So I have a business-friend that when I tried rubbing it in his face (he doesn’t care about privacy, and loves handing all his stuff to Microsoft) that I created a secure mail server on my own box, he threatened to sue me for not following “best practice”. He’s supposed to be a mentor, so he told me that would teach me a lesson about “privacy comes at a cost” and about real business security.
Anyways, I haven’t thrown anything important on my mail server, so I’m not too afraid at this stage. We carried on a conversation about mail security and other stuff, but he brought up a good security topic I wanted to talk about.
So there is “data in motion” and “data at rest”. Data in motion is like when Transport Layer Security secures your data from/to servers/clients. However, securing data at rest was interesting for mail security. He said something about–he does government systems, so I expect him to be working on over-secure systems–PKI signing and encrypting/decrypting on the client and stuff. If an organization hasn’t added a certificate to their list of certificate authorities on a business desktop computer, then the client cannot view the email.
I wanted to ask how I could play around with securing data at rest with my MIAB box and on my Ubuntu desktop on my Thunderbird mail client.
I know the machine is pretty well firewalled and all backups are encrypted. As far as the messages themselves, that would be something to check with the developers.
I’m a cissp and I feel comfortable using it just based on my own intrusion tests I’ve attempted against it. This is not an endorsement, just my opinion for my use
as far as the PKI certificate stuff he’s talking about, that’s data in motion. Its securing data between the server and the client. It has nothing to do with data at rest.
The messages themselves are stored unencrypted. I however do not see why it would not be possible to encrypt the user-data’s home directory.
So, maybe the question for the developers should be whether it is reasonable to encrypt that users home dir? Full disk encryption would be nice, but I have not seen a reasonable way to do so with any of the VPS providers. Maybe someone with more experience in this area can chime in.
Storing at rest you would need something like the per user encryption from Nextcloud. You could encrypt the /home/user-data directory which would help somewhat. you would have to unlock it and remember that mail still in Postfix’s queue is not going to be encrypted. As it hangs around trying to access a locked volume. Mail is inherently insecure it is why in so many organisations client access is limited to behind a VPN only solution.
Playing around with security is a good learning experience, but for this project my general position is that I don’t review changes that a) deal with hypotheticals or b) can’t be deployed to all users seamlessly. We need to be secure, but only against demonstrable exploits and not at the expense of making the project unusable for most people. Encryption at rest is likely to not meet either criteria, IMO.