FreeBSD harddisk encryption
I attended 22C3 last year.
One of the lectures covered FreeBSD encryption.
Author (Marc Schiesser) explains in the paper,
* Background & motivation: explains the need for in-storage data encryption and discusses partial disk encryption and the motivation behind complete disk encryption.
* Implementation: details of how to implement complete disk encryption on a FreeBSD system. The solution relies on standard FreeBSD tools and does not involve programming.
* Implications: explains what is and is not protected by complete disk encryption. New risks, dangers as well as trade-offs will also be discussed.
While encryption is great, I fully agree with the statement I read somewhere not long ago on encryption beeing the last resort. Sensitive data should NOT reside on/in places where theft/espionage etc happens. Use Remote terminal (Not just only Microsoft have one. Cendio and FreeNX exists as alternatives) over encrypted and authenticated links.
Why not rip out the harddrive of the laptop, give the user a prebuilt firewalled custom live-cd. Then use OTP for authentication.
No silverbullet exist, but to store data in datacenter is alot better then on some unencrypted laptop in my opinion.
URL
http://events.ccc.de/congress/2005/fahrplan/attachments/586-paper_Complete_Hard_Disk_Encryption.pdf
One of the lectures covered FreeBSD encryption.
Author (Marc Schiesser) explains in the paper,
* Background & motivation: explains the need for in-storage data encryption and discusses partial disk encryption and the motivation behind complete disk encryption.
* Implementation: details of how to implement complete disk encryption on a FreeBSD system. The solution relies on standard FreeBSD tools and does not involve programming.
* Implications: explains what is and is not protected by complete disk encryption. New risks, dangers as well as trade-offs will also be discussed.
While encryption is great, I fully agree with the statement I read somewhere not long ago on encryption beeing the last resort. Sensitive data should NOT reside on/in places where theft/espionage etc happens. Use Remote terminal (Not just only Microsoft have one. Cendio and FreeNX exists as alternatives) over encrypted and authenticated links.
Why not rip out the harddrive of the laptop, give the user a prebuilt firewalled custom live-cd. Then use OTP for authentication.
No silverbullet exist, but to store data in datacenter is alot better then on some unencrypted laptop in my opinion.
URL
http://events.ccc.de/congress/2005/fahrplan/attachments/586-paper_Complete_Hard_Disk_Encryption.pdf
posted by Niklas Eriksson at 00:08
0 Comments:
Skicka en kommentar
<< Home