> John Summerfield wrote: >> Tim wrote: >>> On Fri, 2007-12-28 at 08:05 +0900, John Summerfield wrote: >>>> I would not defy The Boss, but if he agrees Linux is good for its >>>> diagnostic tools, then the question becomes "How do we do this?" and a >>>> USB disk that's encrypted and doesn't carry sensitive data, or even a >>>> CD/DVD might be part of the answer. >>> >>> Surely you'd only need to encrypt that which needs protecting. Network >>> diagnosis tools don't sound like something that needs it. And if >>> you're >>> sensible enough to use different passwords, then someone finding out >>> your logon credentials from an unprotected diagnosis partition can't >>> use >>> them to logon to the other protected one. >>> >> >> I would not be surprised if the corporate policy is to encrypt >> everything. That way, there can be no nasty surprises if, accidentally >> or by carelessness, sensitive data gets stored on the "network >> diagnostics toolset." >> >> For example, the results of running tcpdump or wireshark. Simply erasing >> the files isn't enough, the space they occupied needs to be overwritten >> too. >> >> A likely sanction for defying such a policy is an invitation to seek >> employment elsewhere. > > Can't you just boot from a CD when you need to do network diagnostics? > Knoppix has about everything you would be likely to need. Full drive encryption is a feature being worked on for the next version of Fedora. Looks promising. Has a few minor bugs to work out before being "user ready". (Does not seem to work with upgrades quite yet, just clean installs. I expect that to be fixed pretty quick now.) Now if they would just build a x86_64 version of the Rawhide respin, i could test it here...
