Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I have long advocated for disabling tpm in bios, uefi-boot raw dm-crypt to even get grub much less init. This is also how I have done encrypted disks in the cloud using dropbear ssh as an initram shim for key/pass entry. Bios boot pass is annoying but required. Watch your acess/auth logs. Run a HIDS. Isolate your procs and especially their network comms. Security is an onion, not that most c-suites have any idea these days, blinded by fast talkers.


if security is an onion, why do you advocate for throwing the baby out with the bathwater?


Could you be more specific please?


What's your way of providing laptops to your employees? For simplicity, let's assume everyone is located in the same country.


Setup in house via imaging then control once vpn is established via cac tooling. I've run all linux laptop fleets this way before so it does work but I have some ideas on improvement. PXE is a weak protocol in the stack for example.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: