From owner-freebsd-questions@FreeBSD.ORG Thu Jan 21 16:26:05 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A64C0106566B for ; Thu, 21 Jan 2010 16:26:05 +0000 (UTC) (envelope-from jerrymc@gizmo.acns.msu.edu) Received: from gizmo.acns.msu.edu (gizmo.acns.msu.edu [35.8.1.43]) by mx1.freebsd.org (Postfix) with ESMTP id 5F4518FC08 for ; Thu, 21 Jan 2010 16:26:05 +0000 (UTC) Received: from gizmo.acns.msu.edu (localhost [127.0.0.1]) by gizmo.acns.msu.edu (8.13.6/8.13.6) with ESMTP id o0LGPLIk017500; Thu, 21 Jan 2010 11:25:21 -0500 (EST) (envelope-from jerrymc@gizmo.acns.msu.edu) Received: (from jerrymc@localhost) by gizmo.acns.msu.edu (8.13.6/8.13.6/Submit) id o0LGPLIr017499; Thu, 21 Jan 2010 11:25:21 -0500 (EST) (envelope-from jerrymc) Date: Thu, 21 Jan 2010 11:25:21 -0500 From: Jerry McAllister To: Henry Olyer Message-ID: <20100121162521.GA17337@gizmo.acns.msu.edu> References: <1d7089c41001210732t233bdf46pbbc2ab5be1fdd360@mail.gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1d7089c41001210732t233bdf46pbbc2ab5be1fdd360@mail.gmail.com> User-Agent: Mutt/1.4.2.2i Cc: freebsd-questions@freebsd.org Subject: Re: hardening FreeBSD, already using GBDE X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Jan 2010 16:26:05 -0000 On Thu, Jan 21, 2010 at 10:32:01AM -0500, Henry Olyer wrote: > For example, the editor I use normally writes to /tmp -- I changed that, > making it slower, but in the event that someone takes my laptop I want to > sleep at night. > > I've no problem letting some poor person make a windoz machine out of my > laptop -- but I don't want to share my work, my intellectual property. (I > do research.) > > So, I'm looking for a list of changes to make, hacks really, that will > further tighten up security. > > Can you point me to such a list of to-do's, please. Just send mail to > henry.olyer@gmail.com If you encrypt everything on disk and make sure the machine is powered off any time you leave it, there is not much else you can do to protect it from physical access. That is, if someone can get their grubby little fingers on it, there is little you can do to absolutely prevent them from getting to the data. If they have physical access, they have the same tools you do. There are things such as putting on a BIOS password and encrypting everything and powering it off when it is not in your hands that can make it more difficult, but nothing that totally prevents seeing your stuff. You could remove the hard disk and take it with you everywhere. The only complete security is never to store your data anywhere - on a computer, on paper, even in your head -- you might talk in your sleep. So, make a good effort to make it difficult and then just resign yourself to living in the real world. ////jerry > > --jg > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"