Date: Thu, 11 Oct 2007 12:22:21 -0400 From: Steve Bertrand <iaccounts@ibctech.ca> To: Mel <fbsd.questions@rachie.is-a-geek.net>, Fabian Keil <freebsd-listen@fabiankeil.de>, freebsd-questions@freebsd.org Subject: Re: Booting a GELI encrypted hard disk Message-ID: <470E4DBD.5000000@ibctech.ca> In-Reply-To: <20071010220500.GA17903@slackbox.xs4all.nl> References: <470CCDE2.9090603@ibctech.ca> <20071010201838.23fa7c2f@fabiankeil.de> <20071010211701.GB15103@slackbox.xs4all.nl> <200710102337.57373.fbsd.questions@rachie.is-a-geek.net> <20071010220500.GA17903@slackbox.xs4all.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
> That's a heck of a lot of trouble to go to, considering someone would > have to steal your drive, alter it and put it back without you knowing it! Essentially, what I'm looking for is thus: - someone breaks into my always-locked equipment room - someone steals the box(es) in question, which obviously means shutting down the unit I don't want said thief to be able to retrieve the data after the box is stolen, which is why I'd like a passphrase, and a removable key. Even if the passphrase is captured, the data will still be protected because I have the only key to the system 35 miles away on my person. > If the intruder has physical access to the machine, it would be much > easier to put a keylogger device between the keyboard and the machine. There is no possible way this would go unnoticed. Anyone that could gain access to the already secured room would have a window of about 15 seconds to break into the building after hours (secured/alarmed), smash in the secured equipment room door, grab the box (out of about 40) and run. >> It's questionable though, whether you should leave your computer in an >> environment where this can happen undetected and probably better solved by >> increasing real life security. Like I said, it won't go undetected. The equipment is in a very secure equipment area, inside of a secured and alarmed building. All equipment is monitored 24/7, so if the box was physically altered, I would be alerted via SMS/email immediately. > An important point that too many people forget. I agree, but this is not the case here. I just want the data protected if the box goes down, whether by physical intruder, or I force it down myself. Steve
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?470E4DBD.5000000>