Isn't it time for the encrypted file system???
Panu Matilainen
pmatilai at laiskiainen.org
Fri Mar 24 06:50:26 UTC 2006
On Thu, 23 Mar 2006, seth vidal wrote:
> On Thu, 2006-03-23 at 09:31 -0500, Daniel J Walsh wrote:
>> Received an FedEX from Fidelity this morning seems, one of their
>> laptops was stolen. On the laptop, was the Personal information,
>> including Social Security number, of everyone in the HP Retirement
>> plan (I suppose this includes DEC/Compaq and HP. They have us jumping
>> through hoops and going to Credit Agencies to watch for unusual activity.
>> Now if the system had been encrypted ... Now why was this data on a
>> laptop? I don't know.
>>
>> Laptops have becoming the standard machine for people, replacing the
>> desktop. We need to consider defaulting FC6 with encrypted filesystem
>> or at least homedirs out of the box. This should be a key feature of FC6.
>
> Or maybe corporations handling that kind of data need to do take
> protective security measures for their installations of operating
> systems.
>
> if I were in the same position I would, of course, use encrypted file
> systems - but to have that overhead for the default is a bit extreme.
We have a corporate policy requiring encryption of the *entire* disk
(obviously /boot is an exception), not just /home. It may be a bit
extreme but if you start encrypting stuff, /tmp, /var and swap are an
absolute must to cover as well, otherwise you'll be leaking company
secrets you viewed as mail attachmets to unencrypted /tmp etc.
Oh btw, obviously there is a performance hit to encrypting everything but
it's nowhere near as bad as one would think, in fact is almost
unnoticeable on normal use. Sure, when running a fully encrypted system
and testing another installation inside VMware which is also encrypting
the disk it things start to get <cough> a little <cough> sluggish ;)
Anyway, it would be very very nice to finally have fs encryption directly
supported in FC.
- Panu -
More information about the Fedora-maintainers
mailing list