Bind ubuntu to hard drive.

Harijs Buss harijs at info-shelter.net
Sun Mar 25 19:10:32 UTC 2007 

On Sunday 25 March 2007 20:52, TwinZ Ubuntu Mailing List rakstija:
> configuration files say for networking, postfix, apache and mysql do reside
> in the system. So, yes, I do need to encrypt the system as well.

Oh no. Basic networking info usually does not contain anything secret.  Almost 
everything can be sniffed directly from your network or even from outside - 
like IP addresses in use, netmask, gateway etc, all this and much more is 
transferred trough your network in easily accessible formats. 

For config info you really want to hide (hmmm :) it would be enough to put 
only these files on encrypted partition, either directly or via appropriate 
symlinks. 

If you really need to keep some things secret, keep in mind that this is  
expensive, time consuming, slowing things down, sometimes annoying.  Think 
about secrecy as complex of different measures, starting with physical 
security and ending with all kinds of possible data leaks.  For example, 
what's the sense in encrypting file systems, if your admin inputs his 
passphrase trough wireless Bluetooth keybord which transmits everything via 
radio in easy readable plaintext... "bad guys" can read Bluetooth keybords 
over hundreds of meters or even more, using off-the-shelf additional 
antennas. Another example - what's the sense of keeping some planning info 
secret, if  employee can make a screenshot photo with his mobile phone and 
immediately transfer this secret table thousands of miles away...  And so 
on... 

In short, if you really need to keep secrets, better get good security expert, 
and this isn't going to be cheap.  Trying to solve serious security problems 
using only software solutions is definitely doomed from the very beginning.

On the other hand, if things are not SO serious, is it worth bothering at 
all? :)  Put your backup disk in a small lockable steel box and then put it 
in the same safe... :-)  You might want to use also tamper-proof sealing 
sticker  with unique number each time you lock up this disk box. These 
suckers change image and/or color if somebody tries to get them off :)  so 
you will know at least post-factum. By the way, is there any security camera 
looking at your safe? They are quite affordable nowadays.

Harijs
CISA

More information about the ubuntu-users mailing list