The paranoid #! Security Guide

sorcerer's_apprentice · 2013-02-10 19:30:22

$ sudo apt-get install ecryptfs-utils cryptsetup

Last edited by chillicampari (2014-01-07 06:25:09)

VastOne · 2013-02-10 19:34:39

An AMAZING contribution sorcerer's_apprentice, well done...

When anyone asks anything security, I will make sure to point them to this incredible post

Thank you!

sorcerer's_apprentice · 2013-02-10 19:38:54

junkie · 2013-02-10 20:28:50

Very nice, thanks for the time put in to it.

sorcerer's_apprentice · 2013-02-10 20:42:35

Last edited by sorcerer's_apprentice (2013-02-10 20:45:35)

saneks · 2013-02-10 21:58:06

woah, great compilation! thanks!

vlax · 2013-02-10 22:34:45

sorcerer's_apprentice · 2013-02-10 23:24:40

Last edited by sorcerer's_apprentice (2013-02-11 01:12:24)

sorcerer's_apprentice · 2013-02-11 00:25:36

Update:

I made several additions to the guide. I won't be starting a changelog here. So you have to consult your memory to identify what you haven't read before... wink

vlax · 2013-02-11 00:59:23

MrPink · 2013-02-12 13:19:33

Very interesting post. Would it make sense to do the /boot on a usb-stick trick with a system that dual boots an encrypted Windows 7 partition and an encrypted lvm with debian, or is such a system already too vulnerable?

sorcerer's_apprentice · 2013-02-12 14:32:56

Last edited by sorcerer's_apprentice (2013-02-12 14:33:40)

MrPink · 2013-02-12 14:41:56

Windows 7 has BitLocker, an encryption feature, but just like linux it needs an unencrypted /boot.
It was just me thinking out loud, and I don't need an encrypted Win7 (it's just for gaming).

Let me re-formulate the question: As I understand the /boot on a stick trick, the whole point is to avoid unencrypted data on the hdd. If so, would it defeat the purpose to do this on a system that dual boots with Windows (encrypted or not), since there is then bound to be unencrypted data on the disk?

sorcerer's_apprentice · 2013-02-12 14:59:35

Last edited by sorcerer's_apprentice (2013-02-12 15:02:53)

gutterslob · 2013-02-12 16:58:02

Intrawebz security isn't something I'm great at, so this guide is most welcome. Marvelous stuff. Thanks for putting in the time.
Some stuff I've not heard of (tiger, evercookie, Netsukuku), so it should make some good reading, at the very least.

This thread needs a sticky, me thinks.

Still, I'd recommend against any application that requires Java, unless absolutely necessary, even if it's OpenJDK. Relying on Java to secure something is kind of like relying on a rusty machete to protect yourself from gun wielding militants, imho. The machete will give you tetanus way before the bullets even hit you.

Last edited by gutterslob (2013-02-12 17:01:17)

sorcerer's_apprentice · 2013-02-12 17:13:50

sorcerer's_apprentice · 2013-02-12 17:28:51

Last edited by sorcerer's_apprentice (2013-02-12 19:15:41)

el_koraco · 2013-02-12 17:43:42

Nice work man, you covered pretty much everything.

sorcerer's_apprentice · 2013-02-12 17:50:41

DigitalJedi · 2013-02-14 01:08:24

Very nice guide!
I liked specially the encription part, and the link you posted to the video was awesome.
Bookmarked, saved and shared.
Thanks a lot! cool

vlax · 2013-02-14 05:20:36

sorcerer's_apprentice · 2013-02-14 11:34:33

Last edited by sorcerer's_apprentice (2013-02-14 11:36:16)

Bradi · 2013-02-14 12:26:09

This is great, I've read it all twice already and I'm learning a lot from this, thanks sorcerer's_apprentice!

One suggestion though, as you keep adding new stuff to the guide, things might get a little chaotic. Some formatting such as clearly visible headlines and a table of contents would make it easier on the eyes. Forums don't seem to handle posts of this length very well (unless you split it into several posts and link to them from the first one). But there is a CB wiki, how about that?

sorcerer's_apprentice · 2013-02-14 13:15:03

Last edited by sorcerer's_apprentice (2013-02-14 13:16:28)

bpsk31 · 2013-02-14 20:02:03

What an excellent guide sorcerer's_apprentice. I have implemented a number of the suggestions.

I thought I would mention eCryptfs, I'm not keen on encrypting my whole drive (yes I appreciate that can leave some security holes) and eCryptfs can be implemented after installion on the home directory. There are a few guides around to do this.

Just got one question, one of firefox's prefs has got me beat, I've searched high and low but I cannot find an answer, can anyone enlighten me please?

dom.battery.enabled what is this for?

CrunchBang Linux

SEARCH

#1 2013-02-10 19:30:22

The paranoid #! Security Guide

#2 2013-02-10 19:34:39

Re: The paranoid #! Security Guide

#3 2013-02-10 19:38:54

Re: The paranoid #! Security Guide

#4 2013-02-10 20:28:50

Re: The paranoid #! Security Guide

#5 2013-02-10 20:42:35

Re: The paranoid #! Security Guide

#6 2013-02-10 21:58:06

Re: The paranoid #! Security Guide

#7 2013-02-10 22:34:45

Re: The paranoid #! Security Guide

#8 2013-02-10 23:24:40

Re: The paranoid #! Security Guide

#9 2013-02-11 00:25:36

Re: The paranoid #! Security Guide

#10 2013-02-11 00:59:23

Re: The paranoid #! Security Guide

#11 2013-02-12 13:19:33

Re: The paranoid #! Security Guide

#12 2013-02-12 14:32:56

Re: The paranoid #! Security Guide

#13 2013-02-12 14:41:56

Re: The paranoid #! Security Guide

#14 2013-02-12 14:59:35

Re: The paranoid #! Security Guide

#15 2013-02-12 16:58:02

Re: The paranoid #! Security Guide

#16 2013-02-12 17:13:50

Re: The paranoid #! Security Guide

#17 2013-02-12 17:28:51

Re: The paranoid #! Security Guide

#18 2013-02-12 17:43:42

Re: The paranoid #! Security Guide

#19 2013-02-12 17:50:41

Re: The paranoid #! Security Guide

#20 2013-02-14 01:08:24

Re: The paranoid #! Security Guide

#21 2013-02-14 05:20:36

Re: The paranoid #! Security Guide

#22 2013-02-14 11:34:33

Re: The paranoid #! Security Guide

#23 2013-02-14 12:26:09

Re: The paranoid #! Security Guide

#24 2013-02-14 13:15:03

Re: The paranoid #! Security Guide

#25 2013-02-14 20:02:03

Re: The paranoid #! Security Guide

Board footer