Linux Workshop: General Linux Propaganda and Security Tips
March 26, 2008
Linux Propaganda
Links for Further Reading
Books
Security Tips
As researchers, sometimes we have access to very sensitive data. There are some rules of thumb we can follow to protect others and ourselves.
- Don't keep sensitive data on laptops, especially if it's unencrypted. (ahem)
- Avoid sending sensitive data over e-mail; use Data Hippo or some other means instead.
- Encrypt sensitive data when possible to avoid accidental exposure at the very least.
Encryption
Encrypting your data will greatly decrease the probability that someone will wrongfully use it. There are pros and cons to encryption, however. Encryption can slow down data access a bit, as everything must be decrypted or encrypted. Also, if you forget your password, you can lose your data.
There are many ways to do encryption in Linux. One of the ways is to use a program called
encfs
.
encfs
works by transparently encrypting any files that are in an encrypted directory. There are some preparatory steps you need to take before first using
encfs
, however:
- Install the
encfs
and fuse-utils
packages via Adept Manager.
- Add yourself to the fuse user group by running this command from your terminal:
sudo adduser <your vunetid> fuse
. Alternatively you can add yourself to the fuse group using KDE's user management tool (KMenu » System Settings » User Management). 1 You will need to logout and back in at this point for this change to take affect.
- Create a directory to house your encrypted files (i.e. ~/.encrypted).
- Create a directory that will serve as a mount point for the encrypted directory (i.e. ~/data).
- Run
encfs ~/.encrypted ~/data
to create and mount the encrypted folder.
After following these steps, you now have a folder that will transparently encrypt all files that you put in the
~/data directory.
Footnotes
- You must be in the
fuse
group in order to mount a filesystem without root privileges. Essentially this is how encfs
works, by mounting an encrypted filesystem.