Linux Workshop: General Linux Information and Security Tips

March 26, 2008

Linux Information

Links for Further Reading

Books

Security Tips

As researchers, sometimes we have access to very sensitive data. There are some rules of thumb we can follow to protect others and ourselves.

  1. Don't keep sensitive data on laptops, especially if it's unencrypted (ahem).
  2. Avoid sending sensitive data over e-mail; use Data Hippo or some other means instead.
  3. Use strong passwords to guard sensitive information; change your passwords every so often.
  4. Encrypt sensitive data when possible to avoid accidental exposure at the very least.

Encryption

Encrypting your data will greatly decrease the probability that someone will wrongfully use it. There are pros and cons to encryption, however. Encryption can slow down data access a bit, as everything must be decrypted or encrypted. Also, if you forget your password, you will lose your data.

There are many ways to do encryption in Linux. One of the ways is to use a program called encfs. encfs works by transparently encrypting any files that are in an encrypted directory. There are some preparatory steps you need to take before first using encfs, however:

  1. Install the encfs and fuse-utils packages via Adept Manager.
  2. Add yourself to the fuse user group by running this command from your terminal: sudo adduser <your vunetid> fuse. Alternatively you can add yourself to the fuse group using KDE's user management tool (KMenu » System Settings » User Management)1. You will need to reboot at this point for this change to take affect2.
  3. Create a directory to house your encrypted files (i.e. ~/.encrypted).
  4. Create a directory that will serve as a mount point for the encrypted directory (i.e. ~/data).
  5. Run encfs ~/.encrypted ~/data to create and mount the encrypted folder.

After following these steps, you now have a folder that will transparently encrypt all files that you put in the ~/data directory.

Please contact a member of the IT team if you need assistance in setting up an encrypted folder.

Footnotes

  1. You must be in the fuse group in order to mount a filesystem without root privileges. Essentially this is how encfs works, by mounting an encrypted filesystem.
  2. Technically you only need to restart kdm. To do this, logout, and then hit CTRL+ALT+BACKSPACE when you see the login screen.

Password Management

Debian/Ubuntu package fpm is a "secure password manager". Figaro's Password Manager.

KeePass is a cross-platform password manager. The MacOsX/Linux client is called KeePassX and can be installed on Debian/Ubuntu by the package keepassx.
Topic revision: r7 - 26 Mar 2008, WillGray
 

This site is powered by FoswikiCopyright © 2013-2022 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding Vanderbilt Biostatistics Wiki? Send feedback