Encrypted Backup Solution "Home Paranoia Edition"
How to safeguard your personal data with TrueCrypt and SpiderOak.
There are so many cases of personal identifiable information (PII) or any type of data exposed on the Internet today. The details provided in this article may assist in safeguarding your tax information, social security number or password file. The setup this article describes will help keep your personal data at home safe and secure in this "cyber-security"-connected world. This includes virtual/physical security compromises—the only truly secure system is one that is unplugged and locked in a vault. This solution is not all-encompassing and does have limitations, but it is sound enough for safeguarding personal data.
The first step is addressing the physical aspect of security. This is a critical step, because some notable compromises are a direct result of someone having physical access to a system. You always should prepare yourself for the possibility that your beloved electronic devices could be in hands of someone other than you at any given moment. This situation could occur on a train, or in a coffee shop, automobile or home, and you must assume your data is lost when it is outside your control.
This article describes utilizing whole disk encryption to reduce some of the risks provided by a great open-source Linux operation system (Ubuntu 12.10). Whole disk encryption is a key factor, especially when considering all of the recent events concerning stolen government laptops that contained millions of social security numbers.
Figure 1. Setup screen for encrypting your home directory in Ubuntu during initial operating system installation.
The next key step in safeguarding your personal information is by adding another security layer by encrypting home directories during the initial installation (Figure 1). You may be the only one using this system; however, if others are able to access your system while it's running, this may slow them down from trying to access information contained in a home directory.
You will need to run the command:
sudo apt-get install ecryptfs-utils cryptsetup
using an advanced packaging tool-capable distribution. This will install the encrypting utilities needed to encrypt your home directory.
The next step is to log in or create another user account with root privileges to run the following command on the user's home directory (Figure 2):
sudo ecryptfs-migrate-home -u your-user-name
Then, you need to log in to the encrypted home directory account before rebooting the machine (as stated in the important note screen), providing a roll-back opportunity in the event of any unexpected complications during the encryption process.
encryptfs-unwrap-passphrase to record your randomly generated mount
passphrase. Keep this passphrase safe, because you may need it to
recover your encrypted files. Also, ensure that you reboot your system and
remove the un-encrypted backup folder (Figure 3).
Figure 2. If encrypting your home folder was missed during initial
encryptft-utils to encrypt your home
Figure 3. This is important feedback information "record passphrase as
soon as possible" that will be generated from the
Tim Cordova is a computer geek who had a Commodore 64 at age 9, and has a love for Linux, family, information security and longboard surfing.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- Profiles and RC Files
- Astronomy for KDE
- Understanding Ceph and Its Place in the Market
- Maru OS Brings Debian to Your Phone
- OpenSwitch Finds a New Home
- Git 2.9 Released
- SoftMaker FreeOffice
- What's Our Next Fight?
- The Giant Zero, Part 0.x