Date: Sat, 17 Jul 2004 03:04:40 +0100 From: David Kreil <kreil@ebi.ac.uk> To: Allan Fields <afields@afields.ca> Cc: David Kreil <kreil@ebi.ac.uk> Subject: Re: "sanitizing" disks: wiping swap, non-allocated space, and file-tails Message-ID: <200407170204.i6H24eU16729@puffin.ebi.ac.uk> In-Reply-To: Your message of "Fri, 16 Jul 2004 14:13:39 EDT." <20040716181339.GA18056@afields.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
Dear Allan,
Thank you very much for your helpful comments!
> > [Brooks Davis]
> > If you swap, your performance will be suck enough that encrypting it
> > won't hurt much, especially with modern CPUs. I wouldn't worry at all
> > about that cost. /tmp is probably similar for most applications.
>
> Agreed, the simplest approach for base-level storage security is
> to encrypt it all. Hardware is cheap and fast enough.
I still somewhat worry about the factor four in performance lost that is
mentioned in the gdbe paper. This is no problem for a set of sensitive private
files but at the system level it does cause me worry. As you seem to be so
confident about this, however, (or have I misunderstood you?) I'll be happy to
give it a go.
> Trying to sweep-up afterward is more difficult, any way you look at it.
Yes, I completely agree.
> Another thing to note is /var can contain sensitive data, the locate
> database and mail/print spools to name a few are potential
> areas of significance. Some also consider logs sensitive.
Thanks for pointing this out. The Handbook describes a basic gdbe setup but
mentions that getting other volumes (like /home) onto a gdbe partition was
trickier. Can you tell me which volumes you have successfully put onto a gdbe
partition and what was required to get this working?
I wonder, in particular, what issues I have to expect in wanting to keep
system relevant directories like /var on a gdbe partition.
With many thanks again for your help
and best regards,
David.
------------------------------------------------------------------------
Dr David Philip Kreil ("`-''-/").___..--''"`-._
Research Fellow `6_ 6 ) `-. ( ).`-.__.`)
University of Cambridge (_Y_.)' ._ ) `._ `. ``-..-'
++44 1223 764107, fax 333992 _..`--'_..-_/ /--'_.' ,'
www.inference.phy.cam.ac.uk/dpk20 (il),-'' (li),' ((!.-'
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200407170204.i6H24eU16729>