Re: Full disk encryption options

[Rob Thompson <my.security.lists () gmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

aragonx () dcsnow com wrote:
> This machine is always on.  What I'm trying to protect against is someone
> taking the hardware and then trying to recover the information on it. 
> Most of the time, I am remote and there are occasional power outages (for
> which I don't have enough protection).  The machine is set to come back on
> when AC is restored.  Therefore I would need the volumes mounted
> automaticly.

I think that we are looking at this from the wrong angle.

It really sounds like this machine needs to be located in a secured
environment, with limited access to the hardware.

In an auditable, secured environment.

> One of the things that I am considering encrypting is the volumes that
> store my email (/home and /var).  I think the machine will operate fine
> without /home but /var (for the mail spool) might be an issue.  Especially
> since it is my email server.
>
> I like the idea of having another computer store the key.  However, this
> computer would have to be at a remote location.  If someone steals one
> computer, they would probably steal them all (at that location).  So far
> this is the best solution I've heard.  Thank you.
>
> ---
> Will Y.


- --
Rob

+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
|                         _   |
|  ASCII ribbon campaign ( )  |
|   - against HTML email  X   |
|                        / \  |
|                             |
+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Ignorance is Bliss...

iEYEARECAAYFAkltLjIACgkQcfN68iZZIceagACdGYsu9o1YJ6Zzr2/AZ0IpKBih
xDYAoKtD/9ijA+sY77WUa+95hCBTgR8b
=itlZ
-----END PGP SIGNATURE-----