Great System

jackson

Member

Reaction score: 3
Messages: 59

This is a great operating system. Thank you.
I'm very impressed by the ability to automatically mount geli encrypted backup disks at boot.
And it's free (I know it's not free but anyway). Thank you, all.
 

ShelLuser

Son of Beastie

Reaction score: 1,830
Messages: 3,622

I'm ery impressed by the ability to automatically mount geli encrypted backup disks at boot.
Keep in mind that such a setup doesn't protect your system at all. If your server gets stolen then people can simply boot it, and the encryption layer has no further effect on the active system.
 

ralphbsz

Son of Beastie

Reaction score: 1,718
Messages: 2,675

Sorry I don't follow you. My OS is geli encrypted and so is my backup disk
Where does the password or encryption key or passphrase come from?

If you have to manually enter it (you sit there at a keyboard and type it after boot), then your system is secure against someone stealing the computer and booting it. Unless they are capable of guessing the password, or torturing you. I think that's called a "rubber hose attack" among security people: the attacker hits you with rubber hoses until you enter the password.

If you don't have to enter the password and the file systems automatically open up when booting, then a thief just has to steal the computer, plug it in, and they have all the data.

And either way: while the system is running, your data is not protected against a hacker who comes in over the network.

Note: I'm not saying that encrypting disks is useless. On the contrary, it is a good starting point, my laptops all have encrypted disks (and I have to type in my password to open them up, that has been the case since about 2001), and the one external disk that leaves the house is encrypted with manual password entry. But encrypting your disks is only a starting point on your security voyage (there is some line from "Lord of the rings" about a long trip starting with a first step or something like that). If you are interested in security, you might want to also think about other aspects of it. Just as an example: I had the pleasure of working with people whose computers have absolutely no connection to the outside world, no cell phones or USB sticks can be brought into the computer room unless first checked over by the security staff, and every sys admin has an assault rifle on their back when working. These people were very secure.
 
OP
jackson

jackson

Member

Reaction score: 3
Messages: 59

Just as an example: I had the pleasure of working with people whose computers have absolutely no connection to the outside world, no cell phones or USB sticks can be brought into the computer room unless first checked over by the security staff, and every sys admin has an assault rifle on their back when working. These people were very secure.
Those are my kind of guys 😄

If you have to manually enter it (you sit there at a keyboard and type it after boot), then your system is secure against someone stealing the computer and booting it.
That's my setup

Unless they are capable of guessing the password, or torturing you
They're able to torture me. The key is inside my head. I guess the only real protection against a key in your head is a key-file that cannot be stolen aka sys-admin w/ a rifle on his back.
 
Top