Date: Mon, 6 Aug 2018 15:50:16 +0200 From: Polytropon <freebsd@edvax.de> To: galtsev@kicp.uchicago.edu Cc: "thor" <thor@irk.ru>, freebsd-questions@freebsd.org Subject: Re: Erase memory on shutdown Message-ID: <20180806155016.8214e603.freebsd@edvax.de> In-Reply-To: <59554.108.68.162.197.1533522663.squirrel@cosmo.uchicago.edu> References: <20180805150241.1E186200349F8E@ary.qy> <4e70e969-14f7-c65d-96d2-dd1610499cd0@irk.ru> <63033.108.68.162.197.1533484522.squirrel@cosmo.uchicago.edu> <20180806073738.6f459398.freebsd.ed.lists@sumeritec.com> <57043.108.68.162.197.1533514207.squirrel@cosmo.uchicago.edu> <5f673fdc-4dd8-663a-605a-6b7cdce5206d@irk.ru> <59554.108.68.162.197.1533522663.squirrel@cosmo.uchicago.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 5 Aug 2018 21:31:03 -0500 (CDT), Valeri Galtsev wrote: > Yes, it was repeated forever that security begins with physical security. > And repeating again what my friend likes to say: nothing can stop the guy > wit the screwdriver. Not quite true, but pretty close. In this context, even encrypted partitions sometimes don't help. Things that actually have happened: 1. A thief stole the server of a small business. They had encryption in place, and because their HPC told them that keys should be used, they stored keys on a USB stick that was put in the font USB connector of the server, because their HPC said it was very convenient to do so, as the server found the keys when booting and could then enable access to the encrypted disk. GAME OVER. 2. A group of theves stole the whole server rack, including the UPS units, attached them to a power generator in their van, drove it to the "extraction site" which had regular power, re-attached regular power, and copied everything from the still running system without being hit by any "please enter the password" dialogs. GAME OVER. The guy with the screwdriver usually wins. ;-) -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20180806155016.8214e603.freebsd>