Linux Workshop: General Linux Information and Security Tips
March 26, 2008
Linux Information
Links for Further Reading
Books
Security Tips
As researchers, sometimes we have access to very sensitive data. There are some rules of thumb we can follow to protect others and ourselves.
- Don't keep sensitive data on laptops, especially if it's unencrypted (ahem).
- Avoid sending sensitive data over e-mail; use Data Hippo or some other means instead.
- Use strong passwords to guard sensitive information; change your passwords every so often.
- Encrypt sensitive data when possible to avoid accidental exposure at the very least.
Encryption
Encrypting your data will greatly decrease the probability that someone will wrongfully use it. There are pros and cons to encryption, however. Encryption can slow down data access a bit, as everything must be decrypted or encrypted. Also, if you forget your password, you
will lose your data.
There are many ways to do encryption in Linux. One of the ways is to use a program called
encfs
.
encfs
works by transparently encrypting any files that are in an encrypted directory. There are some preparatory steps you need to take before first using
encfs
, however:
- Install the
encfs
and fuse-utils
packages via Adept Manager.
- Add yourself to the fuse user group by running this command from your terminal:
sudo adduser <your vunetid> fuse
. Alternatively you can add yourself to the fuse group using KDE's user management tool (KMenu » System Settings » User Management)1. You will need to reboot at this point for this change to take affect2.
- Create a directory to house your encrypted files (i.e. ~/.encrypted).
- Create a directory that will serve as a mount point for the encrypted directory (i.e. ~/data).
- Run
encfs ~/.encrypted ~/data
to create and mount the encrypted folder.
After following these steps, you now have a folder that will transparently encrypt all files that you put in the
~/data directory.
Please contact a member of the IT team if you need assistance in setting up an encrypted folder.
Footnotes
- You must be in the
fuse
group in order to mount a filesystem without root privileges. Essentially this is how encfs
works, by mounting an encrypted filesystem.
- Technically you only need to restart
kdm
. To do this, logout, and then hit CTRL+ALT+BACKSPACE when you see the login screen.
Password Management
Debian/Ubuntu package
fpm
is a "secure password manager".
Figaro's Password Manager.
KeePass is a cross-platform password manager. The MacOsX/Linux client is called
KeePassX and can be installed on Debian/Ubuntu by the package
keepassx
.