Have you ever felt anxious that someone would view or steal your data on your server? I have. When I first established my VPS, I did not think much about encryption - until I learned how easy it was to read unencrypted data when a hacker accessed it. Fortunately, encrypting your data is not too difficult. It is one of the best ways to safeguard your files and data.
To summarize:
• At rest = Data stored locally on your server
• In transit = Data that is transmitting over the internet
Both need protection.
1. Full Disk Encryption (FDE):
This means encrypting the entire drive. You might use something like LUKS (for Linux) or BitLocker (for Windows).
2. File Level Encryption:
What if you only want to protect a couple files? Then use GnuPG (GPG). I use it for my private config files.
3. Database Encryption:
If you are using MySQL or PostgreSQL you could turn on Transparent Data Encryption (TDE) and it will auto encrypt the data before storing it.
4. Encrypted Backups:
Your backups would also need to be secured. You could use BorgBackup or Duplicity to encrypt them before uploading to the storage.
Here's a tip: Make sure you keep your keys in a different place. Don't store the encryption keys on the same server as your data; otherwise, you have the lock and key together!
1. Use HTTPS:
Use a free SSL/TLS certificate from Let’s Encrypt to ensure all traffic between your website and users is secured.
2. Use SSH Keys Instead of Passwords:
Use SSH key authentication rather than a password for connections to your VPS—it’s faster and considerably safer.
3. Use a VPN:
If you have two servers communicating with each other or want to make a connection, consider building a VPN (like WireGuard or OpenVPN). A VPN encrypts all data moving between your servers.
4. Secure Emails and APIs:
To encrypt emails when sending them, use STARTTLS. When using an API to communicate with other services, HTTPS will encrypt communication for several services. Both API service and emails can ensure sensitive data is encrypted in transit.
So, would you prefer to have your data securely behind encryption or a person could read all of your data?
What are “Data at Rest” and “Data in Transit”?
Let’s keep it simple. Data at rest is data that is stored on your server, such as files, databases, and backups. Data in transit is data that is moving from your server to other locations from the login, to the user sending the data.To summarize:
• At rest = Data stored locally on your server
• In transit = Data that is transmitting over the internet
Both need protection.
Encrypting Data at Rest: Protecting Data You Have Stored
Consider encryption at rest similar to locking your cupboard, and even if a burglar broke in, they couldn't read what was inside. There are several easy ways to do this:1. Full Disk Encryption (FDE):
This means encrypting the entire drive. You might use something like LUKS (for Linux) or BitLocker (for Windows).
2. File Level Encryption:
What if you only want to protect a couple files? Then use GnuPG (GPG). I use it for my private config files.
3. Database Encryption:
If you are using MySQL or PostgreSQL you could turn on Transparent Data Encryption (TDE) and it will auto encrypt the data before storing it.
4. Encrypted Backups:
Your backups would also need to be secured. You could use BorgBackup or Duplicity to encrypt them before uploading to the storage.
Here's a tip: Make sure you keep your keys in a different place. Don't store the encryption keys on the same server as your data; otherwise, you have the lock and key together!
Encrypting Data While It's Moving: Securing Data While It Moves
Let’s discuss data while it moves. You have likely noticed a small padlock icon while browsing. That indicates that the website is utilizing TLS to encrypt information. Here’s how you might implement this with your server:1. Use HTTPS:
Use a free SSL/TLS certificate from Let’s Encrypt to ensure all traffic between your website and users is secured.
2. Use SSH Keys Instead of Passwords:
Use SSH key authentication rather than a password for connections to your VPS—it’s faster and considerably safer.
3. Use a VPN:
If you have two servers communicating with each other or want to make a connection, consider building a VPN (like WireGuard or OpenVPN). A VPN encrypts all data moving between your servers.
4. Secure Emails and APIs:
To encrypt emails when sending them, use STARTTLS. When using an API to communicate with other services, HTTPS will encrypt communication for several services. Both API service and emails can ensure sensitive data is encrypted in transit.
Why Would You Want to Encrypt Data
Some individuals state there is just too much involved in encryption. This is actually incorrect, once you complete the setup, it generally runs automatically without much intervention on your part. Consider how much it could save you from data leaks or a hack.So, would you prefer to have your data securely behind encryption or a person could read all of your data?
