Another day, another scary headline:
Security flaw in ‘nearly all’ modern PCs and Macs exposes encrypted data
Don’t get us wrong, we don’t discount this as false. It’s almost certainly not.
But for us, we never ever rely on one lock for our IT systems. Full disk encryption? Sure, we got it. But we also server-side encrypt our data AND we end to end encrypt our most important data. Three levels of encryption. Each with a completely different software package. All Open Source.
We also 2FA protect out logins for all key accounts (email, ssh access, cloud and even our web site portal).
We note this headline, but then go about our day.
Don’t let the headlines scare you too much!
Routine maintenance and general configuration management of a new cloud server supporting EXPLOINSIGHTS installed as an LXC instance is going ok. Nextcloud’s security scan has given me a top rating for a new installation, which is encouraging but not enough to rest on laurels. This installation is currently a mirror (in terms of files) of a current install on a live server, but after testing, this will become the main cloud server for the organizations needs and the older server will be retired.
This version is of course running with server-side file encryption. As part of the testing process, client-side encryption (a feature of Nextcloud version 13) will be evaluated, as BoxCryptor (the current Exploinsights, Inc. end to end encryption service) causes a few operational issues.