I agree, TPM in itself isn't EVIL, it depends on who owns the keys to your
machine, you or "Big Media"
However, as a practial matter, using TPM in this manner is difficult, You need
to solve all the problems that you need to solve to effectively use Tripwire (or
equivalent) on your system, inc
> From: Francis Liu [mailto:fish...@gmail.com]
>
> That's the most useful explanation of "why one might choose to have TPM"
> I've ever read.
Yeah, if you google for TPM, most of what you find is anti-DRM folks who want
to pirate music and stuff like that. Which the TPM can do. (Enable more
s
That's the most useful explanation of "why one might choose to have TPM"
I've ever read.
On Mon, May 27, 2013 at 11:35 PM, Edward Ned Harvey (lopser) <
lop...@nedharvey.com> wrote:
> > From: tech-boun...@lists.lopsa.org [mailto:tech-boun...@lists.lopsa.org]
> > On Behalf Of David Lang
> >
> > Fu
> From: tech-boun...@lists.lopsa.org [mailto:tech-boun...@lists.lopsa.org]
> On Behalf Of David Lang
>
> Full disk encryption of local drives on the servers would theoretically give
> you
> similar protection, except that people are very reluctant to have servers that
> cannot boot up without hu
On Wed, 22 May 2013, Steven Kurylo wrote:
How are you encrypting your server's disks, when they contain sensitive
information?
Are you doing full disk?
With auto boot? Or do you use Mandos, or similar? Or enter the password
manually for each machine?
Or are you not bothering with encryption,
> This also refers to NIST SP-800-111.
>
Thank you for the clarifications.
> > It looks more like if your data at rest is encrypted (ie server hard
> > drives), you're better protected under the law from penalties. But it's
> > not mandatory yet.But it sounds like I would want to encrypt my
On Wed, May 22, 2013 at 03:44:38PM PDT, Steven Kurylo spake thusly:
> There are more articles than these ones, but for example:
> http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/breachnotificationifr.html
This one seems to be concerned with breach notification. If you lose an
en
On Wed, 22 May 2013, Steven Kurylo wrote:
How are you encrypting your server's disks, when they contain
sensitive information?
Are you doing full disk?
No. We identify directory trees that contain information that's either
at risk (e.g., at an off-site location) or that puts us at risk (we'
>
> > Though for data which falls under hipaa, I understand it must be
> encrypted
> > on the server's disk.
>
> Not true. If you know otherwise please cite the appropriate federal
> regulation
> from 45 CFR ยง 164. HIPAA data being transported off-site needs to be
> encrypted
> although that isn't
On Wed, May 22, 2013 at 01:30:47PM PDT, Steven Kurylo spake thusly:
> How are you encrypting your server's disks, when they contain sensitive
> information?
For servers I generally don't do disk encryption. There are a couple of servers
which are encrypted and I enter the key manually on boot but
How are you encrypting your server's disks, when they contain sensitive
information?
Are you doing full disk?
With auto boot? Or do you use Mandos, or similar? Or enter the password
manually for each machine?
Or are you not bothering with encryption, and relying on your physical
security instea
11 matches
Mail list logo
