Additional security
94 views
Skip to first unread message
Andrzej Andrzej
Mar 18, 2019, 4:26:21 PM3/18/19
to qubes...@googlegroups.com
I know that these two proposals may seem paranoid about security, so they could be at least optional and not default. I would like to have them enabled.
1. When decrypting the drive and entering the password after eg 4 incorrect passwords, the data could start to be erased. Maybe this is not an amazing option because the drive is encrypted but it is always an additional security measure in case of unauthorized attempt to access the computer.
2.Automatic screen lock every x minutes. I'm not talking here about a screen saver that works in a situation of inactivity. I am talking here about a tool that for example every 60 minutes would automatically block the screen with password. It may seem that this option does not make sense because there is a screen saver. Keep in mind that the screen saver will not work when someone pulls us away from the computer by force and use computer. If my option was implemented in Qubes OS then even in this situation it would be difficult to use the computer because after x minutes the computer would want the password even in the case of continuous user activity.
1. When decrypting the drive and entering the password after eg 4 incorrect passwords, the data could start to be erased. Maybe this is not an amazing option because the drive is encrypted but it is always an additional security measure in case of unauthorized attempt to access the computer.
2.Automatic screen lock every x minutes. I'm not talking here about a screen saver that works in a situation of inactivity. I am talking here about a tool that for example every 60 minutes would automatically block the screen with password. It may seem that this option does not make sense because there is a screen saver. Keep in mind that the screen saver will not work when someone pulls us away from the computer by force and use computer. If my option was implemented in Qubes OS then even in this situation it would be difficult to use the computer because after x minutes the computer would want the password even in the case of continuous user activity.
qtpie
Mar 24, 2019, 12:29:30 AM3/24/19
to qubes...@googlegroups.com
'Andrzej Andrzej' via qubes-devel:
an idea how to set this up yourself:
https://unix.stackexchange.com/questions/204669/automatically-shred-luks-partition-upon-x-failed-decryption-attempts#204681
> 2.Automatic screen lock every x minutes. I'm not talking here about a screen saver that works in a situation of inactivity. I am talking here about a tool that for example every 60 minutes would automatically block the screen with password. It may seem that this option does not make sense because there is a screen saver. Keep in mind that the screen saver will not work when someone pulls us away from the computer by force and use computer. If my option was implemented in Qubes OS then even in this situation it would be difficult to use the computer because after x minutes the computer would want the password even in the case of continuous user activity.
>
This is definitely not for everybody as you say, but really easy to
setup yourself by adding a cronjob for xflock4 in dom0.
> I know that these two proposals may seem paranoid about security, so they could be at least optional and not default. I would like to have them enabled.
>
> 1. When decrypting the drive and entering the password after eg 4 incorrect passwords, the data could start to be erased. Maybe this is not an amazing option because the drive is encrypted but it is always an additional security measure in case of unauthorized attempt to access the computer.
>
I would expect this to be part of cryptsetup, but its not? Read here for
>
> 1. When decrypting the drive and entering the password after eg 4 incorrect passwords, the data could start to be erased. Maybe this is not an amazing option because the drive is encrypted but it is always an additional security measure in case of unauthorized attempt to access the computer.
>
an idea how to set this up yourself:
https://unix.stackexchange.com/questions/204669/automatically-shred-luks-partition-upon-x-failed-decryption-attempts#204681
> 2.Automatic screen lock every x minutes. I'm not talking here about a screen saver that works in a situation of inactivity. I am talking here about a tool that for example every 60 minutes would automatically block the screen with password. It may seem that this option does not make sense because there is a screen saver. Keep in mind that the screen saver will not work when someone pulls us away from the computer by force and use computer. If my option was implemented in Qubes OS then even in this situation it would be difficult to use the computer because after x minutes the computer would want the password even in the case of continuous user activity.
>
setup yourself by adding a cronjob for xflock4 in dom0.
qtpie
Mar 24, 2019, 12:29:30 AM3/24/19
to qubes...@googlegroups.com
'Andrzej Andrzej' via qubes-devel:
set this up yourself, especially the second one. About the first option
read here:
https://unix.stackexchange.com/questions/204669/automatically-shred-luks-partition-upon-x-failed-decryption-attempts#204681.
They second option you can setup by putting a cronjob for xflock4.
> I know that these two proposals may seem paranoid about security, so they could be at least optional and not default. I would like to have them enabled.
>
> 1. When decrypting the drive and entering the password after eg 4 incorrect passwords, the data could start to be erased. Maybe this is not an amazing option because the drive is encrypted but it is always an additional security measure in case of unauthorized attempt to access the computer.
>
> 2.Automatic screen lock every x minutes. I'm not talking here about a screen saver that works in a situation of inactivity. I am talking here about a tool that for example every 60 minutes would automatically block the screen with password. It may seem that this option does not make sense because there is a screen saver. Keep in mind that the screen saver will not work when someone pulls us away from the computer by force and use computer. If my option was implemented in Qubes OS then even in this situation it would be difficult to use the computer because after x minutes the computer would want the password even in the case of continuous user activity.
>
These are valid concerns, but as you say not for everybody. But you can
>
> 1. When decrypting the drive and entering the password after eg 4 incorrect passwords, the data could start to be erased. Maybe this is not an amazing option because the drive is encrypted but it is always an additional security measure in case of unauthorized attempt to access the computer.
>
> 2.Automatic screen lock every x minutes. I'm not talking here about a screen saver that works in a situation of inactivity. I am talking here about a tool that for example every 60 minutes would automatically block the screen with password. It may seem that this option does not make sense because there is a screen saver. Keep in mind that the screen saver will not work when someone pulls us away from the computer by force and use computer. If my option was implemented in Qubes OS then even in this situation it would be difficult to use the computer because after x minutes the computer would want the password even in the case of continuous user activity.
>
set this up yourself, especially the second one. About the first option
read here:
https://unix.stackexchange.com/questions/204669/automatically-shred-luks-partition-upon-x-failed-decryption-attempts#204681.
They second option you can setup by putting a cronjob for xflock4.
Andrzej Andrzej
Mar 25, 2019, 4:55:46 PM3/25/19
to qubes...@googlegroups.com
I know that I can do everything in the system myself and I can even rebuild Qubes OS according to my own vision, but in my opinion, qubes-devel is a group where everybody can submit ideas about the content and functionality of the system and these are my two ideas and probably some people wanted to use it and this two ideas are completely compatible with the idea behind the Qubes OS system
Andrzej Andrzej
Mar 25, 2019, 4:56:31 PM3/25/19
to qubes...@googlegroups.com
Reply all
Reply to author
Forward
0 new messages