How to encrypt hard drive pfsense (all of files in hard)



  • if an attacker has physical access to a computer and can move the computer's hard drive to another system to copy and analyze the data.
    I want to prevent to access an attacker to hard dirve and operation system's files. How can I do that?


  • Rebel Alliance Global Moderator

    You do understand that now your firewall will need human intervention on power cycle. Is your firewall not in a secure location.

    What is exactly on there that might be of concern other than the CA, and private key for the web gui? Move the CA off..

    This topic has been gone over a few times over the years - its just doesn't have a valid use case on a firewall..

    Do any of the major players provide for FDE for their routers/firewalls? Cisco, Palo, Juniper, Fortinet?

    Your still open to evil maid attack as well. So what does it buy you? Not like you can loose your firewall, forget it on the subway. someone break window on your car and take it while your parked for lunch, etc.

    edit: For ref this the last time I recall this topic coming up
    https://forum.netgate.com/topic/114030/installation-with-whole-disk-encryption

    Use ZFS if you want to do it - just pointless IMHO and IMPO both personal and professional.