LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Closed Thread
  Search this Thread
Old 03-07-2005, 04:13 PM   #16
lawmaker
LQ Newbie
 
Registered: Mar 2005
Posts: 18

Original Poster
Rep: Reputation: 0

on the online security issue. I'm sure you are right, and linux is much more secure online.

However, that isn't relevant in this case. Only physical theft is.

I want to move to linux, as i'm fed up of having to reinstall everything with windows every few months.

On the bond issue. What you do or do not think as to the motive of the question is quite irrelevant.

The question is a technical one.

the question is how could a linux system be tailored if necessary to provide the high security provided by windows/drivecyrpt.

btw.

freud would be quite concerned as to what your presumptions revealed.

plausible deniability = beating rubber glove decryption, often subcontracted to lawless governments, by your saintly agencies.

if agencies/politicians and their ilk were as truthful/saintly as you seem to be thinking, there would be no need for human rights lawyers and groups such as amnesty etc. (who btw have to operate under lawless jurisdictions often), and there would be no acceptance of the house of lords sanctioning torture by using (almost always incorrect) information obtained from it.

we detract. let's return to the technical query.
 
Old 03-07-2005, 04:25 PM   #17
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 379Reputation: 379Reputation: 379Reputation: 379
linux journal has a few nice articles you might want to read:


article on BestCrypt:

http://www.linuxjournal.com/article/5938


article on root filesystem encryption:

http://www.linuxjournal.com/article/7743


article on encrypting your home folder:

http://www.linuxjournal.com/article/6481


also, if you are really into the whole plausible deniability thing take a look at StegFS:

http://stegfs.sourceforge.net/
 
Old 03-07-2005, 04:33 PM   #18
IsaacKuo
Senior Member
 
Registered: Apr 2004
Location: Baton Rouge, Louisiana, USA
Distribution: Debian 9 Stretch
Posts: 2,349
Blog Entries: 8

Rep: Reputation: 384Reputation: 384Reputation: 384Reputation: 384
Well, I think your question is too specific; you're thinking inside your pre-existing box.

Thinking outside the box, running a LiveCD distro like Mepis may be close to what you really need. There's no concerns about reinstalling the software since you never install the software in the first place. There's no need to encrypt your whole hard drive because THERE IS NO HARD DRIVE.

For convenience, you'd probably want a couple copies of the OS CD. The physical existence of this CD is pretty obvious, but so what? It's just an operating system. There's no personal information on the CD whatsoever. There's also no chance for any sort of spyware or viruses or whatever to get installed on your OS CD. It just can't happen.
 
Old 03-07-2005, 05:00 PM   #19
IsaacKuo
Senior Member
 
Registered: Apr 2004
Location: Baton Rouge, Louisiana, USA
Distribution: Debian 9 Stretch
Posts: 2,349
Blog Entries: 8

Rep: Reputation: 384Reputation: 384Reputation: 384Reputation: 384
Quote:
Originally posted by lawmaker
I want to move to linux, as i'm fed up of having to reinstall everything with windows every few months.
BTW, on a clean, lean Windows install this should NOT be a problem. I've run Windows of all sorts for years without reinstalling. It's pretty simple--I just never ran all that much software on Windows and didn't go out of my way to get infected with malware (like using Outlook Express or Internet Explorer or Microsoft Word).

If you're needing to reinstall software every few months, then you probably have some troubling security issues related to that already.
 
Old 03-07-2005, 05:22 PM   #20
lawmaker
LQ Newbie
 
Registered: Mar 2005
Posts: 18

Original Poster
Rep: Reputation: 0
Quote:
Originally posted by IsaacKuo
Well, I think your question is too specific; you're thinking inside your pre-existing box.

Thinking outside the box, running a LiveCD distro like Mepis may be close to what you really need. There's no concerns about reinstalling the software since you never install the software in the first place. There's no need to encrypt your whole hard drive because THERE IS NO HARD DRIVE.
you are right.

this is a possibilty only with linux and i will look into it.

however, i see the following problems:

1. live cd would always be slower than hd os. not practical on daily basis.

2. couldn't install additional programs into it, that i wish to use and or tinker with. (i love tinkering)

3. would still need to save certain settings, url favourites, application settings, office macros, printer drivers etc.

4. would still need hd for files, massive pdfs of whole cases scanned which amounts to thousands of pages. can't put on small storage. need large hd, encrypted to at least 1344 bit with 4 line entry, with hidden storage inside for plaus.den.

as such, is there a way, inside the box?
 
Old 03-07-2005, 05:36 PM   #21
IsaacKuo
Senior Member
 
Registered: Apr 2004
Location: Baton Rouge, Louisiana, USA
Distribution: Debian 9 Stretch
Posts: 2,349
Blog Entries: 8

Rep: Reputation: 384Reputation: 384Reputation: 384Reputation: 384
Ah, you like to tinker...that explains the instability of your Windows install...

My frank suggestion is pretty simple:

1. Dual boot Windows/Linux.

2. Keep your encrypted and secure Windows setup, but reduce the partition size to make room for Linux.

3. Use your secure Windows install ONLY for business. Don't tinker with it. Don't install any software you don't absolutely need for business. You should be able to run your Windows install more or less indefinitely if you just stop fiddling with it.

4. Use your Linux partition for tinkering. Have fun with it. Learn. Don't worry about security. Heck, don't worry about stability--if things get fubar'd, just reinstall. Or reinstall to experiment with another distro. It's fun. Do NOT do any business with it yet!

After you get familiar with Linux, maybe you can consider doing some of the suggestions in this thread for your business. But don't tinker around in your "secure environment". You'll still want to dual boot--between Linux and Linux, perhaps.
 
Old 03-07-2005, 05:55 PM   #22
fancypiper
LQ Guru
 
Registered: Feb 2003
Location: Sparta, NC USA
Distribution: Ubuntu 10.04
Posts: 5,141

Rep: Reputation: 58
Or, better yet, build two boxen, one for Microsoft's bidding, one to do your own bidding.

Choice is good.
 
Old 03-07-2005, 06:03 PM   #23
lawmaker
LQ Newbie
 
Registered: Mar 2005
Posts: 18

Original Poster
Rep: Reputation: 0
i understand the solutions, but they all seem like compromises and as a devil's advocate, it seems that linux is not up to the challenge in the full specs given.

at least no comprehensive solution has been developed yet for it.?

i did ask drivecrypt if they would port to linux, and they said yes, but it will take a long time coming.

sigh.
 
Old 03-07-2005, 06:22 PM   #24
IsaacKuo
Senior Member
 
Registered: Apr 2004
Location: Baton Rouge, Louisiana, USA
Distribution: Debian 9 Stretch
Posts: 2,349
Blog Entries: 8

Rep: Reputation: 384Reputation: 384Reputation: 384Reputation: 384
Quote:
Originally posted by lawmaker
i understand the solutions, but they all seem like compromises and as a devil's advocate, it seems that linux is not up to the challenge in the full specs given.
It's not Linux's fault that you happen to already be familiar with Windows. If you were familiar with Linux and not Windows, then it would be equally impossible to expect to obtain a high level of privacy protection while transitioning to Windows.

Anyway, the last two suggestions are not compromises, but actually IMPROVEMENTS over your current situation. Your current situation is a compromise--you're compromising your precious security by tinkering with your mission critical system. Put bluntly, that's stupid. Your true level of security is far, far, far lower than you think. The fact that you have to reinstall Windows every few months is evidence of that.

The solution which is NOT a compromise is simple--dual boot so you can tinker with your "play" environment while keeping your mission critical environment safe.
 
Old 03-07-2005, 06:22 PM   #25
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 379Reputation: 379Reputation: 379Reputation: 379
Quote:
Originally posted by lawmaker
live cd would always be slower than hd os. not practical on daily basis.
actually, some live cds can be even faster than a hdd installed distro when you choose the "run from ramdisk" option...

Quote:
couldn't install additional programs into it, that i wish to use and or tinker with. (i love tinkering)
lots of live cds give you the option of doing live package installs... also, keep in mind that most major live cd distros come with instructions on how to customize the cds, so that your live cd will have exactly what you want - nothing more and nothing less... a perfect example of this is morphix...

Quote:
would still need to save certain settings, url favourites, application settings, office macros, printer drivers etc.
this is not a problem at all... all of your personal settings and configs get stored on your USB thumbdrive (which can also be encrypted)... when the live cd boots, it loads your stored settings from the thumbdrive... so no matter where you boot the live cd, your desktop and personal settings/documents will be the same...

Quote:
would still need hd for files, massive pdfs of whole cases scanned which amounts to thousands of pages. can't put on small storage. need large hd
well, you could still use your current hard disk for this while using a live cd... like, one huge blowfish 448-bit encrypted partition on your drive, and nothing else, for example... you can set the live cd to prompt you for the password to mount the encrypted partition...

Quote:
encrypted to at least 1344 bit with 4 line entry
personally, i'm not sure how to achieve this on linux... 1344-bit blowfish basically means that it's run through 448-bit blowfish three times, right?? if so, then i'd imagine this could be scripted somehow... but like i said, i'm not sure...

Quote:
with hidden storage inside for plaus.den.
http://stegfs.sourceforge.net/


maybe someone could start a project to create some kinda solution similar to drivecrypt but open source and for linux... the project could use the "distro" methodology of bringing together a variety of tools under one roof for a specific purpose and audience - the project's maintainer wouldn't really need to actually mess with the individual tools - the idea would be be to bring together root, home, and swap encryption, as well as steganography, etc... these are all things that linux can do, but the tools to do this are currently all over the place and it might be nice thing to get all of these things in a cetralized package... i know that non-newbies would probably feel very uncomfortable about using a GUI app for these kinda things, as they would rather read and learn how to do this stuff on their own from the shell, but there could be a CLI base for non-newbies and a GUI front-end aimed at (ex) drivecrypt/windows users, for example... anyways, just a thought...


Last edited by win32sux; 03-07-2005 at 08:43 PM.
 
Old 03-07-2005, 06:55 PM   #26
tormented_one
Member
 
Registered: Oct 2004
Location: Small Town USA
Distribution: slamd64 2.6.12 Slackware 2.4.32 Windows XP x64 pro
Posts: 383

Rep: Reputation: 30
If you are worried about it being stolen why not set a password in the bios to something like: 1as.ghr,2344*fduefdw/?zx!@~ ? I mean encryption is availible for any os. Don't expect hand outs do the reading yourself.
 
Old 03-07-2005, 07:10 PM   #27
antony.booth
LQ Newbie
 
Registered: Oct 2004
Location: UK
Distribution: Fedora
Posts: 23

Rep: Reputation: 15
Quote:
Originally posted by lawmaker
on the online security issue. I'm sure you are right, and linux is much more secure online.
However, that isn't relevant in this case. Only physical theft is.
I want to move to linux, as i'm fed up of having to reinstall everything with windows every few months.
On the bond issue. What you do or do not think as to the motive of the question is quite irrelevant.
The question is a technical one.
the question is how could a linux system be tailored if necessary to provide the high security provided by windows/drivecyrpt.
btw.
freud would be quite concerned as to what your presumptions revealed.
plausible deniability = beating rubber glove decryption, often subcontracted to lawless governments, by your saintly agencies.
if agencies/politicians and their ilk were as truthful/saintly as you seem to be thinking, there would be no need for human rights lawyers and groups such as amnesty etc. (who btw have to operate under lawless jurisdictions often), and there would be no acceptance of the house of lords sanctioning torture by using (almost always incorrect) information obtained from it.
we detract. let's return to the technical query.
I think you're living on a different planet.
I suggest your data is so sensitive and valuable to nasty people, you shouldn't store it on computer. You should: -

Learn an obscure Himilayan language.
Recite all the information onto a dictaphone, using your new found language skill
buy a safe and put it in,
find some remote woodland and bury it.

Otherwise, your information will be aquired by those agencies you think I own. If I wanted your information and I was one of those "saintly agencies", I'd hire a few guys to take you and your precious laptop somewhere unpleasant and apply life threatening coercion until you either supplied me with the access codes, or your information became instantly obselete. Then, I'd use the far superior technology my agencies have available to decrypt the data anyway.

What concerns me, is you claim to know what I'm thinking. If you can read minds, guess what I'm thinking about you right now?

I think you should stick with Windows, preferably Win 98. Excellent, stable, secure and you can play solitaire on it. What more do you need?

Good luck and watch out for the bogey man!
 
Old 03-07-2005, 07:14 PM   #28
KimVette
Senior Member
 
Registered: Dec 2004
Location: Lee, NH
Distribution: OpenSUSE, CentOS, RHEL
Posts: 1,794

Rep: Reputation: 46
Quote:
Originally posted by lawmaker
i agree, that's not fair.

is there a commercial/freeware third party add on(s), that would compete with my current security.

encrypting /home wouldn't compare at all with the specs i gave at the beginning.

1. temporary files could be seen possibly.
Easy fix: have your shutdown script clear /tmp

Quote:

2. settings could be seen elsewhere.
Pointless, if you have your data stored in one encrypted location. Who cares if someone sees that you use gnome rather than kwin, the One True Window Manager

Quote:

3. /home wouldn't be 1344 bit triple blowfish.
. . . which is not 100% secure (no algorithm is) but why wouldn't it be blowfish? You have the full source for the kernel and for filesystem modules, so there is no reason you couldn't have a bluefish, pgp, or even a simple xor algorithm run natively behind the scenes.

Quote:

4. entry wouldn't be 4 lines + fingerprint
Again, why wouldn't it be? You have the source, you can get the drivers for a fingerprint reader, and again, you're comparing (Windows + third party software + now biometric hardware) against (linux out of the box with no add-ons) - not a valid comparison. If you want to compare Windows out of the box to Linux, you're comparing an inherently insecure closed-source filesystem (I can take any given Windows HDD and put it in any WinXP box and mount it) against a system which is open-source, where you can modify the kernel to do whatever gives you satisfaction.

Quote:
5. the os existence would be revealed
Ditto with Windows.

Quote:
6. plausible deniability would not exist.
Ditto for Windows.

Quote:
7. swap file/virtual memory would reveal masses of info.
This again is EASY to solve. Have your shutdown script dd 0x00 0xff alternatively over the swap partition - or load the system up with enough RAM that you do not need swap. Or use an encrypted swap file (via filesystem plugin in oh, say, Resiser4) instead of a standard swap partition. Again, Linux takes the lead here.

Quote:
so many failings of that way.
Au contraire, it looks like you've touched on an EXCELLENT product and business opportunity.

Quote:
please please, there must be a linux solution to beat windows/drivecrypt on this issue of security.
Linux solutions for this are limited only by your resourcefulness.

Last edited by KimVette; 03-07-2005 at 07:17 PM.
 
Old 03-07-2005, 07:15 PM   #29
lawmaker
LQ Newbie
 
Registered: Mar 2005
Posts: 18

Original Poster
Rep: Reputation: 0
bios passwords are easily reset.

besides, the hd can simply be removed.

i think the suggestion for getting a project going ilke suggested is good for the future. i don't know how that is done, but it would be nice to get something like that one day.

In the meantime, it seems the linux approach is less user friendly, so will require just loads of reading, but i can still see some things that won't be covered; eg. os fully encrypted. etc.
 
Old 03-07-2005, 07:19 PM   #30
KimVette
Senior Member
 
Registered: Dec 2004
Location: Lee, NH
Distribution: OpenSUSE, CentOS, RHEL
Posts: 1,794

Rep: Reputation: 46
Quote:
Originally posted by lawmaker
(snip)

i can still see some things that won't be covered; eg. os fully encrypted. etc.
Again, this seems like a troll's post - re-read responses above. The very same can be said of Windows -- only more so.
 
  


Closed Thread


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Comparing security on Windows and Linux Ephracis Linux - Security 4 07-01-2005 10:17 PM
security: windows vs linux crispyleif Linux - Newbie 10 03-08-2005 03:14 AM
Any Linux Vs Windows 2000 Security resource? neelay1 Linux - Security 1 12-07-2004 02:44 PM
Linux security Vs Windows security keene General 50 11-01-2003 11:22 PM
Linux VS Windows Security demmylls Linux - General 7 10-17-2003 03:33 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 08:13 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration