Re: new home box for secure data storage
Douglas A. Tutty-2 wrote: If the box is running but no users are logged-in, why can't the data be encrypted and therefore private? It can be. Use OpenSSL or GnuPG or PGP symmetrically (only store the passphrase in your head) in addition to volume/disk level encryption. Tar up your secret files, encrypt the tar file and then remove the secret files. When you need to read the secret files, decrypt the tar and then extract what you need. Wash, rinse and repeat. Cron a sh script to dd /dev/zero onto the home partition until it's full (don't want sophisticated guys viewing your unallocated space)... know what I mean? Man, this is getting a bit paranoid. -- View this message in context: http://www.nabble.com/new-home-box-for-secure-data-storage-tp20235167p20275760.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: new home box for secure data storage
Douglas A. Tutty schrieb: On Wed, Oct 29, 2008 at 09:09:20PM -0500, patric conant wrote: I'm confused, the encrypted volume cannot be backed up without a key? Sure, I could backup the encrypted volume. However, I'd rather back the data up as an unencrypted directory along with everything else. And then someone steals your backup. Wouldn't it be more sophisticated, to secure the physical access (lock up the door, some security on the windows (the real one, not that crap from MS), if any) to the system and encrypt the backup (public-key comes to my mind). As mostly backup will be done on external media (DVD, CD, Tape, USB-Harddrives) It always depends on how paranoid you are (and as I remember you are more paranoid then the average ;-) ), how secret your data is. guido I don't know what's involved in e.g. restoring an accidentally deleted file from within an encrypted volume. I guess I'd treat it like a tarball in that its a file, mount it somewhere using the usual key and retreive the file, mount the user's encrypted volume and copy the file back where it belongs. Its likely that its me that's confused. Since what I'm contemplating doesn't seem to be mainstream, I'm assuming that backup and restore procedures aren't mainstream (e.g. have the kinks worked out) either. That assumption could be invalid. Doug. -- Mit freundlichen Gr|_en, Guido Tschakert _ SRC Security Research Consulting GmbH Graurheindorfer Str. 149 a Tel: +49-228-2806-138 53117 Bonn Fax: +49-228-2806-199 http://www.src-gmbh.de Mob: +49-160-3671422 Handelsregister Bonn: HRB 9414 Geschdftsf|hrer: Gerd Cimiotti
Re: new home box for secure data storage
On 16:14, Wed 29 Oct 08, Douglas A. Tutty wrote: I think I want root to be able to mount/access the directories so that the data can be included in a backup set (which is then piped through openssl for encryption) on a file-by-file basis rather than just backing up a filesystem image and risking the whole thing if that image becomes corrupted. Here's a possible way to make backups for users homes: Install boxbackup, create a configfile per user, add a line to .profile that runs boxbackup in snapshot modes everytime a user logs in or logs out. Boxbackup transfers and stores the backups encrypted. So no need to worry there. -- Michiel van Baak [EMAIL PROTECTED] http://michiel.vanbaak.eu GnuPG key: http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x71C946BD Why is it drug addicts and computer aficionados are both called users?
Re: new home box for secure data storage
On Wed, Oct 29, 2008 at 9:14 PM, Douglas A. Tutty [EMAIL PROTECTED] wrote: I'll be setting up a new box for the house and I want to use OpenBSD for it, both for its security and since it will be an older box it will run better than with Debian. Roles: main firewall for dialup internet access. fetchmail and sendmail to ISP smarthost other simple stuff (have another box for insecure stuff like watching videos, surfing the net with javascript and flash). We've moved and now our main security threat is physical security. We don't want the data on the computer (i.e. in the /home directories) to be readable if someone steals the box. I'm thinking I could go two routes: 1. encrypt all of /home with an encrypted virtualfs file. However, then the data is unencrypted whenever the box is powered on. Is your data that important? :) 2. I wonder if there's a way to have per-user home directory encryption so that the user's directory is accessed/unencrypted/mounted (whatever the semantics) on login and recrypted/unmounted on logout. Have swap and /tmp encrypted too. Also, perhaps per-user $TMP directories if go with plan 2, above. I think I want root to be able to mount/access the directories so that the data can be included in a backup set (which is then piped through openssl for encryption) on a file-by-file basis rather than just backing up a filesystem image and risking the whole thing if that image becomes corrupted. Ideas? What do others do to secure /home? I read on undeadly an idea of putting the /home filesystem on a removable drive and putting it into a safe but then you have to have the safe mounted securely. Doug. -- http://www.felipe-alfaro.org/blog/disclaimer/
Re: new home box for secure data storage
On Thu, Oct 30, 2008 at 11:53:16AM +0100, Felipe Alfaro Solana wrote: On Wed, Oct 29, 2008 at 9:14 PM, Douglas A. Tutty [EMAIL PROTECTED] wrote: I'm thinking I could go two routes: 1. encrypt all of /home with an encrypted virtualfs file. However, then the data is unencrypted whenever the box is powered on. Is your data that important? :) Yes.
Re: new home box for secure data storage
On Thu, Oct 30, 2008 at 08:38:16AM +0100, Guido Tschakert wrote: Douglas A. Tutty schrieb: On Wed, Oct 29, 2008 at 09:09:20PM -0500, patric conant wrote: I'm confused, the encrypted volume cannot be backed up without a key? Sure, I could backup the encrypted volume. However, I'd rather back the data up as an unencrypted directory along with everything else. And then someone steals your backup. I pipe the backup through openssl anyway. Wouldn't it be more sophisticated, to secure the physical access (lock up the door, some security on the windows (the real one, not that crap from MS), if any) to the system and encrypt the backup (public-key comes to my mind). As mostly backup will be done on external media (DVD, CD, Tape, USB-Harddrives) Physical access to the apartment is as secure as possible given the lease (which is what is prompting this thread). As for the backup media, the total size of the backup set is about 50 GB and for off-site I want it to fit in the bank's small safety deposit box (CDs don't fit) so I'm thinking about using LTO-1 (LTO's will fit and LTO-1 is slow enough that a single IDE drive in a P-133 box should be able to keep it fed). This is a separate issue that I don't want to confuse the thread with. It always depends on how paranoid you are (and as I remember you are more paranoid then the average ;-) ), how secret your data is. I don't know what's involved in e.g. restoring an accidentally deleted file from within an encrypted volume. I guess I'd treat it like a tarball in that its a file, mount it somewhere using the usual key and retreive the file, mount the user's encrypted volume and copy the file back where it belongs. Its likely that its me that's confused. Since what I'm contemplating doesn't seem to be mainstream, I'm assuming that backup and restore procedures aren't mainstream (e.g. have the kinks worked out) either. That assumption could be invalid.
Re: new home box for secure data storage
On Thu, Oct 30, 2008 at 09:34:56AM +0100, Michiel van Baak wrote: On 16:14, Wed 29 Oct 08, Douglas A. Tutty wrote: I think I want root to be able to mount/access the directories so that the data can be included in a backup set (which is then piped through openssl for encryption) on a file-by-file basis rather than just backing up a filesystem image and risking the whole thing if that image becomes corrupted. Here's a possible way to make backups for users homes: Install boxbackup, create a configfile per user, add a line to .profile that runs boxbackup in snapshot modes everytime a user logs in or logs out. Boxbackup transfers and stores the backups encrypted. So no need to worry there. I'm not familiar with boxbackup (I'll look it up later). Something similar was that I figured that the encrypted images could be under, e.g. /enchome and the user's .profile may cause the encrypted volume to be mounted over their /home/username directory. Doug.
Re: new home box for secure data storage
On Thu, 2008-10-30 at 10:45:20 -0400, Douglas A. Tutty proclaimed... Yes. Then keep it off a computer. Otherwise look for solutions that have already been presented...because they work. - Eric
new home box for secure data storage
I'll be setting up a new box for the house and I want to use OpenBSD for it, both for its security and since it will be an older box it will run better than with Debian. Roles: main firewall for dialup internet access. fetchmail and sendmail to ISP smarthost other simple stuff (have another box for insecure stuff like watching videos, surfing the net with javascript and flash). We've moved and now our main security threat is physical security. We don't want the data on the computer (i.e. in the /home directories) to be readable if someone steals the box. I'm thinking I could go two routes: 1. encrypt all of /home with an encrypted virtualfs file. However, then the data is unencrypted whenever the box is powered on. 2. I wonder if there's a way to have per-user home directory encryption so that the user's directory is accessed/unencrypted/mounted (whatever the semantics) on login and recrypted/unmounted on logout. Have swap and /tmp encrypted too. Also, perhaps per-user $TMP directories if go with plan 2, above. I think I want root to be able to mount/access the directories so that the data can be included in a backup set (which is then piped through openssl for encryption) on a file-by-file basis rather than just backing up a filesystem image and risking the whole thing if that image becomes corrupted. Ideas? What do others do to secure /home? I read on undeadly an idea of putting the /home filesystem on a removable drive and putting it into a safe but then you have to have the safe mounted securely. Doug.
Re: new home box for secure data storage
On Wed, Oct 29, 2008 at 04:14:22PM -0400, Douglas A. Tutty wrote: I'll be setting up a new box for the house and I want to use OpenBSD for it, both for its security and since it will be an older box it will run better than with Debian. Roles: main firewall for dialup internet access. fetchmail and sendmail to ISP smarthost other simple stuff (have another box for insecure stuff like watching videos, surfing the net with javascript and flash). We've moved and now our main security threat is physical security. We don't want the data on the computer (i.e. in the /home directories) to be readable if someone steals the box. if someone knowledgeable enough has physical access to the running box, you can't keep the data private.
Re: new home box for secure data storage
I think I want root to be able to mount/access the directories so that the data can be included in a backup set (which is then piped through openssl for encryption) on a file-by-file basis rather than just backing up a filesystem image and risking the whole thing if that image becomes corrupted. Most of your requests are pretty common and come up frequently enough you should be able to find the answers, but this part makes me wonder. So how does root have the key? Do you type it in everytime you do a backup or is there a file called dontreadthis in /root? You could maybe do some tricks with cfs but it's a guaranteed shot in the foot. Ideas? What do others do to secure /home? I don't let people steal my computers.
Re: new home box for secure data storage
On Wednesday 29 October 2008 16:41:36 Almir Karic wrote: On Wed, Oct 29, 2008 at 04:14:22PM -0400, Douglas A. Tutty wrote: I'll be setting up a new box for the house and I want to use OpenBSD for it, both for its security and since it will be an older box it will run better than with Debian. Roles: main firewall for dialup internet access. fetchmail and sendmail to ISP smarthost other simple stuff (have another box for insecure stuff like watching videos, surfing the net with javascript and flash). We've moved and now our main security threat is physical security. We don't want the data on the computer (i.e. in the /home directories) to be readable if someone steals the box. if someone knowledgeable enough has physical access to the running box, you can't keep the data private. Thats true, but you can make it awfully hard to get the data. I know of someone who put his computer in a gun closet, which is a tall metal cabinet weighing many hundreds of pounds, secured with bolts inside the case to the cement wall in the basement. Could you get it? Sure: with enough effort and possibly explosives. You can secure a computer pretty well. Just think heavy and bolted to a wall. --STeve Andre'
Re: new home box for secure data storage
On Wed, Oct 29, 2008 at 09:41:36PM +0100, Almir Karic wrote: On Wed, Oct 29, 2008 at 04:14:22PM -0400, Douglas A. Tutty wrote: I'll be setting up a new box for the house and I want to use OpenBSD for it, both for its security and since it will be an older box it will run better than with Debian. Roles: main firewall for dialup internet access. fetchmail and sendmail to ISP smarthost other simple stuff (have another box for insecure stuff like watching videos, surfing the net with javascript and flash). We've moved and now our main security threat is physical security. We don't want the data on the computer (i.e. in the /home directories) to be readable if someone steals the box. if someone knowledgeable enough has physical access to the running box, you can't keep the data private. If the box is running but no users are logged-in, why can't the data be encrypted and therefore private? This is my thinking about per-user home directory/partition encryption. Doug.
Re: new home box for secure data storage
On Wed, Oct 29, 2008 at 02:56:53PM -0700, Ted Unangst wrote: I think I want root to be able to mount/access the directories so that the data can be included in a backup set (which is then piped through openssl for encryption) on a file-by-file basis rather than just backing up a filesystem image and risking the whole thing if that image becomes corrupted. Most of your requests are pretty common and come up frequently enough you should be able to find the answers, but this part makes me wonder. So how does root have the key? Do you type it in everytime you do a backup or is there a file called dontreadthis in /root? Lets say the key is in a file. Lets encrypt that file with openssl and keep it in /root. Whoever runs the backup program is asked for the passphrase to unlock the file. The backup program then uses that file to mount the directories to back them up. You could maybe do some tricks with cfs but it's a guaranteed shot in the foot. Ideas? What do others do to secure /home? I don't let people steal my computers. Of course there's the risk/benefit/cost analysis. Gun cabinets or safes bolted to the floor work but are expensive. I could get the same kind of deterrence if I installed a big rack-mount 12U server full of a dozen hard drives (think too heavy for one person to steal, assuming that they recognized it as a computer in the first place). Software encryption is free. Doug.
Re: new home box for secure data storage
I'm confused, the encrypted volume cannot be backed up without a key? On Wed, Oct 29, 2008 at 8:45 PM, Douglas A. Tutty [EMAIL PROTECTED] wrote: On Wed, Oct 29, 2008 at 02:56:53PM -0700, Ted Unangst wrote: I think I want root to be able to mount/access the directories so that the data can be included in a backup set (which is then piped through openssl for encryption) on a file-by-file basis rather than just backing up a filesystem image and risking the whole thing if that image becomes corrupted. Most of your requests are pretty common and come up frequently enough you should be able to find the answers, but this part makes me wonder. So how does root have the key? Do you type it in everytime you do a backup or is there a file called dontreadthis in /root? Lets say the key is in a file. Lets encrypt that file with openssl and keep it in /root. Whoever runs the backup program is asked for the passphrase to unlock the file. The backup program then uses that file to mount the directories to back them up. You could maybe do some tricks with cfs but it's a guaranteed shot in the foot. Ideas? What do others do to secure /home? I don't let people steal my computers. Of course there's the risk/benefit/cost analysis. Gun cabinets or safes bolted to the floor work but are expensive. I could get the same kind of deterrence if I installed a big rack-mount 12U server full of a dozen hard drives (think too heavy for one person to steal, assuming that they recognized it as a computer in the first place). Software encryption is free. Doug. -- Some software money can't buy. For everything else there's Micros~1.
Re: new home box for secure data storage
On Wed, Oct 29, 2008 at 09:09:20PM -0500, patric conant wrote: I'm confused, the encrypted volume cannot be backed up without a key? Sure, I could backup the encrypted volume. However, I'd rather back the data up as an unencrypted directory along with everything else. I don't know what's involved in e.g. restoring an accidentally deleted file from within an encrypted volume. I guess I'd treat it like a tarball in that its a file, mount it somewhere using the usual key and retreive the file, mount the user's encrypted volume and copy the file back where it belongs. Its likely that its me that's confused. Since what I'm contemplating doesn't seem to be mainstream, I'm assuming that backup and restore procedures aren't mainstream (e.g. have the kinks worked out) either. That assumption could be invalid. Doug.
