"Christopher D. Clausen" <[email protected]> writes: > If it were me, I would NOT allow such data to go to end-user systems > (and thus avoid having it cached there.) I would setup a few servers > within a secure data center and require all work to be done via remote > access to these systems (using RDP, SSH, FreeNX, etc.)
This is not a situation where we have no such data at present and can set the requirements for how clients access it. The clients are already manipulating this data on laptops with no disk encryption and using public file shares. The goal is to get something better than what they have now that they'll actually use. A requirement that they only do work remotely with RDP will just be ignored, resulting in the current situation continuing without improvement. Security and usability is always a tradeoff. > And correct me if I'm wrong here, but wouldn't you also want to wipe the > client's system pagefile or swap area after VPN disconnect as some data > could be cached when swapped to disk? It all depends on what threat model that you're trying to defend against. Right now, the goal is to get unencrypted files with obvious, easily-accessible private information off of people's laptops. One step at a time. Scraping data out of system page files requires an attacker with actual tools and some understanding of how the operating system works; it would be nice to defend against such people as well, but they're considerably rarer and, in that case, you're generally looking at a targeted attack. -- Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/> _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
