hardening FreeBSD, already using GBDE
For example, the editor I use normally writes to /tmp -- I changed that, making it slower, but in the event that someone takes my laptop I want to sleep at night. I've no problem letting some poor person make a windoz machine out of my laptop -- but I don't want to share my work, my intellectual property. (I do research.) So, I'm looking for a list of changes to make, hacks really, that will further tighten up security. Can you point me to such a list of to-do's, please. Just send mail to henry.ol...@gmail.com --jg ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: hardening FreeBSD, already using GBDE
On 01/21/10 16:32, Henry Olyer wrote: For example, the editor I use normally writes to /tmp -- I changed that, making it slower, but in the event that someone takes my laptop I want to sleep at night. If you use a swap-backed memory drive (see http://man.freebsd.org/mdconfig) for /tmp and use geli to encrypt the swap, there would be no chance of recovery of your temporary files. I've no problem letting some poor person make a windoz machine out of my laptop -- but I don't want to share my work, my intellectual property. (I do research.) So, I'm looking for a list of changes to make, hacks really, that will further tighten up security. You did not specify anything really exact. You already encrypt your on-disk data. Do you always use encrypted network protocols like ssh and https? Strong passwords? Adequate physical security? Up-to-date software? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: hardening FreeBSD, already using GBDE
On Thu, Jan 21, 2010 at 10:32:01AM -0500, Henry Olyer wrote: For example, the editor I use normally writes to /tmp -- I changed that, making it slower, but in the event that someone takes my laptop I want to sleep at night. I've no problem letting some poor person make a windoz machine out of my laptop -- but I don't want to share my work, my intellectual property. (I do research.) So, I'm looking for a list of changes to make, hacks really, that will further tighten up security. Can you point me to such a list of to-do's, please. Just send mail to henry.ol...@gmail.com If you encrypt everything on disk and make sure the machine is powered off any time you leave it, there is not much else you can do to protect it from physical access. That is, if someone can get their grubby little fingers on it, there is little you can do to absolutely prevent them from getting to the data. If they have physical access, they have the same tools you do. There are things such as putting on a BIOS password and encrypting everything and powering it off when it is not in your hands that can make it more difficult, but nothing that totally prevents seeing your stuff.You could remove the hard disk and take it with you everywhere. The only complete security is never to store your data anywhere - on a computer, on paper, even in your head -- you might talk in your sleep. So, make a good effort to make it difficult and then just resign yourself to living in the real world. jerry --jg ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org