Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 10 Oct 2001 13:24:31 +0100
From:      Adam Laurie <adam@algroup.co.uk>
To:        xskoba1@kremilek.gyrec.cz
Cc:        security@freebsd.org, Ben Laurie <ben@algroup.co.uk>
Subject:   Re: "Rubbish" idea on security
Message-ID:  <3BC43DFF.C356A86A@algroup.co.uk>
References:  <Pine.LNX.4.21.0110100829560.6104-100000@kremilek.gyrec.cz>
next in thread | previous in thread | raw e-mail | index | archive | help 
xskoba1@kremilek.gyrec.cz wrote:
> 
> Has anyone ever thought about physicial stealing of server?
> 
>         I know I sound like pretty paranoid, but my question is. Is there
> any way to crypt all harddrive in the way, no one from outside will see
> anything from it. I mean, for example, that rebooting of server is going
> to be dependandt on connection from somewhere, that connection send a key,
> which is all the time only in memory and if someone decide to steal the
> harddrive, he has nothing unless he has a key.

this would be quite easy with cfs
(http://www.freebsddiary.org/encrypted-fs.php) - you'd need an
unencrypted boot that got you up far enough to run (say) sshd, then log
in and unlock the main filesystem and finish the boot. however, if the
thief knows that it's protected in this way, all they need to do is
maintain the power until they can copy the files. it would of course
provide good protection against opportunist or ram-raid style theft
though.

> 
>         And the second thing is concerning config or any files which are
> necessary to change to compromise server. The idea is the same, the
> changes
> are (probably by kernel) written into some temprorary area and only when
> private key is provided, changes are written on the right place.

a variation on the above.

> 
>         sorry if everything I told is too dificult or too stupid to be
> created.

cheers,
Adam
--
Adam Laurie                   Tel: +44 (20) 8742 0755
A.L. Digital Ltd.             Fax: +44 (20) 8742 5995
The Stores                    http://www.thebunker.net
2 Bath Road                   http://www.aldigital.co.uk
London W4 1LT                 mailto:adam@algroup.co.uk
UNITED KINGDOM                PGP key on keyservers

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3BC43DFF.C356A86A>