I'll be setting up a new box for the house and I want to use OpenBSD for
it, both for its security and since it will be an older box it will run
better than with Debian.

Roles:

main firewall for dialup internet access.
fetchmail and sendmail to ISP smarthost
other simple stuff (have another box for insecure stuff like watching
	videos, surfing the net with javascript and flash).


We've moved and now our main security threat is physical security.  We
don't want the data on the computer (i.e. in the /home directories) to
be readable if someone steals the box.

I'm thinking I could go two routes:

1.	encrypt all of /home with an encrypted virtualfs file.  However,
then the data is unencrypted whenever the box is powered on.

2.	I wonder if there's a way to have per-user home directory
encryption so that the user's directory is accessed/unencrypted/mounted
(whatever the semantics) on login and recrypted/unmounted on logout.

Have swap and /tmp encrypted too.  Also, perhaps per-user $TMP
directories if go with plan 2, above.

I think I want root to be able to mount/access the directories so that
the data can be included in a backup set (which is then piped through
openssl for encryption) on a file-by-file basis rather than just backing
up a filesystem image and risking the whole thing if that image becomes
corrupted.

Ideas?  What do others do to secure /home?  I read on undeadly an idea
of putting the /home filesystem on a removable drive and putting it into
a safe but then you have to have the safe mounted securely.

Doug.

[ message continues ]

if someone knowledgeable enough has physical access to the running box, you
can't keep the data private.

[ message continues ]

Thats true, but you can make it awfully hard to get the data.  I know
of someone who put his computer in a gun closet, which is a tall metal
cabinet weighing many hundreds of pounds, secured with bolts inside
the case to the cement wall in the basement.  Could you get it?  Sure:
with enough effort and possibly explosives.

You can secure a computer pretty well.  Just think heavy and bolted
to a wall.

--STeve Andre'

[ message continues ]

If the box is running but no users are logged-in, why can't the data be
encrypted and therefore private?  This is my thinking about per-user
home directory/partition encryption.  

Doug.

[ message continues ]

It can be. Use OpenSSL or GnuPG or PGP symmetrically (only store the
passphrase in your head) in addition to volume/disk level encryption. Tar up
your secret files, encrypt the tar file and then remove the secret files.
When you need to read the secret files, decrypt the tar and then extract
what you need. Wash, rinse and repeat. Cron a sh script to dd /dev/zero onto
the home partition until it's full (don't want sophisticated guys viewing
your unallocated space)... know what I mean? Man, this is getting a bit
paranoid. 

-- 
View this message in context: http://www.nabble.com/new-home-box-for-secure-data-storage-tp20235167p20275760.html
Sent from the openbsd user - misc mailing list archive at Nabble.com.

[ message continues ]

Most of your requests are pretty common and come up frequently enough  
you should be able to find the answers, but this part makes me  
wonder.   So how does root have the key?  Do you type it in everytime  
you do a backup or is there a file called "dontreadthis" in /root?

You could maybe do some tricks with cfs but it's a guaranteed shot in  

I don't let people steal my computers. 

[ message continues ]

Lets say the key is in a file.  Lets encrypt that file with openssl and
keep it in /root.  Whoever runs the backup program is asked for the
passphrase to unlock the file.  The backup program then uses that file

Of course there's the risk/benefit/cost analysis.  Gun cabinets or safes
bolted to the floor work but are expensive.  I could get the same kind
of deterrence if I installed a big rack-mount 12U server full of a dozen
hard drives (think too heavy for one person to steal, assuming that they
recognized it as a computer in the first place).  Software encryption is
free.

Doug.

[ message continues ]

I'm confused, the encrypted volume cannot be backed up without a key?



-- 
Some software money can't buy. For everything else there's Micros~1.

[ message continues ]

Sure, I could backup the encrypted volume.  However, I'd rather back the
data up as an unencrypted directory along with everything else.  

I don't know what's involved in e.g. restoring an accidentally deleted
file from within an encrypted volume.  I guess I'd treat it like a
tarball in that its a file, mount it somewhere using the usual key and
retreive the file, mount the user's encrypted volume and copy the file
back where it belongs.

Its likely that its me that's confused.  Since what I'm contemplating
doesn't seem to be mainstream, I'm assuming that backup and restore
procedures aren't mainstream (e.g. have the kinks worked out) either.
That assumption could be invalid.

Doug.

[ message continues ]

And then someone steals your backup.

Wouldn't it be more sophisticated, to secure the physical access (lock
up the door, some security on the windows (the real one, not that crap
from MS), if any) to the system and encrypt the backup (public-key comes
to my mind). As mostly backup will be done on external media (DVD, CD,
Tape, USB-Harddrives)

It always depends on how paranoid you are (and as I remember you are
more paranoid then the average ;-) ), how secret your data is.



-- 

Mit freundlichen Gr|_en,

  Guido Tschakert

_____________________________________________________________

SRC Security Research & Consulting GmbH
Graurheindorfer Str. 149 a      Tel: +49-228-2806-138
53117 Bonn                      Fax: +49-228-2806-199
http://www.src-gmbh.de          Mob: +49-160-3671422
Handelsregister Bonn: HRB 9414  Geschdftsf|hrer: Gerd Cimiotti

[ message continues ]

Physical access to the apartment is as secure as possible given the
lease (which is what is prompting this thread).  

As for the backup media, the total size of the backup set is about 50 GB
and for off-site I want it to fit in the bank's small safety deposit box
(CDs don't fit) so I'm thinking about using LTO-1 (LTO's will fit and
LTO-1 is slow enough that a single IDE drive in a P-133 box should be
able to keep it fed).  This is a separate issue that I don't want to

[ message continues ]

Here's a possible way to make backups for users homes:
Install boxbackup, create a configfile per user, add a line to .profile
that runs boxbackup in snapshot modes everytime a user logs in or logs
out.
Boxbackup transfers and stores the backups encrypted. So no need to
worry there.

-- 

Michiel van Baak
michiel@vanbaak.eu
http://michiel.vanbaak.eu
GnuPG key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x71C946BD

"Why is it drug addicts and computer aficionados are both called users?"

[ message continues ]

I'm not familiar with boxbackup (I'll look it up later).  Something
similar was that I figured that the encrypted images could be under,
e.g. /enchome and the user's .profile may cause the encrypted volume to
be mounted over their /home/<username> directory.

Doug.

[ message continues ]

-- 
http://www.felipe-alfaro.org/blog/disclaimer/

[ message continues ]

Yes.

[ message continues ]

Then keep it off a computer. Otherwise look for solutions that have already
been presented...because they work.

- Eric

[ message continues ]