Harddisk encryption ??
Hello, I am trying to post this message once more. It seems that my first message somehow didn't find the way to the mail-list. I have one problem which I would like to consult with you. I need to protect the data on the computer harddisk against physical theft. Current situation: Computer with several harddisks - approx. 9 GB. On this computer, the following OS are used: Linux, DOS, Windows NT. The data on this computer must be accessible from all operating systems. Encryption of files must be transparent to user and encryption algorithm must be "strong". Because I am not able to find any disk encryption software which is able to run on all these platforms, I decided to use the following temporary solution: Add one more computer with Linux OS. On this computer, there will be only a small root partition with necessary Linux components. All other disk space will be encrypted with IDEA, using the /dev/loop. This machine will be some kind of secure file server. On the second machine, where the user works, there will be partitions with operating systems, necessary utilities and the TCP/IP stack for DOS/Windows, NT and Linux. The data and application disks will be mounted via NFS and user will work with files from file server. The computers will be interconnected with Fast Ethernet. This mini-network is NOT connected to the Internet, so the NFS (in)security should not be a problem. Also, both computers will be placed in the same room (distance approx. 3 m), so there should be no problem with tapping/data capturing on the Fast Ethernet connection. I have the following questions. Can anybody see some major security hole in this system ? How fast will be this system ? Anybody has any idea if there is some more sophisticated solution for this problem ? Anybody heard about some strong disk encryption which is able to rund under Windows NT, Linux and DOS ? It seems that the Win NT are the major problem. I am not able to find any disk encryption for NT. Anybody is able to port Secure File System to Windows NT ? I am trying to port this program under Linux, but I am not the NT system programmer. Thanx for any comments, help, ideas etc. Best regards PavelK -- **************************************************************************** * Pavel Korensky (pavelk@dator3.anet.cz) * * DATOR3 Ltd., Modranska 1895/17, 143 00 Prague 4, Czech Republic * * PGP key fingerprint: 00 65 5A B3 70 20 F1 54 D3 B3 E4 3E F8 A3 5E 7C * ****************************************************************************
i definately see a problem. you encrypt all your data on that another computer, and then send this data over your LAN in the clear. the data can be compromised by snooping at the network connection. that sux, although you are protected against "physical theft". I suggest that you use PGP and DOS partitions to keep your files instead. poka igor Pavel Korensky wrote:
Hello,
I am trying to post this message once more. It seems that my first message somehow didn't find the way to the mail-list.
I have one problem which I would like to consult with you. I need to protect the data on the computer harddisk against physical theft.
Current situation:
Computer with several harddisks - approx. 9 GB. On this computer, the following OS are used: Linux, DOS, Windows NT. The data on this computer must be accessible from all operating systems. Encryption of files must be transparent to user and encryption algorithm must be "strong".
Because I am not able to find any disk encryption software which is able to run on all these platforms, I decided to use the following temporary solution:
Add one more computer with Linux OS. On this computer, there will be only a small root partition with necessary Linux components. All other disk space will be encrypted with IDEA, using the /dev/loop. This machine will be some kind of secure file server. On the second machine, where the user works, there will be partitions with operating systems, necessary utilities and the TCP/IP stack for DOS/Windows, NT and Linux. The data and application disks will be mounted via NFS and user will work with files from file server. The computers will be interconnected with Fast Ethernet. This mini-network is NOT connected to the Internet, so the NFS (in)security should not be a problem. Also, both computers will be placed in the same room (distance approx. 3 m), so there should be no problem with tapping/data capturing on the Fast Ethernet connection.
I have the following questions.
Can anybody see some major security hole in this system ? How fast will be this system ? Anybody has any idea if there is some more sophisticated solution for this problem ? Anybody heard about some strong disk encryption which is able to rund under Windows NT, Linux and DOS ? It seems that the Win NT are the major problem. I am not able to find any disk encryption for NT. Anybody is able to port Secure File System to Windows NT ? I am trying to port this program under Linux, but I am not the NT system programmer.
Thanx for any comments, help, ideas etc.
Best regards
PavelK
-- **************************************************************************** * Pavel Korensky (pavelk@dator3.anet.cz) * * DATOR3 Ltd., Modranska 1895/17, 143 00 Prague 4, Czech Republic * * PGP key fingerprint: 00 65 5A B3 70 20 F1 54 D3 B3 E4 3E F8 A3 5E 7C * ****************************************************************************
- Igor.
-----BEGIN PGP SIGNED MESSAGE----- ichudov@algebra.com (Igor Chudov @ home) writes:
i definately see a problem.
you encrypt all your data on that another computer, and then send this data over your LAN in the clear. the data can be compromised by snooping at the network connection.
If you had read his message, you would have noted that he's on a private network. Net sniffing should not be a problem, unless he's under tempest attack. Of course in that case, he's probably screwd anyway.
that sux, although you are protected against "physical theft".
I suggest that you use PGP and DOS partitions to keep your files instead.
Nahh, however, watch out for temporary files lying around, post-its with passwords written on them, plaintexts lying around on unencrypted partitions, etc. Jer "standing on top of the world/ never knew how you never could/ never knew why you never could live/ innocent life that everyone did" -Wormhole -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQB1AwUBMq8Lyckz/YzIV3P5AQGRBQMA2Y9kWMRhTo7p5NSzYM/jMgG0keHycokD jEkOA2/MhX9G2mH9MtDuqUWMEbRXswPYRBJ41MOMGu4IIXnWMY6mbyB1tHYVGYxL EgqJxSFAexIBewC9gOWoKCFMf53RaRJb =pDRv -----END PGP SIGNATURE-----
participants (3)
-
ichudov@algebra.com -
Jeremiah A Blatz -
Pavel Korensky