Date: Sun, 27 Jan 2002 13:57:22 +0100 From: "Anthony Atkielski" <anthony@atkielski.com> To: "peeter kallas" <peeter.kallas.002@mail.ee>, <freebsd-security@FreeBSD.ORG> Subject: Re: Cryptographic file systems Message-ID: <049201c1a732$2a1e0b60$0a00000a@atkielski.com> References: <200201271251.g0RCpKX31851@june.tele2.ee>
next in thread | previous in thread | raw e-mail | index | archive | help
As long as anyone has physical access to the box, there is no solution to the problem you describe. Anyone with access to the server also has access to its network connections, and could thus intercept network traffic involving encrypted files. Encrypting them on disk is thus pointless. The only way to keep files on the server is to encrypt them AND transmit and receive them over the wire in encrypted form to and from client machines. Keys, passphrases, and plaintext file content must not pass over the wire; encryption and decryption operations must take place only on client machines. If this is done, then physical access to the file server will not aid an intruder in compromising file content. But in the scenario you describe, an intruder could intercept key material, passphrases, or actual plaintext file content on the wire, making encryption on disk moot. This also implies that encryption cannot be made completely transparent for the end user. ----- Original Message ----- From: "peeter kallas" <peeter.kallas.002@mail.ee> To: <freebsd-security@FreeBSD.ORG> Sent: Sunday, January 27, 2002 13:51 Subject: Cryptographic file systems > I'm trying to find cryptographic file system for FreeBSD that suits my needs, but there seems to be very little to choose from. I've found only CFS from the ports collection, but it doesn't support multiple users working on same directory > > I have FreeBSD box that is running Samba and acting as file server for several Windows machines. I'd like to secure the files on the server against physical breakin into the office using some sort of cryptographic file system. I envision it so that a user will log in to FreeBSD box using SSH and ether some passphrase/key for part of the file system to become available. After that user should be able to access encrypted files locally or thru a Samba share that points to the encrypted file system part. After some idle time access should be revoked. As it is small group of people it is ok if they share the key/passphrase and if one user enters it, crypted files become available for all > > Can anybody suggest something for the job? > > -- everyday.com -- > Tasuta e-post, SMS-id ja aadressiraamat. > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?049201c1a732$2a1e0b60$0a00000a>