On Wed January 3 2007 1:19 pm, Daniel Bauer scratched these words onto a coconut shell, hoping for an answer:
On Wednesday 03 January 2007 18:18, Jose wrote:
Thanks your help Lets me explain this is a local server the idea is if any other except my boss of course try make a login with my or other login and dont know the password, if this person try more than 5 login with wrong password the system erase all home of this user Why ? I have a lot of people that try login in server and I really need make a lot of information security , I think that I have 2 possibility, one, encrypt this information or erase this I have backup of all this file in a save place But all this information , all this files still in the Server And this is a very strategic information to my company. So erase or cryt is a lot of less destructive that this information fly away Sorry to my poor english thaks again ! Jose
Hi Jose,
If your information on that computer is so "hot" I guess, somebody who tries to get that, knows what he wants and how he gets it. It this case, simply deleting the files will not help, because it's often possible to restore deleted data.
If I was the thief, I'd take a CD and a diskette with me to boot your PC with my own system, or a screwdriver and take your HD out and look at it quietly at home.
So, first of all, I would not connect a computer with very secret data to the internet, so that a thief at least would have to come here in person. Then I would encrypt the whole partition and change my good password every once in a while. Finally I would keep my computer in a very safe place.
And - with my knowledge - I'd search for a reliable expert who can consult me in security regards. This will not be for free, but if the data is that important it should be worth the price.
Jose, I agree w/ Daniel, if you need to keep this information secret DO NOT put it on the net.. or into any network reachable from the internet. Then, as he says at least the thief must show up in person and you will have some sort of data for CSI types to find, fingerprints, perhaps even DNA if the guy sweats on your server or keyboard while he breaks in. I might add that it would also be worth your while to encrypt the data on that server. I know it's a pita for average access, but you don't really want "average" access to that information, and you do want a record of everyone who actually gets to see it, no? Erasing the the home directory of someone who is logging in, w/ you think a try to break in, might also mimic someone who is having a really bad typing day... ;( And erasing the home directory should also mean you do daily backups, so if you do erase it in error that person isn't penalised for something they didn't do. I too would take a CD probably and reboot the computer w/ perhaps a portable DVD writer to capture anything "interesting" ... to be sorted later at a quieter, and safer , for me , place. That too would leave an audit trail for you.. as you probably want to keep track of any unexpected reboots.. Mainly, do not connect it to any other machine. It's what I tell my docs, so they can keep things that have to be protected by law, safe. The computer w/ patient data only needs to be accessed by the office manager, and the doc. That can be done from the doctors office, or from the Managers office, but if they are not in, no keyboard or monitor is attached to it , and they are locked in a safe where they used to keep the money and other receipts , back when those things weren't electronic . It's crude , but it works. BTW booting from my own cd gets me past the idea that you only access a server from a shell. At that point, you need physical security, to keep me from having the time to copy anything, or take your drive as Daniel suggested.. Ultimately that insecurity and bored staff are your biggest problems , they have time on their hands, and the right and probably a reason from being in proximity to the server you are trying to protect. -- j -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org