Mail Lists-3 wrote: > > > By hand it would be something like this - let me assume for this your > swap partition is /dev/sda7 > > This is an excellent guide to getting the maximum security on the swap partition. One other point that is also worthwhile considering is that if you are really paranoid and about to do a clean install of F10 and plan on encrypting partitions, then randomising ALL the partitions before installing is an additional security safety measure although it is a bit tedious to arrange to do this. I did this on a laptop ahead of F9 some time back - and what I did was to have an additional partition apart from those that I want my real install to go on, and installed to that spare partition with the /boot area as a separate unencypted partition. Then I booted into that F9 and did essentially the parts of the process described by the previous post to randomise the swap area. However I additionally also randomised the / and the /opt partitions that I would then be keeping as encrypted in my real f9 install. So then I set up the install and asked it to encrypt and format swap, / and /opt and then also used the unencrypted /boot area. Once that install was complete it then used all its partitions as luks encrypted that had previously been randomised. So as far as I could tell that was extremely secure against theft. As a final step the unwanted partition containing the "old" f9 root partition was then also randomised. This then resulted in a laptop that was as secure is it was possible to have, and included SElinux enforcing. I believe that this is as safe as can be done on any machine regarding security. Of course the security of any system is dependent on the weakest link - so divulging passwords (or leaving them in a file elsewhere, or leaving a post-it note stuck in the laptop bag etc etc) is one way the bad guys can get in - as is using your original password in a web site as well as your laptop login password and then accessing the website via an http rather than a https link etc. Either way if you really want a good level of security then the techniques described in these posts are a pretty good start - and of course it is then also probably necessary to keep an unencrypted backup of your files on a local server away from the laptop and hope that the bad guys don't get your backup as well as the laptop ! All these things are a personal choice and depend on how far you want to go as well as how much time you have to devote to dealing with security matters - but clearly a machine used for home and casual browsing is going to generally be treated differently to one operated by a government security agency - although as hinted already those agencies don't always take security seriously enough. -- View this message in context: http://www.nabble.com/ssh-clarification-needed-tp21274919p21278264.html Sent from the Fedora List mailing list archive at Nabble.com. -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
