James Courtier-Dutton <james.dutton@???> wrote:
>
>I think it would be nice to see a feature in Linux whereby the suspend
>to RAM erases the disk password held in RAM, and prompts the users for
>it on resume. That would help make a bit more of the data protected
>while in standby.
If you are that concerned about security of the information (things like personal or medical data), encryption is a must. My friend handles data on vulnerable children, she's been given an Ironkey encrypted USB stick and the moving of the data from the stick to the laptop hard drive is a sacking offence.
If you're worried about an opponent sufficiently sophisticated that they can suck drive keys from suspended RAM, forbid suspending and make the users shut down.
I've always found a good place to start with security is by listing what information is on a device and deciding if it should really be there (should Bob from accounts really be carrying the complete customer database 24/7 because he's too lazy to only carry what he needs?). Then decide who your opponent is and how motivated and sophisticated they are (industrial spies from a major corporation are a much bigger threat than a crack head that wants to sell your laptop for a fix). Also think how long the data is useful for (if it's next month's sales projections and in 3 weeks they will be of no use to your competitor then you only need to keep them out for that long.)
I would try to sell this to whoever thought of the idea and that it was clever that encryption is wiping that is so clever that it's already done before the guy picks up your device.
Password protection is nothing. In a USB caddy and the contents of the drive are yours, no matter what clever wiping software is on the machine.
Cheers,
Paul.
--
Sent from my Android phone with K-9 Mail. Please excuse my brevity.
--
Please post to: Hampshire@???
Web Interface:
https://mailman.lug.org.uk/mailman/listinfo/hampshire
LUG URL:
http://www.hantslug.org.uk
--------------------------------------------------------------
