| Art Alexion on 2 Oct 2008 09:48:16 -0700 |
|
On Thursday 02 October 2008 11:43:15 am LeRoy Cressy wrote: > Art Alexion wrote: > >> You are encrypting /home, I hope? > > > > I hadn't thought about it, but it's a good idea. We've had people break > > LCDs and lose chargers, but have been lucky so far about losing the > > laptop itself. We don't have much in terms of trade secrets, but some > > people have a lot of HIPPA protected stuff. > > > > These are not technical users. Encryption suggestions that won't freak > > them out? > > I would encrypt both the swap and the home partition. On system boot > the system will prompt for a password for each. Since these are non > tech type people, I would make the passwords the same for both and also > something easy for your non tech people. > > When I encrypted my laptop the /etc/fstab changed to: > #/dev/hda5 /home ext3 defaults 0 2 > /dev/mapper/home /home ext3 defaults 0 3 > #/dev/hda2 none swap sw 0 0 > /dev/mapper/swap none swap sw 0 0 > > One of the tools that you might consider is cryptmount > > Here is the Debian description: > > Description: Management and user-mode mounting of encrypted file systems > cryptmount is a utility for creating encrypted filesystems & swap > partitions > and which allows an ordinary user to mount/unmount filing systems > without requiring superuser privileges. > . > It offers the following features (for 2.6-series Linux kernels): > * easy and safe on-demand access to filesystems without su/sudo; > * access passwords can be changed easily without involving the > sys-admin; > * filesystems can reside on raw disk partitions or ordinary files; > * multiple filesystems can be stored in a single disk partition; > * includes support for encrypted swap partitions; > * temporary filesystems can be setup via command-line, > for use in shell-scripts; > * encrypted filesystems can be initialized at boot-up or on demand; > * transparent configuration of dm-crypt & loopback devices during > mounting; > * encrypted access keys are compatible with OpenSSL and can be > stored separately on removable media (e.g. USB flash disks). > Tag: admin::filesystem, role::program, scope::application, > security::cryptography, security::privacy, works-with::file Alright, I am going to give this a try. Thanks for the encryption suggestions and the detailed help. Does anyone have any thoughts about a partition scheme between the 8 & 32 GB devices? Both SSD, the 8 GB is supposed to be faster. We encourage people not to save stuff locally, but on a usb stick, as they are sharing a user home with all people who borrow these, and they are not guaranteed that the stuff they save locally will be there if they ever get the same machine back. Attachment:
signature.asc ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|