From owner-freebsd-questions  Fri Sep 19 03:13:43 1997
Return-Path: <owner-freebsd-questions>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id DAA01289
          for questions-outgoing; Fri, 19 Sep 1997 03:13:43 -0700 (PDT)
Received: from bagpuss.visint.co.uk (bagpuss.visint.co.uk [194.207.134.1])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id DAA01284
          for <freebsd-questions@freebsd.org>; Fri, 19 Sep 1997 03:13:33 -0700 (PDT)
Received: from dylan.visint.co.uk (dylan.visint.co.uk [194.207.134.180]) by bagpuss.visint.co.uk (8.7.5/8.7.3) with SMTP id LAA25123 for <freebsd-questions@freebsd.org>; Fri, 19 Sep 1997 11:13:25 +0100 (BST)
Date: Fri, 19 Sep 1997 11:13:20 +0100 (BST)
From: Stephen Roome <steve@visint.co.uk>
To: freebsd-questions@freebsd.org
Subject: Secure code..
Message-ID: <Pine.BSF.3.95.970919104640.2162E-100000@dylan.visint.co.uk>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk


I'm working on a product here that runs on a FreeBSD system. It comes on a
pre-installed box and the code shouldn't be accessible to anyone but us.

Some of the code is written in C, and there's no source code kept on the
computer, so that is safe. Some of it is written in perl, so if they get
in then they can have that and any of the private information stored on
the computer.

If we sell these boxes to someone with secure consoles and no login
accounts then it's pretty unlikely they are going to do much to get at
private information. However if someone takes the hard disc out and
decides to try and read it what precautions can be taken to stop them
getting at the data.

(I guess this is something someone has covered before?)

So far all I've got is..

- encrypt all the data stored on the computer.
- put "warranty void if removed" stickers on the back of the box.
- put the box together with the weird three headed screws.

	{ these are probably bad ideas.. =) }
- store all the data in my own weird encrypted filesystem (yeah sure).
- store all the data cunningly in a second "swap" partition.

	{ this is terrible idea, but has been suggested.. }
- give up and sell and NT solution

Well, any advice dearly appreciated.

Thanks in advance,
	Steve Roome.

--
Steve Roome - Vision Interactive Ltd.
Tel:+44(0)117 9730597 Home:+44(0)976 241342
WWW: http://dylan.visint.co.uk/