3. [Feature Request] Router Full Disk Encryption

[Feature Request] Router Full Disk Encryption

  • I

    Full Disk Encryption included in the PFsense standard installation would be nice. With Squid proxy cache, routing tables, VPN keys, and the central Certificate Authority our PFsense routers are vulnerable to physical manipulation attacks. Does anybody else think this may be a good idea for local routers?

    0

  • If someone gains access to your machine physically then encryption of your disk won't help….

    0
  • C

    Encryption of the disk only defends against physical attacks where the system was powered off when it was taken and where the system required user intervention (the entering of a pass phrase) when started. It doesn't protect against remote attacks, any local attacks where the system is running or at all if the system can automatically boot without a pass phrase. It also means that you need to be at the device to boot it - no remote reboots or upgrades and if there is a power failure you need to be at the device to boot it again.

    In short, it doesn't provide a network device with much protection and it adds considerable inconvenience.

    FreeBSD, on which pfSense is based, has disk encryption so it is possible to do. I don't know if the required modules for geli are in pfSense though.

    0
  • D

    Possible use HDD with hardware AES256 sequrity as Toshiba MK1661GSY/ MK6461GSY ?

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy