Our new server is going to be running on plain RHEL 4 ES with PHP 4.x and MySQL 4.1.x. My question is, how can we protect sensitive data and source codes from our system administrators? We figured that we can use Zend Encoder to protect the PHP source codes. But how about the data? Are there anything out there that encrypt/decrypt mysql data and being transparent to the PHP developers? An easier way will be encrypting senstive data before storing to database from the developer's side. However, we are looking for solution that is more transparent to the developers and hopefully will not affect the performance much. We were also thinking about configuring 'sudo', but I heard that there is not much security there (eg. system admin can still download new binary to access the database). Any suggestion will be greatly appreciated.

Well.. Your system administrator should be someone you can trust. By nature, they really have full access to the machine, so I'm not sure if there's much you can do to a determined insider, aside from monitor every keystroke and log it to another server in realtime.

How about basic protection? So that at least I have time to "catch" him/her if I find something suspicious.

Nope, not even that really. If you really have to have it protected, then you should do it yourself. Anyone with enough control over the machine (read: admin) will be able to do whatever they want.

knalb, thanks for the input. However, I want to pull myself out from the technical site of the business. Probably I am not looking for 100% protection, just like the D/Dos mitigation system out there (implementing it doesn't mean that D/Dos will be totally blocked, but you can't afford not to implement it just because it is not 100% D/Dos proof).

I'm looking for something like Zend Encoder for PHP source codes, I won't say that this is totally unbreakable, but it takes more time and resources to break than regular clear-text source codes and the encrypted codes are not as tempting to the attacker as clear-text source codes are. I would like to have something to this level for my data as well.

I strongly believe that professionalism and work ethics play a main role here but that is something that you just can't "install" to people.

Anymore suggestion?

I'm not sure that you're understanding the situation here. If anyone has root access to a server to administer a server, then they can administer the server. That means they can access anything on the server. If someone has root access to your server, you sure as hell need to be able to trust them with both the safety of the machine and the data on it, and there is absolutely no way around that, period.

Well, encoding the pages will certainly slow anyone down and discourage any 'casual' snooping. If they're just poking around, it will do the trick. Who's going to bother decoding a bunch of silly PHP pages?

However:

1) Believe me, professional sysadmins really don't give a hoot about the data on the server. We see enough servers every day that poking around one more to look at some dude's source code really isn't that interesting

2) All this encryption will add significant overhead to all execution and slow development time by a factor

3) It all comes back that you really should trust your sysadmin. If your data is that sensitive, you need at least two sysadmins or more, watching over each other, with automatic guards in process that notify each other. This really sounds like a lot more trouble than its worth.

http://www.phpcodelock.com/

The admin should have full access to the server so they can do their job most efficiently. Sounds like you need to find a new admin. As matt2k said a professional doesn't give 2 hoots about your supersecrets. They just make the server run.

Put it this way

1 Root giving to somone you do not trust 200% is just asking for trubble.

2 The sysadmin should be dedicated about the server he is running he would not want to launch dos attacks or attack anything. Becouse that would comprimise his server

3 The sysadmin needs access to data to find data that might comprimize his server if he finds it suspisious.

All that said, and I agree with it, it IS possible to give somebody root access and have protected data. It's all about encryption. However, I agree, anybody you're giving root access to on your server had better be 100% trusted.

Guspaz,

I'm using Zend Encoder to encrpyt the PHP codes, do you have any suggestion for encrypting the mySQL data? Also, how will encryting all mySQL data affect the performance? Can I tweak phpmyadmin to work with encrypted data? Many thanks to all the feedback.

Not to bash you autoquartz...but it sounds like you got it all figured out and dont even have a need for a sysadmin...might save you some trouble just by getting rid of him since you do not want him to be able to do his job, good luck on getting a corrupt mySQL DB fixed without him haveing access to it. Besides...you should already have your sysadmin under NDA just for purposes like this, and if you even remotely have any questions about his trustworthyness then he should have not been allowed near your machine.

So...your useing Zend huh...thank you for informing us of that...now we all know what you use for encryption...sounds like your more of a security risk than your sysadmin is.

If someone has root access then they can do almost anything, as has been said. If you're worried about the sysadmin you probably shouldn't let them at your server. Also if they're interested in causing havoc with root access they could just delete the db anyway should they feel inclined.