![]() TLS protects against attempts to capture data in transit between the server and client. Nextcloud uses ‘plain and simple’ HTTP traffic for all file handling, which can be protected with TLS. Nextcloud warns the system administrator if HTTPS is not enabled Threat model We strongly recommend to always use Nextcloud with TLS and we’ll warn system administrators strongly if it is not turned on. HTTPS is what makes the lock in your browser address bar turn green! It is configured in the webserver, like Apache or NGINX, and our manual contains some instructions here. This uses standard TLS, a secure communication protocol used by HTTPS. Transfer encryption used by Nextcloud secures the connections between servers and clients. We will describe each type of encryption and what it protects against. Second, data can be encrypted on storage and last but not least, we offer end-to-end encryption in the clients.Įach has their place and offers a different kind of protection, suitable to protect from a specific type of threat. First, data is protected when being transferred between clients and servers as well as between servers. ![]() Nextcloud offers multiple layers of encryption for your data. See the wikipedia page about threat modelling for more details and some history, and check this page about attack trees. You see an example attack tree for a virus attack here: A formalized version of this approach is using ‘attack trees’ which was invented by security expert Bruce Schneider. Then find solutions for the approaches you found. Ideally even IT staff should not be able to access some of these files!Ī simple approach to threat modelling is asking yourself: “what do I want to protect myself from?” Think of an imaginary attacker and think what they could do to breach your security. While the latter could be embarrassing, generally speaking one could expect a draft fiscal year report in an enterprise traded on the stock exchange to require a greater degree of protection. From customer data and fiscal year reports to the photos from last year’s Christmas party. Of course, in an IT environment, you have multiple types of data. Even a thick wall and a canal around your house with crocodiles, while probably effective against burglary, wouldn’t protect the car against heavy hail, something a simple roof would have done. Without asking “from what”, you might make the wrong decisions. It is used by system administrators to ensure their systems are correctly configured and provide adequate protection without unduly burdening users with overly complicated security hurdles. Thread Modelling is the process of determining what threats are relevant and need to be protected against. You can learn more about those techniques on this Wikipedia page. Modern encryption is far more complicated than that, using mathematical tricks to make it extremely hard to break. Unless you know how many letters to shift, that is, the key (3 in this case) it is very hard to find out the content of the message. A message like meet me now becomes phhw ph qrz. An A then becomes a D, a B becomes an E and so on. A simple example is the Caesar cipher: just shift every letter in the alphabet a fixed number of characters. ![]() See our website for more about security and encryption.Įncrypting data means mashing it up in a way that makes it nearly impossible for somebody else to read it without a secret token called the encryption key. We will discuss the threats the different kinds of encryption are designed to protect against, aiding system administrators in defining their threat model and taking the appropriate security measures. In this blog post we’ll discuss the different types and layers of encryption used by Nextcloud to keep your data safe. Of course, un-authorized access has to be stopped and this is where encryption comes in. Self-hosting means you are in control over your data. Providing strong protection of data is the biggest benefit Nextcloud has over public clouds. ![]() Originally published at: Encryption in Nextcloud - Nextcloud ![]()
0 Comments
Leave a Reply. |