data security

data security

Orr Dunkelman orr.dunkelman at gmail.com
Wed Feb 4 12:27:52 IST 2009


2009/2/4 Erez D <erez0001 at gmail.com>:
>
> when a hard drive dies and it is under warrenty, we need give the old one
> when we want it replaced.
> usuallyon the hard drive we have some personal things - pictures, documents,
> or confidential data if it belonged to a company etc...
> assuming the data is backed up (backing-up is an issue for another thread),
> we are left with the possibility of someone retriving data from the damaged
> drive.
> and when the drive is damaged, we can't even access it to erase that info
> before replacing it with a new one.
>
> so i though of a solution - use a crypto FS.
> but there are many problems with it.
> the practical problems are at least:
> 1. i do not know of a major linux distibution (i.e. redhat/ubuntu etc... )
> that fully support crypto-fs out of the box, so if i use it, i will need to
> do manual changes every time i upgrade the system.
> 2. it is not really secured if the key is stored on disk. however if the key
> is not stored on disk, then the computer can not acces the data without
> human intervention, which is not good either when it comes to servers.

The solution is thus to have two partitions. One with the OS stuff and
configuration, and one which is encrypted and contains your personal
data.

I guess that the configuration may still reveal some secrets (like
which hosts are important enough to be in /etc/hosts), but it's better
than nothing...

-- 
Orr Dunkelman,
Orr.Dunkelman at gmail.com

"a scientific man ought to have no wishes, no affections, -- a mere
heart of stone" - Charles Darwin.

GPG fingerprint: C2D5 C6D6 9A24 9A95 C5B3  2023 6CAB 4A7C B73F D0AA
(This key will never sign Emails, only other PGP keys. The key
corresponds to orrd at vipe.technion.ac.il)



More information about the Linux-il mailing list