Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
on the online security issue. I'm sure you are right, and linux is much more secure online.
However, that isn't relevant in this case. Only physical theft is.
I want to move to linux, as i'm fed up of having to reinstall everything with windows every few months.
On the bond issue. What you do or do not think as to the motive of the question is quite irrelevant.
The question is a technical one.
the question is how could a linux system be tailored if necessary to provide the high security provided by windows/drivecyrpt.
btw.
freud would be quite concerned as to what your presumptions revealed.
plausible deniability = beating rubber glove decryption, often subcontracted to lawless governments, by your saintly agencies.
if agencies/politicians and their ilk were as truthful/saintly as you seem to be thinking, there would be no need for human rights lawyers and groups such as amnesty etc. (who btw have to operate under lawless jurisdictions often), and there would be no acceptance of the house of lords sanctioning torture by using (almost always incorrect) information obtained from it.
Well, I think your question is too specific; you're thinking inside your pre-existing box.
Thinking outside the box, running a LiveCD distro like Mepis may be close to what you really need. There's no concerns about reinstalling the software since you never install the software in the first place. There's no need to encrypt your whole hard drive because THERE IS NO HARD DRIVE.
For convenience, you'd probably want a couple copies of the OS CD. The physical existence of this CD is pretty obvious, but so what? It's just an operating system. There's no personal information on the CD whatsoever. There's also no chance for any sort of spyware or viruses or whatever to get installed on your OS CD. It just can't happen.
Originally posted by lawmaker I want to move to linux, as i'm fed up of having to reinstall everything with windows every few months.
BTW, on a clean, lean Windows install this should NOT be a problem. I've run Windows of all sorts for years without reinstalling. It's pretty simple--I just never ran all that much software on Windows and didn't go out of my way to get infected with malware (like using Outlook Express or Internet Explorer or Microsoft Word).
If you're needing to reinstall software every few months, then you probably have some troubling security issues related to that already.
Originally posted by IsaacKuo Well, I think your question is too specific; you're thinking inside your pre-existing box.
Thinking outside the box, running a LiveCD distro like Mepis may be close to what you really need. There's no concerns about reinstalling the software since you never install the software in the first place. There's no need to encrypt your whole hard drive because THERE IS NO HARD DRIVE.
you are right.
this is a possibilty only with linux and i will look into it.
however, i see the following problems:
1. live cd would always be slower than hd os. not practical on daily basis.
2. couldn't install additional programs into it, that i wish to use and or tinker with. (i love tinkering)
3. would still need to save certain settings, url favourites, application settings, office macros, printer drivers etc.
4. would still need hd for files, massive pdfs of whole cases scanned which amounts to thousands of pages. can't put on small storage. need large hd, encrypted to at least 1344 bit with 4 line entry, with hidden storage inside for plaus.den.
Ah, you like to tinker...that explains the instability of your Windows install...
My frank suggestion is pretty simple:
1. Dual boot Windows/Linux.
2. Keep your encrypted and secure Windows setup, but reduce the partition size to make room for Linux.
3. Use your secure Windows install ONLY for business. Don't tinker with it. Don't install any software you don't absolutely need for business. You should be able to run your Windows install more or less indefinitely if you just stop fiddling with it.
4. Use your Linux partition for tinkering. Have fun with it. Learn. Don't worry about security. Heck, don't worry about stability--if things get fubar'd, just reinstall. Or reinstall to experiment with another distro. It's fun. Do NOT do any business with it yet!
After you get familiar with Linux, maybe you can consider doing some of the suggestions in this thread for your business. But don't tinker around in your "secure environment". You'll still want to dual boot--between Linux and Linux, perhaps.
i understand the solutions, but they all seem like compromises and as a devil's advocate, it seems that linux is not up to the challenge in the full specs given.
at least no comprehensive solution has been developed yet for it.?
i did ask drivecrypt if they would port to linux, and they said yes, but it will take a long time coming.
Originally posted by lawmaker i understand the solutions, but they all seem like compromises and as a devil's advocate, it seems that linux is not up to the challenge in the full specs given.
It's not Linux's fault that you happen to already be familiar with Windows. If you were familiar with Linux and not Windows, then it would be equally impossible to expect to obtain a high level of privacy protection while transitioning to Windows.
Anyway, the last two suggestions are not compromises, but actually IMPROVEMENTS over your current situation. Your current situation is a compromise--you're compromising your precious security by tinkering with your mission critical system. Put bluntly, that's stupid. Your true level of security is far, far, far lower than you think. The fact that you have to reinstall Windows every few months is evidence of that.
The solution which is NOT a compromise is simple--dual boot so you can tinker with your "play" environment while keeping your mission critical environment safe.
Originally posted by lawmaker live cd would always be slower than hd os. not practical on daily basis.
actually, some live cds can be even faster than a hdd installed distro when you choose the "run from ramdisk" option...
Quote:
couldn't install additional programs into it, that i wish to use and or tinker with. (i love tinkering)
lots of live cds give you the option of doing live package installs... also, keep in mind that most major live cd distros come with instructions on how to customize the cds, so that your live cd will have exactly what you want - nothing more and nothing less... a perfect example of this is morphix...
Quote:
would still need to save certain settings, url favourites, application settings, office macros, printer drivers etc.
this is not a problem at all... all of your personal settings and configs get stored on your USB thumbdrive (which can also be encrypted)... when the live cd boots, it loads your stored settings from the thumbdrive... so no matter where you boot the live cd, your desktop and personal settings/documents will be the same...
Quote:
would still need hd for files, massive pdfs of whole cases scanned which amounts to thousands of pages. can't put on small storage. need large hd
well, you could still use your current hard disk for this while using a live cd... like, one huge blowfish 448-bit encrypted partition on your drive, and nothing else, for example... you can set the live cd to prompt you for the password to mount the encrypted partition...
Quote:
encrypted to at least 1344 bit with 4 line entry
personally, i'm not sure how to achieve this on linux... 1344-bit blowfish basically means that it's run through 448-bit blowfish three times, right?? if so, then i'd imagine this could be scripted somehow... but like i said, i'm not sure...
maybe someone could start a project to create some kinda solution similar to drivecrypt but open source and for linux... the project could use the "distro" methodology of bringing together a variety of tools under one roof for a specific purpose and audience - the project's maintainer wouldn't really need to actually mess with the individual tools - the idea would be be to bring together root, home, and swap encryption, as well as steganography, etc... these are all things that linux can do, but the tools to do this are currently all over the place and it might be nice thing to get all of these things in a cetralized package... i know that non-newbies would probably feel very uncomfortable about using a GUI app for these kinda things, as they would rather read and learn how to do this stuff on their own from the shell, but there could be a CLI base for non-newbies and a GUI front-end aimed at (ex) drivecrypt/windows users, for example... anyways, just a thought...
Distribution: slamd64 2.6.12 Slackware 2.4.32 Windows XP x64 pro
Posts: 383
Rep:
If you are worried about it being stolen why not set a password in the bios to something like: 1as.ghr,2344*fduefdw/?zx!@~ ? I mean encryption is availible for any os. Don't expect hand outs do the reading yourself.
Originally posted by lawmaker on the online security issue. I'm sure you are right, and linux is much more secure online.
However, that isn't relevant in this case. Only physical theft is.
I want to move to linux, as i'm fed up of having to reinstall everything with windows every few months.
On the bond issue. What you do or do not think as to the motive of the question is quite irrelevant.
The question is a technical one.
the question is how could a linux system be tailored if necessary to provide the high security provided by windows/drivecyrpt.
btw.
freud would be quite concerned as to what your presumptions revealed.
plausible deniability = beating rubber glove decryption, often subcontracted to lawless governments, by your saintly agencies.
if agencies/politicians and their ilk were as truthful/saintly as you seem to be thinking, there would be no need for human rights lawyers and groups such as amnesty etc. (who btw have to operate under lawless jurisdictions often), and there would be no acceptance of the house of lords sanctioning torture by using (almost always incorrect) information obtained from it.
we detract. let's return to the technical query.
I think you're living on a different planet.
I suggest your data is so sensitive and valuable to nasty people, you shouldn't store it on computer. You should: -
Learn an obscure Himilayan language.
Recite all the information onto a dictaphone, using your new found language skill
buy a safe and put it in,
find some remote woodland and bury it.
Otherwise, your information will be aquired by those agencies you think I own. If I wanted your information and I was one of those "saintly agencies", I'd hire a few guys to take you and your precious laptop somewhere unpleasant and apply life threatening coercion until you either supplied me with the access codes, or your information became instantly obselete. Then, I'd use the far superior technology my agencies have available to decrypt the data anyway.
What concerns me, is you claim to know what I'm thinking. If you can read minds, guess what I'm thinking about you right now?
I think you should stick with Windows, preferably Win 98. Excellent, stable, secure and you can play solitaire on it. What more do you need?
Originally posted by lawmaker i agree, that's not fair.
is there a commercial/freeware third party add on(s), that would compete with my current security.
encrypting /home wouldn't compare at all with the specs i gave at the beginning.
1. temporary files could be seen possibly.
Easy fix: have your shutdown script clear /tmp
Quote:
2. settings could be seen elsewhere.
Pointless, if you have your data stored in one encrypted location. Who cares if someone sees that you use gnome rather than kwin, the One True Window Manager
Quote:
3. /home wouldn't be 1344 bit triple blowfish.
. . . which is not 100% secure (no algorithm is) but why wouldn't it be blowfish? You have the full source for the kernel and for filesystem modules, so there is no reason you couldn't have a bluefish, pgp, or even a simple xor algorithm run natively behind the scenes.
Quote:
4. entry wouldn't be 4 lines + fingerprint
Again, why wouldn't it be? You have the source, you can get the drivers for a fingerprint reader, and again, you're comparing (Windows + third party software + now biometric hardware) against (linux out of the box with no add-ons) - not a valid comparison. If you want to compare Windows out of the box to Linux, you're comparing an inherently insecure closed-source filesystem (I can take any given Windows HDD and put it in any WinXP box and mount it) against a system which is open-source, where you can modify the kernel to do whatever gives you satisfaction.
Quote:
5. the os existence would be revealed
Ditto with Windows.
Quote:
6. plausible deniability would not exist.
Ditto for Windows.
Quote:
7. swap file/virtual memory would reveal masses of info.
This again is EASY to solve. Have your shutdown script dd 0x00 0xff alternatively over the swap partition - or load the system up with enough RAM that you do not need swap. Or use an encrypted swap file (via filesystem plugin in oh, say, Resiser4) instead of a standard swap partition. Again, Linux takes the lead here.
Quote:
so many failings of that way.
Au contraire, it looks like you've touched on an EXCELLENT product and business opportunity.
Quote:
please please, there must be a linux solution to beat windows/drivecrypt on this issue of security.
Linux solutions for this are limited only by your resourcefulness.
i think the suggestion for getting a project going ilke suggested is good for the future. i don't know how that is done, but it would be nice to get something like that one day.
In the meantime, it seems the linux approach is less user friendly, so will require just loads of reading, but i can still see some things that won't be covered; eg. os fully encrypted. etc.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.