Booting a GELI encrypted hard disk
iaccounts at ibctech.ca
Thu Oct 11 09:22:06 PDT 2007
> That's a heck of a lot of trouble to go to, considering someone would
> have to steal your drive, alter it and put it back without you knowing it!
Essentially, what I'm looking for is thus:
- someone breaks into my always-locked equipment room
- someone steals the box(es) in question, which obviously means shutting
down the unit
I don't want said thief to be able to retrieve the data after the box is
stolen, which is why I'd like a passphrase, and a removable key. Even if
the passphrase is captured, the data will still be protected because I
have the only key to the system 35 miles away on my person.
> If the intruder has physical access to the machine, it would be much
> easier to put a keylogger device between the keyboard and the machine.
There is no possible way this would go unnoticed. Anyone that could gain
access to the already secured room would have a window of about 15
seconds to break into the building after hours (secured/alarmed), smash
in the secured equipment room door, grab the box (out of about 40) and run.
>> It's questionable though, whether you should leave your computer in an
>> environment where this can happen undetected and probably better solved by
>> increasing real life security.
Like I said, it won't go undetected. The equipment is in a very secure
equipment area, inside of a secured and alarmed building. All equipment
is monitored 24/7, so if the box was physically altered, I would be
alerted via SMS/email immediately.
> An important point that too many people forget.
I agree, but this is not the case here. I just want the data protected
if the box goes down, whether by physical intruder, or I force it down
More information about the freebsd-questions