Hi Penguin gurus,
During my job, I will be installing Linux on public nodes "kiosks". The thing is, those nodes will have wifi network access, and will *not* have physical security around them (read: no guards). The problem is: People might try to get the info stored on the disks, either through network access, physical access, or through stealing the disks
Target: I want to make it as hard as possible for those people. I totally understand that without physical security, there's no way it can be really "secure". I just wanna make real difficult

Protecting console:
- I will turn off all login ttys and turn off X
- Will password protect grub

Protecting Wifi:
- Will turn off ssh, and firewall all ports that are not providing end user services (I will mostly just leave apache open)


Protecting stolen disks:
Here comes the part where I have no clue! I don't really want this to be (steal disk, mount disk, copy data!!). I wanna make it difficult, but I have no idea how. Here are some ideas I'm toying with
- Encrypt disks with some "auto-decrypting" scheme, so the machine can boot without entering a password?
- Use some non standard filesystem ? (Dont like it, the system needs to be reliable)
- Use some weird non standard partitioning tools ?(Also don't like it)
- Use some non standard grub chain-loader that will decrypt Linux disks and boot them ?

I'm a bit lost, did anyone face this dilemma before ? Any experiences to share ?
Again, please don't tell me there's no way to get real security, if I don't have physical security. I totally understand this. I just don't wanna make this as easy as steal/mount!

Best Regards

_______________________________________________
rhelv5-list mailing list
rhelv5-list@(protected)
https://www.redhat.com/mailman/listinfo/rhelv5-list