There are many reasons you must encrypt your Linux PC so to avoid the data to be shared with not only hackers, spammers and cyber evils but to safeguard it from intruders which have the physical access to your computer like freaky office mates, friends etc. The best solution is linux disk encryption. Encryption is a method to secure your data by converting them into an unreadable form protected by an encryption key, accessible only by entering the encryption key.
What is Disk Encryption?
Disk encryption is a wonderful data security method for a computer which ensures that your data is stored in an unreadable coded form and is protected by a password of which only the authorized person with the correct encryption password can get the access to the disk. All the files and folders and disk volume are secured with an encryption and can only be decrypted when required by the authorized user with the key. There are many advantages of full disk encryption that we have discussed below.
Merits of Disk Encryption
People these days know the importance and value of disk encryption and most of the new computers have this feature available by default to safeguard the data stored on the disk. Securing your disk by encrypting it have following merits;
- Disk encryption prevents unauthorized access to data when the PC is located in a place where non-trustable people can access your PC, if your PC get stolen, at the computer repair shop or when you discard it.
- Whole disk encryption ensures all the files, folders, and temporary files. Hence each and everything is encrypted on the disk.
- Full Disk encryption covers each and every file and folder, so there is no chance of anything left behind, this is more secure than encrypting individual files and folders where by chance you can leave something important unencrypted.
Demerits of Disk Encryption
- Disk encryption is only against the non-trustable people who can have the physical access to your computer; it cannot save you from cyber attacks, and your computer is still vulnerable to get attacked by hackers by getting tricked into installing malware on your computer.
- Malicious apps and websites can still pop, and your system might get infected with the viruses or worms they contain.
- Network hackers and attackers can still exploit services running on your computers, such as network file sharing, BitTorrent client, or your iTunes playlist sharing, to name a few.
- Government spy and security surveillance agencies can still spy on your internet activities, and all your internet information is still accessible.
- So please make sure you use some additional internet security software, such asVPNs to get the safe and secure internet access because disk encryption can only save you from the physical access of your computer, the potential cyber threat is still there as mentioned above.
Process of Disk Encryption in Linux
bluehost® helps big brands scale WordPress.
BlueHost: Get Professional Website Hosting For 3.95/MonthTry BlueHost Now
The method of linux disk encryption is categorize into two according to the layer of operations;
1. Stacked filesystem encryption
Stacked filesystem encryption solutions are applied as a layer that stacks on top of an existing filesystem, which causes all files written to an encryption-enabled folder, to be encrypted in an instant before the underlying filesystem wrote them to disk and decrypt it whenever the filesystem reads them from disk. By this method, the files are stored in the host filesystem in an encrypted form (which means that their contents and file/folder names are replaced by random-looking data of roughly the same length). However, other than that, they are present in that filesystem as they would without encryption, as normal files.
2. Block device encryption
On the other hand, the Block device encryption method operates below the filesystem layer and ensures that everything written to a specific block device (i.e. a whole disk, or a partition, or a file acting as a virtual loopback device) is encrypted. It means that while the block device is offline, its whole data looks like a large block of random data, without any way of recognizing that what kind of filesystem and data it contains. Access to this data is only possible again, by mounting the protected container (where the encrypted data is stored and in this case the block device) to an arbitrary location in a special way.
Linux Disk Encryption Software
There are many third-party software available for Linux full disk encryption which can help you encrypting the whole disk and decrypting them when required by performing some simple downloading and installation step, the top Disk Encryption software for Linux are;
eCryptfs provides an actual stacked linux disk encryption file system. The encryption by eCryptfs is stacked on an existing filesystem, and it mounts onto any single existing directory and does not need a separate partition.
EncFS is a very simple and user-friendly software for linux disk encryption. It is a userspace stackable cryptographic filesystem similar to eCryptfs, which aims to secure data with absolutely no fuss and hassle. It uses a FUSE mechanism to mount an encrypted directory on another directory mentioned by the user, and It does not require a loopback system like some other comparable systems.
loop-AES is speed, secure solution to linux disk encryption, it is a descendant of the crypto loop, but considered less user-friendly than the other possible option because it needs the non-standard kernel support.
Device-mapper crypt (Dm-crypt) offers a generic way to make virtual layers of block devices. Device-mapper crypt target offers clear encryption of block devices, and it uses the kernel crypto API. The user of dm-crypt can specify one of the symmetric encryption, a key (of any allowed size), an iv generation mode and the user can create a new block device in /dev writes to the device are encrypted and reads decrypted.
TrueCrypt is a free open source on-the-fly linux disk encryption (OTFE) program. It virtually encrypts the disks within files that can be mounted as real disks. It has the capability to encrypt an entire hard drive partition or a storage device. It is considered as the most secure form of linux disk encryption so far. However, Truecrypt ended its development in May 2014, and there is no updates, fixes and the further version available of it, the alternate and successor of TrueCrypt are VeraCrypt.
Steps of Disk Encryption in Ubuntu (using Ubuntu’s Built-in Disk Encryption feature)
In Ubuntu, you can encrypt the whole drive, as it offers you the option while downloading and installing it on your PC. So, if you are already running it you need to backup your data and reinstall it, and while doing so, we are going to tell you how you can encrypt the whole drives by the following steps;
1. Insert the Ubuntu installation CD or USB and start the booting and follow the instructions, when you are at the “Installation type” page, check the box “Encrypt the new Ubuntu installation for security,” and then click Install Now.
2. Now go to the next page “Choose a security key,” now enter your encryption key, that must be a complex phrase that is almost impossible to guess by anyone who tries to access your PC.
- Now when you are done with typing the confirming the security key, click install now and follow the rest of the instructions. Moreover, when you are at ‘’ Who are you?’’ page enter your details and choose a strong, unbreakable password. Check the box which says, ‘’Require my password to log in’’ and never check ‘’Login Automatically’’ and leave the box which says, “Encrypt my home folder” unchecked because you do not need it.
- Now continue to finish the installation process and here you are, you are now running a secure and encrypted Linux PC, and no one can hamper your data with the physical access and only you and the authorized people who know the password can get the access to the PC.
Encryption is necessary for the security of our data and sensitive information but it also important to know the right method to follow and also what are the consequences of not encrypting your device, now you know what would happen to your data if your data is naked to every eye that gains access to your PC. So, be safe and be encrypted!