Isn't it time for the encrypted file system???

[Panu Matilainen]

On Thu, 23 Mar 2006, seth vidal wrote:
> On Thu, 2006-03-23 at 09:31 -0500, Daniel J Walsh wrote:
>> Received an FedEX from  Fidelity  this morning seems, one of their
>> laptops was stolen.  On the laptop, was the Personal information,
>> including Social Security number,  of everyone in the HP Retirement
>> plan  (I suppose this includes DEC/Compaq and HP.  They have us jumping
>> through hoops and going to Credit Agencies to watch for unusual activity.
>> Now if the system had been encrypted ...  Now why was this data on a
>> laptop? I don't know.
>>
>> Laptops have becoming the standard machine for people, replacing the
>> desktop.   We need to consider defaulting FC6 with encrypted filesystem
>> or at least homedirs out of the box.  This should be a key feature of FC6.
>
> Or maybe corporations handling that kind of data need to do take
> protective security measures for their installations of operating
> systems.
>
> if I were in the same position I would, of course, use encrypted file
> systems - but to have that overhead for the default is a bit extreme.

We have a corporate policy requiring encryption of the *entire* disk 
(obviously /boot is an exception), not just /home. It may be a bit 
extreme but if you start encrypting stuff, /tmp, /var and swap are an 
absolute must to cover as well, otherwise you'll be leaking company 
secrets you viewed as mail attachmets to unencrypted /tmp etc.

Oh btw, obviously there is a performance hit to encrypting everything but 
it's nowhere near as bad as one would think, in fact is almost 
unnoticeable on normal use. Sure, when running a fully encrypted system 
and testing another installation inside VMware which is also encrypting 
the disk it things start to get <cough> a little <cough> sluggish ;)

Anyway, it would be very very nice to finally have fs encryption directly 
supported in FC.

 	- Panu -