Date: Wed, 10 Oct 2001 13:19:19 +0100 From: Lee Brotherston <lee.brotherston@uk.easynet.net> To: "'xskoba1@kremilek.gyrec.cz'" <xskoba1@kremilek.gyrec.cz>, security@freebsd.org Subject: RE: "Rubbish" idea on security Message-ID: <7052044C7D7AD511A20200508B5A9C5851688C@magrat.office.easynet.net>
next in thread | raw e-mail | index | archive | help
| I know I sound like pretty paranoid, but my question | is. Is there | any way to crypt all harddrive in the way, no one from | outside will see | anything from it. I mean, for example, that rebooting of | server is going | to be dependandt on connection from somewhere, that | connection send a key, | which is all the time only in memory and if someone decide to | steal the | harddrive, he has nothing unless he has a key. | | | And the second thing is concerning config or any files which are | necessary to change to compromise server. The idea is the same, the | changes | are (probably by kernel) written into some temprorary area | and only when | private key is provided, changes are written on the right place. | | sorry if everything I told is too dificult or too stupid to be | created. It might be worth checking out http://www.rubberhose.org - I've not actually used it myself, so I can't offer any personal experience, but I've seen good things posted about it. It was designed to allow deniability about the levels of encryption on the drive (Encrypted data and random noise are not discernable from each other), but could be used to hold important data I suppose. Similarly holding the configs on here might be possible. The FreeBSD kernel module is said to be nearing completion. Lee -- Lee Brotherston - IP Security Manager, Easynet Ltd http://www.easynet.net/ Phone: +44 20 7900 4444 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7052044C7D7AD511A20200508B5A9C5851688C>