<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: Additional security for laptops...
From: Bill Cox <bill,AT,viasic,DOT,com>
Date: Fri, 17 Jan 2003 06:12:09 +0100

Hi.

I'm a happy cipe user with no significant complaints.  There's one 
enhancement I'd like to see, since my company works mostly with Linux 
laptops.

I'm encouraging our Linux laptop users to set up cipe clients so they 
can be more productive at home.  However, if one of our users has a 
laptop stollen, or if a friend simply borrows it for a while, we could 
have source code stollen, or disks could be erased on servers at work. 
 These laptops have the key in /etc/cipe/options.cipcb<number> file, and 
while it's only readable by root, anyone with one of our laptops in hand 
can easily get at it without a password.

To get around this, I've written a simple script to decrypt the key 
file, bring up the cipe connection, and then delete the unencrypted key 
file.  To decrypt the key file, the user has to know the password.  This 
way, a stollen laptop can't easily be used to access our network.

Would there be any interest in adding a password feature so there would 
never be an unencrypted key file on the disk?  This would require the 
user to type a password to enable a cipe connection.  This would not be 
good on servers, but it would be nice for laptop clients.

Thanks,
Bill Cox





<< | Thread Index | >> ]    [ << | Date Index | >> ]