Install pfsense on full encrypted hard
-
Keep in mind that fully encrypted hard drives are only encrypted when the machine is not running. Routers are like appliances, running all the time…
Anyway I'd look at running pfsense in a virtual machine, which is on a fully encrypted drive. Don't know if that is possible though. Might be better to just load pfsense on a usb drive and take it with you when you aren't running the router.
-
Regardless of the fact that encrypted hard drives are only encrypted when server is off, our corporate policy states that all server hard drives are to fully encrypted.
We are not the only company to have this policy, and we will not be the last.
We run a dark computer room remotely, and run Mandos on all of our other servers to do the password answering for those power off times.Also, since we run pfSense in a DMZ with a policy of bare metal for DMZ machines for DR purposes, having it on a Virtual Machine is an issue.
So, does anyone out there have any notes on the "undocumented" web installer?
Is there a reference for encrypted hard drives?Thanks,
Tom -
"our corporate policy states that all server "
Its not a SERVER – its a firewall/router ;) Do you have the compact flash of all of your cisco routers encrypted?
-
Don't use Cisco, overpriced and overblown for most equipment (speaking with 20+ years of using them).
However, that was not the question asked.
Sounds like politico talk ;D
Got your point, will try to approach my client with this, but pretty sure he will not buy it.
Thanks for your quick response, I actually do appreciate it!Tom
-
Cisco was just an example - So I am curious if your other networking equipment that has storage like compact flash - which in sense is the same as a hard drive. Are they encrypted?
How do you want to define "server" anything you can ssh to or telnet too could be considered a server if you want to blanket.. They serve up that service so server. Is their storage encrypted?
-
No, flash memory in routers is NOT encrypted.
However, outside routers contain do not contain any passwords in cleartext which could compromise the integrity of the network.Although we have doubts that pfSense would be compromised due to our current architecture, so did Target.
As a former bank employee, I know that hackers with nothing else to do simply find this stuff a challenge (admit it….)So, back to the original point, is there a know way to install pfSense to encrypt the hard drive? Without using a Virtual Machine?
Thanks,
Tom
-
Never tried it, probably one for the devs, but the relevant options appear to be in the kernel:
options GEOM_BDE options GEOM_ELI
You can use geom to set up software mirroring so it seems at least feasible.
https://doc.pfsense.org/index.php/Create_a_Software_RAID1_%28gmirror%29Steve
-
Other than the CA private key which does not have a password - but does not need to be stored on pfsense if that is really a concern. What passwords would be stored on pfsense in clear that could compromise the integrity of the network? I am honestly curious on this thought process.
Is the pfsense admin password stored in clear? lets say it was - to gain access to this wouldn't the box already have to be compromised, or have physical access to it.. So wouldn't the security already be compromised?
Are you saying that users vpn or cert passwords are stored in clear?
-
…
As a former bank employee, I know that hackers with nothing else to do simply find this stuff a challenge (admit it....)So, back to the original point, is there a know way to install pfSense to encrypt the hard drive? Without using a Virtual Machine?
Thanks,
Tom
Disk encryption is not a defense against hackers. When the machine is up and running the contents are accessible to any hacker that finds their way in.
Disk encryption only protects the contents of and off system. Typically in the case of physical theft.
Please note. I'm not arguing against the value of pfSense disk encryption. Just pointing out that it is not a hacker defense for an up and running system.
Depending on packages, logging, type of business, etc. it is probably reasonable that sensitive data could be on the system that should be protected in the case of physical security breach and theft.
Perhaps off loading the storage logs, etc. could be a solution.
Regarding the need to be present to enter a passphrase to reboot. This is only the case if the encryption cannot make use of a TPM or such. Merely being able to boot the machine does not provide a thief access to the contents. They still would need valid user credentials. But the encryption, even with TPM to unlock prevents the drive from being slaved to another system to gain access.
And by the way probably any government agency that would physically take your equipment can probably coerce you or some other employee to divulge the passphrase.
Just some things to think about when pondering what it is you are trying to protect and from whom and in what circumstances.
-
Sometimes it's easier and quicker to just do something that you've been instructed to do even if you know it's not going to help one iota. That assumes of course that it isn't going to actually make things worse. ;)
Steve
-
Sometimes it's easier and quicker to just do something that you've been instructed to do even if you know it's not going to help one iota. That assumes of course that it isn't going to actually make things worse. ;)
Steve
Yup. It's no wonder so many companies, organizations and gov. agencies, do so many dumb things.
Those giving the marching orders aren't the ones with the knowledge, just simply those with the power and political influence, etc.
-
Other than the CA private key (and other private keys and shared keys) which does not have a password - but does not need to be stored on pfsense if that is really a concern.
Is there a way to encrypt and password protect the CA private key if using the native pfSense CA? Ideally I would have a separate physical keyserver that's 100% offline, but that's a project for another day.
And also, ideally, I would offload a lot of the logs to another log server or repository, but that's also a project for another day.
I'm still very interested in implementing GELI full-disk encryption (with manual passphrase entry every reboot) to help mitigate physical theft from some meth-head burglar breaking into my house. I think most people are fully aware that any mounted encrypted disk, container, or partition – while running -- is transparently and fully in the clear. I think those of us interested in full-disk encryption are merely trying to mitigate physical theft from common thieves.