Encrypted root. The Real Security HOWTO for the Linux Desktop
Overview
This document will discuss various means with which you can secure the assets you have worked hard for: your local machine, your data, even your reputation.
It is broken down into three sections.
Section one reviews the security situation and various real threats.
Section two is a review of the various software and hardware tools used for local security.
Section three is a review of the proper application of disk encryption.
To get started, it is important to discuss and understand the basic concepts and create a security foundation.
The much talked about net / internet Security
Security is now a basic requirement because global computing is inherently insecure. As your data goes from point A to point B on the Internet, for example, it may pass through several other points along the way, giving other users the opportunity to intercept, and even alter it. Even other users on your system may maliciously transform your data into something you did not intend. Unauthorized access to your system may be obtained by intruders, who then use advanced knowledge to impersonate you, steal information from you, or even deny you access to your own resources.
However, most of the above refer to threats from the outside world and via your internet connection. For the Linux Desktop / Laptop user, most of these threats are a simply a non-issue.
For example, when servers are hacked this makes the news. Even systems like Debian that are run by very competent staff have been compromised.
http://lists.debian.org/debian-announce/debian-announce-2003/msg00003.html
However, the Debian servers require remote login from the developers and from this: “...a sniffed password was used to log into an unprivileged developer account on the host klecker (.debian.org). The attacker then retrieved the source code through HTTP for an (at that time) unknown local kernel exploit and gained root permissions via this exploit. Afterwards, the SucKIT root-kit was installed......”
For Desktop and Laptop systems, remote login is normally disabled. Therefore, even without a firewall blocking the ports, no user, not even root is able to remotely login. Any remote login is “access denied”.
Your data from point a to point b over the internet?
For anything important, like on-line banking or on-line purchases, an HTTPS connection and SSL encryption are used. This may not be totally secure, but so far no one has compromised this to gain credit card or bank information. The Ebay login page is a secure HTTPS connection to protect your password. Gmail from Google uses HTTPS for the login page as well. Of course as of today, Hotmail does not, but that is Microsoft and they have never been known to be on top of security........
The chance of your “important” data being compromised as you transmit it across the Internet is minimal.
What about downloading malicious code?
The very absence of anti Virus, Infection, Spy ware, Trojan, Ad ware, applications for Linux should tell you something, whereas VISTA requires these.
It is also the difference of where Linux software comes from. For most distributions, they maintain a primary repository for the files they distribute. Although there are thousands of packages and many contributors, every contribution is from a known source and each package is signed with a PGP/GPG key. Any malware that would find its way into one of these packages would be readily traced right back to the package provider.
For my CentOS and Ubuntu systems I do need one or two third party repositories for special drivers, codec and other non GPL license software. But again, the maintainers of the repository are known, and they know the contributors. There is an audit trail right back to the originator for all of it.
For those last few things, there is the vendor. Vmware from Vmware, Java and Flash from Sun, Firefox and Thunderbird plug ins from Mozilla.
There is little if anything a Linux user will need that does not come from a trusted supplier. Though you should read “ATTENTION ALL USERS: Malicious Commands” over at http://ubuntuforums.org/announcement.php?f=331
With Linux (so far), there are no Active X type controls that will automatically run programs and install malware as there is with Windows. Beware! They are on the way....
Unlike a Windows system, you would have to be stupid enough to save the code to disk, then intentionally run it. This also applies to any malicious code a web page tries to write to your disk – you would have to run it, it will not run automatically.
So, the threats are there and they will no doubt increase. But an attack or malware from the internet is not a major concern for Linux Desktop / Laptop users.
The overlooked physical threats to you and your data
Until recently, physical theft has not had much attention and although there is a higher probability of Laptop theft, theft applies to your Desktop system as well.
Beyond theft of your system, anyone with physical access to it can plant anything from incriminating data to key loggers on your system. Politically incorrect files on your system can land you in jail for a long time, key loggers can record your accounts, passwords and everything else you enter on the keyboard.
Assessing these physical access threats and the procedures and software to minimize or eliminate them will be the primary focus of the remainder of this paper.
How Secure Is Secure?
First, keep in mind that no computer system can ever be completely secure. All you can do is make it increasingly difficult for someone to compromise your system.
Another factor to take into account is that the more secure your system is, the more intrusive your security becomes. You need to decide where in this balancing act your system will still be usable, and yet secure for your purposes.
What Are You Trying to Protect?
Before you attempt to secure your system, you should determine what level of threat you have to protect against, what risks you should or should not take, and how vulnerable your system is as a result. You should analyze your system to know what you're protecting, why you're protecting it and what value it has.
You may have much more at risk than you think.....
Risk
Risk is the possibility that an intruder may be successful in gaining access to your computer. Can an intruder read or write files, or execute programs that could cause damage? Can they delete critical data? Can they prevent you or your company from getting important work done? Don't forget: someone gaining access to your account, or your system, can also impersonate you.
Threat
Threat is typically from someone with motivation to gain unauthorized access to your network or computer. You must decide whom you trust to have access to your system, and what threat they could pose.
There are several types of intruders, and it is useful to keep their different characteristics in mind as you are securing your systems.
The Curious - This type of intruder is basically interested in finding out what type of system and data you have. (Think busy body, children, neighbors)
The Malicious - This type of intruder is out to either bring down your systems, or otherwise force you to spend time and money recovering from the damage he has caused. (Think disgruntled family / spouse, former friend, basic malicious idiot)
The Competition - This type of intruder is interested in data you have on your system. Someone who thinks you have something that could benefit him, financially or otherwise. (Think all of the above, plus individual or State sponsored thugs)
The Borrowers - This type of intruder is interested in setting up shop on your system and using its resources for their own purposes. He typically will run chat or irc servers, porn archive sites and or use your system to cover their illegal activities.
Vulnerability
What's at stake if someone has access to your system?
How much time would it take to retrieve/recreate any data that was lost?
Have you checked your backup strategy, and verified your data lately?
What data is on your system you would not want others to have?
What would happen to your reputation if an intruder deleted some of your companies data?
Or defaced your web site? Or published your company's corporate project plan for next quarter?
Perhaps you keep all your passwords and passphrases in your head. Perhaps you have no email or documents whatsoever that could not be published in the paper -though I doubt that.
Some might argue that "if you're innocent, you have nothing to hide." In a Utopian society this would be true; unfortunately the world is not black and white, there is a lot of grey in between.
Quote: Cardinal Richelieu, The Father of the Modern State; “If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged.”
And of course, how vulnerable are you, your career and family to illegal data that could be planted?
Not to sound alarmist, but there is a very broad range of possibilities that could cause you suffering if someone has physical access to your computer(s). And this really does range from just a cruel practical joke from someone you know or don't, to damage your data, right on up to State sponsored thugs seeking a conviction if only to boost their career or justify their job.
“The more laws, the less justice.” Marcus Tullius Cicero 106 BC-43 BC
There are now many laws that could land you in jail for failure to protect data, including and not limited to:
The European Union Data Protection Directive
Japan's Personal Information Privacy Act
Canada's Personal Information Protection and Electronic Documents Act
The Health Insurance Portability and Accountability Act (HIPAA) and the Sarbanes-Oxley Act.
And in the United States:
Or perhaps: It's the Thought (Crime) That Counts. Jane Harman's thought-police law, the Violent Radicalization and Homegrown Terrorism Prevention Act of 2007. The measure is aimed at "preventing ideologically based violence". Although on the surface it sounds fair enough, until you start crunching the language and come to the realization that practically anyone, on any given day, could fit the description. Which is vague on purpose, as one realizes the farther one digs. (Try Google, “Harman thought crime law”)
Stare at any airplanes lately? Google “plane-spotters as spies” and see how the Kalamata court did not accept their defense, finding them guilty and jailing eight of the group to three years, the rest for one year. Yes, the victimless crime of watching airplanes.... Have any airplane pictures on disk?
Though perhaps a more chilling revelation is what was disclosed at the world famous O.J. Simpson trial.
The most talked-about aspect of the defense case undoubtedly concerned Mark Fuhrman, the LAPD officer who had found the bloody glove and who, as a prosecution witness, denied using the word "nigger." It turned out that Fuhrman had used "the n word"--many times--and it was on tape. Laura Hart McKinney, an aspiring screenwriter from North Carolina, had hired Fuhrman to consult with her on police issues for a script she was writing. McKinney taped her interviews with Fuhrman, who not only used the racial slur, but disclosed that he had sometimes planted evidence to help secure convictions.
Unlike most, Mr. Simpson had hired the “Dream Team” of lawyers to represent him and they were able to uncover this taped interview. They were also well known enough to be able to suggest that a police officer “could” have tampered with the evidence and not be laughed out of court.
Of course this was a trial for Mr. Simpson, not Mr. Fuhrman. However, on the day he admitted to planting evidence to get convictions, was he suspended? (No). Was he ever brought up on charges of “Tampering with evidence” or “Bill Clinton, I never had sex with that woman – Perjury” in those other cases? (No). Where all those wrongly convicted by the planted evidence released from prison and compensated? (No).
This was widely discussed in the press and you can easily find it with Google. But what was discussed was if this information should or should not be presented to the Jury, and little or nothing about the criminal Detective Fuhrman is, and the punishment he should receive.
But this is because the planting of evidence to gain a conviction is a VERY normal practice. It has been that way and will continue to be that way.
“This is a court of law, young man, not a court of justice.”
Oliver Wendell Holmes, Jr. 1841-1935. Justice of the Supreme Court of the United States
Should the State sponsored thugs ever get physical possession of your computer(s), it is far easier to plant whatever evidence they need on your hard drive than it was for Detective Fuhrman to get Mr. Simpson's blood from the samples they had, put it on the glove and sock, then place it to be found as evidence.
If you have any doubts as to how rampantly common this is, Google “Prosecutorial misconduct”.
How can you prevent those with malicious intent from placing illegal data on your computer(s)? Part 2: Physical Security