rm | Cleaning up recycle bin

Polytropon freebsd at edvax.de
Tue Feb 25 17:11:56 UTC 2020 

On Mon, 24 Feb 2020 10:59:50 -0600, Valeri Galtsev wrote:
> 
> 
> On 2020-02-24 10:54, Steve O'Hara-Smith wrote:
> > On Mon, 24 Feb 2020 09:38:46 -0600
> > Valeri Galtsev <galtsev at kicp.uchicago.edu> wrote:
> > 
> >> Bad guy has physical access to your machine when it is up and
> >> running. He opens the case, splashes liquid nitrogen onto your RAM,
> >> pulls RAM modules, plugs them into his device.
> > 
> > 	Bad guy will find my "machine room" a little cramped and the access
> > rather awkward for the that plan.
> > 
> 
> In my case "bad guy" will be my friend sysadmin from another Department 
> who helps me to recover data after I lost the key to my encrypted drive ;-)

>From the trenches:

Many years ago, regarding a company I did some work for.
They decided that their "valuable business data" should
be encrypted. As this was a "Windows"-based system, it
required rebooting quite often, and the on-site IT guy
got fed up with always waiting for the big boss to arrive
in the "server room" (the janitor's closet) with his
little black book to type in the password. So they agreed
that there should be a yellow post-it on the server's
screen with the password on it. "No! That's terribly
insecure and dangerous!" said the highly-paid external
consultant they hired to care for their "IT needs", "It's
a lot better to put it on a USB stick. Here, look. For $$$,
I can make the system read it whenever it reboots, from
the USB stick. I put a file on it where the password is
stored." They paid $$$ and were happy. The IT guy just
needed to perform forced-resets every few days, the system
would boot again, read the password, encrypt the data,
and everyone was satisfied. Until the day burglars visited
the company building, stole all the building machinery
(very expensive!), and... the server. With the USB stick.
That had the password. Very convenient, if you ask me.
(Sidenote: The boss himself told me that story, he was
very ashamed of how he could believe that paying $$$ would
solve problems when no _thinking_ was involved.)

And this, dear kids, is how we do "data protection" here
in Germany. ;-)

Sidenote:

When physical access to a machine is granted, it's usually
GAME OVER. Sure, you can create obstacles, but the bad guys
will always be able to deal with them, depending on what
they expect to find (and if the money they can make from
it is worth the work they need to invest).





-- 
Polytropon
Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...

More information about the freebsd-questions mailing list