«
»
17th
Oct '08

OTFE on Linux, encrypting your data

Posted at 3:46 pm by Mark Adams in Application Security, Information Security, Systems Administration.

Click here to read more about SpamStopsHere, the e-mail security company that brings you this blog.

I previously wrote about on the fly encryption, also known as OTFE in my article about using it on my PDA to encrypt data in case the device is stolen.

Today, I’m writing about OTFE for Linux servers. The benefits of OTFE are that you only have to type a password once, and then the encrypted data is easily accessible for the entire session. However, if someone steals your hard disk, the data is as secure as your encryption key.

If you’re running Ubuntu or OpenSuse, I recommend TrueCrypt for everyone. It’s easy to install and allows you to encrypt a file or a partition as a virtual file system. It even includes a timeout unmount, which FreeOTFE for my PDA doesn’t.

If you’re running an enterprise Linux, such as Red Hat Enterprise Linux or Suse Enterprise, you will need to compile TrueCrypt from source, which is quite difficult and not recommended for your average user, as there are several dependencies:

GNU Make
GNU C++ Compiler 4.0 or compatible
Apple XCode (Mac OS X only)
pkg-config
wxWidgets 2.8 library source code
FUSE library

Several of which have further dependencies that are quite difficult to work out.

If you use an OTFE product, I recommend operating without swap, or use TrueCrypt to encrypt your swap partition. Otherwise, you may inadvertantly under some situations have your sensitive data stored unencrypted on your hard disk.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]
This entry was posted on Friday, October 17th, 2008 at 3:46 pm and is filed under Application Security, Information Security, Systems Administration. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.

«
»