[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: is it possible to create a black box with debian?

"enediel gonzalez" <enediel@hotmail.com> writes:

[...]

> My main concern is for example, if somebody has access to turn off the
> box, create one image disk, and go home with all the information
> available, at this moment, I want to have all the information
> encrypted as much as possible to make this task more difficult.
>
> By default, I should consider in my prerequisites that it could be
> possible, so among others security policies the encryption should be
> added. The person who has physical access to the server is not
> necessary root, and I know it's the main problem.

The tricky part is where to store the decryption key.  Anywhere on the
box that you can store the key, a user who can pull out the hard drive
and duplicate it could also easily get access to it.

The solution to your problem is likely to involve high physical
security on the machine, such as a very sturdy locking case or storing
the key on a tamperproof smartcard.  Even that is unlikely to be
foolproof against a slightly sophisticated attacker.

A much easier and more reliable solution is to host the server
remotely, and provide access via a VPN or similar.

Good luck!

----Scott.
Reply to: