On Thu, 23 Mar 2006, seth vidal wrote:
On Thu, 2006-03-23 at 09:31 -0500, Daniel J Walsh wrote:
Received an FedEX from Fidelity this morning seems, one of their
laptops was stolen. On the laptop, was the Personal information,
including Social Security number, of everyone in the HP Retirement
plan (I suppose this includes DEC/Compaq and HP. They have us jumping
through hoops and going to Credit Agencies to watch for unusual activity.
Now if the system had been encrypted ... Now why was this data on a
laptop? I don't know.
Laptops have becoming the standard machine for people, replacing the
desktop. We need to consider defaulting FC6 with encrypted filesystem
or at least homedirs out of the box. This should be a key feature of FC6.
Or maybe corporations handling that kind of data need to do take
protective security measures for their installations of operating
systems.
if I were in the same position I would, of course, use encrypted file
systems - but to have that overhead for the default is a bit extreme.
We have a corporate policy requiring encryption of the *entire* disk
(obviously /boot is an exception), not just /home. It may be a bit
extreme but if you start encrypting stuff, /tmp, /var and swap are an
absolute must to cover as well, otherwise you'll be leaking company
secrets you viewed as mail attachmets to unencrypted /tmp etc.
Oh btw, obviously there is a performance hit to encrypting everything but
it's nowhere near as bad as one would think, in fact is almost
unnoticeable on normal use. Sure, when running a fully encrypted system
and testing another installation inside VMware which is also encrypting
the disk it things start to get <cough> a little <cough> sluggish ;)
Anyway, it would be very very nice to finally have fs encryption directly
supported in FC.
- Panu -
