Results 1 to 5 of 5

Thread: Full HD encryption with Luks and LVM

  1. #1
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    5

    Question Full HD encryption with Luks and LVM

    Hello,

    Is there any guide or plan to guide on how to install BT4 final with full HD encryption ?

    I tried to follow an older "how to" made for BT4-beta BT4 Encrypted HDD install using LUKS and LVM - Remote Exploit Forums

    but something is wrong as when i finish my "root' partition in only accessible in read only.

    So, would any one have already perform such full HD encryption on BT4 final and would like to share its method ? or would anyone have an idea on how could my root partition only seen as "read-only" partition.

    Thanks a lot in advance
    Ulrick

  2. #2

    Default Re: Full HD encryption with Luks and LVM

    hi,

    if you play around with full-hard disk encryption be very carefully and only do it if you are absolutely sure
    what you are doing; at least if you are trying to do it on your 'productive' bt4!

    In many cases it's much better to use container-based encryption, like using truecrypt (containers are
    exchangeable with all known OS !) and easy to backup&restore.

    Especially for customer pentest engagements, I'd recommend container-based encryption to protect
    sensitive data.

    /brtw2003

  3. #3
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    5

    Default Re: Full HD encryption with Luks and LVM

    Quote Originally Posted by brtw2003 View Post
    hi,

    Especially for customer pentest engagements, I'd recommend container-based encryption to protect
    sensitive data.

    /brtw2003
    Hello,
    Thanks for the reply and i also use truecrypt for shared partitions (between other Linux and Windows(safeboot))

    My problem with only using container-based encryption for my pentests are that i have the bad feeling of leaving un-protected traces of the pentest behind me ... for example, the various logs, Nessus temp files/profiles, screenshots, temp files,... i know it would be possible to clear everything behind each time, but it's seems to me kind of time-cousuming when they could be protected always with the full disk encryption solution.

  4. #4

    Default Re: Full HD encryption with Luks and LVM

    hi,

    you are absolutely right, therefore I always use one log directory for all my tools I use during
    the pentest - of course this one is also in the crypted container.

    In my case I always use some global shell variables to export my default logdir and any tool
    with an optional log paramater I point to this directory; anything terminal related I redirect
    with tee to this log folder.

    Anything left in temp folders is far away from 'sensitive data'.

    If you do a serious Pentest, you have to provide all your file (incl. logs) to your client anyway,
    therefore much easier to setup a proper environment (one destination folder) in the first phase.
    I also can highly recommend to use dradis as THE documentation frontend through your pentest - just awesome!

    Another recommendation if you use a persistent BT4 installation, is to create a custom folder
    in /opt/ where you have some structured folders with any custom tools you've developed
    or any additional tools I compiled manually. First you can easiely setup a complete BT4 backup/restore and
    also nothting will be overwritten during any repo updates you perform through apt.

    I use unison to keep my customer folders under /opt synchronized with my NAS.


    /brtw2003
    Last edited by brtw2003; 01-31-2010 at 08:41 PM.

  5. #5
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    5

    Default Re: Full HD encryption with Luks and LVM

    Thanks for the advices, i will take a closer look at some of them (such as Dradis which i'm never used so far).

    Otherwise, for those interested by the full HD encryption with Luks and LVM, i find that this "how to" for the USB full encryption solution also works for the HD install, so give it a try if you want:
    Backtrack 4 – Bootable USB Thumb Drive with “Full” Disk Encryption | Infosec Ramblings

    Regards
    Last edited by balding_parrot; 02-02-2010 at 03:16 AM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •