GeneralThis forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm using Mandrake 10.1 and while I haven't really tried to "lock down" my Windows partition, it is still password protected with only administrator (group) access. Yet Mandrake 10.1 can read all the files on the partition without even batting an eye at the prospect of having a password. Similarily, I can use Explore 2fs on my Windows partition and not have to enter the root password for Mandrake?!
Well, my question really becomes, is there a way to secure the partitions so that other partitions cannot read from them without knowing the passwords? Or is physical security (i.e. having to be able to physically access the computer) just not as important as distributed security in this computing environment of today?
The only way that I know of is to use an encrypted filesystem. I'm no expert in this area though so wait for somebody with a clue to follow close behind
Just edit the fstab and change the ownership of your windows partition to root or other authorized user. As for 2fs being able to explore your files, you'll just have to unplug your drive
It is possible to lock your drive, but not individual partitions.
Last edited by slantoflight; 11-23-2005 at 11:16 PM.
Originally posted by slantoflight Just edit the fstab and change the ownership of your windows partition to root or other authorized user.
No, that's not what I meant.
What I mean is, if someone shows up with a "live" windows or linux cd, could they make a dump of the files on a linux or windows system respectively without ever knowing the password?
Your solution would hide it from Mandrake but it would be a user-enforced hiding from Linux. I'm wondering if Windows can hide it directly, and if Linux can hide its files (or at least require a password) from Explore 2fs.
Change your bios settings so that cdrom isn't an optional boot device and set a bios password. Anyone wishing to boot via cdrom will need the password. This can be bypassed as well by cracking open the case and pulling the bios battery. That's where the "physical" in "physical security" comes into play. Most cases now come with a built-in cases lock or at least a set of brackets that can be physically locked. If your running linux on these systems then you should also set a boot loader password as well so that a user can't pass kernel options during boot (like boot into single usermode for example).
I find that computer cases are generally easy to crack.
I guess this is a little overboard. But you could put you're motherboard in an expensive very thick walled safe.
Bios password protect your pc. Make sure your unlocked harddrive contains an OS that can unlocked your other harddrives. Make that primary boot drive. Get rid of optional cdrom/floppy drive boot. Lock your harddrives when they're not in use. Password protect your bootloader. Use a different password for each harddrive. Encrypt every single file you can encrypt. In fact, use a self-encrypting filesystem and then password encrypt your files on top of that.
Then install the case in a completely submerged, air-locked,motion detecting room. This will render any conventional means of breaking into your safe electronic, heat, virtually impossible. Your external computer equipment will naturally need to be waterproofed. You will also need an oxygen tank.
Make it so that only you can enter the room,unscathed. Perhaps a special belt thats emits an encrypted radio signal. If a person thats not wearing the belt enters the room, you room signals a death trap. Preferably a very well targeted one. You don't want to have the sour luck of some unwanted intruder entering your room(very unlikely) and have your death trap take you down as well. Also as side note, your belt will have the ability to drain the water out of your room, if you plan on staying a prolonged time.
Ofcourse the door will have all levels of intrusion detection as well, including a basic password, voice recognition, retinal scan, dna sample, and fingerprint verification. The door will also have an automatic 15 minute shutdown feature, if any invalid combination of these items is entered.
Now a couple of obvious questions may arise
Can't a person with a proffesional high-grade welder(who has stolen or duplicated my belt) break through my case or my door?
Very unlikely, as anything hot enough to melt your safe is'nt going to be something a thief/hacker can put in his backpocket and carry around without looking just a bit suspicious. And explosives are too loud and sloppy.
But just in case:
Have temperature alarms on your case/door. If it gets too hot or too cold, have it trigger a death trap.
You could have it wire to alarm the police as well. But cops are'nt 100% garraunteed. Besides, you want a self contained solution as possible, without the threat of human flaws.
Can't a person use acid to corrode my case and/or door and steal my motherboard?
Another unlikely threat. Acid is very slow. And it would probably take hundreds of years to break through your foot thick titanium door.
Ahhh, but what if the person has a time machine?
But just case:
If possible put a self cleaning mechanism on your door. Such as waterfall on your door, that can be deactivated once you enter your codes/dna/voice recognition.(for your convience)
So what you all are saying is,
1. Encrypt the entire hard drive so even if the files are read they're gibberish
2. Lock the drive before filesystem is in place
3. Disable boot from CD.
So, I guess the answer is that neither Linux nor Windows provides physical security to their partions, something else has to take care of it?
If a person thats not wearing the belt enters the room, you room signals a death trap. Preferably a very well targeted one.
Personally I recommend trained sharks, with frickin' laser beams on their heads of course . Lots of ninjas can be very effective as well
So, I guess the answer is that neither Linux nor Windows provides physical security to their partions, something else has to take care of it?
As was stated earlier, using encrypted partitions would work as well. If someone did manage to cut through a case lock with a welding torch or bolt cutters without anyone in the data center noticing, then they'd see jibberish on the partition when they tried to mount it with the live cd. Both windows and linux offer a number of solutions for encypting entire drives or partitions.
Ahh shark with lasers beams, I almost forgot about those.
Lets not forget, they'll have a hard time unlocking those harddrives in the first place. But not to worry, you can put an eletrocuting mechanism on your drive bay.
Plus if you spread out your encrypting filesystem over a raid array, if you're top secret computer is'nt acting as server(it really should'nt), you can routinely remove a drive or two as soon as your done with it.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
