hardening FreeBSD, already using GBDE

Jerry McAllister jerrymc at msu.edu
Thu Jan 21 16:26:05 UTC 2010

On Thu, Jan 21, 2010 at 10:32:01AM -0500, Henry Olyer wrote:

> For example, the editor I use normally writes to /tmp -- I changed that,
> making it slower, but in the event that someone takes my laptop I want to
> sleep at night.
> I've no problem letting some poor person make a windoz machine out of my
> laptop -- but I don't want to share my work, my intellectual property.  (I
> do research.)
> So, I'm looking for a list of changes to make, hacks really, that will
> further tighten up security.
> Can you point me to such a list of to-do's, please.  Just send mail to
> henry.olyer at gmail.com

If you encrypt everything on disk and make sure the machine is
powered off any time you leave it, there is not much else you
can do to protect it from physical access.   That is, if someone
can get their grubby little fingers on it, there is little you 
can do to absolutely prevent them from getting to the data.  

If they have physical access, they have the same tools you do.  
There are things such as putting on a BIOS password and encrypting
everything and powering it off when it is not in your hands that
can make it more difficult, but nothing that totally prevents 
seeing your stuff.    You could remove the hard disk and take it
with you everywhere.   The only complete security is never to
store your data anywhere - on a computer, on paper, even in your
head -- you might talk in your sleep.

So, make a good effort to make it difficult and then just resign
yourself to living in the real world.


> --jg
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"

More information about the freebsd-questions mailing list