Results 1 to 11 of 11

Thread: Secure Linux system?

  1. #1
    Registered User
    Join Date
    Aug 2003
    Location
    Somewhere:D.
    Posts
    312
    Thanks
    12
    Thanked
    2 times in 2 posts
    • Cuffz's system
      • Motherboard:
      • Foxconn
      • CPU:
      • Core 2 Quad 8200+
      • Storage:
      • 3+ TB
      • Operating System:
      • Windows Seven
      • Monitor(s):
      • 24" 1920 x 1080
      • Internet:
      • O2 8mb. ADSL2+

    Secure Linux system?

    Hi!

    I'm looking into ways to make my laptop and other systems secure, very secure indeed. My questions...
    What's the most user friendly Linux version of a BitLocker type product? I need the boot drive etc to be encrypted.
    Is there a more secure file system I can use on Linux? for example when you delete a file it's metadata and data isn't left in a recoverable state on the disk like NTFS. I'm aware of additional tools to securely delete stuff and overwrite mft records, but it'd be nice if it was a feature of the file system without the extra hassle.

  2. #2
    Senior Member
    Join Date
    Aug 2008
    Posts
    492
    Thanks
    8
    Thanked
    106 times in 80 posts

    Re: Secure Linux system?

    I think most modern distros incorporate LUKS/dm-crypt out-of-the-box - there's a Ubuntu 8.04 walkthrough here (note that you'll need the "alternate" install disc). It doesn't look too complicated, although I've never tried it myself.

    The encryption works at block level, so I wouldn't worry too much about the filesystem sitting on top of it, no-one's getting at that data without the passphrase.

  3. #3
    Registered User
    Join Date
    Aug 2003
    Location
    Somewhere:D.
    Posts
    312
    Thanks
    12
    Thanked
    2 times in 2 posts
    • Cuffz's system
      • Motherboard:
      • Foxconn
      • CPU:
      • Core 2 Quad 8200+
      • Storage:
      • 3+ TB
      • Operating System:
      • Windows Seven
      • Monitor(s):
      • 24" 1920 x 1080
      • Internet:
      • O2 8mb. ADSL2+

    Re: Secure Linux system?

    Quote Originally Posted by CaptainCrash View Post
    I think most modern distros incorporate LUKS/dm-crypt out-of-the-box - there's a Ubuntu 8.04 walkthrough here (note that you'll need the "alternate" install disc). It doesn't look too complicated, although I've never tried it myself.

    The encryption works at block level, so I wouldn't worry too much about the filesystem sitting on top of it, no-one's getting at that data without the passphrase.
    This helps a lot, thanks, but I'm still very curious to know if there is a more secure, usable, file system in existence, one where.. for example... the *MFT* is not allowed to grow infinitely with useless, redundant records.

    for Windows... I wonder if there is a tool to create a duplicate of the MFT with the active records, minus the redundant ones.. checking everything is OK, and then replacing the old MFT with the new optimized MFT.
    Last edited by Cuffz; 06-03-2010 at 03:51 PM.

  4. #4
    Senior Member watercooled's Avatar
    Join Date
    Jan 2009
    Posts
    11,478
    Thanks
    1,541
    Thanked
    1,029 times in 872 posts

    Re: Secure Linux system?

    You could use Truecrypt to encrypt the entire drive, it has barely any impact on IO performance and you can just install it on an existing OS select encrypt OS drive and it will do the work in the background.

  5. #5
    Registered User
    Join Date
    Aug 2003
    Location
    Somewhere:D.
    Posts
    312
    Thanks
    12
    Thanked
    2 times in 2 posts
    • Cuffz's system
      • Motherboard:
      • Foxconn
      • CPU:
      • Core 2 Quad 8200+
      • Storage:
      • 3+ TB
      • Operating System:
      • Windows Seven
      • Monitor(s):
      • 24" 1920 x 1080
      • Internet:
      • O2 8mb. ADSL2+

    Re: Secure Linux system?

    Quote Originally Posted by watercooled View Post
    You could use Truecrypt to encrypt the entire drive, it has barely any impact on IO performance and you can just install it on an existing OS select encrypt OS drive and it will do the work in the background.
    Interesting.. I wonder if it has better performance than Bitlocker.. but more importantly.. may I setup TC in a manner similar to the way I have bitlocker setup now? e.g. My system requires me to attach a usb thumbdrive with the correct key file in order for it to boot up...

    my only interest in a linux solution now would be if it offers a superior file system in the terms that I've described.

    After reading about the NTFS MFT earlier.. I come to think that it is impossible to remove MFT records, only to overwrite them, which is something at least.. essential for security.
    Last edited by Cuffz; 07-03-2010 at 10:42 PM.

  6. #6
    Senior Member watercooled's Avatar
    Join Date
    Jan 2009
    Posts
    11,478
    Thanks
    1,541
    Thanked
    1,029 times in 872 posts

    Re: Secure Linux system?

    TC does support security tokens so yeah I think you should be able to do the same thing. Or if you mean it's just a regular flash drive you use then you could store a key file on, with or without a password.

  7. #7
    Senior Member oolon's Avatar
    Join Date
    Mar 2007
    Location
    London
    Posts
    2,294
    Thanks
    150
    Thanked
    302 times in 248 posts
    • oolon's system
      • Motherboard:
      • Asus P6T6
      • CPU:
      • Xeon w3680
      • Memory:
      • 3*4GB Kingston ECC
      • Storage:
      • 160GB Intel G2 SSD
      • Graphics card(s):
      • XFX HD6970 2GB
      • PSU:
      • Corsair HX850
      • Case:
      • Antec P183
      • Operating System:
      • Windows 7 Ultimate and Centos 5
      • Monitor(s):
      • Dell 2408WFP
      • Internet:
      • Be* Unlimied 6 down/1.2 up

    Re: Secure Linux system?

    Something like this to mount.

    Creating the disk, either use a whole device from the partition table, lvm or create a bit file using dd, really you should write random data to the device first, but that will take alot of time, you could create a few large randomised files then cat them in random orders to the disk space.

    /sbin/losetup /dev/loop2 /mydisk/secure.cyp
    /sbin/cryptsetup -c aes-cbc-essiv:sha256 create dm-secure_cyp /dev/loop2
    mkfs.ext3 /dev/loop2
    /sbin/cryptsetup remove dm-secure_cyp
    /sbin/losetup -d /dev/loop2

    Alway create the device format it then remove it to make sure you have the password correct!


    /sbin/losetup /dev/loop2 /mydisk/secure.cyp
    /sbin/cryptsetup -c aes-cbc-essiv:sha256 create dm-secure_cyp /dev/loop2
    mount /dev/mapper/dm-secure_cyp /home/secure

    umount /home/secure
    /sbin/cryptsetup remove dm-secure_cyp
    /sbin/losetup -d /dev/loop2
    (\__/) All I wanted in the end was world domination and a whole lot of money to spend. - NMA
    (='.*=)
    (")_(*)

  8. #8
    The late but legendary peterb - Onward and Upward peterb's Avatar
    Join Date
    Aug 2005
    Location
    Looking down & checking on swearing
    Posts
    19,378
    Thanks
    2,892
    Thanked
    3,403 times in 2,693 posts

    Re: Secure Linux system?

    Depends what you are trying to do.

    If you are securing data-at-rest, then Truecrypt (as a whole disk encryptor) will work, as will oolon's solution above. Alternatively you could use a hardware solution such as Flagstone.

    If you are after a more secure fiole access system, then Linux SE (Security Extensions) is a very customisaeable policy based system for access control - but not at all easy to set up!

    If you are concerned about artefacts left behind on your disk, that is another problem although data-at-rest protection will also provide some protection against that.
    (\__/)
    (='.'=)
    (")_(")

    Been helped or just 'Like' a post? Use the Thanks button!
    My broadband speed - 750 Meganibbles/minute

  9. #9
    Not a good person scaryjim's Avatar
    Join Date
    Jan 2009
    Location
    Gateshead
    Posts
    15,196
    Thanks
    1,231
    Thanked
    2,291 times in 1,874 posts
    • scaryjim's system
      • Motherboard:
      • Dell Inspiron
      • CPU:
      • Core i5 8250U
      • Memory:
      • 2x 4GB DDR4 2666
      • Storage:
      • 128GB M.2 SSD + 1TB HDD
      • Graphics card(s):
      • Radeon R5 230
      • PSU:
      • Battery/Dell brick
      • Case:
      • Dell Inspiron 5570
      • Operating System:
      • Windows 10
      • Monitor(s):
      • 15" 1080p laptop panel

    Re: Secure Linux system?

    TrueCrypt's very good, another vote from me. I use it at work to encrypt the machines we do data analysis on as some of our data is personally identifiable. When I did a performance test post-encryption to see what effect it had on our analysis processes, they actually ran slightly faster post-encryption. Not that I'm saying it will speed up the system, mind you, but based on that it certainly shouldn't slow it down

  10. #10
    Senior Member watercooled's Avatar
    Join Date
    Jan 2009
    Posts
    11,478
    Thanks
    1,541
    Thanked
    1,029 times in 872 posts

    Re: Secure Linux system?

    Yeah I heard it can increase disk performance but I haven't benchmarked it myself. Does it affect CPU load much?

  11. #11
    Not a good person scaryjim's Avatar
    Join Date
    Jan 2009
    Location
    Gateshead
    Posts
    15,196
    Thanks
    1,231
    Thanked
    2,291 times in 1,874 posts
    • scaryjim's system
      • Motherboard:
      • Dell Inspiron
      • CPU:
      • Core i5 8250U
      • Memory:
      • 2x 4GB DDR4 2666
      • Storage:
      • 128GB M.2 SSD + 1TB HDD
      • Graphics card(s):
      • Radeon R5 230
      • PSU:
      • Battery/Dell brick
      • Case:
      • Dell Inspiron 5570
      • Operating System:
      • Windows 10
      • Monitor(s):
      • 15" 1080p laptop panel

    Re: Secure Linux system?

    Don't think so - I'd need to have another play to be sure, but the process I tested is fairly processor intensive, so I'd guess not I assume the disk performance improvements are because it caches more aggressively to aid in the on-the-fly encryption / decryption. I'll have a couple of new machines to do soon anyway, so might have a proper benching session on those to see what difference it makes...

  12. Received thanks from:

    watercooled (08-03-2010)

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Buying my first scan 3xs system, advice?
    By Mark_Solo in forum SCAN 3XS Systems Support
    Replies: 83
    Last Post: 14-03-2009, 12:59 PM
  2. Whither Linux?
    By Nick in forum Question Time
    Replies: 49
    Last Post: 11-11-2005, 06:06 PM
  3. Basic laptop Linux system?
    By SansSouci in forum Software
    Replies: 16
    Last Post: 24-03-2005, 01:44 PM
  4. We heard your feedback on Newegg....
    By DR in forum General Discussion
    Replies: 33
    Last Post: 05-03-2005, 08:13 PM
  5. Abit NF7-S revision 2 information
    By Lee H in forum SCAN.care@HEXUS
    Replies: 22
    Last Post: 30-10-2004, 07:13 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •