The first important basic rule to be followed before encrypting the data is:
No information that would eventually be encrypted should ever be written to the hard disk (or any other media) in the clear.
When you mark existing clear text data for encryption, though the data gets encrypted, the existing clear text data might still be present on some part of hard disk where the DIB resides.
There will be “Left Over” clear text pieces of data in some blocks of database if you try to do following operations:
Mark existing clear text data for encryption
Change the encryption scheme of an encrypted attribute
The following sections depict deployment scenarios for encrypted data and steps to ensure that the encrypted data is truly secure:
In case of a new setup, you would have just installed the operating system and then eDirectory. It is assured that there is no clear text data present in the hard disk where the DIB resides.
Complete the following steps to ensure that the encrypted data in eDirectory is truly secure:
Plan in advance which attributes you want to encrypt and with what scheme.
That is, you must decide in advance which attributes you want to encrypt before uploading the data in clear text into the eDirectory.
WARNING:Once you have loaded any data into the eDirectory in the clear, you should not mark an attribute for encryption. Though you can do it, this leads to security problems.
Configure eDirectory and set the encryption schemes that you want on an attribute.
Load your existing data into the new server.
Bulkloading from an LDIF file or replicating with another server are the two most likely scenarios. Make sure that if you bulk load, you don’t copy the clear text LDIF file onto the same hard disk where the DIB resides.
NOTE:Remember the Rule mentioned: No clear text data can ever be written to the disk.
Destroy any existing clear text data
Any disks (or on other media) with the clear text data on it should be securely wiped. This includes things like the clear text LDIF file used to bulk load the server, any other server that was used for replication, or tapes with old backups on them.
This scenario includes the following:
You can mark clear text data for encryption and ensure that the data is secure through the following methods:
Through Replication
Setup encryption on a new server as follows:
Plan in advance which attributes you want to encrypt and with what scheme.
That is, you must decide in advance which attributes you want to encrypt before uploading the data in clear text into the eDirectory.
WARNING:Once you have loaded any data into the eDirectory in the clear, you should not mark an attribute for encryption. Though you can do it, this leads to security problems.
Start with a clear install (probably including the OS) on a freshly formatted and partitioned disk.
This is to ensure that there is no clear text data on the disk. This means you cannot just take an existing computer which has clear text data previous and re-install eDirectory. You must have thoroughly erased all traces of data from the disk. Run some kind of secure erase software, use a magnetic bulk eraser on the disk, or perform something equally destructive to the data before installing eDirectory.
Configure eDirectory and set the encryption schemes that you want on an attribute.
Move this server into a replica ring where you have the existing data that you want to encrypt, let the replication happen then take the old server offline.
Destroy any existing clear text data
Any disks (or on other media) with the clear text data on it should be securely wiped. This includes things like the clear text LDIF file used to bulk load the server, any other server that was used for replication, or tapes with old backups on them.
Through Backup and Restore
Setup encrypting on a new server as follows:
Plan in advance which attributes you want to encrypt and with what scheme.
That is, you must decide in advance which attributes you want to encrypt before uploading the data in clear text into the eDirectory.
WARNING:Once you have loaded any data into the eDirectory in the clear, you should not mark an attribute for encryption. Though you can do it, this leads to security problems listed in Note A.
Start with a clear install (probably including the operating system) on a freshly formatted and partitioned disk.
This is to ensure that there is no clear text data on the disk. This means you cannot just take an existing computer which has clear text data previous and re-install eDirectory. You must have thoroughly erased all traces of data from the disk. Run some kind of secure erase software, use a magnetic bulk eraser on the disk, or perform something equally destructive to the data before installing eDirectory.
Configure eDirectory and set the encryption schemes that you want on an attribute.
Restore the backed up DIB (that contains the existing clear text data) on the new server. You can backup the DIB using Clone DIB Set or Hot Backup.
Destroy any existing clear text data
Any disks (or on other media) with the clear text data on it should be securely wiped. This includes things like the clear text LDIF file used to bulk load the server, any other server that was used for replication, or tapes with old backups on them.
The steps require to do this using backup/restore are mentioned below:
Change the encryption algorithms for an attribute.
Take a DIB backup. You can backup the DIB using Clone DIB Set or Hot Backup.
Restore the backed up DIB to a new fresh server, and delete the old server.
Destroy any existing clear text data on the old server. This avoids bits and pieces of data with the old scheme still on the hard disk.
Any disks (or on other media) with the clear text data on it should be securely wiped.This includes things like the clear text LDIF file used to bulk load the server, any other server that were used for replication or tapes with old backups on them.
The scenarios listed here are not exhaustive and there might be more scenarios where this problem occurs. As long as you follow the rule, No information that would eventually be encrypted should ever be written to the hard disk (or any other media) in the clear, the encrypted data will be truly secure.