SlideShare a Scribd company logo

13.pptx

Download as PPTX, PDF
A
alaakaraja1

Linux offers two primary types of encryption for data at rest: disk encryption and file encryption. Disk encryption involves encrypting an entire disk or partition so that all stored data is protected. It provides a high level of security but encrypts all data, including the operating system. File encryption encrypts individual files or directories, offering more granular control but not protecting the operating system. Common Linux disk encryption tools include DM-Crypt and LUKS, while file encryption tools include EncFS and ECRYPTFS. DM-Crypt uses AES and encrypts entire disks/partitions, providing strong security. LUKS builds on DM-Crypt and allows creating encrypted disk containers with multiple partitions and passphrases.

Engineering
1 of 38
Data At Rest Encryption 1
Encryption Types  Linux offers two primary types of encryption:  disk encryption  file encryption. 2
Disk encryption Disk encryption involves encrypting an entire disk or partition, such that all data stored on that disk is protected by the encryption. Disk encryption tools, provide a high level of security, as they protect all data on the disk, including the operating system, system files, and user data. This makes disk encryption particularly useful for protecting sensitive information stored on laptops, external hard drives, and other portable devices. 3
File Encryption File encryption, on the other hand, involves encrypting individual files or directories. File encryption tools, offer more granular control over encryption, allowing users to selectively encrypt only the files they need to protect. This makes file encryption particularly useful for protecting sensitive documents, such as financial records, medical records, and personal data. 4
Encryption Tools 5
DM-Crypt DM-Crypt is a widely used disk encryption tool in Linux that allows users to encrypt entire hard drives or individual partitions. It is built on top of the Device Mapper (DM) framework, which is a component of the Linux kernel that provides a generic way to create and manage virtual block devices that can be used for various purposes, such as LVM and encryption. 6
DM-Crypt DM-Crypt uses the Advanced Encryption Standard (AES) cipher with Cipher Block Chaining (CBC) mode for encryption and the XTS block cipher mode for the encryption of the disk sectors. 7
AES-CBC In CBC mode, each plaintext block is XORed with the previous ciphertext block before being encrypted with the block cipher. The first plaintext block is XORed with an initialization vector (IV) before being encrypted. 8
AES XTS mode In XTS mode, the block cipher is applied to the plaintext sector in two passes. In the first pass, the plaintext is XORed with a tweak value that is derived from the sector number and a key. The result of the XOR operation is encrypted using the block cipher. In the second pass, the encrypted block is again XORed with the same tweak value, and the result is encrypted again using the block cipher. The resulting ciphertext is then stored on disk. 9
DM-Crypt It also supports other encryption algorithms, such as Serpent and Twofish. DM-Crypt provides a high level of security by encrypting all data on the disk or partition, including the operating system, system files, and user data. DM-Crypt is widely used in Linux distributions, such as Ubuntu, Fedora, Debian, and others, and is also supported on other Unix-like operating systems. It is considered a robust and reliable tool for protecting sensitive data on desktops, laptops, and servers. 10
LUKS LUKS (Linux Unified Key Setup) is a disk encryption specification that provides full disk encryption using the DM-Crypt disk encryption tool in Linux. It was developed as a standard for Linux disk encryption to provide an easy-to-use, flexible, and secure way to encrypt hard drives or partitions. 11
LUKS LUKS allows users to create a passphrase-protected container that can be mounted as a normal block device. The container can contain multiple partitions, each with its own passphrase. It uses the same encryption algorithms as DM-Crypt, such as AES, Serpent, and Twofish, and supports key sizes up to 512 bits. 12
LUKS One of the key features of LUKS is that it provides a header that contains all the necessary information for the encrypted disk or partition, including the encryption algorithm, key size, and the encryption key itself. This allows users to change the passphrase or key without having to re-encrypt the entire disk, which can be time-consuming and resource-intensive. 13
LUKS versions There are two versions of LUKS: LUKS1 and LUKS2.  LUKS1 is the original version of LUKS and is widely used and supported on most Linux distributions.  LUKS2 is a newer version of LUKS that was introduced in 2016. It has several new features, such as the ability to use more than one passphrase and the ability to use different encryption algorithms for different parts of the disk. It also supports a wider range of hash functions and key derivation algorithms. Additionally, LUKS2 allows for better support for SSDs and other modern storage devices. 14
LUKS versions Overall, LUKS2 offers several improvements over LUKS1, including better flexibility and stronger security features. However, LUKS2 may not be supported by all Linux distributions and may require newer versions of software tools to work properly. If you have the option to choose between LUKS1 and LUKS2, it is recommended to use LUKS2 for its improved features and security. 15
(Lab 1) Disk Encryption Lab (1) To use DM-Crypt in AlmaLinux, you can follow these general steps:  Install the necessary packages: You will need the cryptsetup package to use DM-Crypt and LUKS.  You can install it by running the following command as root:  yum install cryptsetup 16
(Lab 1) Disk Encryption Lab (2) Create a partition for encryption: Before you can encrypt a partition, you will need to create a partition to encrypt.  You can use a tool like fdisk or parted to create a partition.  Make sure that the partition you create is empty and does not contain any important data. 17
(Lab 1) Disk Encryption Lab (3) Encrypt the partition: Once you have created the partition, you can encrypt it using the cryptsetup command.  For example, to encrypt the partition /dev/sdb1 with the name my_encrypted_partition, you can run the following command as root:  cryptsetup luksFormat /dev/sdb1 --cipher aes-xts-plain64 --key-size 256 --hash sha256 --iter-time 2000  This command will prompt you to enter a passphrase, which will be used to unlock the encrypted partition ( more than 7 characters and it should pass dictionary check) 18
(Lab 1) Disk Encryption Lab (4) Open the encrypted partition: After the partition is encrypted, you can open it using the cryptsetup command.  For example, to open the encrypted partition with the name “my_encrypted_partition”, you can run the following command as root:  cryptsetup luksOpen /dev/sdb1 my_encrypted_partition 19
(Lab 1) Disk Encryption Lab (5) Create a file system on the encrypted partition: After the encrypted partition is opened, you can create a file system on it using a tool like mkfs.  mkfs.ext4 /dev/mapper/my_encrypted_partition 20
(Lab 1) Disk Encryption Lab (6) Mount the encrypted partition: Once the file system is created, you can mount it like any other file system using the mount command.  For example, to mount the partition at /mnt/my_encrypted_partition, you can run the following command as root:  mount /dev/mapper/my_encrypted_partition /mnt/my_encrypted_partition 21
(Lab 2) LUKS During Installation To install AlmaLinux using LUKS encryption, follow these steps: Boot the system using the AlmaLinux installation media. In the partitioning section, select "Custom" partitioning. Create the Partition, then click modify and chose encrypt 22
TCrypt TCrypt is a Linux kernel module that provides full disk encryption using the XTS (XEX-based tweaked-codebook mode with ciphertext stealing) block cipher mode of operation. It is built on top of the dm-crypt subsystem, which provides transparent disk encryption for Linux. 23
TCrypt TCrypt encrypts the entire disk or partition, including the root file system, and it requires the user to enter a password during boot time to decrypt the disk and mount the root file system. It uses the XTS block cipher mode, which provides strong encryption and integrity protection for the encrypted data. 24
TCrypt One of the key features of TCrypt is that it provides a high level of security and reliability, as it is implemented in the kernel and is not dependent on user space tools or libraries. It also supports various key sizes and encryption algorithms, including AES (Advanced Encryption Standard) and Twofish. 25
TCrypt TCrypt is available as a kernel module in some Linux distributions, such as Gentoo and Arch Linux. However, it is not included in the mainline Linux kernel, and its use may require additional configuration and setup. It is considered a robust and secure tool for full disk encryption in Linux, but it requires careful consideration and planning before implementation. 26
FILES ENCRYPTION TOOLS 27
EncFS EncFS is an open-source file-based encryption tool for Linux, FreeBSD, Mac OS X, and other Unix-like operating systems. It allows users to create encrypted folders or directories that can be mounted as a normal file system. The encrypted data is stored in the underlying file system in an encrypted form, and is decrypted and presented to the user when the encrypted directory is mounted. 28
EncFS EncFS uses the FUSE (Filesystem in Userspace) framework to create the encrypted file system, and it encrypts data on a per-file basis using the AES (Advanced Encryption Standard) cipher with a 256-bit key. It supports multiple encryption modes, including CBC (Cipher Block Chaining), CFB (Cipher Feedback), and OFB (Output Feedback), and can be configured to use different encryption algorithms, such as Blowfish or Twofish. 29
EncFS EncFS uses the FUSE (Filesystem in Userspace) framework to create the encrypted file system, and it encrypts data on a per-file basis using the AES (Advanced Encryption Standard) cipher with a 256-bit key. It supports multiple encryption modes, including CBC (Cipher Block Chaining), CFB (Cipher Feedback), and OFB (Output Feedback), and can be configured to use different encryption algorithms, such as Blowfish or Twofish. 30
EncFS One of the key features of EncFS is that it provides plausible deniability, which means that the existence of the encrypted data cannot be proven. This is achieved by allowing users to create hidden directories within an encrypted directory that are encrypted with different keys or passwords. When mounted with a specific key or password, the hidden directory is accessible, but if mounted with a different key or password, the hidden directory is not visible. 31
encfs Lab (1) Install the required Packages ◦ yum install epel-release ◦ yum install fuse-encfs 32
encfs Lab (2) Mount Encrypted Directory ◦ encfs /opt/not-encrypted/ /opt/enc-mount-point/ 33
ECRYPTFS ECRYPTFS (Enterprise Cryptographic Filesystem) is an open-source file-based encryption tool for Linux, which provides on-the-fly encryption for individual files or directories. It is designed to be transparent to the user, allowing them to access and use encrypted files and directories just like normal files and directories. 34
ECRYPTFS ECRYPTFS encrypts files using a symmetric encryption algorithm, such as AES (Advanced Encryption Standard), and then stores them in an encrypted form on disk. The encryption key is generated based on a passphrase that the user provides, and is used to encrypt and decrypt the files. The passphrase is hashed using a secure hash function and is used as the key for the encryption algorithm. 35
ECRYPTFS ECRYPTFS uses a stacked file system architecture, which means that it is built on top of the underlying file system, and encrypted files and directories are stored as regular files and directories on the file system. This allows users to access and use encrypted files and directories just like normal files and directories, without the need for a separate encrypted file system. 36
ECRYPTFS ECRYPTFS provides various advanced features, such as key revocation, key rotation, and encrypted file name encryption, which provide additional security and flexibility. It is widely used in Linux distributions, such as Ubuntu and Debian, and is considered a reliable and secure encryption tool for file-based encryption in Linux. 37
Homework (1)Install ecryptfs on your almalinux VM, and use it to encrypt a folder using your first name, and use the decrypted folder using your last name record the above steps in a short video (2) Compare between encfs and ecryptfs 38

Recommended

Linux security
Linux securityLinux security
Linux securitytrilokchandra prakash
 
Unix Security
Unix SecurityUnix Security
Unix Securityreplay21
 
Linux Operating System
Linux Operating SystemLinux Operating System
Linux Operating SystemKunalKewat1
 
Unix Operating System
Unix Operating SystemUnix Operating System
Unix Operating Systemsubhsikha
 
Xen server storage Overview
Xen server storage OverviewXen server storage Overview
Xen server storage OverviewNuno Alves
 
Study notes for CompTIA Certified Advanced Security Practitioner (ver2)
Study notes for CompTIA Certified Advanced Security Practitioner (ver2)Study notes for CompTIA Certified Advanced Security Practitioner (ver2)
Study notes for CompTIA Certified Advanced Security Practitioner (ver2)David Sweigert
 
linux file sysytem& input and output
linux file sysytem& input and outputlinux file sysytem& input and output
linux file sysytem& input and outputMythiliA5
 
Group project linux helix
Group project linux helixGroup project linux helix
Group project linux helixJeff Carroll
 

Recommended

Linux security
Linux securityLinux security
Linux securitytrilokchandra prakash
 
Unix Security
Unix SecurityUnix Security
Unix Securityreplay21
 
Linux Operating System
Linux Operating SystemLinux Operating System
Linux Operating SystemKunalKewat1
 
Unix Operating System
Unix Operating SystemUnix Operating System
Unix Operating Systemsubhsikha
 
Xen server storage Overview
Xen server storage OverviewXen server storage Overview
Xen server storage OverviewNuno Alves
 
Study notes for CompTIA Certified Advanced Security Practitioner (ver2)
Study notes for CompTIA Certified Advanced Security Practitioner (ver2)Study notes for CompTIA Certified Advanced Security Practitioner (ver2)
Study notes for CompTIA Certified Advanced Security Practitioner (ver2)David Sweigert
 
linux file sysytem& input and output
linux file sysytem& input and outputlinux file sysytem& input and output
linux file sysytem& input and outputMythiliA5
 
Group project linux helix
Group project linux helixGroup project linux helix
Group project linux helixJeff Carroll
 
Unix fundamentals
Unix fundamentalsUnix fundamentals
Unix fundamentalsBimal Jain
 
Introduction to unix
Introduction to unixIntroduction to unix
Introduction to unixChandru Jangin
 
TLPI Chapter 14 File Systems
TLPI Chapter 14 File SystemsTLPI Chapter 14 File Systems
TLPI Chapter 14 File SystemsShu-Yu Fu
 
SFS (Secure File System)
SFS (Secure File System)SFS (Secure File System)
SFS (Secure File System)Ahmed EL-KOSAIRY
 
Linux vs windows
Linux vs windowsLinux vs windows
Linux vs windowsDhaivat Zala
 
Linux for Cybersecurity CYB110 - Unit 7.ppsx
Linux for Cybersecurity CYB110 - Unit 7.ppsxLinux for Cybersecurity CYB110 - Unit 7.ppsx
Linux for Cybersecurity CYB110 - Unit 7.ppsxBrenoMeister
 
IBM Spectrum Scale Secure- Secure Data in Motion and Rest
IBM Spectrum Scale Secure- Secure Data in Motion and RestIBM Spectrum Scale Secure- Secure Data in Motion and Rest
IBM Spectrum Scale Secure- Secure Data in Motion and RestSandeep Patil
 
Linux admin course
Linux admin courseLinux admin course
Linux admin courseManikanta Pushadapu
 
Study notes for CompTIA Certified Advanced Security Practitioner
Study notes for CompTIA Certified Advanced Security PractitionerStudy notes for CompTIA Certified Advanced Security Practitioner
Study notes for CompTIA Certified Advanced Security PractitionerDavid Sweigert
 
Deft
DeftDeft
Deftsaddamhusain hadimani
 
Unix and shell programming | Unix File System | Unix File Permission | Blocks
Unix and shell programming | Unix File System | Unix File Permission | BlocksUnix and shell programming | Unix File System | Unix File Permission | Blocks
Unix and shell programming | Unix File System | Unix File Permission | BlocksLOKESH KUMAR
 
Presentation on linux
Presentation on linuxPresentation on linux
Presentation on linuxVeeral Bhateja
 
Poking The Filesystem For Fun And Profit
Poking The Filesystem For Fun And ProfitPoking The Filesystem For Fun And Profit
Poking The Filesystem For Fun And Profitssusera432ea1
 
101 2.1 design hard disk layout
101 2.1 design hard disk layout101 2.1 design hard disk layout
101 2.1 design hard disk layoutAcácio Oliveira
 
Host security
Host securityHost security
Host securityNguyen Tam
 
Host security
Host securityHost security
Host securityNguyen Tam
 
Linux file system
Linux file systemLinux file system
Linux file systemBurhan Abbasi
 
Disk and File System Management in Linux
Disk and File System Management in LinuxDisk and File System Management in Linux
Disk and File System Management in LinuxHenry Osborne
 
Linux Security
Linux SecurityLinux Security
Linux SecurityMahdi Cherif
 
Veracrypt
VeracryptVeracrypt
VeracryptRUTVICHANGELA
 
1.pptx
1.pptx1.pptx
1.pptxalaakaraja1
 
7.pptx
7.pptx7.pptx
7.pptxalaakaraja1
 

More Related Content

Similar to 13.pptx

Unix fundamentals
Unix fundamentalsUnix fundamentals
Unix fundamentalsBimal Jain
 
TLPI Chapter 14 File Systems
TLPI Chapter 14 File SystemsTLPI Chapter 14 File Systems
TLPI Chapter 14 File SystemsShu-Yu Fu
 
Linux for Cybersecurity CYB110 - Unit 7.ppsx
Linux for Cybersecurity CYB110 - Unit 7.ppsxLinux for Cybersecurity CYB110 - Unit 7.ppsx
Linux for Cybersecurity CYB110 - Unit 7.ppsxBrenoMeister
 
IBM Spectrum Scale Secure- Secure Data in Motion and Rest
IBM Spectrum Scale Secure- Secure Data in Motion and RestIBM Spectrum Scale Secure- Secure Data in Motion and Rest
IBM Spectrum Scale Secure- Secure Data in Motion and RestSandeep Patil
 
Study notes for CompTIA Certified Advanced Security Practitioner
Study notes for CompTIA Certified Advanced Security PractitionerStudy notes for CompTIA Certified Advanced Security Practitioner
Study notes for CompTIA Certified Advanced Security PractitionerDavid Sweigert
 
Unix and shell programming | Unix File System | Unix File Permission | Blocks
Unix and shell programming | Unix File System | Unix File Permission | BlocksUnix and shell programming | Unix File System | Unix File Permission | Blocks
Unix and shell programming | Unix File System | Unix File Permission | BlocksLOKESH KUMAR
 
Poking The Filesystem For Fun And Profit
Poking The Filesystem For Fun And ProfitPoking The Filesystem For Fun And Profit
Poking The Filesystem For Fun And Profitssusera432ea1
 
101 2.1 design hard disk layout
101 2.1 design hard disk layout101 2.1 design hard disk layout
101 2.1 design hard disk layoutAcácio Oliveira
 
Disk and File System Management in Linux
Disk and File System Management in LinuxDisk and File System Management in Linux
Disk and File System Management in LinuxHenry Osborne
 

Similar to 13.pptx (20)

Unix fundamentals
Unix fundamentalsUnix fundamentals
Unix fundamentals
 
Introduction to unix
Introduction to unixIntroduction to unix
Introduction to unix
 
TLPI Chapter 14 File Systems
TLPI Chapter 14 File SystemsTLPI Chapter 14 File Systems
TLPI Chapter 14 File Systems
 
SFS (Secure File System)
SFS (Secure File System)SFS (Secure File System)
SFS (Secure File System)
 
Linux vs windows
Linux vs windowsLinux vs windows
Linux vs windows
 
Linux for Cybersecurity CYB110 - Unit 7.ppsx
Linux for Cybersecurity CYB110 - Unit 7.ppsxLinux for Cybersecurity CYB110 - Unit 7.ppsx
Linux for Cybersecurity CYB110 - Unit 7.ppsx
 
IBM Spectrum Scale Secure- Secure Data in Motion and Rest
IBM Spectrum Scale Secure- Secure Data in Motion and RestIBM Spectrum Scale Secure- Secure Data in Motion and Rest
IBM Spectrum Scale Secure- Secure Data in Motion and Rest
 
Linux admin course
Linux admin courseLinux admin course
Linux admin course
 
Study notes for CompTIA Certified Advanced Security Practitioner
Study notes for CompTIA Certified Advanced Security PractitionerStudy notes for CompTIA Certified Advanced Security Practitioner
Study notes for CompTIA Certified Advanced Security Practitioner
 
Deft
DeftDeft
Deft
 
Unix and shell programming | Unix File System | Unix File Permission | Blocks
Unix and shell programming | Unix File System | Unix File Permission | BlocksUnix and shell programming | Unix File System | Unix File Permission | Blocks
Unix and shell programming | Unix File System | Unix File Permission | Blocks
 
Presentation on linux
Presentation on linuxPresentation on linux
Presentation on linux
 
Poking The Filesystem For Fun And Profit
Poking The Filesystem For Fun And ProfitPoking The Filesystem For Fun And Profit
Poking The Filesystem For Fun And Profit
 
101 2.1 design hard disk layout
101 2.1 design hard disk layout101 2.1 design hard disk layout
101 2.1 design hard disk layout
 
Host security
Host securityHost security
Host security
 
Host security
Host securityHost security
Host security
 
Linux file system
Linux file systemLinux file system
Linux file system
 
Disk and File System Management in Linux
Disk and File System Management in LinuxDisk and File System Management in Linux
Disk and File System Management in Linux
 
Linux Security
Linux SecurityLinux Security
Linux Security
 
Veracrypt
VeracryptVeracrypt
Veracrypt
 

More from alaakaraja1

Embedded System Basics - Introduction.ppt
Embedded System Basics - Introduction.pptEmbedded System Basics - Introduction.ppt
Embedded System Basics - Introduction.pptalaakaraja1
 

More from alaakaraja1 (6)

1.pptx
1.pptx1.pptx
1.pptx
 
7.pptx
7.pptx7.pptx
7.pptx
 
ES-CH6.ppt
ES-CH6.pptES-CH6.ppt
ES-CH6.ppt
 
ES-CH1.ppt
ES-CH1.pptES-CH1.ppt
ES-CH1.ppt
 
Embedded System Basics - Introduction.ppt
Embedded System Basics - Introduction.pptEmbedded System Basics - Introduction.ppt
Embedded System Basics - Introduction.ppt
 
ES-CH5.ppt
ES-CH5.pptES-CH5.ppt
ES-CH5.ppt
 

Recently uploaded

data_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdfdata_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdfJiananWang21
 
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...SUHANI PANDEY
 
PVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELL
PVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELLPVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELL
PVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELLManishPatel169454
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Christo Ananth
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordAsst.prof M.Gokilavani
 
Thermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptThermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptDineshKumar4165
 
Double rodded leveling 1 pdf activity 01
Double rodded leveling 1 pdf activity 01Double rodded leveling 1 pdf activity 01
Double rodded leveling 1 pdf activity 01KreezheaRecto
 
Double Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torqueDouble Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torqueBhangaleSonal
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Call Girls in Nagpur High Profile
 
Call for Papers - International Journal of Intelligent Systems and Applicatio...
Call for Papers - International Journal of Intelligent Systems and Applicatio...Call for Papers - International Journal of Intelligent Systems and Applicatio...
Call for Papers - International Journal of Intelligent Systems and Applicatio...Christo Ananth
 
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptxBSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptxfenichawla
 
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Bookingroncy bisnoi
 
University management System project report..pdf
University management System project report..pdfUniversity management System project report..pdf
University management System project report..pdfKamal Acharya
 
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Bookingdharasingh5698
 
Thermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . pptThermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . pptDineshKumar4165
 

Recently uploaded (20)

data_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdfdata_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdf
 
Roadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and RoutesRoadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and Routes
 
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
 
NFPA 5000 2024 standard .
NFPA 5000 2024 standard .NFPA 5000 2024 standard .
NFPA 5000 2024 standard .
 
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
 
PVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELL
PVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELLPVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELL
PVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELL
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
 
Thermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptThermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.ppt
 
Double rodded leveling 1 pdf activity 01
Double rodded leveling 1 pdf activity 01Double rodded leveling 1 pdf activity 01
Double rodded leveling 1 pdf activity 01
 
Double Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torqueDouble Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torque
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
 
Call for Papers - International Journal of Intelligent Systems and Applicatio...
Call for Papers - International Journal of Intelligent Systems and Applicatio...Call for Papers - International Journal of Intelligent Systems and Applicatio...
Call for Papers - International Journal of Intelligent Systems and Applicatio...
 
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptxBSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
 
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
 
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
 
University management System project report..pdf
University management System project report..pdfUniversity management System project report..pdf
University management System project report..pdf
 
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
 
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Booking
 
Thermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . pptThermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . ppt
 

13.pptx

  • 1. Data At Rest Encryption 1
  • 2. Encryption Types  Linux offers two primary types of encryption:  disk encryption  file encryption. 2
  • 3. Disk encryption Disk encryption involves encrypting an entire disk or partition, such that all data stored on that disk is protected by the encryption. Disk encryption tools, provide a high level of security, as they protect all data on the disk, including the operating system, system files, and user data. This makes disk encryption particularly useful for protecting sensitive information stored on laptops, external hard drives, and other portable devices. 3
  • 4. File Encryption File encryption, on the other hand, involves encrypting individual files or directories. File encryption tools, offer more granular control over encryption, allowing users to selectively encrypt only the files they need to protect. This makes file encryption particularly useful for protecting sensitive documents, such as financial records, medical records, and personal data. 4
  • 6. DM-Crypt DM-Crypt is a widely used disk encryption tool in Linux that allows users to encrypt entire hard drives or individual partitions. It is built on top of the Device Mapper (DM) framework, which is a component of the Linux kernel that provides a generic way to create and manage virtual block devices that can be used for various purposes, such as LVM and encryption. 6
  • 7. DM-Crypt DM-Crypt uses the Advanced Encryption Standard (AES) cipher with Cipher Block Chaining (CBC) mode for encryption and the XTS block cipher mode for the encryption of the disk sectors. 7
  • 8. AES-CBC In CBC mode, each plaintext block is XORed with the previous ciphertext block before being encrypted with the block cipher. The first plaintext block is XORed with an initialization vector (IV) before being encrypted. 8
  • 9. AES XTS mode In XTS mode, the block cipher is applied to the plaintext sector in two passes. In the first pass, the plaintext is XORed with a tweak value that is derived from the sector number and a key. The result of the XOR operation is encrypted using the block cipher. In the second pass, the encrypted block is again XORed with the same tweak value, and the result is encrypted again using the block cipher. The resulting ciphertext is then stored on disk. 9
  • 10. DM-Crypt It also supports other encryption algorithms, such as Serpent and Twofish. DM-Crypt provides a high level of security by encrypting all data on the disk or partition, including the operating system, system files, and user data. DM-Crypt is widely used in Linux distributions, such as Ubuntu, Fedora, Debian, and others, and is also supported on other Unix-like operating systems. It is considered a robust and reliable tool for protecting sensitive data on desktops, laptops, and servers. 10
  • 11. LUKS LUKS (Linux Unified Key Setup) is a disk encryption specification that provides full disk encryption using the DM-Crypt disk encryption tool in Linux. It was developed as a standard for Linux disk encryption to provide an easy-to-use, flexible, and secure way to encrypt hard drives or partitions. 11
  • 12. LUKS LUKS allows users to create a passphrase-protected container that can be mounted as a normal block device. The container can contain multiple partitions, each with its own passphrase. It uses the same encryption algorithms as DM-Crypt, such as AES, Serpent, and Twofish, and supports key sizes up to 512 bits. 12
  • 13. LUKS One of the key features of LUKS is that it provides a header that contains all the necessary information for the encrypted disk or partition, including the encryption algorithm, key size, and the encryption key itself. This allows users to change the passphrase or key without having to re-encrypt the entire disk, which can be time-consuming and resource-intensive. 13
  • 14. LUKS versions There are two versions of LUKS: LUKS1 and LUKS2.  LUKS1 is the original version of LUKS and is widely used and supported on most Linux distributions.  LUKS2 is a newer version of LUKS that was introduced in 2016. It has several new features, such as the ability to use more than one passphrase and the ability to use different encryption algorithms for different parts of the disk. It also supports a wider range of hash functions and key derivation algorithms. Additionally, LUKS2 allows for better support for SSDs and other modern storage devices. 14
  • 15. LUKS versions Overall, LUKS2 offers several improvements over LUKS1, including better flexibility and stronger security features. However, LUKS2 may not be supported by all Linux distributions and may require newer versions of software tools to work properly. If you have the option to choose between LUKS1 and LUKS2, it is recommended to use LUKS2 for its improved features and security. 15
  • 16. (Lab 1) Disk Encryption Lab (1) To use DM-Crypt in AlmaLinux, you can follow these general steps:  Install the necessary packages: You will need the cryptsetup package to use DM-Crypt and LUKS.  You can install it by running the following command as root:  yum install cryptsetup 16
  • 17. (Lab 1) Disk Encryption Lab (2) Create a partition for encryption: Before you can encrypt a partition, you will need to create a partition to encrypt.  You can use a tool like fdisk or parted to create a partition.  Make sure that the partition you create is empty and does not contain any important data. 17
  • 18. (Lab 1) Disk Encryption Lab (3) Encrypt the partition: Once you have created the partition, you can encrypt it using the cryptsetup command.  For example, to encrypt the partition /dev/sdb1 with the name my_encrypted_partition, you can run the following command as root:  cryptsetup luksFormat /dev/sdb1 --cipher aes-xts-plain64 --key-size 256 --hash sha256 --iter-time 2000  This command will prompt you to enter a passphrase, which will be used to unlock the encrypted partition ( more than 7 characters and it should pass dictionary check) 18
  • 19. (Lab 1) Disk Encryption Lab (4) Open the encrypted partition: After the partition is encrypted, you can open it using the cryptsetup command.  For example, to open the encrypted partition with the name “my_encrypted_partition”, you can run the following command as root:  cryptsetup luksOpen /dev/sdb1 my_encrypted_partition 19
  • 20. (Lab 1) Disk Encryption Lab (5) Create a file system on the encrypted partition: After the encrypted partition is opened, you can create a file system on it using a tool like mkfs.  mkfs.ext4 /dev/mapper/my_encrypted_partition 20
  • 21. (Lab 1) Disk Encryption Lab (6) Mount the encrypted partition: Once the file system is created, you can mount it like any other file system using the mount command.  For example, to mount the partition at /mnt/my_encrypted_partition, you can run the following command as root:  mount /dev/mapper/my_encrypted_partition /mnt/my_encrypted_partition 21
  • 22. (Lab 2) LUKS During Installation To install AlmaLinux using LUKS encryption, follow these steps: Boot the system using the AlmaLinux installation media. In the partitioning section, select "Custom" partitioning. Create the Partition, then click modify and chose encrypt 22
  • 23. TCrypt TCrypt is a Linux kernel module that provides full disk encryption using the XTS (XEX-based tweaked-codebook mode with ciphertext stealing) block cipher mode of operation. It is built on top of the dm-crypt subsystem, which provides transparent disk encryption for Linux. 23
  • 24. TCrypt TCrypt encrypts the entire disk or partition, including the root file system, and it requires the user to enter a password during boot time to decrypt the disk and mount the root file system. It uses the XTS block cipher mode, which provides strong encryption and integrity protection for the encrypted data. 24
  • 25. TCrypt One of the key features of TCrypt is that it provides a high level of security and reliability, as it is implemented in the kernel and is not dependent on user space tools or libraries. It also supports various key sizes and encryption algorithms, including AES (Advanced Encryption Standard) and Twofish. 25
  • 26. TCrypt TCrypt is available as a kernel module in some Linux distributions, such as Gentoo and Arch Linux. However, it is not included in the mainline Linux kernel, and its use may require additional configuration and setup. It is considered a robust and secure tool for full disk encryption in Linux, but it requires careful consideration and planning before implementation. 26
  • 28. EncFS EncFS is an open-source file-based encryption tool for Linux, FreeBSD, Mac OS X, and other Unix-like operating systems. It allows users to create encrypted folders or directories that can be mounted as a normal file system. The encrypted data is stored in the underlying file system in an encrypted form, and is decrypted and presented to the user when the encrypted directory is mounted. 28
  • 29. EncFS EncFS uses the FUSE (Filesystem in Userspace) framework to create the encrypted file system, and it encrypts data on a per-file basis using the AES (Advanced Encryption Standard) cipher with a 256-bit key. It supports multiple encryption modes, including CBC (Cipher Block Chaining), CFB (Cipher Feedback), and OFB (Output Feedback), and can be configured to use different encryption algorithms, such as Blowfish or Twofish. 29
  • 30. EncFS EncFS uses the FUSE (Filesystem in Userspace) framework to create the encrypted file system, and it encrypts data on a per-file basis using the AES (Advanced Encryption Standard) cipher with a 256-bit key. It supports multiple encryption modes, including CBC (Cipher Block Chaining), CFB (Cipher Feedback), and OFB (Output Feedback), and can be configured to use different encryption algorithms, such as Blowfish or Twofish. 30
  • 31. EncFS One of the key features of EncFS is that it provides plausible deniability, which means that the existence of the encrypted data cannot be proven. This is achieved by allowing users to create hidden directories within an encrypted directory that are encrypted with different keys or passwords. When mounted with a specific key or password, the hidden directory is accessible, but if mounted with a different key or password, the hidden directory is not visible. 31
  • 32. encfs Lab (1) Install the required Packages ◦ yum install epel-release ◦ yum install fuse-encfs 32
  • 33. encfs Lab (2) Mount Encrypted Directory ◦ encfs /opt/not-encrypted/ /opt/enc-mount-point/ 33
  • 34. ECRYPTFS ECRYPTFS (Enterprise Cryptographic Filesystem) is an open-source file-based encryption tool for Linux, which provides on-the-fly encryption for individual files or directories. It is designed to be transparent to the user, allowing them to access and use encrypted files and directories just like normal files and directories. 34
  • 35. ECRYPTFS ECRYPTFS encrypts files using a symmetric encryption algorithm, such as AES (Advanced Encryption Standard), and then stores them in an encrypted form on disk. The encryption key is generated based on a passphrase that the user provides, and is used to encrypt and decrypt the files. The passphrase is hashed using a secure hash function and is used as the key for the encryption algorithm. 35
  • 36. ECRYPTFS ECRYPTFS uses a stacked file system architecture, which means that it is built on top of the underlying file system, and encrypted files and directories are stored as regular files and directories on the file system. This allows users to access and use encrypted files and directories just like normal files and directories, without the need for a separate encrypted file system. 36
  • 37. ECRYPTFS ECRYPTFS provides various advanced features, such as key revocation, key rotation, and encrypted file name encryption, which provide additional security and flexibility. It is widely used in Linux distributions, such as Ubuntu and Debian, and is considered a reliable and secure encryption tool for file-based encryption in Linux. 37
  • 38. Homework (1)Install ecryptfs on your almalinux VM, and use it to encrypt a folder using your first name, and use the decrypted folder using your last name record the above steps in a short video (2) Compare between encfs and ecryptfs 38