Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
We all know that is a much better OS in the Security aspect than windows..well i have some thought about the security in linux..
we all know that we could alter the root password of linux on the grub boot level.,.. so what is the security i can bind to my laptop...wat if i lost it or theft..how can i protect the data....archiving the whole data with password is a not practical approach...i have done to access another linux box using my knoppix once..so is there any ultimate to vault ur linux box from unauthorised access...
Unfortunately if somebody gets physical access to a machine, there's any number of ways to bypass the software level security you might have use. At the lowest level, somebody can use a disk dump utility and take away all your data.
Of course, to have some level of restriction, you could use a BIOS password, even that is not 100% safe. Encrypted file system for your sensitive data could also help.
Last edited by vharishankar; 07-07-2009 at 04:28 AM.
Full disk encryption, preferably with multi-factor authentication is the only way to do for defense against physical access. Truecrypt provides full disk encryption, but unfortunately can't utilise the TPM (yet), so is limited to single-factor authentication... i.e. password. You could always use a device like a Yubikey in static-password mode to enter a cryptographically strong password (long & random).
I'm inclined to believe that disk encryption (even w/ just single-factor authentication) is sufficient to discourage all but the most persistent of laptop thieves. i.e. If the FBI is trying to get access to your laptop data, they're going to get it. If some kid does a smash and grab on your vehicle, he'll give up and install Windows.
If the FBI is trying to get access to your laptop data, they're going to get it. If some kid does a smash and grab on your vehicle, he'll give up and install Windows.
Absolutely, on both counts. All the FBI (or any law enforcement agency) need to do is threaten you with a 'willful impediment' charge and you'll be forced to give up whatever keys you have.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.