1 |
> >Once you |
2 |
> > patch, there are many resources and HOWTOs available discussing the |
3 |
> > steps to use the suspend2 toolkit to encrypt your hibernation image. |
4 |
> So is that overkill for novice to do in two weeks? |
5 |
Probably; I would suggest starting from the suspend2-sources and |
6 |
evaluating how you need to go forward from there. |
7 |
|
8 |
> Else - |
9 |
> how to ensure, that virtual machine doesn`t make some internet |
10 |
> connections and that it cannot access sensitive files? As to me, it |
11 |
> seams to be some kind of untrusted processes disconnection. |
12 |
Unless you really mess with the security of your virtualization layer |
13 |
of choice (VMWare, Xen, qemu, etc.), access to sensitive files |
14 |
shouldn't be a problem - the guest is sandboxed into it's own private |
15 |
virtual environment. Most of those also add host-only networking |
16 |
bridges that allow you to very precisely control what network |
17 |
resources the guest has access to. RSBAC would help some with |
18 |
file-access, but virtualization really should take care of that; |
19 |
neither hardened-sources nor rsbac-sources really provide you extra |
20 |
tools to control network access, as they're already there in the |
21 |
kernel (iptables, ebtables, 802.3 bridging, etc.). |
22 |
|
23 |
> >powered off, buried in 10 feet of concrete |
24 |
> data must be used properly, not buried .. which is easy to say. |
25 |
Certainly, but my tendency as a native English speaker was to make the |
26 |
point in hyperbole (http://en.wikipedia.org/wiki/Hyperbole) rather |
27 |
than be literal. My apologies for not considering the translation. |
28 |
-- |
29 |
gentoo-hardened@g.o mailing list |