FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 12-24-2007, 06:45 PM
"Kerry Miller"
 
Default Hard drive encryption question for dual-boot XP and Fedora

My company is requiring us to encrypt the hard drive on all laptops.
We've already got some encryption software but it only works with Windows,
not anything set up to dual boot or anything running VMware. Do any of
you guys know of some kind of encryption software (open source or not)
that can handle a dual boot laptop with Windows XP on one partition and
Fedora on the other? He's already told me I need to get rid of my Linux
partition but I need it for network diagnostics, I'm hoping if I can find
an alternative he'll let me and the other network guy use a different
encryption package.

Thanks,
Kerry Miller
Victoria, TX


--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-24-2007, 07:19 PM
Les Mikesell
 
Default Hard drive encryption question for dual-boot XP and Fedora

Kerry Miller wrote:
My company is requiring us to encrypt the hard drive on all laptops.
We've already got some encryption software but it only works with Windows,

not anything set up to dual boot or anything running VMware. Do any of
you guys know of some kind of encryption software (open source or not)
that can handle a dual boot laptop with Windows XP on one partition and
Fedora on the other? He's already told me I need to get rid of my Linux
partition but I need it for network diagnostics, I'm hoping if I can find
an alternative he'll let me and the other network guy use a different
encryption package.


http://www.truecrypt.org/ is cross platform, but expect the usual
difficulties in keeping anyone else's code working with fedora kernels.


--
Les Mikesell
lesmikesell@gmail.com

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-24-2007, 08:20 PM
"Jonathan Underwood"
 
Default Hard drive encryption question for dual-boot XP and Fedora

On 24/12/2007, Kerry Miller <kmiller01@ticnet.com> wrote:
> My company is requiring us to encrypt the hard drive on all laptops.
> We've already got some encryption software but it only works with Windows,
> not anything set up to dual boot or anything running VMware. Do any of
> you guys know of some kind of encryption software (open source or not)
> that can handle a dual boot laptop with Windows XP on one partition and
> Fedora on the other? He's already told me I need to get rid of my Linux
> partition but I need it for network diagnostics, I'm hoping if I can find
> an alternative he'll let me and the other network guy use a different
> encryption package.

Can't you use the already identified software for the windows
partititions, and then some of the standard linux exncryption options
for the linux partitions? See eg. Luks dm-crypt etc. Also, note the
other thread currently running on this list about full disk encryption
and fedora.

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-25-2007, 04:27 PM
Mail List
 
Default Hard drive encryption question for dual-boot XP and Fedora

On Monday 24 December 2007 02:45:54 pm Kerry Miller wrote:
> My company is requiring us to encrypt the hard drive on all laptops.
> We've already got some encryption software but it only works with Windows,
> not anything set up to dual boot or anything running VMware. Do any of
> you guys know of some kind of encryption software (open source or not)
> that can handle a dual boot laptop with Windows XP on one partition and
> Fedora on the other? He's already told me I need to get rid of my Linux
> partition but I need it for network diagnostics, I'm hoping if I can find
> an alternative he'll let me and the other network guy use a different
> encryption package.
>

Be careful some of those windows encryptions will make it difficult if not
impossible to have a linux partition that will boot.

That said - if you can boot linux then this may be helpful. I actually went
the other way, i deleted windows when I encrypted my laptop disk!!

I have encrypted /home and swap. To deal with /tmp and /var/tmp leakage of
information I remount (mount --bind) these from the encrypted /home
partitition. Knowing all I do today, I would avoid ancrypting root
partition - it adds little additional security (some yes) but can be
problematic if you run into problems (ie cant boot).

Basically i use /etc/crypttab to encrypt swap but this did not work
correctly for me for /home so I hand scripted it (its trivial to do).

For some info see :
http://marc.info/?l=fedora-list&m=118391945718659&w=2
http://marc.info/?l=fedora-list&m=118384694918234&w=2

Cant speak for F8 but encrypted root on F7 will not work until mkinitd is
updated (see https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=124789 for
some discussion). I believe (k)ubuntu does this out of the box - however as I
said above I'd avoid encrypted root.

good luck.

gene


--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-25-2007, 10:35 PM
Alan Cox
 
Default Hard drive encryption question for dual-boot XP and Fedora

On Mon, 24 Dec 2007 13:45:54 -0600 (CST)
"Kerry Miller" <kmiller01@ticnet.com> wrote:

> My company is requiring us to encrypt the hard drive on all laptops.
> We've already got some encryption software but it only works with Windows,
> not anything set up to dual boot or anything running VMware. Do any of
> you guys know of some kind of encryption software (open source or not)
> that can handle a dual boot laptop with Windows XP on one partition and
> Fedora on the other? He's already told me I need to get rid of my Linux
> partition but I need it for network diagnostics, I'm hoping if I can find
> an alternative he'll let me and the other network guy use a different
> encryption package.

It isn't just encryption - you'll also need key management. dmcrypt will
do the encryption side but I would assume your company is requiring key
escrow as US companies have legal duties to produce data if ordered to by
a court or similar authority, or to retrieve data if you vanish/fall out.
"Dave forgot to tell us the key" isn't considered a good defence in court
or to the IRS 8)


--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-27-2007, 10:05 PM
John Summerfield
 
Default Hard drive encryption question for dual-boot XP and Fedora

Kerry Miller wrote:
My company is requiring us to encrypt the hard drive on all laptops.
We've already got some encryption software but it only works with Windows,

not anything set up to dual boot or anything running VMware. Do any of
you guys know of some kind of encryption software (open source or not)
that can handle a dual boot laptop with Windows XP on one partition and
Fedora on the other? He's already told me I need to get rid of my Linux
partition but I need it for network diagnostics, I'm hoping if I can find
an alternative he'll let me and the other network guy use a different
encryption package.


If the laptops boot from USB then a 4.0 or 8.0 Gbyte Sandisk or similar
might be a suitable alternative to a linux partition, and should be fine
for network diagnostics.


I would not defy The Boss, but if he agrees Linux is good for its
diagnostic tools, then the question becomes "How do we do this?" and a
USB disk that's encrypted and doesn't carry sensitive data, or even a
CD/DVD might be part of the answer.


Remember, your job is to help The Boss look good.


--

Cheers
John

-- spambait
1aaaaaaa@coco.merseine.nu Z1aaaaaaa@coco.merseine.nu
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375

You cannot reply off-list:-)

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-28-2007, 02:19 AM
Tim
 
Default Hard drive encryption question for dual-boot XP and Fedora

On Fri, 2007-12-28 at 08:05 +0900, John Summerfield wrote:
> I would not defy The Boss, but if he agrees Linux is good for its
> diagnostic tools, then the question becomes "How do we do this?" and a
> USB disk that's encrypted and doesn't carry sensitive data, or even a
> CD/DVD might be part of the answer.

Surely you'd only need to encrypt that which needs protecting. Network
diagnosis tools don't sound like something that needs it. And if you're
sensible enough to use different passwords, then someone finding out
your logon credentials from an unprotected diagnosis partition can't use
them to logon to the other protected one.

--
(This computer runs FC7, my others run FC4, FC5 & FC6, in case that's
important to the thread.)

Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-28-2007, 10:47 AM
John Summerfield
 
Default Hard drive encryption question for dual-boot XP and Fedora

Tim wrote:

On Fri, 2007-12-28 at 08:05 +0900, John Summerfield wrote:
I would not defy The Boss, but if he agrees Linux is good for its
diagnostic tools, then the question becomes "How do we do this?" and a
USB disk that's encrypted and doesn't carry sensitive data, or even a
CD/DVD might be part of the answer.


Surely you'd only need to encrypt that which needs protecting. Network
diagnosis tools don't sound like something that needs it. And if you're
sensible enough to use different passwords, then someone finding out
your logon credentials from an unprotected diagnosis partition can't use
them to logon to the other protected one.



I would not be surprised if the corporate policy is to encrypt
everything. That way, there can be no nasty surprises if, accidentally
or by carelessness, sensitive data gets stored on the "network
diagnostics toolset."


For example, the results of running tcpdump or wireshark. Simply erasing
the files isn't enough, the space they occupied needs to be overwritten too.


A likely sanction for defying such a policy is an invitation to seek
employment elsewhere.




--

Cheers
John

-- spambait
1aaaaaaa@coco.merseine.nu Z1aaaaaaa@coco.merseine.nu
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375

You cannot reply off-list:-)

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-28-2007, 12:04 PM
Tim
 
Default Hard drive encryption question for dual-boot XP and Fedora

On Fri, 2007-12-28 at 20:47 +0900, John Summerfield wrote:
> I would not be surprised if the corporate policy is to encrypt
> everything. That way, there can be no nasty surprises if, accidentally
> or by carelessness, sensitive data gets stored on the "network
> diagnostics toolset."

I would suppose that'd put pay to having system restore partitions, too.

--
(This computer runs FC7, my others run FC4, FC5 & FC6, in case that's
important to the thread.)

Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-28-2007, 12:52 PM
Les Mikesell
 
Default Hard drive encryption question for dual-boot XP and Fedora

John Summerfield wrote:

Tim wrote:

On Fri, 2007-12-28 at 08:05 +0900, John Summerfield wrote:
I would not defy The Boss, but if he agrees Linux is good for its
diagnostic tools, then the question becomes "How do we do this?" and a
USB disk that's encrypted and doesn't carry sensitive data, or even a
CD/DVD might be part of the answer.


Surely you'd only need to encrypt that which needs protecting. Network
diagnosis tools don't sound like something that needs it. And if you're
sensible enough to use different passwords, then someone finding out
your logon credentials from an unprotected diagnosis partition can't use
them to logon to the other protected one.



I would not be surprised if the corporate policy is to encrypt
everything. That way, there can be no nasty surprises if, accidentally
or by carelessness, sensitive data gets stored on the "network
diagnostics toolset."


For example, the results of running tcpdump or wireshark. Simply erasing
the files isn't enough, the space they occupied needs to be overwritten
too.


A likely sanction for defying such a policy is an invitation to seek
employment elsewhere.


Can't you just boot from a CD when you need to do network diagnostics?
Knoppix has about everything you would be likely to need.


--
Les Mikesell
lesmikesell@gmail.com

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 

Thread Tools




All times are GMT. The time now is 05:46 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org