How to protect a computer with constant uptime?

A

adm2017-08-14 00:41:59

Encryption

adm, 2017-08-14 00:41:59

Hello.
There is the following problem (although to be honest, I think that it is impossible to solve it):
There is a computer (win) that is constantly on the network (remote access). There are no KVM and other delights of life, it's just a regular PC. The essence of the question is whether it is possible to somehow encrypt the disk, but at the same time do not enter the password manually at each reboot (the PC is 1000 km away and there is no possibility to visit it promptly). The task is to protect against threats such as theft and subsequent data analysis, and most problematic, on-site analysis.
Because The PC is remote, the password option is no longer available, there is an option with a flash drive that will decrypt the PC. This option also disappears because, conditionally, Mr. Badboy will also have access to this flash drive.
As a promising option, I consider a certain key that is located on a remote server. The PC, when turned on, reads it and decrypts the disks; in the event of a threat, access to the remote server is terminated. But in what ways can this be achieved? I did not find such functionality in veracrypt and similar programs.

Reply

Answer the question

In order to leave comments, you need to log in

5 answer(s)

T

ThunderCat, 2017-08-14
@ThunderCat

The task is to protect against threats such as theft and subsequent data analysis, and most problematic, on-site analysis.

Even I didn’t understand, if the computer has booted up, the disks have already been decrypted, how can I “protect” myself from analysis on the spot? Mouse dynamite?

X

xmoonlight, 2017-08-14
@xmoonlight

1. Documentation of the VeraCrypt command line (you should have read :) )
2. Autoconnect to SFTP - do it in autoload with status tracking via nncron
using psftp from a remote SFTP server and then executing the downloaded CMD file.

B

Boris Korobkov, 2017-08-14
@BorisKorobkov

protect against threats such as theft

If the physical theft of a computer, then you can divide all the data into parts such as peer-to-peer networks and store it in geographically different places. Accessing only part of the data is useless.
If you connect and drain data, then encryption will not help in any way - after all, when the data is on, the data will be decrypted. Obvious tips will help reduce the likelihood: update the OS, install and update an antivirus, competent administration (if you are not sure of your abilities, contact a professional), do not sit under the root without the need, do not open attachments in unfamiliar letters, do not go to dubious sites, etc. .d.
But in general, all this is just an appearance of protection. Imagine that they steal your ssh password from this computer, connect to it and merge the data. Even if he was in a secure underground bunker with an encrypted disk.

A

Adamos, 2017-08-14
@Adamos

In Windows, there is encryption of the user folder.
I didn’t use it myself, but theoretically - if the user under which you log in does not match the default local user, then no one will read your file on the spot.
Or should files be read by someone all the time, but only when you want them to? Then the problem is, of course, unsolvable.

S

sim3x, 2017-08-14
@sim3x

but at the same time, do not enter the password manually at each reboot (the PC is located 1000 km away and there is no possibility to visit it promptly)

no
If yes, then there is no point in encrypting disks