Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Secure Boot Manager

From: Meidinger Christopher <christopher.meidinger () badenIT de>
Date: Mon, 30 Jun 2003 12:44:35 +0100
Hello List-Readers,

i have a question for you all, hopefully someone will have a great answer
for me. 

Our company needs to securely seperate two partitions on several laptops.
This means we are looking to have two Windows Installations on one hard
drive, and have them be *entirely* invisible to one another, even if the
user has escalated privileges. 

This involves keeping two secure networks seperated. I am less worried about
the actual data on the machines. If the user should do something to destroy
one of the partitions, that's ok, there just has to be a 0% chance that the
OS on the other partition can access it. 

The best solution i have been able to come up with is:

1. encrypt the partitions - we will buy a commercial software so that the OS
itself and its entire partition can be encrypted.
2. use a boot manager to hide the partitions from one another so that the
user would have to actively un-hide them to attempt to mount them

Can anyone point out any obvious problems here, or does anyone have a
suggestion on how to do this better? I have no real reason to encrypt the
data except to make it inaccessible for the other OS, so i would prefer to
avoid the performance loss associated with encrypted file systems if
possible. I just haven't thought of another way to be 100% sure that neither
OS can access the partition of the other one.

Thanks in advance,

badenIT GmbH
System Support
 
Chris Meidinger
Tullastrasse 70
79108 Freiburg


---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: