From owner-freebsd-questions@FreeBSD.ORG Thu Jan 21 15:51:55 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8A942106566B for ; Thu, 21 Jan 2010 15:51:55 +0000 (UTC) (envelope-from freebsd-questions@m.gmane.org) Received: from lo.gmane.org (lo.gmane.org [80.91.229.12]) by mx1.freebsd.org (Postfix) with ESMTP id 472E38FC12 for ; Thu, 21 Jan 2010 15:51:55 +0000 (UTC) Received: from list by lo.gmane.org with local (Exim 4.50) id 1NXzK4-00054X-6w for freebsd-questions@freebsd.org; Thu, 21 Jan 2010 16:51:52 +0100 Received: from lara.cc.fer.hr ([161.53.72.113]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 21 Jan 2010 16:51:52 +0100 Received: from ivoras by lara.cc.fer.hr with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 21 Jan 2010 16:51:52 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-questions@freebsd.org From: Ivan Voras Date: Thu, 21 Jan 2010 16:51:37 +0100 Lines: 20 Message-ID: References: <1d7089c41001210732t233bdf46pbbc2ab5be1fdd360@mail.gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: lara.cc.fer.hr User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US; rv:1.9.1.5) Gecko/20100118 Thunderbird/3.0 In-Reply-To: <1d7089c41001210732t233bdf46pbbc2ab5be1fdd360@mail.gmail.com> Sender: news Subject: Re: hardening FreeBSD, already using GBDE X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Jan 2010 15:51:55 -0000 On 01/21/10 16:32, Henry Olyer wrote: > For example, the editor I use normally writes to /tmp -- I changed that, > making it slower, but in the event that someone takes my laptop I want to > sleep at night. If you use a swap-backed memory drive (see http://man.freebsd.org/mdconfig) for /tmp and use geli to encrypt the swap, there would be no chance of recovery of your temporary files. > I've no problem letting some poor person make a windoz machine out of my > laptop -- but I don't want to share my work, my intellectual property. (I > do research.) > > So, I'm looking for a list of changes to make, hacks really, that will > further tighten up security. You did not specify anything really exact. You already encrypt your on-disk data. Do you always use encrypted network protocols like ssh and https? Strong passwords? Adequate physical security? Up-to-date software?