Date: Thu, 14 Jul 2005 08:59:24 +0700 (ICT) From: Olivier Nicole <on@cs.ait.ac.th> To: alexandre.delay@free.fr Cc: freebsd-questions@freebsd.org Subject: Re: securing FreeBSD Message-ID: <200507140159.j6E1xOji020257@banyan.cs.ait.ac.th> In-Reply-To: <1121252743.42d4f587ada2c@imp4-q.free.fr> (alexandre.delay@free.fr) References: <1121252743.42d4f587ada2c@imp4-q.free.fr>
next in thread | previous in thread | raw e-mail | index | archive | help
> or by setting the actual hdd to secondary and plug an other primary > hdd Once the hardware is compromised, it is really tricky to keep secure. If you cannot protect your hardware (secure room) then your hard disk has to auto protect itself: encrypt the data, and have no saved password on the disk itself (means you will have to enter a passphrase each time your disk is mounted). I'd have 2 physical disks, one for the system and one for the data. The system disk is cleartext, the data is encrypted. And I'd have the private key on a removable device (like USB for exeample). Be sure that your system does not dump any memory image in case of panic. Another solution (expensive and only valid for a limited amount of data) have a RAM disk (and secure your electric power supply). An intruder would have to turn off the power to grab the memory. Doing so he would delete the data... Depends what is your level of paranoia :) Olivier
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200507140159.j6E1xOji020257>