bt4-final hard drive encryption

[lordplagueis]

just found out that my files are not safe unless I use encryption (thanks Lupin) can someone post a howto encypt hard drive with bt4-final in the howto section I know there are different methods one can use but I am certain one way is better than the other .

[Gitsnik]

There is a howto in the beta section of the old forums: BT4 Encrypted HDD install using LUKS and LVM - Remote Exploit Forums there.

I don't recall seeing a luks option last time I installed BT4F, but it could well have been there. Luks is about the best option available to us Linux users (in general).

There is also Truecrypt, but so far I've found it a bit hit and miss, so I don't tend to mention it much.

This is all rather useless (LESS I SAID, NOT USEFUL! Stupid mind getting ahead of me) though - you can do cold boot attacks to get the encryption keys (Hak5 did a video on this IIRC), and you can also just install a hardware key logger to snarf the keys from the user anyway.

You can go really paranoid if you want to and start CD booting your machines and hardware encrypting them etc. I make use of thermite (and have done so longer than Knuth has been in those books ) and other things when I want to be sure my data is safe, but it makes it a little hard to get it back.

And occasionally I forget and open the wrong server casing... it's not fun to have to keep your entire closet from catching alight

[lordplagueis]

There is a howto in the beta section of the old forums: BT4 Encrypted HDD install using LUKS and LVM - Remote Exploit Forums there.

I don't recall seeing a luks option last time I installed BT4F, but it could well have been there. Luks is about the best option available to us Linux users (in general).

There is also Truecrypt, but so far I've found it a bit hit and miss, so I don't tend to mention it much.

This is all rather useless (LESS I SAID, NOT USEFUL! Stupid mind getting ahead of me) though - you can do cold boot attacks to get the encryption keys (Hak5 did a video on this IIRC), and you can also just install a hardware key logger to snarf the keys from the user anyway.

You can go really paranoid if you want to and start CD booting your machines and hardware encrypting them etc. I make use of thermite (and have done so longer than Knuth has been in those books ) and other things when I want to be sure my data is safe, but it makes it a little hard to get it back.

And occasionally I forget and open the wrong server casing... it's not fun to have to keep your entire closet from catching alight

that is alot of helpful info there is no such thing as being too secure

[Gitsnik]

that is alot of helpful info there is no such thing as being too secure

I should hope not or I am going to make a lot of federal agents and MAFIAA men look very stupid when they turn up at my door over those MP3's.... :P

[Snayler]

MAFIAA

Hum... Nice acronym! They really should review their name... =p

[lupin]

that is alot of helpful info there is no such thing as being too secure

There is actually such a thing as being "too secure".

Since security can often involve a trade off with convenience and cost, its not always appropriate to try and make things as secure as possible. For example one of my laptops that I use for security assessments never leaves the office and gets locked up in a metal cabinet when I am not using it. I also don't store/process/view sensitive files on it, and I have wiping procedures for when this does need to happen. Given these precautions I am comfortable not encrypting the hard drive. Laptops that leave the office with sensitive data on them however (even sensitive data that has been deleted but not properly sanitised), get encrypted.

This is probably the most difficult thing for people new to the Security industry to grasp, because we are often paranoid types and like to try and make things as close to unhackable as possible. As soon as you have to interact with business types in deciding on appropriate security though, you begin to realise that going all out with security all the time is not practical or necessary, and can in fact be a severely career limiting maneuver. The key is to make security appropriate to deter the threats you can reasonably expect to face, while also taking into consideration the value of the data you are trying to protect (so you don't spend more on protection than your data is worth).

Gitsniks thermite technique for example may only be appropriate if your data is very valuable to you or dangerous to you if exposed AND you are expecting your computers to be seized by law enforcement, or to be accessed by retrieval specialists wearing black balaclavas in the middle of the night when everyone else has gone home.

[Gitsnik]

Gitsniks thermite technique for example may only be appropriate if your data is very valuable to you or dangerous to you if exposed AND you are expecting your computers to be seized by law enforcement, or to be accessed by retrieval specialists wearing black balaclavas in the middle of the night when everyone else has gone home.

Correct. I do it on the servers that contain corporation information and materials that could be construed in the wrong light as illegal*. This is a very refined and defined technique and situation for my systems.

I don't, for example, have cases of thermite on the harddrive of my laptop. I don't even encrypt the laptop contents. Every piece of useful information is stored in an encrypted volume, and I wipe the swap and temp and memory periodically with programs.

Security, Useability, Cheap - pick two.

*Kind of like the log files from my early penetration testing days, when I had digital written consent but no lawyer contracts.

[lupin]

*Kind of like the log files from my early penetration testing days, when I had digital written consent but no lawyer contracts.

You still have those log files? I would have crushed the drives storing them to powder, set the powder on fire and then run over the resulting ashes with a bulldozer by now

[Gitsnik]

You still have those log files? I would have crushed the drives storing them to powder, set the powder on fire and then run over the resulting ashes with a bulldozer by now

. It's probably a good case against data encryption, but I find the idea of losing data abhorrent. I usually have RAID5's everywhere and multiple copies on a network etc. At least when you blow away a /boot you can try and retrieve the data set with your standard tools. Thermite and/or encryption tend to make that option a lot less likely.