Hard drive encryption question for dual-boot XP and Fedora
My company is requiring us to encrypt the hard drive on all laptops.
We've already got some encryption software but it only works with Windows, not anything set up to dual boot or anything running VMware. Do any of you guys know of some kind of encryption software (open source or not) that can handle a dual boot laptop with Windows XP on one partition and Fedora on the other? He's already told me I need to get rid of my Linux partition but I need it for network diagnostics, I'm hoping if I can find an alternative he'll let me and the other network guy use a different encryption package. Thanks, Kerry Miller Victoria, TX -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list |
Hard drive encryption question for dual-boot XP and Fedora
Kerry Miller wrote:
My company is requiring us to encrypt the hard drive on all laptops. We've already got some encryption software but it only works with Windows, not anything set up to dual boot or anything running VMware. Do any of you guys know of some kind of encryption software (open source or not) that can handle a dual boot laptop with Windows XP on one partition and Fedora on the other? He's already told me I need to get rid of my Linux partition but I need it for network diagnostics, I'm hoping if I can find an alternative he'll let me and the other network guy use a different encryption package. http://www.truecrypt.org/ is cross platform, but expect the usual difficulties in keeping anyone else's code working with fedora kernels. -- Les Mikesell lesmikesell@gmail.com -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list |
Hard drive encryption question for dual-boot XP and Fedora
On 24/12/2007, Kerry Miller <kmiller01@ticnet.com> wrote:
> My company is requiring us to encrypt the hard drive on all laptops. > We've already got some encryption software but it only works with Windows, > not anything set up to dual boot or anything running VMware. Do any of > you guys know of some kind of encryption software (open source or not) > that can handle a dual boot laptop with Windows XP on one partition and > Fedora on the other? He's already told me I need to get rid of my Linux > partition but I need it for network diagnostics, I'm hoping if I can find > an alternative he'll let me and the other network guy use a different > encryption package. Can't you use the already identified software for the windows partititions, and then some of the standard linux exncryption options for the linux partitions? See eg. Luks dm-crypt etc. Also, note the other thread currently running on this list about full disk encryption and fedora. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list |
Hard drive encryption question for dual-boot XP and Fedora
On Monday 24 December 2007 02:45:54 pm Kerry Miller wrote:
> My company is requiring us to encrypt the hard drive on all laptops. > We've already got some encryption software but it only works with Windows, > not anything set up to dual boot or anything running VMware. Do any of > you guys know of some kind of encryption software (open source or not) > that can handle a dual boot laptop with Windows XP on one partition and > Fedora on the other? He's already told me I need to get rid of my Linux > partition but I need it for network diagnostics, I'm hoping if I can find > an alternative he'll let me and the other network guy use a different > encryption package. > Be careful some of those windows encryptions will make it difficult if not impossible to have a linux partition that will boot. That said - if you can boot linux then this may be helpful. I actually went the other way, i deleted windows when I encrypted my laptop disk!! I have encrypted /home and swap. To deal with /tmp and /var/tmp leakage of information I remount (mount --bind) these from the encrypted /home partitition. Knowing all I do today, I would avoid ancrypting root partition - it adds little additional security (some yes) but can be problematic if you run into problems (ie cant boot). Basically i use /etc/crypttab to encrypt swap but this did not work correctly for me for /home so I hand scripted it (its trivial to do). For some info see : http://marc.info/?l=fedora-list&m=118391945718659&w=2 http://marc.info/?l=fedora-list&m=118384694918234&w=2 Cant speak for F8 but encrypted root on F7 will not work until mkinitd is updated (see https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=124789 for some discussion). I believe (k)ubuntu does this out of the box - however as I said above I'd avoid encrypted root. good luck. gene -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list |
Hard drive encryption question for dual-boot XP and Fedora
On Mon, 24 Dec 2007 13:45:54 -0600 (CST)
"Kerry Miller" <kmiller01@ticnet.com> wrote: > My company is requiring us to encrypt the hard drive on all laptops. > We've already got some encryption software but it only works with Windows, > not anything set up to dual boot or anything running VMware. Do any of > you guys know of some kind of encryption software (open source or not) > that can handle a dual boot laptop with Windows XP on one partition and > Fedora on the other? He's already told me I need to get rid of my Linux > partition but I need it for network diagnostics, I'm hoping if I can find > an alternative he'll let me and the other network guy use a different > encryption package. It isn't just encryption - you'll also need key management. dmcrypt will do the encryption side but I would assume your company is requiring key escrow as US companies have legal duties to produce data if ordered to by a court or similar authority, or to retrieve data if you vanish/fall out. "Dave forgot to tell us the key" isn't considered a good defence in court or to the IRS 8) -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list |
Hard drive encryption question for dual-boot XP and Fedora
Kerry Miller wrote:
My company is requiring us to encrypt the hard drive on all laptops. We've already got some encryption software but it only works with Windows, not anything set up to dual boot or anything running VMware. Do any of you guys know of some kind of encryption software (open source or not) that can handle a dual boot laptop with Windows XP on one partition and Fedora on the other? He's already told me I need to get rid of my Linux partition but I need it for network diagnostics, I'm hoping if I can find an alternative he'll let me and the other network guy use a different encryption package. If the laptops boot from USB then a 4.0 or 8.0 Gbyte Sandisk or similar might be a suitable alternative to a linux partition, and should be fine for network diagnostics. I would not defy The Boss, but if he agrees Linux is good for its diagnostic tools, then the question becomes "How do we do this?" and a USB disk that's encrypted and doesn't carry sensitive data, or even a CD/DVD might be part of the answer. Remember, your job is to help The Boss look good. -- Cheers John -- spambait 1aaaaaaa@coco.merseine.nu Z1aaaaaaa@coco.merseine.nu -- Advice http://webfoot.com/advice/email.top.php http://www.catb.org/~esr/faqs/smart-questions.html http://support.microsoft.com/kb/555375 You cannot reply off-list:-) -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list |
Hard drive encryption question for dual-boot XP and Fedora
On Fri, 2007-12-28 at 08:05 +0900, John Summerfield wrote:
> I would not defy The Boss, but if he agrees Linux is good for its > diagnostic tools, then the question becomes "How do we do this?" and a > USB disk that's encrypted and doesn't carry sensitive data, or even a > CD/DVD might be part of the answer. Surely you'd only need to encrypt that which needs protecting. Network diagnosis tools don't sound like something that needs it. And if you're sensible enough to use different passwords, then someone finding out your logon credentials from an unprotected diagnosis partition can't use them to logon to the other protected one. -- (This computer runs FC7, my others run FC4, FC5 & FC6, in case that's important to the thread.) Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list |
Hard drive encryption question for dual-boot XP and Fedora
Tim wrote:
On Fri, 2007-12-28 at 08:05 +0900, John Summerfield wrote: I would not defy The Boss, but if he agrees Linux is good for its diagnostic tools, then the question becomes "How do we do this?" and a USB disk that's encrypted and doesn't carry sensitive data, or even a CD/DVD might be part of the answer. Surely you'd only need to encrypt that which needs protecting. Network diagnosis tools don't sound like something that needs it. And if you're sensible enough to use different passwords, then someone finding out your logon credentials from an unprotected diagnosis partition can't use them to logon to the other protected one. I would not be surprised if the corporate policy is to encrypt everything. That way, there can be no nasty surprises if, accidentally or by carelessness, sensitive data gets stored on the "network diagnostics toolset." For example, the results of running tcpdump or wireshark. Simply erasing the files isn't enough, the space they occupied needs to be overwritten too. A likely sanction for defying such a policy is an invitation to seek employment elsewhere. -- Cheers John -- spambait 1aaaaaaa@coco.merseine.nu Z1aaaaaaa@coco.merseine.nu -- Advice http://webfoot.com/advice/email.top.php http://www.catb.org/~esr/faqs/smart-questions.html http://support.microsoft.com/kb/555375 You cannot reply off-list:-) -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list |
Hard drive encryption question for dual-boot XP and Fedora
On Fri, 2007-12-28 at 20:47 +0900, John Summerfield wrote:
> I would not be surprised if the corporate policy is to encrypt > everything. That way, there can be no nasty surprises if, accidentally > or by carelessness, sensitive data gets stored on the "network > diagnostics toolset." I would suppose that'd put pay to having system restore partitions, too. -- (This computer runs FC7, my others run FC4, FC5 & FC6, in case that's important to the thread.) Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list |
Hard drive encryption question for dual-boot XP and Fedora
John Summerfield wrote:
Tim wrote: On Fri, 2007-12-28 at 08:05 +0900, John Summerfield wrote: I would not defy The Boss, but if he agrees Linux is good for its diagnostic tools, then the question becomes "How do we do this?" and a USB disk that's encrypted and doesn't carry sensitive data, or even a CD/DVD might be part of the answer. Surely you'd only need to encrypt that which needs protecting. Network diagnosis tools don't sound like something that needs it. And if you're sensible enough to use different passwords, then someone finding out your logon credentials from an unprotected diagnosis partition can't use them to logon to the other protected one. I would not be surprised if the corporate policy is to encrypt everything. That way, there can be no nasty surprises if, accidentally or by carelessness, sensitive data gets stored on the "network diagnostics toolset." For example, the results of running tcpdump or wireshark. Simply erasing the files isn't enough, the space they occupied needs to be overwritten too. A likely sanction for defying such a policy is an invitation to seek employment elsewhere. Can't you just boot from a CD when you need to do network diagnostics? Knoppix has about everything you would be likely to need. -- Les Mikesell lesmikesell@gmail.com -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list |
| All times are GMT. The time now is 01:07 PM. |
VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.