First of all, there are more than one person who is responsible for this device and there are situations when someone or some organizations can confiscate whole device, in reality utm is same as usual server just with routing, logging capabilities. Why usual servers need to be encrypted in some situations, think about it and you will get answer, by the way looks like its possible to integrate luks, because core distro is suse ?
p.s it should degrade performance if cpu have aes instructions.
Even if the CPU has the Intel AES instruction set, there WILL be a measurable difference in performance; how much depends on the power of the CPU, and disk subsystem speed.
Frankly I don't see the need for this -- none of the other commercial vendors that are commonly used have such a feature.
If you feel so strongly about it, you should go to UTM (Formerly ASG) Feature Requests: Hot (1891 ideas) and post a feature request there. This forum is not the place to request new features, but the Sophos product managers do review what is posted on the Feature site on a regular basis.
CTO, Convergent Information Security Solutions, LLC
Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries. Use the advice given at your own risk.
Even if the CPU has the Intel AES instruction set, there WILL be a measurable difference in performance; how much depends on the power of the CPU, and disk subsystem speed.
Frankly I don't see the need for this -- none of the other commercial vendors that are commonly used have such a feature.
If you feel so strongly about it, you should go to UTM (Formerly ASG) Feature Requests: Hot (1891 ideas) and post a feature request there. This forum is not the place to request new features, but the Sophos product managers do review what is posted on the Feature site on a regular basis.
CTO, Convergent Information Security Solutions, LLC
Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries. Use the advice given at your own risk.
Even if the CPU has the Intel AES instruction set, there WILL be a measurable difference in performance; how much depends on the power of the CPU, and disk subsystem speed.
Correct, any kind of disk encryption is going to add overhead to the resources for encryption and decryption.
Frankly I don't see the need for this -- none of the other commercial vendors that are commonly used have such a feature.
Also correct, if I ran disk encryption on our enterprise Internet facing firewalls, they would stop working because of the amount of data flowing through them. It would probably do the same for my home UTM since I am running more services than just firewall, routing, and switching.
Some appliances have the means to protect the appliance from recovering the password and configuration, and then offload the syslog for a more complete security. Perhaps, an appliance is better suited for your physical security problems with a no service password-recovery type feature?
Or install your own encryption, make sure you have a resource capable computer to handle encryption overhead and all of the services you want to run?
