Comment on Encrypting data on local servers?
ladfrombrad@lemdro.id 1 week agoI like this, and I suppose it’s a shame a Rasp Pi can’t be WOL’ed.
But could another SFF single use/secured device on the same network that doesn’t have FDE, also provide that key only if and when you wake it up (manually decrypt the file after ssh’ing into it too?) instead of having a USB drive directly plugged into the main server so, if a nefarious person does have away with the main bounty they’re fugged without said second hidden device on the same network?
ryokimball@infosec.pub 1 week ago
I just bought some PoE hats for my rpis, and have a managed PoE switch; rumor is, this combo basically translates to rPi WoL.
(Not meaning to ignore the rest of your comment, but not in a position to respond fully)
ladfrombrad@lemdro.id 1 week ago
That would be neat.
Like someone else said in here maybe the OP could use a really long cable to a USB drive away from the main server, but I do like the idea of something using hybrid wire(less) to auth.
They could even have a UPS underneath a Pi Zero and, have a PoE HAT too + travel router. Plug in LTE USB with backup SIM card, epoxy all that together and then hide it?
lol, paranoia fixed.