Date: Sun, 29 Jan 2006 11:17:02 -0800 (PST) From: Arne Woerner <arne_woerner@yahoo.com> To: Christian Baer <christian.baer@informatik.uni-dortmund.de>, freebsd-security@freebsd.org Subject: Re: Should I use gbde or geli? Message-ID: <20060129191702.36010.qmail@web30313.mail.mud.yahoo.com> In-Reply-To: <dri7ra$1ouq$1@nermal.rz1.convenimus.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--- Christian Baer <christian.baer@informatik.uni-dortmund.de> wrote: > The idea is to use a software similar to > truecrypt. The backups would be made in > some sort of container and then copied to > DVD-RAM. After that the backups would be > locked away. > Hiho Christian! I have heard of kidnapping in Altenholz, SH, F.Rep.GERM (the family was held as hostage and the father was supposed to open the safe of his bank but than he thought he was already there and exited the car and the robbers/kidnappers disappeared and then the state attorney looked like the kidnappers)... I wonder why the discs should not be protected like the backups... Can't u put the discs with sensitive data into a box, that can be locked down? I mean: Just trying to implement a physically safe environment should be enough... Passwords (the legislative of F.Rep.GERM likes/demands them) are not so funny, because the employees should be ordered to tell them everybody who wants to know them (this reminds me on my time in a formerly known to be state-owned building where we found an Operation Procedure about questions one should ask, if a bomb-threat enters via voice call through a german telecom net)... A former pölice officer or so might be good for physical security, too. It might be interesting to look at the protocols, that u use to access the sensitive data... I mean: When u use NFS just with IP-based authentication, nobody needs the discs, because one could put an evil NFS client with a specially crafted IP address into the network... Bye Arne __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060129191702.36010.qmail>