[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Keeping files away from users

On Jueves, 5 de Junio de 2003 10:19, Adam ENDRODI wrote:
> On Thu, Jun 05, 2003 at 09:30:51AM +0200, Luis Gomez - InfoEmergencias 
wrote:
> > We'd like to protect that content, so that even if someone unplugs the
> > machine and connects the HD to another Linux box, they can't access that
> > information.
>
> Default answer: encrypt your file system.
> http://www.kerneli.org/index.php
> http://loop-aes.sourceforge.net (my preferred one)

We're already looking at that (btw, IIRC loop-aes is included into the 
cryptoapi of kerneli.org). The problem is what Dariush points: if your 
machine has the pass to mount the filesystem, someone can put the HD in 
another machine, remove the root password, put the HD back in my original 
server, boot it, login as root and access whatever content we have there. Or 
just find the script that mounts the ciphered filesystem, look at its 
password and mount the ciphered fs himself :-(

Thanks a lot!!

	The Pope

-- 
Luis Gomez Miralles
InfoEmergencias - Technical Department
Phone (+34) 654 24 01 34
Fax (+34) 963 49 31 80
lgomez@infoemergencias.com

PGP Public Key available at http://www.infoemergencias.com/lgomez.asc
Reply to: