F5F Stay Refreshed Software Operating Systems discussing ubuntu disk encryption

discussing ubuntu disk encryption

discussing ubuntu disk encryption

S
SFcoralsnake
Member
Find
219
10-07-2023, 11:39 PM
#1
Yes, enabling encryption for your disk and home folder helps protect your data. It ensures that even if someone steals your laptop, the information inside remains secure.
Reply
Reply
S
SFcoralsnake
10-07-2023, 11:39 PM #1

Yes, enabling encryption for your disk and home folder helps protect your data. It ensures that even if someone steals your laptop, the information inside remains secure.

Reply
Reply
X
XxGrenidierXx
Posting Freak
Find
813
10-16-2023, 12:45 PM
#2
It prevents simple connections to a running drive from revealing your files. There are still many methods they might use to obtain your information, such as trying to guess your password.
Reply
Reply
X
XxGrenidierXx
10-16-2023, 12:45 PM #2

It prevents simple connections to a running drive from revealing your files. There are still many methods they might use to obtain your information, such as trying to guess your password.

Reply
Reply
M
MicMineHD
Member
Find
206
10-16-2023, 11:55 PM
#3
As secure as U.S. government export controls permit. If someone takes your laptop, they can easily break it. If a drug addict steals it, they probably won’t care about the contents and won’t try to decrypt your files.
Reply
Reply
M
MicMineHD
10-16-2023, 11:55 PM #3

As secure as U.S. government export controls permit. If someone takes your laptop, they can easily break it. If a drug addict steals it, they probably won’t care about the contents and won’t try to decrypt your files.

Reply
Reply
V
Variiox
Member
Find
180
10-19-2023, 09:29 AM
#4
Sure! Thanks!
Reply
Reply
V
Variiox
10-19-2023, 09:29 AM #4

Sure! Thanks!

Reply
Reply
R
radpool97
Member
Find
78
10-24-2023, 12:02 AM
#5
If you have any backups or use cloud services, they can probably get those. Here's a interesting tidbit, when someone steals a laptop to get stuff off of it, they won't shut it down. It'll still be powered on and will have the keys in ram, preventing syphoning of those is important as well. The contents of the ram and keys can be grabbed while the ram is powered on and rest of the machine is asleep, I'm not sure if Ubuntu by default locks your volumes before sleeping - if not ... you need a couple of things.... Automatic updates - set to download but not install. If your machine is older and still has FireWire, disable it, if you have thunderbolt and no vt-d either on chipset or cpu, look into disabling thunderbolt and using it as a displayport only. If you have vt-d look into securing thunderbolt using it. There's also some USB guard software that Ubuntu doesn't have by default, normally USB drivers load and the device and driver are trusted by the machine. Since the machine wakes up from sleep, and it's running and has a network port probably, you need a firewall. Make sure you have a firewall setup to drop all incoming packets except ones belonging to previously established outgoing connections, and ones related to servers you intentionally want to run. Drop all outgoing packets unless the source port is one of those ephemeral source port ones, or if they're related to connections to existing servers. Drop traffic on 'lo', unless it's for a server you intend to run. That will make it harder to chain exploits, by not allowing an exploited app to bypass the firewall. Commonly I see people just accepting any traffic on lo - makes me sad... if you're a dev and need to test with localhost, just make a veth and put it in a namespace, don't use the public host networking stack.
Reply
Reply
R
radpool97
10-24-2023, 12:02 AM #5

If you have any backups or use cloud services, they can probably get those. Here's a interesting tidbit, when someone steals a laptop to get stuff off of it, they won't shut it down. It'll still be powered on and will have the keys in ram, preventing syphoning of those is important as well. The contents of the ram and keys can be grabbed while the ram is powered on and rest of the machine is asleep, I'm not sure if Ubuntu by default locks your volumes before sleeping - if not ... you need a couple of things.... Automatic updates - set to download but not install. If your machine is older and still has FireWire, disable it, if you have thunderbolt and no vt-d either on chipset or cpu, look into disabling thunderbolt and using it as a displayport only. If you have vt-d look into securing thunderbolt using it. There's also some USB guard software that Ubuntu doesn't have by default, normally USB drivers load and the device and driver are trusted by the machine. Since the machine wakes up from sleep, and it's running and has a network port probably, you need a firewall. Make sure you have a firewall setup to drop all incoming packets except ones belonging to previously established outgoing connections, and ones related to servers you intentionally want to run. Drop all outgoing packets unless the source port is one of those ephemeral source port ones, or if they're related to connections to existing servers. Drop traffic on 'lo', unless it's for a server you intend to run. That will make it harder to chain exploits, by not allowing an exploited app to bypass the firewall. Commonly I see people just accepting any traffic on lo - makes me sad... if you're a dev and need to test with localhost, just make a veth and put it in a namespace, don't use the public host networking stack.

Reply
Reply
S
sirbreno
Member
Find
191
11-14-2023, 03:39 AM
#6
I usually turn it off. My laptop comes with a super fast SSD and starts in just ten seconds. It only activates when I’m using it... I don’t mind security too much, just curious about how secure it really is.
Reply
Reply
S
sirbreno
11-14-2023, 03:39 AM #6

I usually turn it off. My laptop comes with a super fast SSD and starts in just ten seconds. It only activates when I’m using it... I don’t mind security too much, just curious about how secure it really is.

Reply
Reply