Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
software:encryption [2011/12/20 14:30] cyril [Boot security] |
software:encryption [2015/07/30 21:39] (current) cyril [Application data and system partition] |
||
---|---|---|---|
Line 12: | Line 12: | ||
Ensure that your computer remains locked when unattended. Ask password for login, systematically manually lock it when you leave it, set up your screen saver to automatically lock it after a few minute of user inactivity in case you forget, and configure it to be locked when it resumes from sleeping. | Ensure that your computer remains locked when unattended. Ask password for login, systematically manually lock it when you leave it, set up your screen saver to automatically lock it after a few minute of user inactivity in case you forget, and configure it to be locked when it resumes from sleeping. | ||
+ | ==== Good passwords ==== | ||
+ | |||
+ | Not only your encryption password must be robust, but also your user and root session passwords (I mean passphrases!), | ||
+ | |||
+ | Also if you are more worried about the security of your data than of your system, you may want to avoid asking your password for sudo. If someone get access to your machine unlocked, then your data are compromised, | ||
+ | |||
+ | And avoid connecting to your machine from not very secure machines (eg prefer scp-ing from your machine to the remote machine than the contrary). | ||
==== When to mount ==== | ==== When to mount ==== | ||
- | If your data are very sensitive and you suspect some advanced hackers could try to gain access to it, you should only keep the volumes mounted when you need to use it, and unmount it as soon as you don't need it. To ease it you should have a separate volume for every category of sensitive data you have. It should never be mounted when the computer is unattended, idle, sleeping, or when you are traveling with it. The reason is that it is not that difficult to recover the encryption keys in the RAM if the volume is mounted, even if it is not possible to use the current session; see [[http:// | + | If your data are very sensitive and you suspect some advanced hackers could try to gain access to it, you should only keep the volumes mounted when you need to use it, and unmount it as soon as you don't need it. To ease it you should have a separate volume for every category of sensitive data you have. It should never be mounted when the computer is unattended, idle, sleeping, or when you are traveling with it. The reason is that it is not that difficult to recover the encryption keys in the RAM if the volume is mounted, even if it is not possible to use the current session; see [[http:// |
- | If you data are not very sensitive but you just want to prevent the average hacker thief to get your data, keep it mounted and follow the rest of the instructions. | + | If your data are not very sensitive but you just want to prevent the average hacker thief to get your data, you can keep the volumes |
==== Indexing ==== | ==== Indexing ==== | ||
Line 53: | Line 60: | ||
Sensitive/ | Sensitive/ | ||
- | The next step is to encrypt your whole system partition. It is necessary if your data are very sensitive and you suspect some advanced | + | The next step is to encrypt your whole system partition. It is necessary if your data are very sensitive and you suspect some hackers could try to gain access to it, to prevent from installing spy programs on it (by booting on a live OS or extracting the hard drive). But then it is possible to attack the unencrypted boot partition, which is not really harder because of the needed initramfs, so you also need to encrypt it and have grub decrypt it. You should also verify the integrity of grub, the MBR, and the BIOS. |
Encrypting the whole system partition also encrypts the swap file if there is one. If you are using a swap partition you may want to encrypt it as well (a swap file on an encrypted partition). | Encrypting the whole system partition also encrypts the swap file if there is one. If you are using a swap partition you may want to encrypt it as well (a swap file on an encrypted partition). | ||
Line 61: | Line 68: | ||
You can add extra security at boot, depending on the amount of security you want, and the everyday burden it will bring: | You can add extra security at boot, depending on the amount of security you want, and the everyday burden it will bring: | ||
* disable boot from network, usb and cdrom, and set a BIOS administrator password that will be needed to reenable it, just to force attackers to physically remove the RAM and disk if they want to attack them, and to make them waste time so that RAM information can decay a little bit if they didn't anticipate. It will also complicate their task if they want to compromise your system. All of this without asking you a password at boot every time. | * disable boot from network, usb and cdrom, and set a BIOS administrator password that will be needed to reenable it, just to force attackers to physically remove the RAM and disk if they want to attack them, and to make them waste time so that RAM information can decay a little bit if they didn't anticipate. It will also complicate their task if they want to compromise your system. All of this without asking you a password at boot every time. | ||
- | * set a BIOS password that will be needed to boot the machine. | + | * set a BIOS password that will be needed to boot the machine. Same effect as before, although you have to enter a password at boot every time. You may however be able to bypass the password on reboot, and set a common password with the hdd that will be prompted only once. |
- | * set a hard drive password that will be needed to use the hard drive at boot. It can be defeated by a qualified attacker (such as a data recovery company), you have to enter the password at each boot, and if you forget it the drive is lost, but it is a good way to prevent your system from being compromised. | + | * set a hard drive password that will be needed to use the hard drive at boot. It can be defeated by a qualified attacker (such as a data recovery company, or maybe some software but probably not without erasing the data if max security mode was selected), you have to enter the password at each boot, and if you forget it the data are lost (or the drive if you don't have the right recovery software), but it is a good way to prevent your system from being compromised. |
- | * always | + | * if you leave it unattended in sleep mode rather than shut down, you can detect that is has been rebooted and may be compromised (but it is more problematic for cold boot attacks |
+ | * black list the firewire modules to prevent cold boot DMA attacks | ||
==== The system and the environment ==== | ==== The system and the environment ==== |