From owner-freebsd-security@FreeBSD.ORG Sun Jan 29 19:17:03 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B243816A422 for ; Sun, 29 Jan 2006 19:17:03 +0000 (GMT) (envelope-from arne_woerner@yahoo.com) Received: from web30313.mail.mud.yahoo.com (web30313.mail.mud.yahoo.com [68.142.201.231]) by mx1.FreeBSD.org (Postfix) with SMTP id 4B4CD43D49 for ; Sun, 29 Jan 2006 19:17:03 +0000 (GMT) (envelope-from arne_woerner@yahoo.com) Received: (qmail 36012 invoked by uid 60001); 29 Jan 2006 19:17:02 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=PfctjgNaXy+720p9Z4hmXLxAMHq/NsXLCGcB4l0ClBgn06UakyTMx8fE9Xe8JWStHiHTuSLTcHZFl/BVFf2CCEVrJCGsgHDjq8oLCdOVetNmeJ1aKqkXu99CIgwnqCxNqdQg1Q09w98fZ8lwoJod/syJFawGkKNh3/Ysgsrk69w= ; Message-ID: <20060129191702.36010.qmail@web30313.mail.mud.yahoo.com> Received: from [213.54.67.31] by web30313.mail.mud.yahoo.com via HTTP; Sun, 29 Jan 2006 11:17:02 PST Date: Sun, 29 Jan 2006 11:17:02 -0800 (PST) From: Arne Woerner To: Christian Baer , freebsd-security@freebsd.org In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Cc: Subject: Re: Should I use gbde or geli? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Jan 2006 19:17:03 -0000 --- Christian Baer wrote: > The idea is to use a software similar to > truecrypt. The backups would be made in > some sort of container and then copied to > DVD-RAM. After that the backups would be > locked away. > Hiho Christian! I have heard of kidnapping in Altenholz, SH, F.Rep.GERM (the family was held as hostage and the father was supposed to open the safe of his bank but than he thought he was already there and exited the car and the robbers/kidnappers disappeared and then the state attorney looked like the kidnappers)... I wonder why the discs should not be protected like the backups... Can't u put the discs with sensitive data into a box, that can be locked down? I mean: Just trying to implement a physically safe environment should be enough... Passwords (the legislative of F.Rep.GERM likes/demands them) are not so funny, because the employees should be ordered to tell them everybody who wants to know them (this reminds me on my time in a formerly known to be state-owned building where we found an Operation Procedure about questions one should ask, if a bomb-threat enters via voice call through a german telecom net)... A former pölice officer or so might be good for physical security, too. It might be interesting to look at the protocols, that u use to access the sensitive data... I mean: When u use NFS just with IP-based authentication, nobody needs the discs, because one could put an evil NFS client with a specially crafted IP address into the network... Bye Arne __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com