Re: encrpyt harddrive without passphrase/userinput
Mario Ohnewald wrote: Hi Horst On Sun, 2006-02-26 at 22:23 +0100, Horst Pflugstaedt wrote: On Sun, Feb 26, 2006 at 10:11:44PM +0100, Mario Ohnewald wrote: Hello security list! I would like to secure the harddrive/partitions of linux box. The whole setup must fulfill the following requirements: a) it must be able to boot (remotely) without userinput/passphrase b) the importtant partitions such as /etc, /var, /usr and /home must be encrypted/protected. I just ask myself why you bother encrypting a filesystem that will be accessible to anyone having access to the machine since it boots without password? It boots with grub and pam/unix password. Grub wount protect you, someone with physical access can still just boot from a cd and change your grub passwd, or do you intend to patch grub so it can read /boot/grub/menu.list from a encrypted fs. // my 2 öre // Gustaf -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: encrpyt harddrive without passphrase/userinput
Hello, Am Sonntag, 26. Februar 2006 23:26 schrieb Mario Ohnewald: On Sun, 2006-02-26 at 14:13 -0800, Stephan Wehner wrote: Who is going to be booting this machine?? It´s a server. It is supposed to be online all the time. Once turned on it will run till someone reboots its remotely or due to power failure or something alike. The whole scenario can be pictured like this: Put your server in a corner of a street and secure it. In case someone hits the reset button it needs to be able to boot automatically without user input. In a nutshell: Secure it without physical security and user input. I guess it can`t be done?! :( - Install some minimal Linux. - Install Debian chroot'ed and encrypted. - If the server boot's, the minimal Linux is booted. - The Info needed to decrypt and mount the is transfered across the network. There are two scenarios I can think of: a) You get an email when the server has booted the minimal Linux (and sends you a mail, etc.). After that you verify, that the server has not been stolen, and send the secret via ssh. pro: maximum security. cons: downtime. If you've two or more server at different locations, connected via heartbeat, that can replace each other, this probably is the best solution I know. b) Your server gets its secret via ssh from an another , physical secure server automatically. If the server is reported as stolen, you can delete it or deny access. You may archive extra security by evaluating the network topology before granting access to your secure server. (If you're server is stolen and connected to the internet, you probably hop across different routers to get there) - however, this requires some effort monitoring your ISPs routes. pro: Boots without any interaction cons: Less secure Keep smiling yanosz
Re: encrpyt harddrive without passphrase/userinput
Jan Luehr wrote: topology before granting access to your secure server. (If you're server is stolen and connected to the internet, you probably hop across different routers to get there) - however, this requires some effort monitoring your ISPs routes. Checking the ip/net that the request came from should be enough, unless the attacker can change the global routing table. -- Dan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: encrpyt harddrive without passphrase/userinput
* Horst Pflugstaedt: On Sun, Feb 26, 2006 at 11:17:56PM +0100, Florian Weimer wrote: * Horst Pflugstaedt: I just ask myself why you bother encrypting a filesystem that will be accessible to anyone having access to the machine since it boots without password? You can return hard disks to the vendor for warranty claims even if they still contain sensitive data. even if the disk boots in another machine, thus revealing the sensitive data? The boot process stops when it doesn't find the USB stick with the necessary key material for decryption. When you return the machine to the vendor for maintenance, you don't provide that USB stick. Therefore, the vendor is unable to access the unencrypted disk contents. (Of course, you need to reinstall from scratch (or restore a complete disk image) because there isn't a trusted boot path; the vendor could have tampered with the boot loader.) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: encrpyt harddrive without passphrase/userinput
On Sun, Feb 26, 2006 at 10:11:44PM +0100, Mario Ohnewald wrote: Hello security list! I would like to secure the harddrive/partitions of linux box. The whole setup must fulfill the following requirements: a) it must be able to boot (remotely) without userinput/passphrase b) the importtant partitions such as /etc, /var, /usr and /home must be encrypted/protected. I just ask myself why you bother encrypting a filesystem that will be accessible to anyone having access to the machine since it boots without password? Is this even possible? Is there a way? Is it something you'd really want? Encrypting a filesystem is a protection against someone having physical access to the machine or the harddrive. If the machine (the disk in another machine) boots without password, you might as well _not_ encrypt it. HIR (hope I'm right) Horst -- Real programmers don't bring brown-bag lunches. If the vending machine doesn't sell it, they don't eat it. Vending machines don't sell quiche. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: encrpyt harddrive without passphrase/userinput
Hello, Am Sonntag, 26. Februar 2006 22:11 schrieb Mario Ohnewald: Hello security list! I would like to secure the harddrive/partitions of linux box. The whole setup must fulfill the following requirements: a) it must be able to boot (remotely) without userinput/passphrase b) the importtant partitions such as /etc, /var, /usr and /home must be encrypted/protected. Is this even possible? Is there a way? Can you be more verbose please? What information do you try to protect? If you want to encrypt something, you need some kind of secret. This can either be generated randomly (pro: no input, cons: Information vanishes on reboot) or supplied elsewhere. Keyboard input, network, external media, etc. Keep smiling yanosz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: encrpyt harddrive without passphrase/userinput
Hi Horst On Sun, 2006-02-26 at 22:23 +0100, Horst Pflugstaedt wrote: On Sun, Feb 26, 2006 at 10:11:44PM +0100, Mario Ohnewald wrote: Hello security list! I would like to secure the harddrive/partitions of linux box. The whole setup must fulfill the following requirements: a) it must be able to boot (remotely) without userinput/passphrase b) the importtant partitions such as /etc, /var, /usr and /home must be encrypted/protected. I just ask myself why you bother encrypting a filesystem that will be accessible to anyone having access to the machine since it boots without password? It boots with grub and pam/unix password. Is this even possible? Is there a way? Is it something you'd really want? Encrypting a filesystem is a protection against someone having physical access to the machine or the harddrive. If the machine (the disk in another machine) boots without password, you might as well _not_ encrypt it. Thats the point. In my case i can not protect the linux box or lock it away 100% securely. I need to secure the box in some way without having a physical protection. Someone should be able to: Steal the whole server or hard drives, but still not be able to read it. Maybe we could narrow the actual problem down to where this scenario actually fails or where the problems are?! Maybe someone has some cool ideas, too. Cheers, Mario -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: encrpyt harddrive without passphrase/userinput
* Mario Ohnewald: The whole setup must fulfill the following requirements: a) it must be able to boot (remotely) without userinput/passphrase b) the importtant partitions such as /etc, /var, /usr and /home must be encrypted/protected. Put the key on an USB stick, and load it from an initial ramdisk? This works quite well, but I don't know if it matches your requirements. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: encrpyt harddrive without passphrase/userinput
* Horst Pflugstaedt: I just ask myself why you bother encrypting a filesystem that will be accessible to anyone having access to the machine since it boots without password? You can return hard disks to the vendor for warranty claims even if they still contain sensitive data. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: encrpyt harddrive without passphrase/userinput
On Sun, 2006-02-26 at 14:13 -0800, Stephan Wehner wrote: Who is going to be booting this machine?? It´s a server. It is supposed to be online all the time. Once turned on it will run till someone reboots its remotely or due to power failure or something alike. The whole scenario can be pictured like this: Put your server in a corner of a street and secure it. In case someone hits the reset button it needs to be able to boot automatically without user input. In a nutshell: Secure it without physical security and user input. I guess it can`t be done?! :( Not the usual way... Stephan Mario Ohnewald wrote: Hi Horst On Sun, 2006-02-26 at 22:23 +0100, Horst Pflugstaedt wrote: On Sun, Feb 26, 2006 at 10:11:44PM +0100, Mario Ohnewald wrote: Hello security list! I would like to secure the harddrive/partitions of linux box. The whole setup must fulfill the following requirements: a) it must be able to boot (remotely) without userinput/passphrase b) the importtant partitions such as /etc, /var, /usr and /home must be encrypted/protected. I just ask myself why you bother encrypting a filesystem that will be accessible to anyone having access to the machine since it boots without password? It boots with grub and pam/unix password. Is this even possible? Is there a way? Is it something you'd really want? Encrypting a filesystem is a protection against someone having physical access to the machine or the harddrive. If the machine (the disk in another machine) boots without password, you might as well _not_ encrypt it. Thats the point. In my case i can not protect the linux box or lock it away 100% securely. I need to secure the box in some way without having a physical protection. Someone should be able to: Steal the whole server or hard drives, but still not be able to read it. Maybe we could narrow the actual problem down to where this scenario actually fails or where the problems are?! Maybe someone has some cool ideas, too. Cheers, Mario -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: encrpyt harddrive without passphrase/userinput
Hi Mario, On Sun, 26 Feb 2006, Mario Ohnewald wrote: a) it must be able to boot (remotely) without userinput/passphrase b) the importtant partitions such as /etc, /var, /usr and /home must be encrypted/protected. I think the problem will be that you cannot put /etc outside of the root partition. This means that you cannot boot normally and read the secret from somewhere on the net. Maybe someone has some cool ideas, too. Just a thought without being able to exactly tell how to realize this: boot from CD, read the key/passphrase via network, mount the (encrypted) root partition and chroot to it? Regards, Lothar -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: encrpyt harddrive without passphrase/userinput
Horst Pflugstaedt [EMAIL PROTECTED] wrote: a) it must be able to boot (remotely) without userinput/passphrase You can use nfs-root or initramdisk from a trusted machine. b) the importtant partitions such as /etc, /var, /usr and /home must be encrypted/protected. I just ask myself why you bother encrypting a filesystem that will be accessible to anyone having access to the machine since it boots without password? No password entry does not mean nopassword. A remote server for the password can ensure, that the machine can only boot on the right subnet and allows easy earising of all data by deleting the key on the server. Gruss Bernd -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: encrpyt harddrive without passphrase/userinput
On Sun, Feb 26, 2006 at 11:17:56PM +0100, Florian Weimer wrote: * Horst Pflugstaedt: I just ask myself why you bother encrypting a filesystem that will be accessible to anyone having access to the machine since it boots without password? You can return hard disks to the vendor for warranty claims even if they still contain sensitive data. even if the disk boots in another machine, thus revealing the sensitive data? If there is no protection to the encryption, encrypting a filesystem is just useless waste of cpu-time. As Jan pointed out: you need a secret for encryption. g'night Horst -- No, no, I don't mind being called the smartest man in the world. I just wish it wasn't this one. -- Adrian Veidt/Ozymandias, WATCHMEN -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: encrpyt harddrive without passphrase/userinput
Hello, I think this should be possible over a special rebuild of initrd image, which runs before root partition is mounted. But i don't think you'll find a real secure way to get the secret over the net. Regards, Andreas Lothar Ketterer schrieb: Hi Mario, On Sun, 26 Feb 2006, Mario Ohnewald wrote: a) it must be able to boot (remotely) without userinput/passphrase b) the importtant partitions such as /etc, /var, /usr and /home must be encrypted/protected. I think the problem will be that you cannot put /etc outside of the root partition. This means that you cannot boot normally and read the secret from somewhere on the net. Maybe someone has some cool ideas, too. Just a thought without being able to exactly tell how to realize this: boot from CD, read the key/passphrase via network, mount the (encrypted) root partition and chroot to it? Regards, Lothar -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
