What is the best way to encrypt disks with show-mask protection?

I

integrall2017-03-27 12:31:52

Encryption

integrall, 2017-03-27 12:31:52

It is necessary to encrypt the data on the disks so that if it is removed, it cannot be read.
I see it as follows:
1. Boot with vmlinux
2. Pull up the iscsi boot partition with preboot decryption
3. Boot partition boots the system
In this case, when the computer is removed, it will not be able to boot the system, since the boot module with the built-in encryption key is not available.
And with direct access to disks, they will see encrypted trash.
Am I moving in the right direction or does anyone have experience with a less cycling implementation?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

C

CityCat4, 2017-03-27
@CityCat4

The thermorectal method reveals any passwords. This protection will only work if the person who knows the password immediately shoots himself in the head. In all other cases, the most vulnerable link in this scheme is a person .
I have already answered a similar question many times and the problem is always the same - building a defense against "people in gray", you assume that they will follow certain rules of the game, and build a defense, trying to outplay them by technical means. And "people in gray" think differently. "For ten years I have been digging up corpses in the forests and getting homeless people from the basement - and you are here with domains ..." (C) Some opera They have the task of obtaining data. And they solve it in their usual ways - for example, with a soldering iron in # 0ne.

F

f9k56, 2017-03-27
@f9k56

There is no better nail in the railway protection during removal.