James Knott wrote:
Basil Chupin wrote:
James Knott wrote:
Basil Chupin wrote:
I will need to look into the overheads involved in using encrypted file system(s) (encryption my slow processing down but by how much?) or at least putting sensitive data into one encrypted partition or something similar- perhaps keeping it on a CD/DVD and accessing it as needed (but what do you do with the passwords used to access the Internet and websites?).
Don't forget, some of your data might be retained in /tmp or the swap partition.
Further to all preceding comments from various people, I have just had a look at the security for SuSE and found that not only can one encrypt partitions/files but also one can prevent that "simple" access at boot time to alter the password.
Am I simply being naive and misreading things but hasn't (at least) SuSE plugged up this security hole by making it possible to put in an encrypted password into GRUB so that one cannot not only boot the system without the password but cannot even gain access to the BOOT: prompt when the bootloader, Grub, menu is displayed where it was possible to type init3 and then reset the root password as described elsewhere?
Also, as an additional security measure, any system (if dual booting for example) can be prevented from booting if the correct password is not given and this achieved wiith the LOCK parameter at the end of the statement booting that particular OS?
Alright, I guess that the above may possibly take care of security at boot time but should the HDs be stolen then their contents could be examined and the password manually deleted so that the system then could be booted in the normal way. I'm right in thinking this?
I haven't examined that method, but unless you encrypt the disk you can still read the data, by booting with a rescue disk. So, once again, without physical security, there is no security.
Thanks for that. I'll try and create a rescue floppy to test this out, but it seems to me that the resuce disk will try and boot you into the system which expects the password - maybe, I'm only guessing. Tired to create the 6 boot floppies tonight but 9.3 wouldn't create them although miraculously I managed to create the first one. Something not right here... Cheers. -- Light travels faster than sound. This is why some people appear bright until you hear them speak.