrypt. But then it has to be manually un-encrypted before use.
You can cache the keys upon boot so that all your files are accessible on the fly. Use a keyring, encrypted volumes or system encryption.
If you want to encrypt whole drives, your network, everything, and have it work transparently, you are in for a headache combined with a nightmare. Headache because getting it set up and working is a major project fraught with problems.
What system wide project isn't frought with problems, don't blame the encryption. Additionally what does networking have to do with encryption on the drives? NOTHING!
Nightmare because you will lose whole drives worth of data when something goes wrong, unless you have a very serious, robust, and reliable backup scheme that you use often.
Last time I checked you can lose data without a backup scheme either way.
However, drive manufacturers will be coming out soon with new drives that incorporate DES encryption via hardware. This eliminates the delays and problems with software encryption, and will go a very long way toward making whole-network encryption a lot more practical.
DES? Are you freaking kidding me. I think you are incorrectly referring to Seagates BlackArmor Drives which don't use DES, nor does anything these days except some misguided vpn admins. Additionally items like Seagates are not compatible with Linux per their own website.
My company has been encrypting everything for some time. We have used Truecrypt with no issues for around 1.5 years I believe. Our linux machines are all encrypted. It's easy to implement with Fedora 9+ and Ubuntu 8.10 alternate installer as Anaconda handles it for you. I also have several encrypted RAID arrays. If you want pm me for a write up on it. I don't want my site getting slashdotted ;) . I'll be happy to give you my how-tos'
Just remember, nothing is 100% secure. Document everything.
As far as performance is concerned. We have noticed no significant impact from disk encryption. Let all the naysayers whine and say I'm full of it. TOP reports that our encryption from cryptsetup consumes about 5% of our procs on our older IBM celerons 2ghz, that's while writing to an array. The array (mdadm) consumes about another 5 %. It consumes around the same on a single core of our new machines. Our new machines, i.e. Core2Duo 2.2's, Xeon Quads 2.13's and an AMD dual core 2.2 you don't even notice it.
Frankly it's so easy to encrypt a system drive these days I am of the mind you are foolish not to do so.
The only downside I have come across with system encryption is that I can't do remote reboots. There is a way around it I've read but it's not really an issue for us. Message me if you want, or can. I never have pm'd anyone here before.