[Bradford] Laptop security
Alice .
alice at kaerast.info
Sat Nov 14 18:06:37 UTC 2015
Hi Bradlug,
I recently bought a new laptop and I'm trying to make it as secure as I
can. There's a couple of areas I'm struggling with that I thought I'd ask
you lot about. For reference it's a Thinkpad T420 with the latest Fedora.
First UEFI. I understand UEFI secureboot will protect me against evil maid
attacks better than the legacy BIOS. I've not spent much time trying to get
this working yet, but it doesn't work out of the box and I'm wondering just
how much better it is than a password protected bios?
Secondly TPM. There's tools in Fedora to manage the TPM keystore, and that
seems to work. However, there's no software in the repo to actually use it.
I'd have to compile software to use it to encrypt the disk and store ssh
keys. So again, is it worth doing when it would mean running software that
doesn't get automatic security upgrades? I have similar questions about
using a Yubico key to do the same things.
The steps I've taken so far (as much as possible) are:
Linux Foundation's workstation security guide -
https://github.com/lfit/itpol/blob/master/linux-workstation-security.md
NSA-proof SSH configuration -
https://stribika.github.io/2015/01/04/secure-secure-shell.html
Any other input on getting this right would be welcome. I can cover this
briefly at the next meeting too if there's interest.
Thanks
Alice
FOR PUBLIC SAFETY REASONS, THIS EMAIL HAS BEEN INTERCEPTED BY YOUR
GOVERNMENT AND WILL BE RETAINED FOR FUTURE ANALYSIS
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/bradford/attachments/20151114/b946a981/attachment.html>
More information about the Bradford
mailing list