On Monday, June 02, 2014 04:23:07 PM Matti Nykyri wrote: > On Jun 2, 2014, at 17:52, "J. Roeleveld" <jo...@antarean.org> wrote: > > On Monday, June 02, 2014 03:23:03 PM Matti Nykyri wrote: > >> On Jun 2, 2014, at 16:40, "J. Roeleveld" <jo...@antarean.org> wrote: > >>> On Monday, June 02, 2014 07:28:53 AM Rich Freeman wrote: > >>>> On Mon, Jun 2, 2014 at 6:56 AM, Neil Bothwick <n...@digimed.co.uk> wrote: > >>>>> On Mon, 02 Jun 2014 05:27:44 -0500, Dale wrote: > >>>>>> The second option does sound what I am looking for. Basically, if I > >>>>>> log > >>>>>> out but leave my computer on, leave home, some crook/NSA type breaks > >>>>>> in > >>>>>> and tries to access something or steals my whole puter, they would > >>>>>> just > >>>>>> get garbage for data. That seems to fit the second option best. > >>>>> > >>>>> If they steal your computer they will have to power it off, unless you > >>>>> are kind enough to leave them a large enough UPS to steal along with > >>>>> it, > >>>>> so any encryption will be equally effective. > >>>> > >>>> If you're worried about casual thieves then just about any kind of > >>>> properly-implemented encryption will stop them. > >>>> > >>>> If you're worried about a government official specifically tasked with > >>>> retrieving your computer, my understanding is that it is SOP these > >>>> days to retrieve your computer without powering it off for just this > >>>> reason. They won't use your UPS to do it. Typically they remove the > >>>> plug just far enough to expose the prongs, slide in a connector that > >>>> connects it to a UPS, and then they pull it out the rest of the way > >>>> now powered by the UPS. > >>>> > >>>> See something like: > >>>> http://www.cru-inc.com/products/wiebetech/hotplug_field_kit/ > >>> > >>> Hmm... Those are nice, but can be easily built yourself with an > >>> off-the-shelf UPS. > >>> > >>>> Presumably somebody who is determined will also have the means to > >>>> retrieve the contents of RAM once they seize your computer. Besides > >>>> directlly accessing the memory bus I think most motherboards are not > >>>> designed to be secure against attacks from PCI/firewire/etc. > >>> > >>> Hmm... add something to auto-shutdown the computer when a hotplug event > >>> occurs on any of the internal ports and remove support for unused ports > >>> from the kernel. > >>> > >>> I wonder how they'd keep a computer from initiating a shutdown procedure > >>> or > >>> causing a kernel panic when it looses (wireless) connection to another > >>> device that is unlikely to be moved when powered up? > >> > >> Well i have a switch in the door of the server room. It opens when you > >> open > >> the door. That signals the kernel to wipe all the encryption keys from > >> kernel memory. Without the keys there is no access to the disks. After > >> that > >> another kernel is executed which wipes the memory of the old kernel. If > >> you > >> just pull the plug memory will stay in its state for an unspecified time. > > > > You don't happen to have a howto on how to set that up? > > Well i have a deamon running and a self made logic device in COM-port. Very > simple. It has a single serial-parallel converter to do simple IO. > Currently it just controls one relay that powers the network-devices.
I actually meant the software side: - How to wipe the keys and then wipe the whole memory. > >> I consoder this setup quite secure. > > > > Makes me wonder what it is you are protecting your server from. :) > > Well just a hobby. I wanted to play with electronics. The server controls my > heating, locks of the house, lights, airconditioning, fire-alarm and > burglar-alarm. Gentoo-powered house... I would keep the system controlling all that off the internet with only a null-modem cable to an internet-connected server using a custom protocol. Anything that doesn't match the protocol initiates a full lock-down of the house. ;) -- Joost
