Did I just re-discover something well-known and obvious that has a name already? Or is there some reason the whole logic is flawed (and that's why it doesn't have a name)? However, I've never heard of a security principle along the lines of "split sensitive data across machines running different operating systems". The idea is that if A1 is backed up to A2, then the attacker compromises the same amount of data whether they hack into A1 or A2 or both, so there's no reason A1 and A2 can't run the same OS (with the same potential vulnerabilities). And in this case, while the backup machine should still be physically separate to reduce the chance of both being lost at once, it could be running the same OS as the machine it's backing up. Now, this does also mean that if any of the machines fails, you lose all the data, but the fragment of the key on each machine can be backed up to another machine. Then the attacker only beats the system if they compromise all of the machines in the same time period before re-encryption. You can also re-encrypt the data periodically with a new key and then split the new key. But if there are three machines, each running a different OS, and for each OS you have a 10% of finding a vulnerability in that OS, and the odds are independent for each OS, then you have a 0.1% chance of compromising the whole system.
#Hot to use privacy pro across different machines windows#
If you have three machines and they're all running Windows Server, and in a given time frame you have a 10% of chance of finding a vulnerability in Windows Server that gives you read access to the machine, you have a 10% of compromising the whole system because then you'll own all three machines.
Running different operating systems means that the probability of compromising one machine is more independent of the probability of compromising the other machines. It seems the strategy would be to encrypt the data with a key, and then split the key across multiple machines, such that all the machines (the data storage machine and the key-storage machines) are as physically independent as possible and are running different operating systems (with each OS always applying all of the latest available patches). But you want to reduce the probability as much as possible.
If the attacker knows your algorithm and compromises all of your machines, they can always recover the data, so there is always some nonzero probability of this happening. Suppose you're trying to store data as securely as possible, including splitting it across multiple machines (encrypted in a manner so that it's unreadable unless all pieces of the data are recovered).
0 kommentar(er)
