Mario Ohnewald wrote:
Hi Horst
On Sun, 2006-02-26 at 22:23 +0100, Horst Pflugstaedt wrote:
On Sun, Feb 26, 2006 at 10:11:44PM +0100, Mario Ohnewald wrote:
Hello security list!
I would like to secure the harddrive/partitions of linux box.
The whole setup must fulfill the
Hello,
Am Sonntag, 26. Februar 2006 23:26 schrieb Mario Ohnewald:
On Sun, 2006-02-26 at 14:13 -0800, Stephan Wehner wrote:
Who is going to be booting this machine??
It´s a server. It is supposed to be online all the time.
Once turned on it will run till someone reboots its remotely or due
Jan Luehr wrote:
topology before granting access to your secure server. (If you're server is
stolen and connected to the internet, you probably hop across different
routers to get there) - however, this requires some effort monitoring your
ISPs routes.
Checking the ip/net that the request
* Horst Pflugstaedt:
On Sun, Feb 26, 2006 at 11:17:56PM +0100, Florian Weimer wrote:
* Horst Pflugstaedt:
I just ask myself why you bother encrypting a filesystem that will be
accessible to anyone having access to the machine since it boots without
password?
You can return hard disks
On Sun, Feb 26, 2006 at 10:11:44PM +0100, Mario Ohnewald wrote:
Hello security list!
I would like to secure the harddrive/partitions of linux box.
The whole setup must fulfill the following requirements:
a) it must be able to boot (remotely) without userinput/passphrase
b) the
Hello,
Am Sonntag, 26. Februar 2006 22:11 schrieb Mario Ohnewald:
Hello security list!
I would like to secure the harddrive/partitions of linux box.
The whole setup must fulfill the following requirements:
a) it must be able to boot (remotely) without userinput/passphrase
b) the
Hi Horst
On Sun, 2006-02-26 at 22:23 +0100, Horst Pflugstaedt wrote:
On Sun, Feb 26, 2006 at 10:11:44PM +0100, Mario Ohnewald wrote:
Hello security list!
I would like to secure the harddrive/partitions of linux box.
The whole setup must fulfill the following requirements:
a) it
* Mario Ohnewald:
The whole setup must fulfill the following requirements:
a) it must be able to boot (remotely) without userinput/passphrase
b) the importtant partitions such as /etc, /var, /usr and /home must be
encrypted/protected.
Put the key on an USB stick, and load it from an initial
* Horst Pflugstaedt:
I just ask myself why you bother encrypting a filesystem that will be
accessible to anyone having access to the machine since it boots without
password?
You can return hard disks to the vendor for warranty claims even if
they still contain sensitive data.
--
To
On Sun, 2006-02-26 at 14:13 -0800, Stephan Wehner wrote:
Who is going to be booting this machine??
It´s a server. It is supposed to be online all the time.
Once turned on it will run till someone reboots its remotely or due to
power failure or something alike.
The whole scenario can be pictured
Hi Mario,
On Sun, 26 Feb 2006, Mario Ohnewald wrote:
a) it must be able to boot (remotely) without userinput/passphrase
b) the importtant partitions such as /etc, /var, /usr and /home must be
encrypted/protected.
I think the problem will be that you cannot put /etc outside of the root
Horst Pflugstaedt [EMAIL PROTECTED] wrote:
a) it must be able to boot (remotely) without userinput/passphrase
You can use nfs-root or initramdisk from a trusted machine.
b) the importtant partitions such as /etc, /var, /usr and /home must be
encrypted/protected.
I just ask myself why you
On Sun, Feb 26, 2006 at 11:17:56PM +0100, Florian Weimer wrote:
* Horst Pflugstaedt:
I just ask myself why you bother encrypting a filesystem that will be
accessible to anyone having access to the machine since it boots without
password?
You can return hard disks to the vendor for
Hello,
I think this should be possible over a special rebuild of initrd image,
which runs before root partition is mounted.
But i don't think you'll find a real secure way to get the secret over
the net.
Regards,
Andreas
Lothar Ketterer schrieb:
Hi Mario,
On Sun, 26 Feb 2006, Mario
14 matches
Mail list logo