| 1 |
> >Once you |
| 2 |
> > patch, there are many resources and HOWTOs available discussing the |
| 3 |
> > steps to use the suspend2 toolkit to encrypt your hibernation image. |
| 4 |
> So is that overkill for novice to do in two weeks? |
| 5 |
Probably; I would suggest starting from the suspend2-sources and |
| 6 |
evaluating how you need to go forward from there. |
| 7 |
|
| 8 |
> Else - |
| 9 |
> how to ensure, that virtual machine doesn`t make some internet |
| 10 |
> connections and that it cannot access sensitive files? As to me, it |
| 11 |
> seams to be some kind of untrusted processes disconnection. |
| 12 |
Unless you really mess with the security of your virtualization layer |
| 13 |
of choice (VMWare, Xen, qemu, etc.), access to sensitive files |
| 14 |
shouldn't be a problem - the guest is sandboxed into it's own private |
| 15 |
virtual environment. Most of those also add host-only networking |
| 16 |
bridges that allow you to very precisely control what network |
| 17 |
resources the guest has access to. RSBAC would help some with |
| 18 |
file-access, but virtualization really should take care of that; |
| 19 |
neither hardened-sources nor rsbac-sources really provide you extra |
| 20 |
tools to control network access, as they're already there in the |
| 21 |
kernel (iptables, ebtables, 802.3 bridging, etc.). |
| 22 |
|
| 23 |
> >powered off, buried in 10 feet of concrete |
| 24 |
> data must be used properly, not buried .. which is easy to say. |
| 25 |
Certainly, but my tendency as a native English speaker was to make the |
| 26 |
point in hyperbole (http://en.wikipedia.org/wiki/Hyperbole) rather |
| 27 |
than be literal. My apologies for not considering the translation. |
| 28 |
-- |
| 29 |
gentoo-hardened@g.o mailing list |
Archives