Security Basics mailing list archives
Re: Full disk encryption options
From: aragonx () dcsnow com
Date: Tue, 13 Jan 2009 11:35:59 -0500 (EST)
Hi, Can you clarify why you need this behaviour in the first place (ie, under what circumstances the server will be shut down)?? Mounting without manual password entry would be most useful in case of recovering from unexpected outages, but this is the opposite of what you're asking for. Occasional restarts for maintenance (in presence of admin) wouldn't require such a facility. So, I conclude that you're possibly talking about a machine which you shut down on (eg) a daily basis when everyone goes home?
This machine is always on. What I'm trying to protect against is someone taking the hardware and then trying to recover the information on it. Most of the time, I am remote and there are occasional power outages (for which I don't have enough protection). The machine is set to come back on when AC is restored. Therefore I would need the volumes mounted automaticly. One of the things that I am considering encrypting is the volumes that store my email (/home and /var). I think the machine will operate fine without /home but /var (for the mail spool) might be an issue. Especially since it is my email server. I like the idea of having another computer store the key. However, this computer would have to be at a remote location. If someone steals one computer, they would probably steal them all (at that location). So far this is the best solution I've heard. Thank you. --- Will Y. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Current thread:
- Full disk encryption options aragonx (Jan 12)
- Re: Full disk encryption options Robin Wood (Jan 12)
- Re: Full disk encryption options aragonx (Jan 12)
- Re: Full disk encryption options Robin Wood (Jan 13)
- Re: Full disk encryption options infolookup (Jan 13)
- Re: Full disk encryption options Alex Craven (Jan 13)
- Re: Full disk encryption options aragonx (Jan 13)
- Re: Full disk encryption options Rob Thompson (Jan 14)
- Re: Full disk encryption options yann . cloatre (Jan 19)
- Re: Full disk encryption options aragonx (Jan 12)
- Re: Full disk encryption options Robin Wood (Jan 12)
- Re: Full disk encryption options Lukasz Szmit (Jan 13)