In my journey of learning a “bit or byte” in the GNU/Linux world, my focus has recently been on security in form of encryption of data – not malicious malware, adware, virus etc.
How do I maintain the highest level of security for my personal files if, God forbid, my laptop was stolen or an unwanted user got access to my computer? Most of the information I have found, is mostly security issues related to off-line data – how to encrypt your OS/harddrive, filesystem (i.e. folder), or a single file. How to prevent intruders from the outside world is off-topic.
Level 0: Not an issue
The first question one need to ask, is: why would I need an extra level of security? If you are the only user of a desktop computer at home, security may not even be an issue. Why would it be, right? Just image all the people using a no-security-measures-vista/xp-laptops out there. They don’t bother – should you?
Level 1: Permission settings
When you share your personal computer, things may be different. If you and maybe your “significant other” have access, security in form of OS/harddrive security may be overkill! If that other person has her own login, she would not have immediate access to your home-folder. Just make sure your permissions are set correctly to your home-folder.
$ cd /home $ chmod 700 <myfolder>
Level 2: Simple file encryption
If, for some reason, you share your computer and grant others with root-privileges, they have access to your files, and setting permission is no longer enough! When sharing with your spouse, or you are one of them “I don’t keep anything from my girlfriend/boyfriend”-type – security is still something you are only concerned about when paying bills online. Though, when making a list of potential Christmas-present, file-encryption could come in handy. You don’t want her to ruin the surprise!
Howto encrypt files: bcrypt – encrypt personal files.
This is also useful when you want to send sensitive information by email, or you use some kind of cloud file-sharing. Simply encrypt your file, and make sure the recipient has the password for decrypting the file.
Level 3: Folder encryption
If you share your computer with others, or you have files and folders you just wish to keep private, i.e. maybe you want to encrypt your home-folder to prevent anyone to see your files — then folder encryption or filesystem encryption would be the way to go.
Howto encrypt folders: encfs – encrypted folders/filesystems
When using folder encryption like encfs, the program maps the encrypted folder to a “human-readable”-folder. Any change, deletion, or new files/folders you create in your “human-readable”-folder, is mapped from the encrypted folder. Perhaps the main disadvantage here, is that the crypted folder is visible and has the same permissions as the decrypted, mapped folder. Thus people with access may still do harm.
Level 4: Virtual encrypted filesystem
There is also the option of creating a virtual encrypted filesystem. I would recommend TrueCrypt for this. The main advantage here, is that your entire filesystem (i.e. folder) is mounted as any other drive/device, but actually is located within one pre-allocated encrypted file. You may thus send, transport, copy, move, do whatever you want with this file. Wherever and whenever you mount it, your filesystem/folder magically appears at the mount point.
Several people have written excellent posts and howto’s about Truecrypt – a simple google reveals this. I personally started using it with Dropbox – see that post here.
Level 5: OS/Harddrive encryption
At the moment, I don’t see the need for this. However, I am going to try it out! My goal is to use an USB-stick, with a fully encrypted bootable OS, using Dropbox to store my personal files – encrypted of course. This will have to be a follow-up post as I suspect I will use some time on this.
That’s it for personal security.