On Fri, 2005-08-26 at 18:14, James Knott wrote:
jdd sur free wrote:
James Knott wrote:
encrypted file systems. The second article descriped booting from a USB pen drive and having the entire hard drive encrypted.
when you install suse it asks "do you want an encrypted file system"
this is very secure, as long as you don't share your passwd, I think only State secret service or hudge company could afford to break.
the main drawback is... that you may loose or forget your pass... and in case of something preventing the computer to boot... one may be obliged to reinstall. So backups, and secure them in a Safe :-(
You can have encrypted file systems, however that will still leave some parts of the system exposed. In the second article, the point was that the entire hard drive is encrypted and only accessable with the USB drive. Which ever method is appropriate, depends on your needs.
As mentioned on the list BIOS passwords is only a small delay Encrypt the root file system and use a different encrypted /home partition. (don't trust the sysadmin/unix-support department) Other option, boot only from removable media. (and remove it when you're done) Like /boot on a USB-stick with fingerprint. Backup's should also be encrypted, if the content is sensitive. I'm not shure about linux, but i thought bsd supported hardware encryption. Finally, one might think about using smartcards for blocking access: Either for specific directories, or preventing booting (like acer notebooks) You CAN make it secure, but it takes some effort... At the other end of the spectrum you can keep auto-logon enabled, with only the root-user defined ;-)) You can put a lock on your frontdoor, but if you leave the key for everybody in the keyhole, it's useless. Hans