James PK's Technical Journal


[ Site Home | Journal Home ]


Thu, 23 Jan 2020

On-line Course - 'Introduction to Cyber Security'

I have completed the Open University course 'Introduction to Cyber Security'. Topics included threat landscape, authentication, malware, networking and communications security, cryptography, legal background, recovering from attacks and risk analysis & management.

I had some knowledge of this subject from work and education but it was nice to study this as a cohesive unit. There was an interesting mix of content including video, images, audio and text. The case studies, particularly those regarding how cyber criminals conducted their attacks, were fascinating.

I wanted to do the weekly tests for the course, so opted to pay for an upgrade to have the tests included. I got an overall mark of over 70% for the tests which meant I successfully passed the course.

posted at: 00:00 | path: /cryptography | permanent link to this entry


Thu, 03 Apr 2014

Encrypting a directory with ecryptfs

I needed to encrypt a directory on laptop quickly & with the minimum of fuss. So rather than re-partition drives etc (necessary for some encryption types) I used ecryptfs, which is relatively quick & straight forward to set up.

root@sal:~# apt-get install ecryptfs-utils
root@sal:~# modprobe ecryptfs
jamespk@sal:~$ ecryptfs-setup-private
Enter your login passphrase [jamespk]: #login password
Enter your mount passphrase [leave blank to generate one]:

************************************************************************
YOU SHOULD RECORD YOUR MOUNT PASSPHRASE AND STORE IT IN A SAFE LOCATION.
  ecryptfs-unwrap-passphrase ~/.ecryptfs/wrapped-passphrase
THIS WILL BE REQUIRED IF YOU NEED TO RECOVER YOUR DATA AT A LATER TIME.
************************************************************************

Logout, and log back in to begin using your encrypted directory.

All fairly straight forward, *but* I came across this warning: here https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590081 It seems that when Debian installs ecryptfs, it does not add it to /etc/modules, which is important as that link suggests that you might well get locked out of your desktop. So make sure you add a line for `ecryptfs` in /etc/modules.

posted at: 00:00 | path: /cryptography | permanent link to this entry


Fri, 01 Nov 2013

Encrypting a Portable Hard Drive with LUKS

I recently encrypted a portable hard drive (a Verbatium "Store'n'Go" 500GB) for backups. I decided to use LUKS (Linux Unified Key Setup-on-disk-format), to encrypt an entire partition.

I found a couple of good references to Encrypt hard drives: Encrypting-your-usb-pen-drive-with-luks and Encrypting-USB-Sticks.

I created two partitions but only encrypted one of them.

NB The real device names have been modified (in case a copy & paste results has unexpected consequences).

Here are the steps I followed on Debian Wheezy.
  1. Fill hard drive with random data (see above references).
  2. Formating the hard drive with fdisk. I created two partitions on the dive using fdisk (making sure the device name is right).
    Device Boot      Start         End      Blocks   Id  System
    /dev/xyz1            2048   411043839   205520896   83  Linux
    /dev/xyz2       411043840   976773167   282864664   83  Linux
    
  3. Made the file systems for the normal partition.
    root@sal:~# mkfs -t ext3 -L verbatim_0a -v /dev/xyz1 
  4. Run cryptsetup, with the options, -y (verify passsphrase twice), (-h specify the passhrase hash), -v (verbose) -c (encryption method) -s (key length)
    root@sal:~# cryptsetup -yvh sha256 -c aes-xts-plain -s 256 luksFormat /dev/xyz2 
  5. Open the device
    root@hal:~# cryptsetup luksOpen /dev/xyz2 verbatim_1b #note last argument is not a path
    Enter passphrase for /dev/xyz2: 
    
  6. Make the file system for the encrypted partition
    root@sal:~# mkfs.ext3 /dev/mapper/verbatim_1b
  7. Mount the device
  8. root@hal:~# mount /dev/mapper/verbatim_1b /media/verbatim_1b
    
  9. Copy/Rsync data - with the drive open and mounted, it should now be possible to copy/rsync data.
  10. Unmount & close
  11. root@hal:~# umount /media/verbatim_1b
    root@hal:~# cryptsetup luksClose verbatim_1b
    
I found the status option handy;
root@hal:~# cryptsetup -v status verbatim_1b
See also;
man cryptsetup

posted at: 00:00 | path: /cryptography | permanent link to this entry


Made with Pyblosxom