Re: Question related to FDE (Full Disk Encryption) solution under Linux Debian Lenny
On Mon, Jan 24, 2011 at 12:06, Andrew McGlashan
<andrew.mcglashan@affinityvision.com.au> wrote:
That sounds interesting, but why not run the Mandos server ONLY when you are restarting machines. The Mandos server could be a tiny VM or even a boot from a USB thumb drive -- the USB could be locked away in a safe until required. A copy of the USB could be stored in a bank vault. The only time that the USB is needed is when you must restart a server or re-mount a file system protected by this scheme. No need to continually run a Mandos server anywhere.
--
Kind Regards
AndrewM
Andrew McGlashan
Broadband Solutions now including VoIP
Hello Andrew,
however, having to start up the Mandos server in order for the host to start-up could defeat the purpose of Mandos itself, which is supposed to allow servers to start up autonomously, without human intervention. Of course, you could always have your monitoring software detect the server failure or reboot and as an action, trigger the startup of a Mandos VM. In this case, however, the Mandos server probably would not be full-disk encrypted (otherwise, it would need human intervention to start or another Mandos-server running somewhere), but maybe it would be possible to come up with an interesting setup to achieve this.
Best Regards,
Reply to: