Securing Data

Max Hyre max at hyre.net
Mon Dec 3 11:19:57 EST 2007


(Sorry about mixups in sequencing or writer ID---I'd deleted 
some of the earlier posts.)


JUNIPER said, about 12/02/2007 04:02 PM:
 > A very secure way would be to simply save data only to a 
removable disk
 > and backup and remove them when not in use (safe deposit 
box? - Oops -
 > my wife has a key!).
 > Steve J

    Encrypt that removable disk, and you needn't worry about 
your wife's key.  However, the worry seems to be about 
security while actually running Gnucash, which is another 
matter.


On Nov 25, 2007 2:40 PM, Robert Heller 
[5]<heller at deepsoft.com> wrote:
 > I'll start by using TrueCrypt to create a secure 
partition, since I am
 > already family with it, but I can't say that this method 
really
 > satisfies. Once mounted, the financial data becomes 
cleartext to any
 > program (e.g. viruses). Is there a solution that makes 
the unencrypted
 > data only available to gnucash?

No.  The data in memory (RAM) is always in the clear. 
Worse, the system can run out of room in RAM and write it to 
the ``swap partition''.  After running the program you must 
securely erase the swap partition, too.  (Secure erasure 
takes much more effort than just deleting the file.)


 > Yes, but you really are not going to like it: Linux, 
using either proper
 > UNIX User/Group file protection OR (even more secure) 
using SELinix and
 > ACLs (this probably only really makes sense if you are 
the accountant
 > for a spy agency or something and need to keep the 
accounting for 'black
 > opps' secure :-)).

    SELinux is an excellent move, but there be dragons on 
the Internet.  (Note that even GNU/Linux has its viruses, 
just not very many, yet.)  And there _are_ security flaws in 
the programs, even without a virus.


JUNIPER wrote:
 > The only other solution would be to use a dedicated 
machine (which does
 > nothing but run gnucash) behind a very secure firewall 
and being totally
 > anal about virus scanning.

    I believe this is the one real solution against those 
without physical access to the machine, but only if you have 
_no_ network connections (the so-called ``air gap'').  Virus 
scanning, anal or not, will always leave vulnerabilities, if 
only because there's a delay between a virus's rollout and 
the scanner's update.  At the price of systems today, buying 
another one is trivial.


    The answers to your question really depends on whom/what 
you want to keep the info private from, as Robert Heller 
alluded to.  Examples include:

     Random, non-malignant, people you let log in
     Family members
     Family members with real computer expertise
     Business partners
     Random virus writers
     Professional data thieves
     The IRS
     Foreign governments
     The NSA (or non-U.S. equivalent)

Don't laugh at this list.  None of these are entities have 
any business looking at your data unless you want them to. 
You need to protect against the most capable one you worry 
about.  To give you something resembling a correct answer, 
we need to know fairly accurately the ability of the intruder.

    As presented (worrying about viruses), disconnect from 
the Internet, and forget about it.  Use another system for 
surfing, and be _very_ careful about what your transfer from 
that system to the Gnucash one.


More information about the gnucash-user mailing list