LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 01-31-2010, 10:52 PM   #1
jmoschetti45
Member
 
Registered: Oct 2004
Location: Michigan
Distribution: Debian Squeeze (2.6.32-5)
Posts: 136
Blog Entries: 1

Rep: Reputation: 17
Red face USB HDD with Loop-AES/LUKS


I've been experimenting with Loop-AES and LUKS for a few weeks now.

For test purposes, I setup a RAID-1 array. The array is encrypted with LUKS, and then a Loop-AES system sits on top of that.

Basically, I have a mount script I wrote that asks for both passwords then mounts the volume in /mnt where I can access it like a regular drive.

My goal: To do this with the external USB HDD, and keep the LUKS and Loop-AES keys on a CD in my SCSI CD drive, so it automatically mounts on boot. The contents of the drive is needed by apache, so it has to automatically mount during boot somehow.

I figure I can achieve the auto mount part by writing up an init script to mount it with the key files off the CD.

I know it's probably pointless to use both LUKS and Loop-AES for this, but if at all possible, I'd like to. I don't see why it wont work, it works with the internal RAID-1 array.

Nothing on the drive is actually of any security concern, it's simply the fact that too many people are probably crazy enough to come through the window to get it, so I want to make double sure if that does happen they have a useless drive. It hosts my media library, which I can VPN into from my phone. Auth over SSL over VPN tunnel. I'm always a bit paranoid...

So far, the pros & cons list:
+ Stealing the drive leaves the thief with nothing
+ Makes it less tempting to steak knowing its useless
+ If someone tries to copy the data off it while its connected, unmount/kill power.
+ CD can be removed and securely stored after boot.
- CD has to be in for boot
- Slower than just reading/writing to the drive
- More CPU load

Anyone care to chip in with comments/advice?
 
Old 01-31-2010, 11:02 PM   #2
Web31337
Member
 
Registered: Sep 2009
Location: Russia
Distribution: Gentoo, LFS
Posts: 399
Blog Entries: 71

Rep: Reputation: 65
Well, just in other case(if you stored there something else than stolen music/videos/whatever you have there now).
CD can be stolen(or "kindly" asked to be given).
Quote:
+ If someone tries to copy the data off it while its connected, unmount/kill power.
I suppose you also written a script knowing when someone COPIES not QUERIES the contents of a drive. Please, share it then! =) I was looking for this one for a long time.
Apache has access? Anyone has access then. Encryption is usually meant for something that is for eye-reading only, some passwords, confidential documents, etc that is transferred by-hand and irregularly.
Also this is all partially remains in RAM/swap: how is that safe? It's safe when your entire system works in encrypted environment. Or it is said it's safe because safe is when the power cord disconnected
Don't abuse your CPU/RAM/hw resources for nothing and forum members time, unless you have a reason. Storing pirated music is not really a reason to post in Security.
 
Old 01-31-2010, 11:17 PM   #3
jmoschetti45
Member
 
Registered: Oct 2004
Location: Michigan
Distribution: Debian Squeeze (2.6.32-5)
Posts: 136
Blog Entries: 1

Original Poster
Rep: Reputation: 17
Local security consists of an encrypted system as is, and apache is only accessible via localhost or VPN. Everything is firewalled, VPN restricted to certain IPs. Outside security is fairly strong.

Only issues are physical entry in which case a power cut solves all the problems, plus I don't ever leave the box logged in when I'm not around it. CD will be stored somewhere where it won't easily be found, and I won't fork it over easily if it comes down to that.

My media collection is rather large, and unfortunately too many people have seen me pull it up on my phone/laptop and know I have it stored at home.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Loop-aes vs DM-crypt Frogular Linux - Security 3 12-26-2007 03:13 PM
Loop-AES questions Zmyrgel Linux - Security 8 10-04-2006 11:44 AM
Need help with loop-aes encryption. yanik Linux - Software 0 04-20-2006 07:59 AM
loop aes digi691 Linux - Security 6 05-27-2005 09:11 PM
loop-aes movery Linux - Security 0 01-14-2005 08:29 AM


All times are GMT -5. The time now is 12:42 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration