You're viewing a single thread.
If the device get stolen, your drive and its files can be easily read.
Other attacks like malware or ransomware are almost the same if the drive is encrypted or not.
Disk encryption is important for laptops and phones because these devices are frequently stolen. For desktop or servers is still good idea, though.
14 0 ReplyThanks a lot for your answer. How would you encrypt a server? Typing a password every time it boots isn't possible for me, since I would need a monitor for my headless server.
2 0 ReplyThat's why it's not always an option.
Some servers have some kind remote console hardware, with their own security issues.
Your "threat model" is important too. Do you expect that server to get stolen? If it happens, is there critical data that should not leak?
Maybe you need to encrypt a directory, and not the whole drive.
4 0 ReplyMy threat model isn't high. Just normal stuff everyone has, but that would be disadvantagely if someone else got them.
It's more if a precautionary measure. It doesn't have to be super safe, but better than nothing.
2 0 Reply
You can use SSH for unlocking: https://www.cyberciti.biz/security/how-to-unlock-luks-using-dropbear-ssh-keys-remotely-in-linux/
3 0 ReplyEither self-encrypting drives (if you trust the OEM encryption) or auto-unlock with keys in the TPM: https://wiki.archlinux.org/title/Trusted_Platform_Module#Data-at-rest_encryption_with_LUKS
2 0 Reply