Protecting my hard drive?

Discussion in 'Computer Security' started by Mama Bear, Sep 15, 2005.

  1. [snippity]

    Damn fine post Nemo. Add a couple links and a paragraph or three about
    which level of encryption is "right for you", and you have a great
    reference piece.
     
    Jeffrey F. Bloss, Sep 15, 2005
    #21
    1. Advertisements

  2. This is what I'm still not sure about, but from what I have read so far
    it does indeed seem this is on the level. I have tried getting selinux
    up and running to have a good look around at it myself but so far have
    not been successful. A quick search at google for Russell Coker who
    seems to be up in the front on selinux turns up many links but here's
    one to what he calls his play machines. You can login in as root!! Have
    not been successful at login myself maybe his machines are no longer
    available.

    http://www.coker.com.au/selinux/play.html


    It would seem many people are working on it and the NSA has up to date
    policy setups for most of the usual programs people might be running
    with others added regularly.
     
    Ray Vingnutte, Sep 15, 2005
    #22
    1. Advertisements

  3. Or ibackup, XDrive, BigVault... :)

    Great idea. Several others though so to. Not that it wouldn't be
    impossible to compete mind you.

    Personally, I have this built in aversion to storing my files on someone
    else's machine(s). Even if they are encrypted before they get there. Just
    rubs my fur the wrong way. My important backups go to CD, and then into
    the fire box. I have a safety deposit box too, and store some CD's there,
    like a home inventory for insurance purposes. Even that bothers me.
     
    Jeffrey F. Bloss, Sep 15, 2005
    #23
  4. So many failed and you get this notice, or no notice, that they are gone,
    going or dying....with your data.
     
    Ari Silversteinn, Sep 15, 2005
    #24
  5. Whole disk encryption would generally be the most transparent. Your
    machine asks for a pass phrase at boot time, and that's that. It's also
    the most resource intense because everything is being encrypted and
    decrypted on the fly.

    Container or partition type encryption can be nearly as transparent. You
    can configure the software that opens the container to run at startup,
    enter the pass phrase then, and have access to your data until you shut
    off the machine. But if the container gets closed (unmounted), you have to
    re-mount it manually. That's typically a few mouse clicks and and entering
    your pass phrase again. Container encryption is less resource intense
    because you're only working on the files in the container, not every file
    on the whole drive.

    File by file encryption is by far the least transparent, and least
    resource intense. You have to manually decrypt every file you want to
    access, then encrypt it again when you're done. But it takes almost no
    system resources beyond the storage space on your hard drive. You can do
    some fiddling around and "streamline" the process with batch files and/or
    scripts, but that's a lot of puttering around and if you're not familiar
    with such things it's a lot of pain for little gain.

    Maybe if you explained in a little more detail your circumstances,
    what you're trying to secure and from whom, and describe your machine and
    operating system a bit, someone can give you a specific suggestion.
     
    Jeffrey F. Bloss, Sep 15, 2005
    #25
  6. Mama Bear

    Mama Bear Guest

    But are they just in someone's office server somewhere? I was
    thinking they'd REALLY be secure if they could offer something
    that was actually setup inside the vault of a bank. Think of the
    image that gives people, instead of just a server somewhere.
    Good idea.
    Well yeah, but if I wasn't doing anything illegal, I wouldn't
    worry too much.
     
    Mama Bear, Sep 15, 2005
    #26
  7. Should have read this before I suggested you give a little more info, huh? :)

    It sounds to me like you have a lot of documents, maybe a bunch of saved
    emails, some pictures of your husband on New Years Eve with the
    lampshade... and the midget. <g> Maybe a big text file with all your login
    and password information, too. Stuff along those lines... right?

    I'd wager you're not all that concerned with someone seeing where in the
    Internet you surf, viewing the hundreds of pieces of junk mail you get
    every week, or knowing that your high Solitaire score is pathetic. <g>

    And your machine was ready for an upgrade before YOU got it... ;)

    Sounds like you're a prime candidate for some container encryption. In
    essence you set up what appears to you as another drive letter, and move
    everything you want secured to that drive. When it's closed, it's
    encrypted. When you mount it, it becomes visible. It's bit more work to
    set up, and not quite as transparent as whole disk, but it's nowhere near
    as cumbersome as file by file, and a lot less taxing on your precious CPU
    cycles.
     
    Jeffrey F. Bloss, Sep 15, 2005
    #27
  8. Mama Bear

    Mama Bear Guest

    It's just my home computer, nothing top secret or anything. But my
    whole computing life since around 1989 is on here and I wouldn't
    want anyone having access to it. Things like my Ebay & Paypal
    passwords and some others. My writings, which are personal. Nothing
    illegal or anything, or top secret.
     
    Mama Bear, Sep 15, 2005
    #28
  9. Mama Bear

    Mama Bear Guest

    No, the machine is ok, a AMD XP 1.4 GHz CPU running XP Home
    edition, with 512 Megs and a 40 gig HD. ( about 22 gig of data and
    15 free at present )

    I'm just not sure how these things work. For example, what if I
    encrypted the whole HD. Would it take a couple of days of the
    computer cranking away at it, to get it all done?
     
    Mama Bear, Sep 15, 2005
    #29
  10. http://sourceforge.net/projects/axcrypt

    Both are easy, full featured and solid.

    Oh, and freeware.
     
    Ari Silversteinn, Sep 15, 2005
    #30
  11. I'm going to disagree with Jeffrey. WDE can be tragic if something goes
    wrong, it requires practice and expertise, imo. Even though it might be a
    bit more cumbersome file-to-file encryption (or whole folder) would make
    better sense for you.
     
    Ari Silversteinn, Sep 15, 2005
    #31
  12. Mama Bear

    Notan Guest

    Have a look at http://ibackup.com/security_new.htm and, in particular,
    the paragraph titled, "How we protect your data."

    It's a far cry from some garage in Hoboken! <g>

    Notan
     
    Notan, Sep 15, 2005
    #32
  13. Mama Bear

    nemo_outis Guest


    The truly paranoid store their backups in a ziplock bag in a piece of PVC
    pipe (complete with a silica gel pack) with screw-plugs at each end. The
    PVC pipe is buried at night far in the woods on public land in a vertical
    hole dug with a post-hole digger, and the encrypted GPS coordinates are
    kept safely elsewhere.

    Same for money, gold, a pistol, and one's "other" passport. All in
    different spots, of course.

    But then again, some folks think I'm crazy. That is, the charitable ones
    hold such views - my enemies are harsher in their estimations of me :)

    Regards,
     
    nemo_outis, Sep 16, 2005
    #33
  14. Just took a quick look. It's locked down to the point of being useless
    IMO. The root account certainly can't be used for administration as
    it's configured.

    Regardless, it's a good demonstration of how SELinux can be taken to the
    extreme, let a user see what they're missing, but not touch. Doing it with
    the "root" account makes it feel impressive to users who are logging in,
    but after about 10 seconds you realize you're really just another "nobody".

    NOTE: I haven't spent a lot of time poking at SELinux beyond adjusting
    some policies for httpd in the nifty GUI, so I'm not the best source of
    information on the subject. ;)
     
    Jeffrey F. Bloss, Sep 16, 2005
    #34
  15. Mama Bear

    Mama Bear Guest

    Mama Bear, Sep 16, 2005
    #35
  16. Mama Bear

    Mama Bear Guest

    Mama Bear, Sep 16, 2005
    #36
  17. You mean you got it to work ;-) I think my problem with it was I
    thought it was just going to be a download and install with some
    configuring. I found for whatever reasons it wasn't that simple for me.

    Think I'll leave it till weekend when I can give it several hours
    attention non stop without interruption and see how it goes then.
     
    Ray Vingnutte, Sep 16, 2005
    #37
  18. No doubt. In fact I'd wager some of them are someone ELSE'S server,
    administered remotely. Wouldn't surprise me in the least.
    Cool idea. An obscure rack in some bunker at Los Alamos or something would
    be even more impressive. <g>

    That might be a good selling point. Maybe not a bank, but if you could
    build a hard building... hmmm... maybe an old missile silo. There's a few
    for sale here:

    http://www.missilebases.com/
    http://www.missilebases.com/properties/

    The mind boggles. ;)
     
    Jeffrey F. Bloss, Sep 16, 2005
    #38
  19. Mama Bear

    nemo_outis Guest


    Several of us made an attempt to give you some guidance, but it's hard for
    us to evaluate your exact needs, your capabiities, your perseverance and
    self-discipline, etc. At some point the whole discussion starts to take on
    the character of describing sex to a virgin: no amount of talk, however
    enlightening, can substitute for experience.

    So, lose your virginity. But practice the equivalent of safe sex. First
    make a backup of *everything* on your drive (using Ghost, Acronis,
    whatever). If you are not in the habit of doing such backups regularly
    then now is a wonderful time to acquire it, whether or not you eventually
    lose interest in encryption!

    Moreover, confirm the integrity of those backups and that they *can* be
    restored. Only then should you move on to using encryption. If you do
    this, any subsequent contretemps will be, at worst, an inconvenience and
    not a disaster.

    I'd recommend starting out with Truecrypt. Mess about with it for a while.
    Get comfortable. Even do a few experimental or stupid things and see how
    easy (or not!) it is to recover. Try both encrypted and plaintext backups.
    Put some stuff on an encrypted USB pendrive. Mix and match. Play and learn
    while playing.

    Then, a newbie no more, move on to full HD encryption.

    But keep making those backups!

    Regards,
     
    nemo_outis, Sep 16, 2005
    #39
  20. On Thu, 15 Sep 2005 17:19:58 -0500, Mama Bear wrote:

    [snip]
    I'd say you have more than enough horsepower to handle whole disk
    encryption with no real performance hit. Unless you're doing something
    that pushes the machine to the limit now like real time video editing or
    some of the latest whiz-bang games.

    And whole disk is more secure. With container encryption you risk some
    application writing pieces of your encrypted files to an unencrypted
    location of your drive. If the whole drive is locked down it's not a
    concern.
    I wouldn't think so. I'd guess hours tops, but it's been a long while
    since I messed with whole disk. Someone else can no doubt give you a
    better estimate.

    I'd say give it a go. There's freeware/GPL software out there that will
    handle the job just fine, so you're not out anything but your time. And
    whole disk meets your usability criteria better than anything else. If
    you're unhappy, most of them will allow you to roll back to your
    unencrypted state and you can try container encryption. Of course as Nemo
    pointed out, backups are ***VITAL***. Nothing is bullet proof, and a
    flicker of your power could render your entire drive unrecoverable. :(
     
    Jeffrey F. Bloss, Sep 16, 2005
    #40
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.