Ahmed Kamal wrote:
Hi Penguin gurus, During my job, I will be installing Linux on public nodes "kiosks". The thing is, those nodes will have wifi network access, and will *not* have physical security around them (read: no guards). The problem is: People might try to get the info stored on the disks, either through network access, physical access, or through stealing the disks Target: I want to make it as hard as possible for those people. I totally understand that without physical security, there's no way it can be really "secure". I just wanna make real difficult
Don't put anything secret on the disks. Better, don't put disk in the computers.
you can network boot and mount everything via NFS.
Protecting console: - I will turn off all login ttys and turn off X - Will password protect grub
No disk, no grub.
Protecting Wifi: - Will turn off ssh, and firewall all ports that are not providing end user services (I will mostly just leave apache open)
ssh hasn't anything to do with wireless.
Protecting stolen disks: Here comes the part where I have no clue! I don't really want this to be (steal disk, mount disk, copy data!!). I wanna make it difficult, but I have no idea how. Here are some ideas I'm toying with - Encrypt disks with some "auto-decrypting" scheme, so the machine can boot without entering a password? - Use some non standard filesystem ? (Dont like it, the system needs to be reliable) - Use some weird non standard partitioning tools ?(Also don't like it) - Use some non standard grub chain-loader that will decrypt Linux disks and boot them ? I'm a bit lost, did anyone face this dilemma before ? Any experiences to share ? Again, please don't tell me there's no way to get real security, if I don't have physical security. I totally understand this. I just don't wanna make this as easy as steal/mount!
I don't understand why you'd put anything confidential in a computer intended for public access. Can you enlarge?
What's the public going to be doing with these systems? -- Cheers John -- spambait [EMAIL PROTECTED] [EMAIL PROTECTED] -- Advice http://webfoot.com/advice/email.top.php http://www.catb.org/~esr/faqs/smart-questions.html http://support.microsoft.com/kb/555375 You cannot reply off-list:-) _______________________________________________ rhelv5-list mailing list rhelv5-list@redhat.com https://www.redhat.com/mailman/listinfo/rhelv5-list
