Jason Stelzer on 2 Oct 2008 07:15:54 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] eeePC partitioning suggestions

On Thu, Oct 2, 2008 at 9:16 AM, Art Alexion <art.alexion@gmail.com> wrote:
> I hadn't thought about it, but it's a good idea.  We've had people break LCDs
> and lose chargers, but have been lucky so far about losing the laptop itself.
> We don't have much in terms of trade secrets, but some people have a lot of
> HIPPA protected stuff.
> These are not technical users.  Encryption suggestions that won't freak them
> out?

There are a bunch of ways to do this, but in this case you want
something invisible to the user. I've been happily using pgp desktop
on my mac since it was released. Previously I had been using file
vault, but wasnt that pleased with it. PGP Desktop actually has much
less horrible performance characteristics than file vault did and
since the OS doesn't really 'know' it's encrypted (unlike file vault),
stuff like time machine continues to work. In my case, I was most
concerned with the possibility of identity theft in addition to loss
of property if my laptop gets stolen. If someone breaks into my home
to get at my unencrypted backups, I feel I have bigger problems to
worry about ;)

Another attractive option under linux is to encrypt $HOME. This is
especially great if we're talking about a regular user account.
Everything they care about will most likely be in $HOME. The $HOME
directory gets mounted when the user logs in and unmounted when the
user logs out. To the person logging in, the fact that everything in
$HOME is encrypted is essentially hidden from them since there's
nothing they really have to do. It does break some stuff like
public_html in apache for instance. But that can be worked around via
httpd.conf if needed.

See http://gentoo-wiki.com/HOWTO_Encrypt_Your_Home_Directory_Using_LUKS_and_pam_mount

Finally, the most invasive and generally complained about method is to
ask the users to dutifully encrypt everything important with pgp. This
is such a gigantic pain in the ass and has so many potential vectors
for missed data (email caches for instance) that its not really worth
it unless you have very specific and easy to manage encryption

Anyways, I've used these 3 systems myself. Certainly an encrypted
$HOME is a wonderful source of peace of mind when you're talking about
a laptop with personal information on it. The only thing to really
keep in mind with this is that a reasonable backup strategy is even
more critical. If the disk fails, you can't try to partially salvage
some data. All you're left with is a big blob of encrypted garbage.
Remember that :)

Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug