Security Basics mailing list archives
Re: Full disk encryption options
From: Rob Thompson <my.security.lists () gmail com>
Date: Tue, 13 Jan 2009 16:13:40 -0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 aragonx () dcsnow com wrote:
This machine is always on. What I'm trying to protect against is someone taking the hardware and then trying to recover the information on it. Most of the time, I am remote and there are occasional power outages (for which I don't have enough protection). The machine is set to come back on when AC is restored. Therefore I would need the volumes mounted automaticly.
I think that we are looking at this from the wrong angle. It really sounds like this machine needs to be located in a secured environment, with limited access to the hardware. In an auditable, secured environment.
One of the things that I am considering encrypting is the volumes that store my email (/home and /var). I think the machine will operate fine without /home but /var (for the mail spool) might be an issue. Especially since it is my email server. I like the idea of having another computer store the key. However, this computer would have to be at a remote location. If someone steals one computer, they would probably steal them all (at that location). So far this is the best solution I've heard. Thank you. --- Will Y.
- -- Rob +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ | _ | | ASCII ribbon campaign ( ) | | - against HTML email X | | / \ | | | +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Ignorance is Bliss... iEYEARECAAYFAkltLjIACgkQcfN68iZZIceagACdGYsu9o1YJ6Zzr2/AZ0IpKBih xDYAoKtD/9ijA+sY77WUa+95hCBTgR8b =itlZ -----END PGP SIGNATURE-----
Current thread:
- Full disk encryption options aragonx (Jan 12)
- Re: Full disk encryption options Robin Wood (Jan 12)
- Re: Full disk encryption options aragonx (Jan 12)
- Re: Full disk encryption options Robin Wood (Jan 13)
- Re: Full disk encryption options infolookup (Jan 13)
- Re: Full disk encryption options Alex Craven (Jan 13)
- Re: Full disk encryption options aragonx (Jan 13)
- Re: Full disk encryption options Rob Thompson (Jan 14)
- Re: Full disk encryption options yann . cloatre (Jan 19)
- Re: Full disk encryption options aragonx (Jan 12)
- Re: Full disk encryption options Robin Wood (Jan 12)
- Re: Full disk encryption options Lukasz Szmit (Jan 13)