|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] Laptop recovery--useful data to collect?
|
JP Vossen wrote:
On 07/14/2010 03:47 AM, JP Vossen wrote:
Date: Tue, 13 Jul 2010 22:01:52 -0400
From: Gordon Dexter<gordon@texasdex.com>
Subject: [PLUG] Laptop recovery--useful data to collect?
I'm setting up my Eee 901 netbook with a 'phone-home' type shell script
that will collect various data in the event that it is stolen.
[...]
You know, I gave this some more thought and I think we've all gotten
caught up in "cool problem solving" and have failed to ask a better
question, which is, why does this matter?
The laptop should have whole-disk encryption, thus the thief should
never be able to boot it up, thus none of these solutions should never
have a chance to work.
So... Why isn't the laptop's data protected?
This was really brought out when reading
http://ask.slashdot.org/story/10/07/12/2253218/Retrieving-a-Stolen-Laptop-By-IP-Address-Alone
because that OP was tracking his stolen laptop via Thunderbird logging
into GMail via IMAP. Wait, WHAT?!? So you turn on this laptop, and
it boots, auto-logs-in, and fires up TB all by itself?!? WTH!!!
My policy is that any laptop that could leave the house has whole-disk
encryption and even if on but suspended, it asks for a (user) password
on un-suspend. So how do these "phone home" tricks even matter since
the OS and data should never be accessible to the bad guy in the first
place?
(I get that in this particular case the laptop may have no data, and
it's certainly a cool thing to play with. My point is that people *in
general* need to start taking the default stance of whole-disk
encryption for "stored data in motion" and worry less about fancy
tricks.)
Later,
JP
You're absolutely right of course. Every laptop nowadays should have
disk encryption enabled by default.
I was going to mention this in the original post, but decided against it
since I didn't want to over-complicate things. I considered FDE for the
laptop in question, but given the dinky Atom processor I decided against
it. Instead it has the next best thing to FDE: an encrypted /home
partition, with ramdisks for /tmp and /var/log.
The drive layout of the Eee 901 kind of forces me to do it this way. It
provides two physically separate drives (4G and 16G), so if I wanted to
encrypt both I'd have to enter two passwords on boot. The ramdisks are
mostly because of SSD wear but they also minimize info leakage. I don't
use swap on the machine, so that won't leak info either. At one point I
even had encrypted hibernate set up with uswsusp, but upgrading to 9.04
broke it.
The other interesting thing about my setup that makes this tracking
possible is that I have gdm set to log my username in automatically.
That's convenient for me since I only need one password on bootup, but
it has another interesting effect. Since I'm not using luks for the
/home crypt, it won't error out when given a wrong disk password, it
just silently fails to mount /home, allowing the thief to use the
laptop. I have a minimal home directory set up on the root partition,
so if /home doesn't mount they just see a home directory that I set up
for them (this could also be useful for border crossings...). They can
use this for as long as they want, and they'll have rights to join
wireless networks if they need to, but they won't be able to sudo
because they don't have the password to the account. There is also a
BIOS password and a GRUB password on the machine, so I think it's as
wipe-resistant as I can make it.
I realize that this whole scheme is overthought and perhaps slightly
Rube Goldberg, but it works pretty well for me, and happens to be quite
amenable to this sort of tracking thing.
--Gordon
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|