LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 06-16-2012, 09:30 PM   #1
mrcrilly
LQ Newbie
 
Registered: May 2011
Posts: 3

Rep: Reputation: Disabled
Checking for Encryption Leaks/Weaknesses (CentOS 6.2 64-bit, LVM & LUKS)


Greetings,

Thanks for taking the time to read my post. I will try to provide as much information as possible.

I want to create a heavily encrypted server for e-mail and other forms of communication (such as Jabber for IM). The idea is that all sensitive communications are secured when/if they hit the disk. Transport layer security is being handled via SSL/TLS and or a VPN connection. I have managed to get an encrypted partition in place with LVM and LUKS. For example, using a simple CentOS 6.2 VM (VirtualBox), let's create a "lab":

0) Create minimal CentOS 6.2 VM;
1) Add an additional disk in VBox;
2) pvcreate, vgextend and lvcreate the additional disk;
3) cryptsetup luksFormat;
4) cryptsetup luksOpen;
5) mke2fs;
6) mount.

That's all fine, and the mounted partition works as expected. It's also being added to cryptfs for auto-mounting at bootup, prompting me for the passphrase (which is fine). Here are my questions based on this setup:

0) Am I missing anything obvious which could hinder the security of this setup?
1) How do I check for weaknesses or try and exploit this setup to find a way "through" the encryption?
2) I've read about data leaks through swap files and memory dumps - how do I prevent these?
3) Should, and indeed can I, encrypt my root partition also, having a separate /boot partition, allowing the system to boot?

By profession, I am Linux systems administrator, but this level of security is not something I've ever done before now; security is something I've always been interested in, but I have never really activity chased after the knowledge surrounding it, until now.

Any help/advice would be great and of course, if any further information is needed, just ask! :-)
 
Old 06-17-2012, 01:36 PM   #2
NyteOwl
Member
 
Registered: Aug 2008
Location: Nova Scotia, Canada
Distribution: Slackware, OpenBSD, others periodically
Posts: 512

Rep: Reputation: 139Reputation: 139
0) That depends on what you expect the system to provide.

1) The first obvious weakness is the passphrase; it should be a strong one. The second isn't so much a weakness as a limitation of the type of encryption. LUKS is encryption for "data-at-rest". That is to say, so long as the system is running and the encrypted partitions unlocked, they appear to the system the same as any other partition and are just as vulnerable to the vagaries of the computer world. If you want files and directories that are encrypted to some users and not others (data-in-use), you'll need to use an encrypted file system such as EncFS or use containers such as TrueCrypt. The LUKS encryption only protects the data on the drive when it is not mounted (or when the system is off).

2) You can encrypt your swap file quite easily (and independently of any other encryption). It is always a good idea to do this whether you use encryption elsewhere in the system or not. Preventing memory dumps basically requires partitioning memory so that a user has no access outside their own little block. It is the principle sued with VPS (virtual Private Servers). If a person has physical access to the machine these can be difficult to impossible to guard against completely. One of the first steps is to disable IEEE-1394 (Firewire) interfaces as they have direct memory access.

3) Yes this is easy to do. You leave a small /boot partition containing the kernel, initrd and the needed boot files and encrypt the rest. Ii hae my systems set up this way. For extra security you can store the /boot partition and boot loader on a USB key and set the system in BIOS to boot from that device. Without the proper USB key the system will look like there is no OS on it at all. (Note if you go this route make sure you have at least one duplicate USB key in a separate secure location.

If you are hardening your systems and require ACL (access control lists) you may want to look into the SELinux extensions.

Last edited by NyteOwl; 06-17-2012 at 01:38 PM. Reason: fixed typos
 
Old 06-17-2012, 03:48 PM   #3
mrcrilly
LQ Newbie
 
Registered: May 2011
Posts: 3

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by NyteOwl View Post
0) That depends on what you expect the system to provide.

1) The first obvious weakness is the passphrase; it should be a strong one. The second isn't so much a weakness as a limitation of the type of encryption. LUKS is encryption for "data-at-rest". That is to say, so long as the system is running and the encrypted partitions unlocked, they appear to the system the same as any other partition and are just as vulnerable to the vagaries of the computer world. If you want files and directories that are encrypted to some users and not others (data-in-use), you'll need to use an encrypted file system such as EncFS or use containers such as TrueCrypt. The LUKS encryption only protects the data on the drive when it is not mounted (or when the system is off).
The passphrase shouldn't be an issue. I will use two-factor authentication: a passphrase in my head, and a Yubikey to push out 37 characters of randomness. This will make for a large, difficult/impossible (given time as a factor) passphrase to crack.

The two forms of encryption state you mention are interesting. I think "data-at-rest" will be fine as SSH/shell access to the server will be very difficult to obtain (i usually have two/three management VMs around the world... only their IPs can SSH in to the server. The SSHd is also on a private IPv6 address, where-as the services are all on a single, public facing IPv4 address). This difficulty with gaining shell access should make data-at-rest suitable for my needs.

That being said, data-at-use sounds good, too. I should experiment with TrueCrypt and see what I can produce.

Quote:
Originally Posted by NyteOwl View Post
2) You can encrypt your swap file quite easily (and independently of any other encryption). It is always a good idea to do this whether you use encryption elsewhere in the system or not. Preventing memory dumps basically requires partitioning memory so that a user has no access outside their own little block. It is the principle sued with VPS (virtual Private Servers). If a person has physical access to the machine these can be difficult to impossible to guard against completely. One of the first steps is to disable IEEE-1394 (Firewire) interfaces as they have direct memory access.
I don't think physical access will be an issue, in all honesty, but it's worth knowing about. Memory segmentation is possible, I guess. I could house the services I intend to use in a KVM VM, separating the memory used. Thoughts on this?

Quote:
Originally Posted by NyteOwl View Post
3) Yes this is easy to do. You leave a small /boot partition containing the kernel, initrd and the needed boot files and encrypt the rest. Ii hae my systems set up this way. For extra security you can store the /boot partition and boot loader on a USB key and set the system in BIOS to boot from that device. Without the proper USB key the system will look like there is no OS on it at all. (Note if you go this route make sure you have at least one duplicate USB key in a separate secure location.
Nice idea with the USB pen drive. I think I will look into this at home, but my queries revolve around the concept of a remote server :-)

Thanks very much for your input. I shall adjust my research accordingly based on what you've given me.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LUKS encryption, sets xyzone Linux - Security 1 06-21-2010 01:43 AM
Security of LUKS encryption PlatinumX Linux - Security 5 06-06-2009 05:08 PM
How secure LUKS/LVM disk encryption really is? <Ol>Origy Linux - Security 14 03-09-2009 01:09 PM
LUKS encryption question DarkpawT Linux - Software 4 11-05-2008 02:18 AM
Easy way of checking fro memory leaks ? qwijibow Programming 2 04-20-2005 06:45 PM


All times are GMT -5. The time now is 06:36 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration