securing FreeBSD
Olivier Nicole
on at cs.ait.ac.th
Thu Jul 14 01:59:33 GMT 2005
> or by setting the actual hdd to secondary and plug an other primary
> hdd
Once the hardware is compromised, it is really tricky to keep secure.
If you cannot protect your hardware (secure room) then your hard disk
has to auto protect itself: encrypt the data, and have no saved
password on the disk itself (means you will have to enter a passphrase
each time your disk is mounted).
I'd have 2 physical disks, one for the system and one for the
data. The system disk is cleartext, the data is encrypted. And I'd
have the private key on a removable device (like USB for exeample).
Be sure that your system does not dump any memory image in case of
panic.
Another solution (expensive and only valid for a limited amount of
data) have a RAM disk (and secure your electric power supply). An
intruder would have to turn off the power to grab the memory. Doing so
he would delete the data... Depends what is your level of paranoia :)
Olivier
More information about the freebsd-questions
mailing list