From owner-freebsd-security  Sun Jan 27  5:13:18 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mail.ee (smtp.mail.ee [212.107.32.208])
	by hub.freebsd.org (Postfix) with SMTP id 3F1DE37B400
	for <freebsd-security@FreeBSD.ORG>; Sun, 27 Jan 2002 05:13:11 -0800 (PST)
Received: (qmail 22802 invoked from network); 27 Jan 2002 13:13:09 -0000
Received: from june.tele2.ee (212.107.32.201)
  by smtp.mail.ee with SMTP; 27 Jan 2002 13:13:09 -0000
Received: (from nobody@localhost)
	by june.tele2.ee (8.11.6/8.9.3/Debian 8.9.3-21) id g0RDD7O32639;
	Sun, 27 Jan 2002 15:13:07 +0200
Date: Sun, 27 Jan 2002 15:13:07 +0200
Message-Id: <200201271313.g0RDD7O32639@june.tele2.ee>
X-Authentication-Warning: june.tele2.ee: nobody set sender to peeter.kallas.002@mail.ee using -f
From: "peeter kallas" <peeter.kallas.002@mail.ee>
Cc: freebsd-security@FreeBSD.ORG
To: "Anthony Atkielski" <anthony@atkielski.com>
Subject: Vastan: Cryptographic file systems
MIME-Version: 1.0
X-EdMessageId: 060005004d5309005a5a625740451055571357585640425651491c535e5f175418505a5c1b94
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

> As long as anyone has physical access to the box, there is no solution
> to
> the problem you describe.  Anyone with access to the server also has
> access
> to its network connections, and could thus intercept network traffic
> involving encrypted files.  Encrypting them on disk is thus pointless.

Thing is that only way to gain access to that box is to physically break into the office, grab the box can run before security guards arrive, so storing info in encrypted form is quite adequate for the situration.

Of course it would be better if encryption is done on the client side and theoretically it could be transparent too -- for example NFS client for Windows that crypts the file data (anybody heard of such?)

-- everyday.com --
Tasuta e-post, SMS-id ja aadressiraamat.



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message