1 |
On Jun 2, 2014, at 15:36, godzil <godzil@××××××.net> wrote: |
2 |
|
3 |
> Le 2014-06-02 13:23, Matti Nykyri a écrit : |
4 |
>> On Jun 2, 2014, at 16:40, "J. Roeleveld" <joost@××××××××.org> wrote: |
5 |
>> Well i have a switch in the door of the server room. It opens when you |
6 |
>> open the door. That signals the kernel to wipe all the encryption keys |
7 |
>> from kernel memory. Without the keys there is no access to the disks. |
8 |
>> After that another kernel is executed which wipes the memory of the |
9 |
>> old kernel. If you just pull the plug memory will stay in its state |
10 |
>> for an unspecified time. |
11 |
>> Swap uses random keys. |
12 |
>> network switches and routers get power only after firewall-server is |
13 |
>> up and running. |
14 |
>> There is no easy way to enter the room without wipeing the encryption |
15 |
>> keys. Booting up the server requires that a boot disk is brought to |
16 |
>> the computer to decrypt the boot drive. Grub2 can do this easily. This |
17 |
>> is to prevent some one to tamper eith a boot loader. |
18 |
>> System is not protected against hardware tamperment. The server room |
19 |
>> is an RF-cage. |
20 |
>> I consoder this setup quite secure. |
21 |
> |
22 |
> It's nice to encrypt and wipe things automatically, but what about the backups? |
23 |
|
24 |
Well i have backups on their own drive with its own keys. I have backups of the keys in another location. The drives are LUKS drivers with detached LUKS info. |
25 |
|
26 |
-- |
27 |
-Matti |