From owner-freebsd-questions@FreeBSD.ORG Thu Oct 11 16:22:05 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id F235916A420 for ; Thu, 11 Oct 2007 16:22:05 +0000 (UTC) (envelope-from iaccounts@ibctech.ca) Received: from pearl.ibctech.ca (pearl.ibctech.ca [208.70.104.210]) by mx1.freebsd.org (Postfix) with ESMTP id A895713C448 for ; Thu, 11 Oct 2007 16:22:05 +0000 (UTC) (envelope-from iaccounts@ibctech.ca) Received: (qmail 52675 invoked by uid 1002); 11 Oct 2007 16:22:04 -0000 Received: from iaccounts@ibctech.ca by pearl.ibctech.ca by uid 89 with qmail-scanner-1.22 (spamassassin: 2.64. Clear:RC:1(208.70.104.100):. Processed in 11.532759 secs); 11 Oct 2007 16:22:04 -0000 Received: from unknown (HELO ?192.168.30.110?) (steve@ibctech.ca@208.70.104.100) by pearl.ibctech.ca with (DHE-RSA-AES256-SHA encrypted) SMTP; 11 Oct 2007 16:21:52 -0000 Message-ID: <470E4DBD.5000000@ibctech.ca> Date: Thu, 11 Oct 2007 12:22:21 -0400 From: Steve Bertrand User-Agent: Thunderbird 2.0.0.6 (Windows/20070728) MIME-Version: 1.0 To: Mel , Fabian Keil , freebsd-questions@freebsd.org References: <470CCDE2.9090603@ibctech.ca> <20071010201838.23fa7c2f@fabiankeil.de> <20071010211701.GB15103@slackbox.xs4all.nl> <200710102337.57373.fbsd.questions@rachie.is-a-geek.net> <20071010220500.GA17903@slackbox.xs4all.nl> In-Reply-To: <20071010220500.GA17903@slackbox.xs4all.nl> X-Enigmail-Version: 0.95.3 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: Subject: Re: Booting a GELI encrypted hard disk X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Oct 2007 16:22:06 -0000 > That's a heck of a lot of trouble to go to, considering someone would > have to steal your drive, alter it and put it back without you knowing it! Essentially, what I'm looking for is thus: - someone breaks into my always-locked equipment room - someone steals the box(es) in question, which obviously means shutting down the unit I don't want said thief to be able to retrieve the data after the box is stolen, which is why I'd like a passphrase, and a removable key. Even if the passphrase is captured, the data will still be protected because I have the only key to the system 35 miles away on my person. > If the intruder has physical access to the machine, it would be much > easier to put a keylogger device between the keyboard and the machine. There is no possible way this would go unnoticed. Anyone that could gain access to the already secured room would have a window of about 15 seconds to break into the building after hours (secured/alarmed), smash in the secured equipment room door, grab the box (out of about 40) and run. >> It's questionable though, whether you should leave your computer in an >> environment where this can happen undetected and probably better solved by >> increasing real life security. Like I said, it won't go undetected. The equipment is in a very secure equipment area, inside of a secured and alarmed building. All equipment is monitored 24/7, so if the box was physically altered, I would be alerted via SMS/email immediately. > An important point that too many people forget. I agree, but this is not the case here. I just want the data protected if the box goes down, whether by physical intruder, or I force it down myself. Steve