In this course, you'll learn about the importance of physical security and the threats posed by attackers who gain unauthorized physical access to your Linux system. We'll cover a range of points to consider when securing your Linux systems and the best strategies to take.
Learning Objectives
- Understand the security challenges you'll face both when in direct control of your physical systems and when you use a third party to host them
- Understand what to look for when choosing a third-party provider
- Understand the physical security implications of using cloud environments
- Learn specific strategies for mitigating physical security risks and protecting your Linux systems against the most common physical attacks
- Learn about data encryption and how to implement it on new Linux systems, as well as those that are already in service
Intended Audience
This course is intended for anyone who wants a solid grasp of physical security considerations for their Linux system.
Prerequisites
To get the most out of this course, you should already have a good working knowledge of Linux. If you want to brush up on your Linux skills, consider taking our Learn Linux in 5 Days learning path first.
Okay, let's run through the manual process of using this device. First, we'll open it. We'll run sudo cryptsetup luksOpen/dev/sdb and opt here and that is the virtual block device name that will be created in /dev/mapper. Now it's asking for the passphrase for this device and we'll go ahead and supply that. Okay, it created our device file. So now we'll just go ahead and mount it, mount it on opt and then we can look and opt and you can see that the hello text file is there from earlier. Once you're done, you can go ahead and unmount the device. And finally, we need to close the encrypted device. We'll do this by running sudo cryptsetup luksClose and then we'll give the name of the device. And you can see that the virtual block device has been removed from /dev/mapper. We've been talking about using block devices that you have direct access to but what if you're in an environment where that's not the case, for example some cloud providers don't give you block level access to volumes. In this case, you would use a file as the device that you encrypt. Let's start off by creating a non sparse file. I'm going to run strings on that and that should pull out any string data from that file but it's really just an empty file at this point. So if you want to be more secure write random data to that file. So here's how to do that. I would use the dd command. if stands before input file, we'll use dev/urandom, of is output file. We'll use data/opt, bs is a bite size. We'll use a bite-size size of one megabyte, and then we'll just use a count of 100. So 100 times one megabyte would be 100 megabytes in size. So I'll run this command here and this command will take a little bit since the random data has to be generated before it could be written to the file. So now we'll go ahead and run the same command here on that file. And then now you can see that there's a lot of random data in that file. From here, the rest of the process is really the same. We'll go ahead and use LUKS format on this file just like it was a regular block device. Now that it's initialized, I'll go ahead and open it. Again, supplying the name that we want to use as the virtual block device. Go ahead and create a file system on that and now we can mount that. Let's go ahead and look at that mount point there and you can see that it's founded on /dev/mapper/opt and let's look at the block devices here and let's specifically look at the crypto one here. You can see that the file is being accessed through dev loop zero which is a loop back device that allows files to be treated like a block device.
Jason is the founder of the Linux Training Academy as well as the author of "Linux for Beginners" and "Command Line Kung Fu." He has over 20 years of professional Linux experience, having worked for industry leaders such as Hewlett-Packard, Xerox, UPS, FireEye, and Amazon.com. Nothing gives him more satisfaction than knowing he has helped thousands of IT professionals level up their careers through his many books and courses.