|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] eeePC partitioning suggestions
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Art Alexion wrote:
>
>> You are encrypting /home, I hope?
>
> I hadn't thought about it, but it's a good idea. We've had people break LCDs
> and lose chargers, but have been lucky so far about losing the laptop itself.
> We don't have much in terms of trade secrets, but some people have a lot of
> HIPPA protected stuff.
>
> These are not technical users. Encryption suggestions that won't freak them
> out?
>
I would encrypt both the swap and the home partition. On system boot
the system will prompt for a password for each. Since these are non
tech type people, I would make the passwords the same for both and also
something easy for your non tech people.
When I encrypted my laptop the /etc/fstab changed to:
#/dev/hda5 /home ext3 defaults 0 2
/dev/mapper/home /home ext3 defaults 0 3
#/dev/hda2 none swap sw 0 0
/dev/mapper/swap none swap sw 0 0
One of the tools that you might consider is cryptmount
Here is the Debian description:
Description: Management and user-mode mounting of encrypted file systems
cryptmount is a utility for creating encrypted filesystems & swap
partitions
and which allows an ordinary user to mount/unmount filing systems
without requiring superuser privileges.
.
It offers the following features (for 2.6-series Linux kernels):
* easy and safe on-demand access to filesystems without su/sudo;
* access passwords can be changed easily without involving the
sys-admin;
* filesystems can reside on raw disk partitions or ordinary files;
* multiple filesystems can be stored in a single disk partition;
* includes support for encrypted swap partitions;
* temporary filesystems can be setup via command-line,
for use in shell-scripts;
* encrypted filesystems can be initialized at boot-up or on demand;
* transparent configuration of dm-crypt & loopback devices during
mounting;
* encrypted access keys are compatible with OpenSSL and can be
stored separately on removable media (e.g. USB flash disks).
Tag: admin::filesystem, role::program, scope::application,
security::cryptography, security::privacy, works-with::file
- --
Rev. LeRoy D. Cressy mailto:leroy@lrcressy.com /\_/\
http://lrcressy.com ( o.o )
Phone: 215-535-4037 > ^ <
gpg fingerprint: 62DE 6CAB CEE1 B1B3 359A 81D8 3FEF E6DA 8501 AFEA
For info on enigmail: http://lrcressy.com/linux/mozilla.pdf
For info on gpg: http://www.gnupg.org/
Jesus saith unto him, I am the way, the truth, and the life:
no man cometh unto the Father, but by me. (John 14:6)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEVAwUBSOTsEquxGqN1iGbbAQg9Jgf/UAmfjmJpult4tO/x5MRwHUUTWOVUrQOy
rW6tS84U4f1A8eaxv9Z7zPdWL/+eZZokjXAhFx3bv/Oz7l8vJl1Cn49w8Z79M1pB
MoatezkM+s+QGnP+sDy0dobWVrIDXWSIXsqn9uKCarHZ8qMk/1ITz9T0zUXLL40i
juTQ2JIAMpzcWvs4pNIQeP8u7jK/A71XY4KcH5ECms/UuVUvKKiqIS+QzWZm8z6z
cj5QZRmsN0m3yquLky9pgRq4HBk+EJac8m6x6o0PvNrZ5lNJKg+n8xwFV338w2Tk
N8xKEUC1FE2jbTKMjhNX7GT+BP4XyQSs69Vhx+f9hifs2H0kYLF/Iw==
=1bFp
-----END PGP SIGNATURE-----
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|