Sunday, August 27, 2006

Zeno's schizophrenia

Last week my new laptop arrived, which was the start of the lengthy process of installing the necessary software and applying some settings, to make it behave like I want it to behave.
The laptop came installed and preconfigured to work on the network of the university I study at.
During the last few days I added another operating system (OS), so I can choose which one I will use, and I adjusted some things so it works on my home network, but most time was spent on securing the laptop as good as is desirable.
You can call me paranoid, but I protected it on several levels with different strong passwords:
Before you can start using the laptop, you are prompted for a password. Then you can choose which OS to use. After the operating system started up, you have to login, using a different strong password.
When the laptop isn't used for about 10 minutes, it goes into standby mode. If you want to start using the system again, you need to provide a password again.

To protect the data, I have some more security measures in place. Booting from CD/DVD, USB or network isn't possible unless you provide a password at startup first (see earlier). So you can't get to the contents of the harddisk by booting with some other software or device.
Taking the harddisk out of the laptop and putting it in another one isn't going to help either, as it is configured to only work with this laptop. The disk won't launch in a different laptop.
And as last safety measure, and I am quite proud of this one, but more on that later, I set up an encrypted partition containing my data. This encryption is not file or folder based, but encrypts the entire partition. This partition can be accessed by unlocking it with a lengthy passphrase.

All security protections, but one, are provided by the laptop or by the operating system. For the encryption off the partition containing the data, I used something called LUKS. The beauty of this system is, that it can be accessed by both operating systems. This way I can always access my data, regardless of the operating system I'm using at a perticular moment.

My setup needs some tweaking to make it more convenient and easy to use, but as far as security is concerned I'm quite pleased already.

2 comments:

Peter said...

En wat als uw moederbord om zeep is? Werkt uw HD dan nog met een nieuw MB?

ruleant said...

Goeie vraag! 'k Zal't je laten weten moest dat ooit gebeuren. ;-)