Re: Keeping files away from users
On Jueves, 5 de Junio de 2003 10:02, Dariush Pietrzak wrote:
> > We'd like to protect that content, so that even if someone unplugs the
> > machine and connects the HD to another Linux box, they can't access that
> > information.
>
> Hm? Maybe you need encrypted filesystem, something like cfs?
> With schemes like this there are problems - you need to provide some kind
> of password on boottime, if you want your machine to boot automatically
> you're SOL.
That's the point: if the machine can mount the ciphered data, then someone who
accesses the HD can do it as well. btw, what does SOL mean?
> > Of course it's difficult to do, but we think there might be a possibility
> > to achieve success.
>
> The only way I see you can do this sort of thing is to provide some
> network server that would provide password. It would go something like this
> - machines boots, ask your server about password, decrypts the data.
> This way unplugging machine brings no immediate results.
> But if someone takes control of the machine they can fool you into
> providing them with a password.
We already thought of this point, but it has some interesting issues like the
one you point: soemone controlling the machine can make you give him the pass
and so the contents would be mounted and he could access them. Moreover, if
they lose connection to the Internet (say that they lose power for a while
and the machine reboots and so the router does) then they're left with no
server for a while... bad point. Of course, we should also have redundant
servers (in different places, with different ISPs...) to ensure that we can
always provide the passwords at boot time.
Thank you very much for your advice, Dariush. I'll keep thinking on this, and
will post any idea I might have.
Regards
The Pope
--
Luis Gomez Miralles
InfoEmergencias - Technical Department
Phone (+34) 654 24 01 34
Fax (+34) 963 49 31 80
lgomez@infoemergencias.com
PGP Public Key available at http://www.infoemergencias.com/lgomez.asc
Reply to: