Physical Security is just the beginning (Score 1)

my personal setup..., I have cheap netgear firewall/ wireless router, which feeds directly into a linux box running 2.4.x kernel with the NSA seLinux patches... additionally, I filter outbound traffic... only related/established inbound traffic is allowed... the only method of accessing my server from the internet is to portknock, and then use a modified version of SSH (created by modifying the "magic numbers"/ control codes)... if you port knock improperly, you get dumped into a honeypot network... and autoblocked in the firewall... the only way to reset the rule in the firewall is to knock with the proper unlock sequence... I know you all saw the wireless router... but, I just want to remind you, that, with my setup, everything connected to it, is treated as hostile... including the wireless... as the linux router treats everything on it's outside interface as hostile... the port knock setup I use is based upon doorman... and it is configured to restrict the rules to ip/sourceport pairs... so even if my remote workstation was compromised unbeknownst to me... the hostile party couldn't connect to the server, as the firewall rule restricts to the source port on my ip... utilizing ssh tunnels, you can cascade several layers of firewalls, to provide added security... as far as physical data security, removable flash media coupled with crytoloop and aes-1024 (yes, aes-1024 is a valid cryptoloop spec... ) ... provides a reasonable amount of security... especially as USB key devices are readily available and cheap... so, to compromise the system, they have to gain access to your keys... a good start to physical security of your box is to disable root, compile sudo, configure sudo to use sudosh, install log monitoring, tripwire... on my server, all of my users must connect using ssh certificates... on my workstation, only certain users get a real shell... and other dummy users exist whos shell is set to a script which sends notification.... I also went a step further and setup an account which starts a recursive bcwipe on the hard-disk... also, it cats /dev/random over the swap partition... (after disabling swap) ... and reboots when complete... before doing this... make sure you make and maintain backups of your OS on removable media, preferably stored in a safe with a higher than 10-minute master rating... this user/password combo, is what I call a panic passwd... and serves to (hopefully) erase all traces, but, at the very least... it makes their life a bit more difficult... another idea I've played with in the past, is to hack the kernel and change the magic numbers of the file system... (ie. the character's which mark start/end of inode, etc...) ... and to modify the fsutils to the same setup... this, while tedious, etc... I've only done twice... and it worked very well... the theory behind this is that you prevent them from simply removing the hard-disk from your machine and putting it in another machine, or booting off of a live CD... I quit messing with this about the time that I bought my first SD-card, and cryptolooped with 3DES ... it was just a much more effective end to the same means.... however, the swap partition can be a problem... (the best way around this is to get lots of RAM -- 1.5 GB is nice... -- and configure your swap to use a ramdisk ... silly... but some programs, like gcc... still require swapspace to work properly... ) ... this way, a simple reboot solves all your swap-device issues... the biggest thing I can think of, is to use long passphrases... and include special characters, use random Capitalization, and spread numbers throughout it... MOST IMPORTANTLY .... NEVER write your passphrases down, and trust no one... if someone requires access to your machine, make them their own account... and use a logging shell, such as sudosh... also, use some of the features like account time-outs, etc... (do a man /etc/passwd for more info) .. .and, as soon as they are done with their task... disable their account... as always, remember... keep everything sensitive on removable devices, preferably on cryptoloop partitions... and safegaurd those devices... also, take the time to have some of your more skilled friends try to compromise your box... this is one of the best methods to break in your box... another invaluable resource, is to play devils advocate with yourself, and your friends... when I design a security system, I try to design it so that I couldn't hack my own system... ... it's also a good idea to create a spare access key, and store it in a safe place...