Recently in Encrypted hard disks Category

Laptop encryption — the ideal and the real

By Steven Rosenberg on July 29, 2009 1:30 PM | | Comments (4) |

Laptop_Security.jpgI was listening to the Ubuntu UK podcast yesterday, and they were talking about how to do encryption, either full or partial, to protect the data on your computer from being stolen and used against you should the machine itself be lost or stolen.

While this does happen with desktops (there was a huge desktop theft at an office building here a number of months back, with lots of customer data now in jeopardy), I'm mostly talking about laptops, which we're in the habit of carrying everywhere. And whether out in the wild or at home, a laptop is still more attractive to your average thief because of its portability, value and easier salability.

First there are backups. You absolutely need backups of everything. Aside from loss and theft, there's hardware failure, software failure and the dreaded "operator error." You need backups. My main laptop didn't boot the other day, and while I had a backup, it was a week or so old. Once I calmed down, waited a few minutes and tried again, it did boot. I made new backups right away.

So if you lose that data, there should be a copy (preferably two).

But what about others seeing that data? You could have tons of e-mail, both personal and professional — and with who knows what in there. Then there are all of those browser cookies that help you log in to your various online accounts. Those could really sink you if your machine got into the wrong hands.

Creating encrypted folders is one way to deal with sensitive files. It's easy to do in Windows. I'm not sure how to do it in Mac OS X, and there are packages available in many Linux distributions to create encrypted folders and/or documents.

But ... is encrypting my entire folder of Thunderbird e-mail but not the rest of the directory an option? I don't think the Thunderbird app would be able to deal with it.

I still think the way to go is either encrypted partitions (at least /home /tmp and /swap in Linux) or a fully encrypted hard drive. I've written about encryption solutions before (and I should re-run that column here; I will if/when I find it).

And now I've been testing Debian Lenny with full LVM encryption (LVM = logical volume management, a more modern — and less-understandable — way of partitioning hard drives for Linux).

On the Ubuntu UK show, they talked about the performance hit that results from encrypted filesystems. It could be as high as 20 percent but is not as much of a factor in traditional desktop use as compared to situations where there is a lot more disk I/O, such as a server, or during times of disk-intensive activity (huge file transfers, backups, etc.).

And since Debian out of the box tends to run a bit faster than Ubuntu, I haven't really noticed any degradation in performance.

But ... for some reason NetworkManager isn't asking me for the root password and subsequently not making any changes to the network settings when I run it, so I'm not ready to replace Ubuntu 8.04 with Debian Lenny. ...

Thanks to Dustin Kirkland, I know that in Ubuntu 9.04 (Jaunty), it's possible to create an encrypted /home directory with either the live or alternate CDs. What I like about this approach is that the whole installation isn't encrypted. The OS itself doesn't need to be encrypted. Dustin does recommend encrypting /swap, and he provides instructions at the link above.

Fedora does allow use of encryption. It's flexible, and the documentation is great. And Fedora has an install DVD (which my laptops like).

OpenBSD does support encrypted partitions via vnconfig, but setting it up is a bit above my head.

I had planned to transfer all of my data from Ubuntu to Debian, but the non-working NetworkManager kind of stalled that. If I could somehow come to terms with the Intel Xorg issues in Ubuntu 9.04, I could probably save my Synaptic configuration (gotta figure that one out), back up everything and then reinstall with encrypted /home.

Clearest explanations on encrypted /home in Ubuntu: Migrating to an encrypted home directory
and Jaunty encrypted home directories by Dustin Kirkland,
or, better yet, all of his blog posts on this topic.

What about Hardy? How to Forge: Encrypt The System Manually Upon Installation (Ubuntu 8.04) (using the alternate CD).

Performance penalty not so big? Michael Larabel of Phoronix reports that encryption results in only a 1 percent performance hit in most (but not all) cases.

Smart government: The state of Connecticut encrypts its laptops, and the governor is all over it.

P.S. Dustin Kirkland — the same one mentioned above — is a developer with the Ubuntu Server team and was interviewed on the Ubuntu UK Podcast. See his blog.

Final words: Easy-to-configure options for encryption should be offered at install with all operating systems, including Linux-, BSD- Apple- and even Windows-based OSes.

Addendum to final words: Backups should also be easier to create and maintain.

Nice blog with curious title: I' Been to Ubuntu

By Steven Rosenberg on April 27, 2009 1:41 PM | | Comments (2) |

i_been_to_ubuntu.jpg

While Googling for information on encrypting filesystems for something I'm working on, I came across many a good Ubuntu blog — yep, there's lots out there for the Ubuntu user who wants to figure things out, and that makes the Canonical-sponsored rendition of Linux even more attractive to people whose geek skills are less than complete (and yes, I count myself in that number).

One blog that looked really good, despite an awful name, is I' Been to Ubuntu, which has many, many good articles and appears to be updated quite often. The blog is subtitled, "Videos and articles helping you understand Debian and its derivatives," and I always appreciate a site that gives Debian its due (and I continue to believe that it's not really any harder to run Debian than Ubuntu, and if Debian treats your hardware well, then it's a no-brainer; unfortunately my hardware hasn't been so well-treated in the Lenny era.)

Set up an encrypted Debian system

By Steven Rosenberg on June 21, 2008 5:00 AM | | Comments (0) |

I've done some experimenting with encrypted filesystems in Debian, which are easy to do with the Debian installer — and which are just as easy to do in Ubuntu if you use the alternate installer.

Like I said, it's easy to do and to manage, unless you want to have a bunch of partitions under a single passphrase. This blog post helps you figure it out.

While full encryption is something you might want to use on a home desktop, although I wouldn't, it's almost mandatory for a laptop. If the thing gets stolen, whoever gets that drive has access to everything on it. And you really don't want that happening, do you?

Right now, neither of my two Linux laptops are encrypted, since I use them for testing and need to see one system's hard-drive partitions from the other, but in the near future, if I decided to single-boot either or both of these, you can bet I'll be encrypting the hard drive.

« Conficker worm | Main Index | Archives | Norton »

Tech Talk column

Steven Rosenberg's weekly Tech Talk column, which appeared Saturdays in the Los Angeles Daily News through about October 2009, is available on the Daily News Technology page.

About this blog





Steven Rosenberg aims to learn what he does not know. He writes about it here.


About this Archive

This page is a archive of recent entries in the Encrypted hard disks category.

Conficker worm is the previous category.

Norton is the next category.

Find recent content on the main index or look in the archives to find all content.

Recent Comments

Steven Rosenberg on Running OpenBSD in a live environment with MarBSD-X : Jggimi has images for OpenBSD 5.0: http://jggimi.homeip.net/ ...

Monstra on CMS and blog software without databases: Monstra CMS is the best flatfile CMS ever! (!) Easy to install, upgr ...

Chris on Running OpenBSD in a live environment with MarBSD-X : Jggimi isn't developing his images anymore. If you want an updated Ope ...

Peter Ljung on Review: DragonFlyBSD 3.0.1 -- the longest DragonFlyBSD review ever -- Part 5: Comparison to OpenBSD 5.0 and closing comments: I have also been fascinated by the Hammer file system and think it wou ...

Anonymous on Review: DragonFlyBSD 3.0.1 -- the longest DragonFlyBSD review ever -- Part 2: My BSDistory: Can you just get to the actual review? ...

Bill Callahan on SugarSync is working on a Linux client, but I'm not unhappy at all with Dropbox: I've been very happy with SpiderOak. It has a native Linux client as w ...

AJ on Debian Stable -- set it and forget it -- spoils me for fresh Linux Mint 12 on some very nice ZaReason hardware: Gnome 2 is still standard in the upcoming SolusOS (Currently at RC 2). ...

Niki Kovacs on Debian Stable -- set it and forget it -- spoils me for fresh Linux Mint 12 on some very nice ZaReason hardware: Since I've moved to Debian stable - with a few tweaks - I've not only ...

Earl on Debian Stable -- set it and forget it -- spoils me for fresh Linux Mint 12 on some very nice ZaReason hardware: I use Mint 12 and LMDE based on Debian testing. Both are plagued by G ...

Alan Rochester on Debian Stable -- set it and forget it -- spoils me for fresh Linux Mint 12 on some very nice ZaReason hardware: "mint does have a separate xfce edition afaik.." The Debian version o ...

Powered by Movable Type 4.25

Search this blog

Loading

LXer

Links

Life, the Universe and Debian
Simplify
Daily News technology
LXer
Distrowatch
Linus' Blog
David Pogue
BoingBoing
Linux Today
TuxRadar
Linux.com
Linux Planet
The Open Road
Linux Outlaws podcast
Dan Lynch
Fabian Scherschel
The VAR Guy
Larry the Free Software Guy
Chess Griffin
Linux Reality podcast
Desktop Linux
Practical Technology
Linux Devices
ZDNet
ZDNet's Storage Bits
ZDNet U.K.
iTWire
CNet News
Webware
Beyond Binary
TechCrunch
The Register
Ars Technica
Reg Developer
Computerworld
Computerworld blogs
Steven J. Vaughan-Nichols at Computerworld
Debian
Planet Debian
Debian Forums
Debian News
debianHELP
debiantutorials.org
The Debian User
Wolfgang Lonien
Debian-News.net
Debian Administration
Debian Admin
Debian Weather
Aaron Toponce
Ubuntu
Xubuntu
Kubuntu
Edubuntu
Planet Ubuntu
Ubuntu Forums
Ubuntu Geek
Works With U
OMG! Ubuntu!
I' Been to Ubuntu
Tanner Helland
Dustin Kirkland
Ubuntu UK Podcast
Ubuntu Linux Help
Popey
Linux Mint
CrunchBang Linux
OpenBSD
OpenBSD Journal
OpenBSD Ports
OpenBSD 101
Planet.OpenBSD.nu
jggimi's OpenBSD live CD
DaemonForums
BSDanywhere
Marc Balmer
Denny's OpenBSD blog
Polarwave's OpenBSD Tips and Tricks
Binary Updates for OpenBSD
Puppy Linux
Damn Small Linux
Tiny Core Linux
Lucky 13's Linux blog (lots of Tiny Core)
Lucky 13's BSD blog
PCLinuxOS
Mandriva
Red Hat
Red Hat News
Red Hat Blogs
Red Hat: Truth Happens
Red Hat Magazine
CentOS
Planet CentOS
Fedora
Planet Fedora
Fedora Forums
Fedora Docs
Join Fedora
Paul Frields
Slackware
Slackbuilds
Robby's Slackware Packages
Slackblogs
dropline GNOME for Slackware
GNOME Slackbuild
GWARE - GNOME for Slackware
Wolvix
Zenwalk Linux
Vector Linux
Slax
Splack Linux — Slackware for Sparc
Nonux
How to Forge
marc.info BSD and Linux mailing list archive
FreeBSD
FreeBSD, the Unknown Giant
A Year in the Life of a BSD Guru
NetBSD
hubertf's NetBSD Blog
PC-BSD
Daemon Forums
FreeBSD Forums
Planet FreeBSD
Evilcoder.org
miwi's Privat Blog
DragonFlyBSD
DragonFlyBSD Digest
DesktopBSD
BSD Talk podcast
BSD Magazine
Rhyous
OpenSolaris
MilaX
BeleniX
DeLi Linux
Linux Loop
Electronista
The Tech Report
Engadget
Gizmodo
Phoronix
xkcd – A webcomic of romance, sarcasm, math and language
Nixie Pixel
Technology for Mortals
Thoughts on Technology
ZaReason
System 76
Tiger Direct
NewEgg
DealExtreme

Advertisement

Other blogs

Laptop encryption — the ideal and the real in CLICK