Re: [nottingham] Panics, kernel 2.4 (fwd)

• Previous message: Robert Davies: "Re: [nottingham] Panics, kernel 2.4 (fwd)"
• In reply to: Matthew Sackman: "Re: [nottingham] Panics, kernel 2.4 (fwd)"
• Next in thread: Robert Davies: "Re: [nottingham] Panics, kernel 2.4 (fwd)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Sat, 5 Jan 2002, Matthew Sackman wrote:

> On Sat, Jan 05, 2002 at 10:28:33PM +0000, Jon Masters wrote:
> >
> > Huh? If someone nicks a machine using encrypted swap then it's harder for
> > them to recover any useful data from it. Said machine is to be used for
> > offsite secure backups which are already encrypted using various strong
> > crypto and stored on ext3 on LV groups on RAID 5 arrays.
>
> Yes - I forgot (hangs head in shame) that swap is not volatile. Duh.
> Which has made me think (shock): another idea would be to, on powerdown
> write /dev/random all over your swap partition and then on boot up, get
> the initrd image to do a mkswap on that partition before the swapon.

Due to the electromechanical properties of hard disk drives, this is *NOT*
a secure thing to do as it is still possible to retrieve data from the
drive and reconstruct the last stored data before the /dev/random write.
One could use "wipe" or a similar tool however that takes time :-) Of
course all of this is excessively paranoid but then, that's me.

> Fair enough, although as you realise, this kind of protection only helps
> with physical nicking of the machine: if the machine is hacked then this
> doesn't help at all which was the point I was trying to make.

Hehe :) I spent just a little time carefully hand crafting iptables
rulesets and installing all the loggers I could find, and turning off
everything. If someone cracks that box then they'd have to be reasonably
good - and after they'd served their hard time I'd like to meet them.

> As I implied, I don't have the hardware = no null modem cable! (Plus I don't
> think that I even have it compiled in on any machine!).

Only costs about 5 quid in maplin, less if you solder one up yourself. I
always compile sensible things like that in to my kernels, never use stock
distro kernels for anything that needs to be secure...and I'm still
waiting for the alpha 2.4 owl patches :-(

--jcm

--------------------------------------------------------------------
http://www.lug.org.uk http://www.linuxportal.co.uk
http://www.linuxjob.co.uk http://www.linuxshop.co.uk
--------------------------------------------------------------------

• Previous message: Robert Davies: "Re: [nottingham] Panics, kernel 2.4 (fwd)"
• In reply to: Matthew Sackman: "Re: [nottingham] Panics, kernel 2.4 (fwd)"
• Next in thread: Robert Davies: "Re: [nottingham] Panics, kernel 2.4 (fwd)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Sun 06 Jan 2002 - 09:21:14 GMT