Date: Fri, 4 Apr 2025 14:56:00 -0700 From: David Christensen <dpchrist@holgerdanske.com> To: questions@freebsd.org Subject: Re: Securing FreeBSD. Message-ID: <419a92a3-6d5b-44cb-8edf-6e65373ae72d@holgerdanske.com> In-Reply-To: <Z_A6pmQPuZU5lTEW@io.chezmoi.fr> References: <Z_ATQA2k-3umIaLo@io.chezmoi.fr> <bb89a12f-0d73-411f-a34f-8a8224c30744@holgerdanske.com> <Z_A6pmQPuZU5lTEW@io.chezmoi.fr>
next in thread | previous in thread | raw e-mail | index | archive | help
On 4/4/25 13:01, Albert Shih wrote: > Le 04/04/2025 à 11:45:16-0700, David Christensen a écrit >> On 4/4/25 10:13, Albert Shih wrote: >>> Is they are any way to secure a FreeBSD to prevent destroying data ? >> >> It sounds like you want read-only storage media (?). > > Yeah...exactly. The purpose is to recycle some old server to create some > «non erasable» backup in addition to our «normal» backup. Please clarify how you will create the "«non erasable» backup" and how you will use it. > They are two thing I will not consider in the equation : > > Security problem in FreeBSD. If you wish to defend against security problems in FreeBSD, then I suggest that you run the oldest supported release of FreeBSD -- 13.4-RELEASE. > Physical access to the server. If you wish to defend against an intruder who has physical access to the server, then I suggest that you select drives that have self-encryption (in addition to write-protection). > beside that I want to make the server safest as possible. > >> Burning your data to a CD-R/DVD-R/BD-R disc comes to mind. > > well....not possible. Too many To. What is the size of the "«non erasable» backup"? What devices is it currently stored on? Do you want to keep using those device(s)? If not, what are your expectations for new devices? > And the data change daily. "non erasable" and "change daily" are contradictory goals. Please clarify. >> Another option is a USB flash drive with a physical write-protect switch: >> >> https://www.kanguru.com/products/defender-elite30-usb-3-0-hardware-encrypted-flash-drive >> >> https://www.kanguru.com/products/kanguru-defender-elite300-fips-140-2-certified-secure-superspeed-usb-3-0-hardware-encrypted-flash-drive?variant=41077736833139 >> > > Same issue. Not possible. > > Regards. What about the IODD external drive enclosures? On 4/4/25 11:45, David Christensen wrote: > Searching Amazon, I found external disk drive enclosures with various > features; including write-protect: > > https://www.iodd.shop/all-products David
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?419a92a3-6d5b-44cb-8edf-6e65373ae72d>