Hi Penguin gurus, During my job, I will be installing Linux on public nodes "kiosks". The thing is, those nodes will have wifi network access, and will *not* have physical security around them (read: no guards). The problem is: People might try to get the info stored on the disks, either through network access, physical access, or through stealing the disks Target: I want to make it as hard as possible for those people. I totally understand that without physical security, there's no way it can be really "secure". I just wanna make real difficult
Protecting console: - I will turn off all login ttys and turn off X - Will password protect grub Protecting Wifi: - Will turn off ssh, and firewall all ports that are not providing end user services (I will mostly just leave apache open) Protecting stolen disks: Here comes the part where I have no clue! I don't really want this to be (steal disk, mount disk, copy data!!). I wanna make it difficult, but I have no idea how. Here are some ideas I'm toying with - Encrypt disks with some "auto-decrypting" scheme, so the machine can boot without entering a password? - Use some non standard filesystem ? (Dont like it, the system needs to be reliable) - Use some weird non standard partitioning tools ?(Also don't like it) - Use some non standard grub chain-loader that will decrypt Linux disks and boot them ? I'm a bit lost, did anyone face this dilemma before ? Any experiences to share ? Again, please don't tell me there's no way to get real security, if I don't have physical security. I totally understand this. I just don't wanna make this as easy as steal/mount! Best Regards
_______________________________________________ rhelv5-list mailing list rhelv5-list@redhat.com https://www.redhat.com/mailman/listinfo/rhelv5-list
