"sanitizing" disks: wiping swap, non-allocated space, and
file-tails
David Kreil
kreil at ebi.ac.uk
Tue Jul 20 13:44:09 PDT 2004
Dear Allan,
Thank you very much for your many comments!
> > I still somewhat worry about the factor four in performance lost [...]
>
> One approach would be to gather statistics of peak performance
> requirements or do some stress-testing. phk has added support for
> statistics collection in GEOM: see gstat(8). You can simulate loads
> and benchmark with various tools found in ports.
Ta!
> Outside of performance concerns: I wasn't suggesting you encrypt
> the device containing the root partition, as this is currently not
> supported since GBDE devices are mounted from userland gbde(8) during
> system startup from /etc/rc.d/gbde . You can create a separate home
> partition and leave /usr unencrypted if usage cases won't dictate
> storage of site-specific data such as password files, etc. You can
> setup /usr such that permissions are restrictive enough to ensure
> users can't write files to unprotected areas of the disk.
>
> What I meant to say was that if you can encrypt any sensitive areas and
> there is a workable trade-off between security and performance/usability,
> do so. Even in the case that 98% of your information is mundane, it's
> the 2% such as private keys, proprietary communication/documents,
> etc. that ultimately matters.
>
> Finally, it's possible to use gbde in a loopback configuration w/
> md driver for finer granularity or for incremental addition of
> secure vnode-backed / temporary mounts.
I'm not sure I understand - are you suggesting to encrypt more selectively?
But which areas are senstive, and which are not?
I felt that as soon as I encrpyted /tmp and swap, I might performancewise just
as well go for encrypting everything that contains dynamic information, for
greatest simplicity. Then I don't have to think about whether there might be
leakage, improving the security rating of one of the weakest links in the
system - myself :o)
> > Thanks for pointing this out. The Handbook describes a basic gdbe
> > setup but mentions that getting other volumes (like /home) onto a
> > gdbe partition was trickier. Can you tell me which volumes you have
> > successfully put onto a gdbe partition and what was required to get
> > this working?
>
> I currently don't use the default script and have tested various
> configurations. On all systems I've had /home partitioned separate
> to /usr which is a simple case of changing your /etc/fstab to the
> corresponding bde devices and setting the noauto flag, pass# to 0
> so as not to attempt filesystem check before attach:
>
>
> /dev/ar0g /usr ufs rw 2 2
> /dev/ar0h.bde /home ufs rw,noauto 2 0
>
Ok!
> > I wonder, in particular, what issues I have to expect in wanting to keep
> > system relevant directories like /var on a gdbe partition.
>
> The gbde attach should occur early enough during multiuser startup to avoid
> such problems, I don't recall if the provided rc script would be sufficient,
> I'll test a configuration soon,
That would be great. I currently only have the system on and off, as we are
still fiddling with the hardware (a disk went down again today).
> or let me know if you have any luck.
Yes, will report back if I do! :o)
> There are several approaches to securing /etc, but I can elaborate
> more after further testing. The short term approach is not storing
> private keys, etc. on an unencrypted root. Support for encrypted
> root is possible w/ some work, but there are a few issues to sort
> out first.
>
I think I don't need root to be encrypted per se, but /var, /etc, /usr/local, and /home would be good. As you say, the question is how to get these mounted early enough.
Success stories gratefully received!
With best regards,
David.
------------------------------------------------------------------------
Dr David Philip Kreil ("`-''-/").___..--''"`-._
Research Fellow `6_ 6 ) `-. ( ).`-.__.`)
University of Cambridge (_Y_.)' ._ ) `._ `. ``-..-'
++44 1223 764107, fax 333992 _..`--'_..-_/ /--'_.' ,'
www.inference.phy.cam.ac.uk/dpk20 (il),-'' (li),' ((!.-'
More information about the freebsd-fs
mailing list