Tom Metro wrote:
I was envisioning a system in which an administrator connects into the
system after reboot and either supplies the entire key over a secure
channel from an off-site system, or perhaps loads the key from a USB
drive that is physically removed once loaded into memory, or enters a
s
> From: discuss-bounces+blu=nedharvey@blu.org [mailto:discuss-
> bounces+blu=nedharvey@blu.org] On Behalf Of Tom Metro
>
> I'd be curious to know if anyone has deployed something like TrueCrypt
> on a sizable cluster of machines. How did they handle reboots?
Truecrypt requires password in
Edward Ned Harvey (blu) wrote:
The most obvious solution to me, is to have an authentication server
(AD/Ldap/Kerberos) which boots using TPM.
But TPM is potentially vulnerable to cold boot attacks, and pre-boot PIN
systems are vulnerable to bootkit attacks. The only reliable defense
against t
On 11/10/2013 10:59 AM, Richard Pieri wrote:
The only reliable defense against these is to maintain good physical
security.
Correct.
But as I think about it, I don't think putting your machines in a co-lo
means you are completely doomed.
For example, say you are renting some physical spac
Kent Borg wrote:
For example, say you are renting some physical space over which you have
some significant control. Be it a cage or maybe just a cabinet, you
should be able to have some intrusion detection (booby traps) and use
that shut things down--including deleting keys.
Maybe. If the manag
