<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: Re: Additional security for laptops...
From: Gregory Hosler <gregory.hosler,AT,eno,DOT,ericsson,DOT,se>
Date: Fri, 17 Jan 2003 11:14:22 +0100
In-reply-to: <Pine.GSO.4.44.0301171142460.885-100000@cs.uku.fi>

On 17-Jan-03 Mikko Pasanen wrote:
> 
>       What i was thinking that cipe directory will be located in the
> encypted filesystem and symlinked to /etc directory, then it will not
> expose itself unless you have full access to harddisk. If the key managing
> is proper (laptop stolen -> all access denied to internal services ) I
> would be more worrying about the information which is lying on
> the local harddisk.

not sure if that will work, or not. The last para on the "Specifying Options"

        info cipe -> Configuration -> Specifying options

is quite clear about the options file. it's *very* picky. Whether or not it
will allow the options file to be a soft link is not clear, possibly worth
testing, but it would not be a big surprise if it didn't (because then it 
would
have to verify that the pointed to file had *no* directies under it that 
failed
to meet the criteria).

you could always use command line option to otherwise specify the options file
though.

-Greg

> On Fri, 17 Jan 2003, Gregory Hosler wrote:
> 
>>
>> On 17-Jan-03 Mikko Pasanen wrote:
>> >
>> >       How about encrypting partitions which are containing critical
>> > information ? Of course it would be harder to borrow machines, but I 
>think
>> > it possible to easily separate "critical" information and regular stuff,
>> > and then if the user cannot mount critical stuff they cannot access the
>> > network and can login with guest account.
>>
>> the password is on the root partition (in /etc/cipe, which by definition
>> *will*
>> be in the root partition). if you're gonna encrypt the root partition, and
>> then
>> lend out the laptop, you need to release the password for the root
>> partition,
>> otherwise you might as well not lend out the laptop in the first place.
>>
>> :)
>>
>> -Greg
>>

----------------------------------
E-Mail: Gregory Hosler <gregory.hosler,AT,eno,DOT,ericsson,DOT,se>
Date: 17-Jan-03
Time: 18:01:07

  If each of us have one object, and we exchange them,
     then each of us still has one object.
  If each of us have one idea,   and we exchange them,
     then each of us now has two ideas.

----------------------------------





<< | Thread Index | >> ]    [ << | Date Index | >> ]