[Info-vax] VSI OpenVMS Hobbyist Program Announced.
Arne Vajhøj
arne at vajhoej.dk
Sat Jul 13 00:30:04 EDT 2019
On 6/19/2019 8:28 AM, Simon Clubley wrote:
> On 2019-06-18, Arne Vajhøj <arne at vajhoej.dk> wrote:
>> If you try look at how application servers access database servers,
>> then you will find that unencrypted is still very common.
>
> Are you sure ?
Yes.
> What is the point of going to the effort of encrypting data at rest if
> you are then going to let it fly around unencrypted within a machine
> room's network ?
If we talk transparent encryption then it is partly to satisfy the
encryption=security crowd and partly because it protects against
data loss if the data in form of either disks or tapes leave the
machine room.
Application encryption of sensitive data does the same, and protect
data in transport and protect against insiders in operations. So that
is much better.
> Why do you trust the machine room network more than the rest of the
> organisation's network ?
Much more restricted access.
> One single compromise
> of a machine on that network and _everything_ on that network is
> potentially compromised.
If someone get access to one of those servers so they can install
a network sniffing tool and get information back out, then they
already have access to the data without sniffing.
Arne
More information about the Info-vax
mailing list