[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: cgd and remote keys
Just additional note, it is possible to store /etc/cgd/* content on usb
memory, already tested. You just need to add a line into /etc/fstab.
Although this does not allow you to enable remote reboot, it is much more
secure than storing cgd key on / partition.
Curt Sampson wrote:
> I've been thinking recently about how to add some additional security
> to hosts in less-secure physical locations, where there's a possibility
> they could be stolen. I'd like to use CGD to encrypt parts of the disks,
> but it always seemed rather pointless if the key was in a file on the
> disk, and of course the machine can't reboot unattended if it's not.
> A solution to this did occur to me, however. If I added a new key
> generation method to cgdconfig that made a TCP connection to a given
> host, sent an identifier, and read back a key or passphrase, I could
> have a server (or group of servers) elsewhere on the net supply that.
> That server could refuse to return the information if the request came
> from an unexpected IP address, and I could also disable that key in the
> server if I found out the machine had been stolen (which I would very
> quickly if I were monitoring it via Nagios or whatever).
> For an unecrypted connection, this means that the perpetrator of a back
> bag job would need to either sniff the key/passphrase in an exchange
> before stealing the host, or compromise one of the servers holding the
> key/passphrase. The former attack could be prevented by using IPSec.
> I would also need to add a post-network /etc/rc.d/cgd script, probably
> reading from a different config file (/etc/cgd/cgd-net.conf).
> Of course, one couldn't encrypt one's root partition with this method,
> but for encrypting something like /home or a data partition, it would be
> Does this seem like a reasonable idea? Does anybody have any further
> comments? Is there an existing protocol we might use that would be as
> simple as a simple TCP connection? (HTTP comes to mind.) Would anybody
> object to me writing and committing this, along with committing a simple
> server to pkgsrc?
> Curt Sampson <cjs%starling-software.com@localhost> +81 90 7737
> Mobile sites and software consulting: http://www.starling-software.com
View this message in context:
Sent from the tech-security mailing list archive at Nabble.com.
Main Index |
Thread Index |