Practical Digital Self-Defense-Volume 1-security undrground-data encryption and Steganography-by AnnaFarahmand and michael webber
Content
Practical digital self-defense
By Anna Farahmand & Michael Webber
Volume 1
May 2012
'Security is a not a product, but a process.' It's more than designing strong cryptography into a system; it's designing the entire system such that all security measures, including cryptography, work together. — Bruce Schneier
© 2012 Anna farahmand - Micheal Webber The copy write belongs to the authors. ---No legal action will be entered into regarding the copying printing or sharing of this document in its unaltered form so …...........please copy upload and share the wisdom of this document.................. – No profiting from sales of this of this document will be tolerated. – (Micheal Webber)
Find more from Anna Farahmand and Michael Webber by Google them or here: http://www.scribd.com/annafarahmand
Content
Preface Some basics on computers Machines to process data The material The motherboard Processor The RAM The hard drive Other devices The BIOS Electricity, magnetic fields and radio waves Software The operating system Applications Libraries The data storage The scores File systems File formats Virtual memory (swap) Marks on all floors In RAM In virtual memory Standby and hibernation The day before Hibernation Newspapers Automatic backups and other lists Metadata Malware, spyware and other cookies Malware Keyloggers or keystroke loggers Printing problems? A bit of Steganography Memory, more ... Some illusions of security ... Proprietary software, open source, free The metaphor of the cake Proprietary software: blind faith The advantage of having the recipe: free software The password of an account does not protect its data About the "delete" files 11 14 14 14 15 15 17 18 19 19 20 21 21 22 22 22 22 23 23 24 24 25 26 26 26 27 27 27 29 30 31 33 34 34 35 35 35 35 36 37 39 39
Deleting a file does not delete the content ... Beginning of a solution: rewrite several times over the data Some limits of the rewriting The discs 'smart' File systems "smart" What they do not know ... Many other times we "erase" how to leave no trace? Portable software: a false solution One way to protect themselves: cryptography Protect data from prying eyes How does cryptography work? Want a picture? For a hard drive... Summary and limitations Ensure the integrity of data The power of the chopper Check the integrity of software Verify a password Symmetrical, asymmetrical? Choose appropriate responses Risk Assessment Define a security policy A matter of compromise How? A few rules Simple Vs. complex White list, black list We're not robots Use-by date Use case Use case: a new beginning, never to pick up the pieces Context Assess the risks Define a security policy First step: just open the eyes to see Second step: the dresser drawer was not encrypted Third step: the law as a means of coercion Step Four: Networking Angle: a breach in the encryption system used Angle of attack: cold boot attack Angle: the eye and video surveillance Angle: the non-encrypted and BIOS Angle: malware Angle of attack: brute force Working on a sensitive document
39 40 40 41 42 43 43 43 43 45 45 46 48 49 50 51 52 53 54 55 55 55 57 57 58 58 59 59 61 61 61 62 62 63 64 64 64 65 66 66 67 67 68 68 69 69
Working on a sensitive document on a live system ... Working on a sensitive document on a Debian encrypted ... Working on a sensitive document on Windows ... Starting point: windows or a sieve of security holes Second step: Windows in a locked compartment (almost) tight Install Virtual Box Install Windows "clean" in Virtual Box Install the necessary software in the Windows "clean" Freeze "clean" Windows New project, new beginning When the project is completed Another new project? Third stage: possible attacks and measures Common limitations to these security policies Use case: archive a completed project Tools Use a terminal Terminal? Terminal administrator? Choose a passphrase Boot from a CD or USB stick Use a live system Discrete systems live Download a live system Verify the authenticity of the live system Install the system live on the selected media Boot from a live system Install an encrypted Limitations Use a USB key Check fingerprint of the installation media Prepare the Installation Media The actual installation Some tips to keep Some documentation on Debian and GNU / Linux Select, test and install software Find Software Find an application Install a Debian package How can I change Debian's repositories Erase data "for real" Delete files and their contents ... Add to Nautilus a command to delete files and their contents Delete a whole disk "for real" Clear all the contents of a disk Find the device path Launch the shred
73 74 76 76 76 77 77 78 78 79 81 81 81 82 83 85 86 90 93 93 99 99 100 101 101 103 103 104 106 106 106 110 114 115 115 116 116 121 122 126 129 130 133 133 133 134
Use the disc Delete the contents of a LUKS encrypted partition Make unrecoverable data already deleted Add a command for Nautilus to make unrecoverable the data already deleted Partition and encrypt a hard drive Prepare a hard Create an unencrypted partition Create an encrypted partition Use an encrypted hard drive Back up data File Manager and encrypted storage Making backups Restore a backup Ensure that backups are always readable using Already Dup Make a backup Restore a backup Ensure that backups are always readable Create a "user" account on a Debian system Remove a "user" account on a Debian system Share a secret Use the checksums Get the checksum of a file Check the integrity of a file Allow others to verify the integrity of a file Make a checksum in graphical mode Install and use a virtualized system Install Virtual Box Install a Windows virtualized Save an image of a clean virtual disk Delete virtual machine "for real" Create a new virtual machine from a clean image Send files to a virtualized system Bring out the files in a virtualized system Keep an updated system Maintain a live system Maintain an encrypted system The daily updates of an encrypted system Transition to a new stable release Security-focused operating system Feel the love of free and open source software Terminal-The Command Line Windows Command Prompt Linux Installing Ubuntu Linux Encrypted Ubuntu 8.04
135 135 138 140 143 145 147 147 148 149 150 150 150 150 151 152 153 153 153 155 158 161 161 162 162 162 165 165 167 169 170 171 174 175 177 177 177 177 178 185 189 190 207 222 222 229
Full installation of Ubuntu to a USB flash drive Moving WUBI to a USB Flash Drive How to make Ubuntu Live USB from CD Install Debian Live to a Flash Drive from Windows Ubuntu Privacy Remix: UPR Windows How to Install Windows XP How to Install Windows 7 How Setup Windows XP Mode in Windows 7 Xp mode without hardware virtualization Why security matters Human Security Risks evaluations Protection against physical intruder Record passwords KeePass-Secure Password Storage- install and use on different Os Device Security Disk Encryption Setting up LUKS encryption on USB drives eCryptfs TrueCrypt Steganography An example: SilentEye Protect your computer from malware and hackers Avast! - Anti-Virus Spyware-spybot Firewalls Comodo Firewall Information recovery Backup Software: Cobian Backup - Secure File Storage Recuva: Recovering from accidental file deletion Recover and Securely Overwrite Files Using Recuva How to destroy sensitive information Eraser - Secure File Removal File Shredder to securely delete data under Windows Install the Nautilus Actions Configuration utility Securely delete data under MacOSX CCleaner - Secure File Deletion and Work Session Wiping Using DBAN to wipe the contents of a hard disk Who is speaking?
269 273 276 278 284 287 287 295 308 326 340 342 343 343 347 347 373 373 374 379 381 416 433 435 436 448 452 453 464 466 483 495 499 504 516 519 528 531 550 554
Preface
The other side of the digital memory Nowadays, computers, Internet and mobile phones tend to take more and more space in our lives. The making digital often seems very practical: it's fast, it can talk to a lot of people very far away, you can have all your history in photos, we can easily write text... but it has no benefits for us except we follow digital security rules. Indeed, it is much easier to listen quietly conversations through mobile phones in a noisy street, or to find the information you want on a hard drive, rather than a shelf overflowing with papers. In addition, much of our personal information published somewhere, either by ourselves or by others, or because we are encouraged - because the technologies leave traces , or simply because you are not careful. Nothing to hide? "But do not be paranoid, I have nothing to hide," you might respond to the previous statement... Two examples, however, all animals tend to show the opposite: no one wants to see their secret codes or credit card account eBay fall into any hands and nobody likes to see his home address was published on the Internet in spite of himself... But beyond these stupid questions in defense of private property, privacy should be a challenge in itself. First, it is because of what is allowed or not allowed with a computer. Those arrested for digital activities did not please their government languishing in prison in every country in the world not only in China or Iran. Also, what is allowed today, how do you know what will happen tomorrow? Governments change, laws and situations as well. If we do not have to hide now, for example, regular attendance at a militant website, how to know what will happen if it is linked to a process of repression? The traces have been left on the computer ... and could be used as incriminating evidence. Last but not least, at the time companies control more and more paranoid, more and more determined to track down the subversion and see behind every citizen a potential terrorist and, hiding in itself becomes a political issue. Nevertheless, many people, work for governments as employers, advertisers, or the cops , have an interest in obtaining access to our data and the information because of global economy and politics.
All this may lead to think that we do not want to be controlled by a "Big Brother" whatsoever. It already exists or that it anticipates its emergence, the best is probably to ensure that it can’t be used against us by all wonderful tools that we offer and modern technology. Also, all have something to hide, even if only to clean their tracks! Understand in order to choose This section is an attempt to describe understandable terms in the digital world, a focus on some ideas to better understand what we are exposed in use of a particular tool. So, be able to sort through the all "solutions" more or less dangerous, and what they do not protect. In reading these pages, you may feel that nothing is really safe with a computer, well, that's true. And it is false. There are tools and appropriate uses. Often the questions are not so much "should be used or not these technologies?”But rather" when and how to use (or not)? " Take the time to understand Software are easy to use by our brains ... if we allow easy use of computers, they also made us take off on the ends of life assigned to them. With the acceleration of computers, our connections to the Internet are very fast. With the mobile phone and Wi-Fi, signal to get a telephone or to connect a network cable to the computer to communicate is already obsolete. Be patient, take the time to learn or think would become superfluous: we want everything right away, we want the solution. But this involves many decisions to assign. This guide is intended to propose alternative solutions that require taking the time to understand and apply. Apply its practices for the digital world. We urge you to build your raft around and do not forget to take this guide and send your comments to us. A "guide" This guide is an attempt to bring together what we learned during years of practice, error, reflection and discussion to share. It involves the technologies very quickly .To make it more digestible, we divided all we wanted to tell in several sections. The computer in the first section is offline so threats, desires and responses are different as well. The technology is changing rapidly. It is clear that it is always the case. During 2011-2012 we saw the publication of a serious study on the persistence of data protected on USB drives, SSDs and other flash memory. Conclusion: encryption and full overwritten appear to be the only strategies with minimum guarantees. New laws authorize or make mandatory the installation of software that can only be seen as malicious in terms of security.
This recalls, if necessary, the need to take seriously the continuing threats in our digital world. In terms of tools, in February 2011 we saw the release of new version of Debian, called "Squeeze" and In April of that year version 0.7 of the” Tails” live system based Squeeze released. It was therefore necessary to review the tools to operate on these new systems. The creation of encrypted disks is greatly simplified with these new versions: you can now make the bulk of the operation without the need for a terminal. Installing VirtualBox is also easier. Debian Squeeze contains software to make backups in a few clicks on the section has been expanded. And for those who have already installed a previous version of Debian (Lenny), a new tool explains how to upgrade to Debian Squeeze. With this revision, we hope this guide be a companion in crossing the digital jungle ... at least until the next one. Faced with the complexity of computer and digital, the amount of information to swallow in an attempt to gain some practical self-defense can seem overwhelming. It certainly is for those who seek to understand everything at the same time... This first volume will concentrate on the use of a computer "offline" - before any connection. But there are also more general valuable knowledge whether the computer is connected to a network or not.So we put aside until the second volume, threats specifically related to the use of the Internet and networks. Offline for this piece, like the others, we take the time to dwell on the basics, their implications in terms of security / confidentiality / privacy . After the analysis of use cases, we can look at some practical recipes. Here we want to use fuzzy concept: something that revolved around the possibility of deciding what is revealed, to whom it reveals, and what is kept secret, something that would also include some attention to foil attempts to penetrate the secrets. One last point before we jump into the water: the illusion of security is much worse than a clear conscience of a weakness. So take the time to read the first parts before we throw our keyboards ... or even to throw our computers out the window.
Anna Farahmand May2012
Some basics on computers
First things A computer is not a magician's hat, where you can store and rabbits out when needed, which would by pressing the right button to get a window on the other end of the world. A computer consists of a set of machines of varying complexity, connected by electrical connections, cables, and sometimes radio waves. All hardware stores, processes and replica signals to manipulate information that one can see a nice screen with lots of buttons where to click. With these key components, you will understand the basics of what makes them, the strengths and weaknesses of these devices, to which you entrust a lot of your data
Machines to process data Computers are machines invented to care information. They so precisely record, process, analyze and classify information, even in very large quantities. In the digital world, copying information costs only a few micro-watts, in other words not much: it is essential to have that in mind if we limit access to information. You just have to consider that information on a computer (and even more when it is on a network) to accept that this information can escape. This guide can help to limit the damage, but it should still take note of the reality.
The material Sum of components connected to each other, our computer is first an accumulation of data, we can touch, move, hack, break. The entire screen / keyboard / power (or CPU), or the laptop, is useful when you want to simply plug it to the right place. But to know what happens to our data, a more detailed examination is needed. We consider here the contents of a "classic “computer, sometimes called PC. But we will find most of these components with slight variations on other machines: Macs, mobile phones, "box" Internet connection, MP3 player, etc...
The motherboard
A computer is mostly composed of electronic components. The motherboard is a big circuit board that connects most of these elements. On the motherboard will connect at least one CPU, RAM, a storage system (hard drive), a component to start the computer (BIOS) and other cards and devices as required. We will soon make a small tour through all that to have a idea of how it will be useful later.
Processor
The processor (also called CPU, central processing unit) is the component that handles the processing of data. To represent the work of a processor, the most usual example on which to rely is the calculator. On a calculator you enter data (numbers) and operations to make it (addition, multiplication or otherwise) before examining the results, possibly to use it then as a basis for further calculations. A processor works exactly the same way. Using data (which can be a list of operation to perform), to run the chain. It is only that, but it does very quickly.
But if the processor is a simple calculator, how can we then perform processing of information that is not numbers, for example text, images, sound or moving the mouse? Simply by turning it into whatever number is not, using a previously defined code. For the text, it can be, for example A = 65 , B = 66 , etc.. Once this code set, you can scan your information. With the previous code, we can for example convert "GUIDE" in 71, 85, 73, 44, 69 . This series of numbers used to represent the letters that make our word. But the scanning process will always lose information. For this example, the passage loses the specificity of the handwriting; letters are equally hesitant to "information." When things pass through the sieve of the digital world, we always lose some pieces necessarily. Beyond the data, the operations that the processor must perform are coded as binary numbers. A program is a series of instructions, handled like any other data.
The chip to an Intel Pentium 60 MHz in its case
Inside the computer, all these numbers are themselves represented by means of electrical states: a lack of current, or current presence. So there are two possibilities, the famous 0 and 1 that can cross over the place. That's why we talk about bi-nary. And only with a bunch of son and several billion transistors (switches, not so different from those to turn on or turn off the light in a kitchen) that data processing is done. All processors do not work the same way. Some are designed to be more effective for certain types of calculation, the other to consume less energy, etc.. Moreover, all the processors do not have exactly the same instructions. There are large families, called architectures. This is important because a program designed to run on a given architecture does not usually work on another.
The RAM
The memory (RAM or Random Access Memory) is often presented in the form of strips, and plugs directly into the motherboard.
A bar of RAM
The RAM used to store all software and open documents. This is where the processor fetches the data to process and store the results of operations. This information must necessarily be present in a form directly usable to perform the calculations. Access to RAM is very fast: just the time is needed to connect the processor to the memory box to read (or write). When the RAM is not powered by electricity, its data become unreadable after a few minutes or hours, depending on the model.
The hard drive
A hard drive 3 ½ inches Since the RAM is erased due to power off, the computer needs another place to store data and programs between each running computer. It is also referred as persistent memory or read-only memory: a memory in which the written information remain even without power. The solution is generally a hard drive. It is often a metal shell in which there are multiple disks that rotate without stopping. These discs are tiny pieces of iron. Above of each disk are read heads. Using magnetic fields, the latter detect and alter the position of pieces of iron. This is the position of pieces of iron that can encode the information to be stored. This mechanism is much slower - about 50 times than access to the RAM. But, it's easier to put much more information. The information on a hard drive is of course materials, but also programs and all the data they use to work like temporary files, logs, backup files, configuration files, etc... The hard disk memory retains a semi-permanent and almost complete for all kinds of signs that speak of us, what we do, with whom and how, once you use a computer.
Other devices
With only one CPU, RAM and storage media, you get a computer already. Other devices can be a keyboard, mouse, monitor, network adapter (or wireless), DVD player, etc... Some devices require additional chips so that the processor can access it. These chips can be soldered directly to the circuit of the motherboard (this is typically the case for the keyboard) and then require the addition of a more circuit, delivered as a map. To reduce the number of specific chips (and therefore expensive and complicated to develop), systems access devices tend to become uniform. For example, the standard USB (Universal Serial Bus) is increasingly used to connect printers, keyboards, mice, additional hard drives, network adapters, or what is commonly called the "USB".
The BIOS
Award BIOS chip on a motherboard To start the computer, you must give the processor a first program, in order to load the programs to be executed next. This is usually the role of the BIOS (Basic Input / Output System, or base I / O system). This is tiny software contained in a memory chip on the motherboard. This memory is part of a third type: the flash memory. It is a memory that retains information when it is off, but we can’t replace the content in an operation called flashing. Also this type of memory found in the "USB" or "hard" so-called Solid State Disk (SSD). With running this first program on the computer it allows, among others, to choose where the operating system you want to use (which will be loaded from a hard drive, USB key, a CDROM or from the network).
Electricity, magnetic fields and radio waves
With regard to the confidentiality of information flowing in a computer, you must already take note of several things after this quick tour of what it comprises. First, most of the information flows in the form of electric currents. So nothing prevents a voltmeter to measure the current flowing, and so be able to reconstitute any data manipulated by the computer in one form or another. In addition, any current flowing tends to emit a magnetic field. These magnetic fields can radiate a few meters, see 1 . It is therefore possible that it provides the means to reconstruct the contents of a screen or what has been typed on a keyboard, and even behind a wall from the street or adjoining apartment: thus, researchers were able to record the keystrokes typed on keyboards from their electromagnetic emissions, at a distance of up to 20 meters 2 . The same type of operation is possible from the observation of small perturbations generated by the computer on the grid where it is connected. However, it is why the attacker is connected on the same grid. Finally, some devices (keyboards, mouse, headphones, etc) that are Functioning wireless. They then communicate with the computer via radio waves that anyone can pick around and eventually decode shamelessly. In short, to summarize, even if a computer is not connected to a network, regardless of the programs that work, it is still possible for people well equipped to carry out a "listening" to what is going inside the computer.
1. Berke Durak was able in 1995 to capture the electromagnetic waves emitted by most of the components of his computer with a simple walkman radio capable of receiving. http://lambda-diode.com/electronics/tempest 2. Sylvain Pasini and Martin Vuagnoux have made scary videos to illustrate their Compromising Electromagnetic Emanations of paper Wired and Wireless Keyboards published in 2009. http://lasecwww.epfl.ch/keyboard
Software
In addition to the amount of physical elements that make a computer, we must also consider the less tangible elements: software. At the time of the first computers, whenever it had run different treatments, we had to physically intervene to change the layout of cables and components. It is far today: the operations to be performed for the treatment of data have become like the others. Data is called "programs" that are loaded, modified, manipulated by other programs. The programs are generally written to try to do one thing and do it well, especially to keep this understandable by humans who design them. It is then the interaction of tens of thousands of programs that will enable them to perform complex tasks for which computers are commonly used today. when you click on a button, it is launching a chain of events, an impressive amount of calculations, which lead to electrical impulses coming to the end to change a physical object (such as we want to burn a CD, a display that changes its LEDs to display a new page, or a hard drive that enables or disables micro-switches to create the sequence binary data that will be a file).
The operating system
The purpose of an operating system is primarily to allow the software to share access to the hardware components of the computer. Its role is to allow different software to communicate with each other. An operating system is also usually comes with software, at least enough to start other programs. The most fundamental is the operating system kernel that is responsible for coordinating the use of equipment by the programs. For each hardware component of the computer that you want to use; the kernel activates a program called "pilot" (or driver). There are drivers for input devices (such as keyboard and mouse), output (screen, printers, etc..) Storage (CD-ROM, USB, etc.).. The kernel also manages the implementation of programs, giving them bits of memory and by distributing the computation time of the processor between the different programs that want to make it work. Beyond the core, the operating systems used today, such as Windows, Mac OS X or GNU / Linux (Debian, Ubuntu, Fedora, for example) also include many utilities as well as graphical desktop environment which can use the computer by simply clicking on buttons.
The operating system is usually stored on the hard disk. However, it is also quite possible to use an operating system stored on a USB drive or burned onto a CD-ROM. In the latter case, we speak of live system (no changes can be made on the CD).
Applications
The Software Called "applications" can actually do what you want to ask the computer. An example is Mozilla Firefox web browser, OpenOffice.org for office or GIMP or Adobe Photoshop for image processing. Each operating system defines a method for very specific applications can access the hardware, data, network, or other resources. The applications that you wish to use must be designed for the operating system of the computer.
Libraries
There are libraries for graphical display (ensuring consistency of what is displayed on the screen) to read or write file formats, to connect some network services, etc... If you're not a programmer, you barely need to touch libraries. However, it may be interesting to know their existence, if only because a problem (like a programming error) in a library can affect any software that uses it.
The data storage
We have seen a hard drive (or USB) was used to keep data between two sections of a computer. But, just to navigate the data are arranged in a certain way: a cabinet in which it would simply piled sheets of paper is not really a form of most effective storage.
The scores
Like in a cabinet you can put several shelves; you can "cut" a hard drive into several partitions. Each shelf may have a different height, a different classification, depending on whether you want to put books or files, alphabetically or by order of reading. Similarly, a hard disk, each partition can be different in sizes and contain a different type of material: a file system.
File systems
A file system is used primarily to be able to find information in our huge pile of data, such as the contents of a cookbook can directly go to the right page to read the recipe for the evening feast. It may be important to note that deleting a file does that removing a row in the table of contents. Going through all the pages, you can always find our recipe One can imagine thousands of different formats to store data, and there are so many different file systems. It comes to formatting when creating a file system on a media. Given that the operating system that gives programs access to data, a file system is often closely linked to an operating system. For example: NTFS, FAT32 are those usually used by the Windows operating systems, type ext ( ext3 , ext4 ) is often used in GNU / Linux types HFS, HFS + and HFSX are employed by Mac OS X. If the software is adequate, it is nevertheless possible to read a file system that is "foreign" to the system being used. Windows is unable to read and an ext3 partition, unless you install the appropriate software. One consequence of this can exist on a given computer storage spaces invisible to the user because they are not recognized by the operating system (or not accessible to the user), but are in fact present.
File formats
The handled data are generally grouped as files. A file content, has also a name, a location (the folder where it is located), size, and other details as the file system used. But within each file, the data themselves are organized differently depending on their nature and the software used to manipulate them. We talk about file format to differentiate them. In general, it is at the end of a file name, sometimes called extension, to indicate the file format. Examples: for music, we use the MP3 or Ogg, a text document to OpenOffice. Org will be OpenDocument Text (ODT) for images, there will be a choice of JPEG, PNG, format of Adobe Photoshop (PSD), etc.. It may be interesting to differentiate between open formats, details of which are public and proprietary formats, often designed to be handled by specific software.
Proprietary formats have sometimes been observed under the microscope to be opened by other programs, but their understanding is often imperfect and subject to change from one version to another application. This is typically the case with the Microsoft Word format, often referred to .doc .
Virtual memory (swap)
Normally, all data that the processor needs to access, so all programs and open documents, should be in RAM. But to open lots of programs and documents, modern operating systems cheat: they change, when necessary, pieces of RAM with hard drive space dedicated for this purpose. This is known as "virtual memory" or a "swap space". The operating system is a small kitchen and the processor is always working on RAM data which really wants to access. The swap is thus an example of storage space which we do not necessarily think, saved on the hard disk, either as a large contiguous file (Microsoft Windows) or in a separate partition (with Linux). We will return in the next section on the problems posed by these questions of format and storage space in terms of confidentiality.
Marks on all floors
Normal operation of a computer leaves many traces of what is done above. Sometimes they are necessary for its operation. At other times, this information is collected to allow software to be "more practical".
In RAM
We have seen that the information first is stored on the computer’s RAM. As long as the computer is turned electric, it contains all the information the system needs. It retains many traces necessarily: keystrokes (including passwords), open files, various events that marked the arousal phase of the computer. By taking control of a computer that is on, it is not very difficult to make it spit out, all the information in RAM, for example to a USB drive or to another computer over the network. And take control of a computer can be as simple as plugging an iPod 1 . Once recovered, the amount of information contained in the RAM on the computer and those who use it can then be exploited... Moreover, if these data become unreadable when turned off, it takes time, however, which may be enough for a malicious person has time to recover what is there. This is called a "cold boot attack": the idea is to copy the contents of the RAM before it had time to fade, so use it later. It is even technically possible to wear at very low temperatures the fresh memory of an off computer - in which case its content can remain for several hours or even days 2 . This attack, however, must be carried out soon after power off. In addition, when using a few large programs (such as a huge image retouching with Adobe Photoshop or GIMP) before turning off the computer, which has left traces in memory above are likely to be overwrite. More importantly, there is software specifically designed to overwrite the contents of the RAM with random data.
1. 0wned by year iPod PacSec/core04 presented at the conference by Maximillian Dornseif. Hacking Computers Over USB on Schneier on Security. http://www.schneier.com/blog/archives/2006/06/hacking_compute.html http://md.hudora.de/presentations 2. Least We Remember: Cold Boot Attacks on Encryption Keys presented to the 17th USENIX Security Symposium (Sec '08), J. Alex Halderman, Seth D. Schoen, Nadia Heninger, William Clarkson, William Paul, Joseph A. Calandrino, Ariel J. Feldman, Jacob Appelbaum, and Edward W. Felten. http://citp.princeton.edu/memory
In virtual memory
As explained earlier, the operating system uses, in some cases, part of the hard drive to help memory. It happens especially if the computer is heavily used, for example when working on large images, but also in many other cases, is unpredictable. The most disturbing consequence of this system, however, is convenient that the computer will write information found in RAM to the hard drive.... potentially sensitive information, therefore, will remain legible after turning off the computer. With a computer configured as a standard, it is illusory to believe that a document read from a USB stick, even with open portable software, never leave a trace on the hard disk. To avoid letting anyone access this data, it is possible to use an operating system configured to encrypt virtual memory.
Standby and hibernation
Most operating systems allow for some years, to a computer "on hold". It is mainly used with laptops but it also applies to desktop computers. There are two main families of "pause" the day before and hibernation.
The day before (pause)
The day before (also called English suspend ram or suspend) is to put the maximum components of the computer while keeping enough power to turn it back quickly. At a minimum, the RAM will continue to be fed to keep all the data on which they worked - that is to say, including passwords and encryption keys.
Hibernation
The hibernation, known in English as suspend to disk, is to save the entire memory on the hard drive and then completely turning off the computer. In its next start, the operating system will detect hibernation, re-copy the backup to the RAM and start working from there. On GNU / Linux systems, the memory copy is usually in the swap . On other systems, it can be in one big file, often hidden. Since it is the content of the RAM is written to the hard disk, it means that all programs and open documents, passwords, encryption keys and others may be found by anyone accessing the hard drive, as long as nothing has been rewritten on top. This risk is limited by the encryption of the hard drive: the passphrase will be required to access the RAM backup.
Newspapers
Operating systems have a strong tendency to write in their journals a detailed history of what they do. These also called logs are useful to the operating system to work, and used to correct configuration problems or bugs. However, their existence can sometimes be problematic. The existing cases are numerous, but the following examples should suffice to give an idea of this risk:
GNU / Linux, the system keeps the date, time and name of the user who logs each time a computer is turned on; always under GNU / Linux, the make and model of each removable media (external hard drive, USB key ...) are usually kept plugged in; Mac OS X, the date of printing and how many pages are in the newspapers; Windows, the event monitor records the name of the software, the date and time of installing or uninstalling an application.
Automatic backups and other lists
In addition to these papers, it is possible that other traces of files, even deleted, still on the computer. Even if the files and their contents were well removed, part of the operating system or another program can keep track deliberately.
Here are some examples:
Windows, Microsoft Office can keep the reference of a file name already removed from the menu of the "recent documents", and sometimes even keep temporary files with the contents of the file in question; GNU / Linux, a log file may contain the name of a file previously deleted. And OpenOffice.org can keep as many traces of a deleted file as Microsoft Office. In practice, there are dozens of programs running well; When using a printer, the operating system often copies the file on hold in the "queue". The contents of this file once the file is empty, has not disappeared from the hard drive so far; Windows, when you connect a removable drive (USB key, external hard drive, CD or DVD), the system often begins to explore its contents in order to offer software tailored to the reading: This exploration allows automatic memory list all files on the medium used, even if none of its files is consulted.
It is difficult to find an adequate solution to this problem. A file, even fully removed, will probably continue to exist on the computer for a while in a different form. A search of the raw data of the disk would show whether copies of the data exists or not ... unless they are only referenced or stored in a different form, in compressed form, for example. In fact, only the overwriting of the entire disk and installing a new operating system can be assured that the traces of a file have been removed. And in another perspective, the use of a live system, including the development team pays special attention to this issue; ensure that these tracks will not be left other than the RAM.
Metadata
Around the information contained in a file, there is information about the content. These "data about data" commonly called "metadata." Part of the metadata is stored by the file system: file name, date and time of creation and modification, and often much more. But many file formats also store metadata inside the file. They may be known to anyone who has access to the file. The metadata stored depend on the formats and software used. Most audio files can save the song title and artist. Word processors or PDFs record an author's name, date and time of creation, and even the history of recent changes... The prize goes probably to image formats like TIFF or JPEG photo files those created by a digital camera or mobile phone containing a standard called EXIF metadata. It may contain the date, time, and sometimes the geographical coordinates of the shooting. And the make, model and serial number of the apparatus used, plus a miniature version of the image. And all this information tends to remain after passing through a photo editing software. The case of the miniature is particularly interesting: many photos available on the Internet still contain an entire cropped image ... and faces have been "blurred". 1 For most file formats, however, there is software to review and possibly remove metadata.
1. Maximillian Dornseif and Steven J. Murdoch, Hidden Data in Internet Published Documents presented at 21C3 . http://md.hudora.de/presentations
Malware, spyware and other cookies
Beyond that traces the operation of any operating system allows at least the time when the computer is running, you can also find in our computers a lot of cookies. Be installed without our knowledge (for example to divert logs to other purposes) or consistently present in the software will be installed. These cookies can participate in various monitoring techniques, the "fight" against "piracy" of proprietary software, targeted at the FILING of an individual, through the collection of data for (spam) or other scams. The scope of these devices increases significantly when the computer is connected to the Internet. Their installation is much easier if we do anything special to protect and data is collected remotely. However, people who collect this information are unevenly dangerous: it depends on the case, their motives and their means. Internet sites in search of target consumers can link them to multinational corporation like Microsoft, the police, or the National Security Agency U.S. ... all structures often compete with each other. To break into our computers, they have no access to the same mat: for example, industrial espionage is an important reason for monitoring more or less legal one , and do not believe that Microsoft provides all Windows tricks to not- authorized persons . However, most security services now have the means to implement a comprehensive IT monitoring legally, based on several "cookies" presented subsequently, through the Law of Orientation and Programming for Performance of Homeland Security (known LOPPSI 2). This text includes the legal effect to unpublished, as part of an investigation into offenses of crime or organized crime, install cookies to record and transmit what is displayed on the screen or the which entered from the keyboard of a computer, without necessarily having physical access to the machine, or by entering the home of the person being monitored to install the necessary tools 2 . 1. To get an idea of the problems related to industrial espionage, read the Wikipedia article on the subject. https://en.wikipedia.org/wiki/Industrial_espionage 2. For more details, we recommend reading the two articles published on PCINpact: LOPPSI: the police will be allowed to install Trojans and Trojan horses of the police will be installed remotely, and possibly the statute in question. http://translate.google.com/translate?hl=en&rurl=translate.google.com&sl=fr&tl=en&u=http://w ww.pcinpact.com/actu/news/51077-loppsi-chevaux-troie-police-distance.htm http://translate.googleusercontent.com/translate_c?hl=en&rurl=translate.google.com&sl=fr&tl=e n&u=http://www.legifrance.gouv.fr/affichCode.do%3FcidTexte%3DLEGITEXT000006071154 %26idSectionTA%3DLEGISCTA000023712495%26dateTOexte%3D20110428&usg=ALkJrhi Qs4VInFFHVKJwi21zOlp-KRA0yQ
Malware
Malware 1 is software that was developed in order to harm: information gathering, hosting illegal, relay spam and so on. Some examples are Computer viruses, worms, Trojan horses, spyware, rootkits (software to take control of a computer), and keyloggers . Some programs may belong to several of these categories simultaneously. To install on a computer, some malicious software exploiting vulnerabilities in the operating system two or applications. They are based on errors of design or programming to divert the course of the program to their advantage. Unfortunately, such "security holes" were found in many software, and new ones are constantly found, both by people who seek to correct them or by others who seek to exploit them. Another common way is to encourage the person using the computer to launch the malware by hiding in seemingly innocuous software. The attacker then not has to find serious vulnerabilities in popular software. It is particularly difficult to ensure that computers shared by many people or computers that are located in public places, such as a library or Internet cafe, have not been corrupted. In addition, most “serious” malware leave no immediately visible signs of their presence, and can even be very difficult to detect. In 2006, Joanna Rutkowska presented at the conference Black Hat malware called "Blue Pill". This demonstration showed that it was possible to write a rootkit using virtualization technology to fool the operating system and thus make very difficult to identify the presence of malware, once it loaded. This software can steal passwords, read documents stored on the computer (even encrypted documents if they have been deciphered at a time), wipe devices anonymity on the Internet, make catches of desktop screen and hide themselves from other programs. They can sometimes use the microphone, webcam and other computer peripherals. There is even a black market where one can buy such programs, customized for different purposes. However, it is much more common for these programs are working to obtain credit card numbers, passwords, eBay account or online banks, to send spam or participate in an attack by saturating server applications, rather to spy on specific individuals or organizations. Infection initiated by the cops is still possible, even if it requires the implementation of costly resources and is generally linked to a particular investigation. To give an example from the United States, the FBI wrote a program called CIPAV for Computer and Internet Protocol Address Verifier. That latter has been used to identify a fifteenyear-olds who emailed threats of attack against a high school in Washington 3 . More recently, the HADOPI law requires that users "secure" their connection, on pain of being responsible for illegal use which would be made. For this, the authority of law enforcement had
the good sense to provide Internet users intentionally install spyware that record a lot of data on the use of their connection, as well as to identify machines that have used it 4 . Nobody knows how many computers are infected with malware, but some believe that is the case for 40 to 90% of Windows installations. It is therefore likely to be on the first Windows you see. So far, using a minority operating system (such as Mac OS X or GNU / Linux) significantly reduces the risk of infection because they are less involved, the development of specific malware being economically less profitable. We can already mention some ways to reduce the risk:
install (or use) any software of unknown origin: do not trust the first came website 5 ; take seriously the warnings of recent operating systems that attempt to notify users when using insecure software, or indicate when an update is necessary for safety; Finally, limit the possibility of installing new software: by limiting the use of "administrator" account and the number of people with access rights.
1. All this part is greatly inspired by the passage devoted to the question in the Surveillance Self-Defense Guide for the Electronic Frontier Foundation. https://ssd.eff.org/tech/malware 2. According to the Internet Storm Center, an installation of Microsoft Windows on which the security updates were not made is compromised in less than 4 minutes if connected directly to the Internet. http://isc.sans.edu/survivaltime.html 3. Source: Wired, July 2007, FBI's Secret Spyware Tracks Down Teen Who Made Bomb Threats http://www.wired.com/politics/law/news/2007/07/fbi_spyware 4. See software specifications : http://translate.googleusercontent.com/translate_c?hl=en&rurl=translate.google.com&sl= fr&tl=en&u=http://hadopi.fr/download/sites/default/files/page/pdf/Consultation_sur_les %2520specifications_fonctionnelles_des_moyens_de_securisation.pdf&usg=ALkJrhipm ZHbqJqc5UK0sat748zm-E9cfQ 5. This advice applies equally to people using GNU / Linux. In December 2009, the site gnome-look.org issued a malware presented as a screen saver. It was downloaded as Debian package among other savers and wallpapers. http://lwn.net/Articles/367874
Keyloggers or keystroke loggers
The keystroke loggers (keyloggers) which can be "material" or "software", their function is to stealthily record everything typed on a computer keyboard in order to transmit data to the agency or the person who installed one . Their ability to record key by touch what is typed on a keyboard, bypassing any encryption device, allows for direct access to the phrases, passwords and other sensitive data entered when there is a keystroke logger on a keyboard. The hardware keyloggers are devices connected to the keyboard or the computer. They may look like adapters in expansion cards inside the computer (PCI or mini-PCI) and even fit inside the keyboard 2 . They are hard to spot if you do not look specifically... For a wireless keyboard, there is not even need to retrieve the keylogger key inputs: just pick up the waves emitted by the keyboard to communicate with the receiver and to break the encryption used, which is quite low in most cases 3 . At any distance, it is always possible to record and decode the electromagnetic waves emitted by the keyboards with a wire , including those incorporated in a laptop ... Software keyloggers are much more prevalent, because they can be installed remotely (via a network, through malicious software, or other), and generally do not require physical access to the machine for the recovery of data collected (e.g. sending can be done periodically by email). Most of these programs also record the name of the current application, the date and time at which it was executed and keystrokes associated with this application. In the U.S., the FBI used for many years keyloggers software 4 . The only way to detect hardware keyloggers is to become familiar with these devices and regular visual inspection of the machine, inside and outside. For keyloggers software, the tracks are the same as for other malware.
1. Source: Keystroke Loggers & Backdoors, http://security.resist.ca/keylog.shtml 2. To get an idea, many models are freely available for between 40 to $ 100. http://www.google.com/products?q=keyloggers 3. Source: ZDNet Australia, December 2007, Microsoft wireless keyboard hacked from 50 http://www.zdnet.com.au/news/security/soa/Microsoft-wireless-keyboardmeters . hacked-from-50-metres/0,130061744,339284328,00.htm 4. In 2000, the use of a keylogger has allowed the FBI to obtain the passphrase used by a nesting of the Philadelphia Mafia to encrypt documents. http://www.theregister.co.uk/2000/12/06/mafia_trial_to_test_fbi
Printing problems?
It was believed to have toured the surprises that we reserve our computers ... but even the printers began to have their little secrets.
A bit of Steganography
First thing to know: Many high-end printers sign their work. This signature Steganography one based on very slight details of printing, often invisible to the naked eye, and inserted in each document. They identify with certainty the make, model, and in some case the serial number of the machine that was used to print a document. It says "for sure" because that's why these details are there: in order to recover the machine from its work. All printers are not equipped with this system, known as watermarking, but this is the case for many current models 2 . In addition, other types of evidence related to the wear of the machine are left on the documents and with all printers. Because with age, the print heads are shifted, slight errors occur, the parts wear out, and all that is in as a signature unique to the printer. Like ballistics identifies firearm from a bullet, it is possible to use these flaws to identify a printer from a page that has been released. To protect against them , it is interesting to know the details of printing can’t withstand by repeated copying: copy the printed page, and then photocopy of the photocopy obtained, adequate to remove such signatures. By cons ... we surely leave other, photocopiers defects, and sometimes Steganography signatures similar to those printers. In short we turn around, and the problem becomes special to choose which tracks you want to leave...
1. To learn more about steganography, we recommend reading the Wikipedia article devoted to him . https://en.wikipedia.org/wiki/Steganography 2. The Electronic Frontier Foundation is trying to maintain a list of manufacturers and models of printers prying . https://www.eff.org/issues/printers
Memory, more...
Some printers are sufficiently "advanced" to be closer to a real computer as an ink pad. They can pose problems to the next level, since they come with a memory: it, like that of the PC, keeps track of documents that have been printed as long as the machine is turned on ... or until another document covers them. Most laser printers have a memory that can hold a dozen pages. Newer models or those with integrated scanners can, in turn, contain thousands of pages of text... Worse still, some models, often used for large prints as in the copy centers, sometimes have hard drives internal, which the user has no access, and keep track of the document too - and this time, even after power off.
Some illusions of security...
Good. We begin to have toured the traces that we can leave involuntarily, and information that someone can get from us. It remains to slay a few ideas.
Proprietary software, open source, free
We have seen that software could do a lot of things you would not want it to do. Therefore, it is essential to reduce this problem as much as possible. From this point of view, free software is worthy of a much greater confidence that the software called “Proprietary ": we'll see why.
The metaphor of the cake
To understand the difference between these two types of software, often used the metaphor of the cake. To make a cake, you need a recipe: This is a list of instructions to follow, ingredients to use and a method of processing required. Similarly, the recipe software is called "source code". It is written in a language to be understood by human. This recipe is then converted into a code understood by the processor, much like baking a cake and then gives us the opportunity to eat. Proprietary software are available as "ready to eat" as an industrial cake without a recipe. It is therefore very difficult to ensure its ingredients: feasible, but the process is long and complicated. Moreover, read a series of millions of addition, subtraction, reading and writing in memory to reconstruct the purpose and operation is not the thing you want to do on a computer.
Free software, however, deliver the recipe for anyone who wants to understand or modify the operation of the program. It is easier to know what feeds our processor, and therefore what will take care of our data.
Proprietary software: blind faith
Proprietary Software is a bit like a "box" tight: we can see that the software does what is asked, has a nice graphical interface, etc.. Except you can’t really know in detail how it makes! We do not know if it is confined to what is asked, or makes other things more. To find out, we should be able to study its operation, which is difficult to do without the source code ... it leaves us to blindly trust it. Windows and Mac OS X, the first, huge boxes are hermetically sealed on which boxes are installed other equally tight (Microsoft Office ... the anti-virus) that are perhaps much more than that 'asked. In particular, balancing the information that this software could glean about us or provide access to the inside of our computer with backdoors1 provided the software for those who can hack into our computers key ... in fact, since we cannot know how writing the operating system, you can imagine everything. Therefore, let the confidentiality and integrity of the data on programs that can’t be given confidence, is the purest illusion of security with eyes closed. And install other programs claiming on their packaging to ensure the security for us, while their operation is not transparent, cannot solve this problem.
1. About "backdoors" see the Wikipedia article. http://en.wikipedia.org/wiki/Backdoor_(computing)
The advantage of having the recipe: free software
The more confidence we can put in a free system like GNU / Linux is mainly due to the fact of having the "recipe" that can make it. Keep in mind that there is still no magic: free software does not to do “protection spell" on our computers. However, GNU / Linux provides more opportunities to make a little more on the use of computers, including fine enough to configure the system. It involves too often relatively specialized know-how, but at least possible.
In addition, the mode of production of free software is not compatible with the introduction of backdoors: it is a collective mode of production, rather open and transparent, in which people quite varied, so it is not easy 'put discreetly gifts to the attention of bad people. It should however be wary of the software described as open source. These also give access to their bowels, but development patterns more closed, more opaque. Modification and redistribution of this software is prohibited for the worst and best but made formally authorized in practice very difficult. Given that only the team behind the software will be able to participate in development, we can consider that, in practice, no one will read in detail the source code ... and so that no one really check their operation.
This is the case, for example, TrueCrypt encryption software whose source code is available, but its development is closed and its license restricts the modification and redistribution. As far as we are concerned, the fact that software is open source should rather be seen as a selling point than as a sign of confidence.
Except ... the distinction between free software and open source is increasingly blurred: IBM Employees and company write large parts of the most important free software, and it does not always look closely at what they write. For example, here are the statistics of employers people who develop the Linux kernel (which is free), expressed in number of lines of source code change over a short period of time 1 :
Organization Percentage (None) 18.6% Novell 16.9% Red Hat 9.9% Broadcom 5.6% Intel 5.2% (Unknown) 5.1% Google 2.7% IBM 2.0% Nokia 1.6% Microsoft 1.3% And so on. So ... it is not impossible that a person who writes a piece of software in a corner, and that the "open source community" trust, was able to slip bits of malicious code. If using only free software delivered by a GNU / Linux distribution non-commercial, it is unlikely that this happens, but it is a possibility. Is then trust the people working on the distribution to study the operation of programs that are integrated? However, it is important to remember that this trust is valid only if it does not install anything on their system. For example, on Debian official packages of the distribution are "signed", which is used to verify their origin. But if you install packages or extensions for Firefox from the Internet without checking, you are exposed to the risks mentioned about malware. Finally, and not make us more illusions: Free or not, there is no software that can, by itself, ensure the privacy of our data to do so, there are only practical associated with the use of certain software. Chosen Software should have elements to allow us to give them some confidence.
1. Source:, Linux Weekly News, November 24, 2009, Who wrote 6.2.32 . http://lwn.net/Articles/363456/
The password of an account does not protect its data
All modern operating systems (Windows, Mac OS X, GNU / Linux) offer the possibility of having different users on one computer. We must know that the passwords that protect these users sometimes do not guarantee the confidentiality of all data. While it may be convenient to have your own space, with its own settings (bookmarks, wallpaper ...), but a person who would have access to all data on the computer , he would have no trouble to do: just plug the hard drive on another computer or start it on another operating system to access all data written to disk. Also, if using separate accounts and passwords can have some benefits (such as the ability to lock the screen when you move away a few minutes), it is necessary to keep in mind that it really does not protect the data.
About the "delete" files
We have already mentioned that the contents of a file become inaccessible or invisible had not so far gone. We will now detail why.
Deleting a file does not delete the content...
... And it can be very easy to find. Indeed, when "delete" a file - for example by placing it in the Trash and then emptying it - we only tell the operating system that the contents of this file does not interest us more. It then deletes its entry in the index of existing files. It was then time to reuse the space that took the data to record something else. But it may take weeks, months or years before the space is actually used for new files, and the old data actually disappear. In the meantime, if you look at what is written directly on the hard disk, we find the file contents. It's a fairly simple manipulation, automated by many programs (that can "recover" or "restore" the data).
Beginning of a solution: rewrite several times over the data
Once the space of a hard disk has been overwritten, it becomes difficult to find what was there before. But this is not impossible: when the computer rewrites 1 above 0 , this gives more 0,95 and when rewritten 1 over 1 , instead it gives 1,05 1 ... it can read on a notebook which was written on a page torn out by the depression created on the blank page located below. However it becomes very difficult or impossible to recover when overwrite many times, and in different ways. The best way, therefore, inaccessible to the contents of these files 'deleted', is to use software that will make sure to rewrite several times, ending with incomprehensible gibberish.
1. Source: Secure Deletion of Data from Magnetic and Solid-State Memory by Peter Gutmann, presented at the 6th USENIX Security Symposium in 1996. http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html
Some limits of the overwriting
While it is possible to rewrite several times at a given location of a hard drive to make inaccessible data in where it contained, it does not necessarily guarantee their complete disappearance of the disc...
The 'smart' discs
Modern hard disks reorganize their "smart" content part of the disk is reserved to replace areas that become defective. These replacement operations are difficult to detect, and can never be really sure that the place on which we overwrite thirty times is the one where the file was originally written... For USB drives, if you even sure that most cases is overwritten in a different place. Like flash memory, used by USB and SSD (Solid State Disks) stops working after a certain number of writes one , they contain chips loaded automatically reorganize the content to distribute information to maximum locations. Taking into account these mechanisms, it becomes difficult to ensure that the data that you want to destroy are completely disappeared.
However, opening a hard drive to examine the entrails takes time and considerable material and human resources ... investment that will not necessarily be accessible to everyone, all the time.
For flash memory chips to enter a USB hard drive or SSD, even if it is not immediate, the operation is much simpler: just a soldering iron, and connection to a device to directly read the memory chips. These are for about 1500 dollars 2 .
1. The low-end models will not work properly after they were written a hundred thousand times, and five million for the best, according to Wikipedia . https://secure.wikimedia.org/wikipedia/fr/wiki/Solid_State_Drive 2. The Salvation Flash Data Doctor or the PC-3000 Flash SSD Edition are both sold as professional tools to recover data from damaged flash devices. http://www.sd-flash.com/&usg=ALkJrhgU6M9J-Umt_Za_6OuQ9Sd1HVdcNA , http://www.pc-3000flash.com/&usg=ALkJrhg61tqi7YJ7nS8OfvAey-FyVq4Ksg
File systems "smart"
Another problem is the file system "smart". File systems developed in recent years, such as NTFS or ext3 that are "logged", they keep track of successive amendments made to the files in a “journal ". After a sudden extinction of the computer, this allows the system to simply take the last operations to be done, rather than having to browse the entire disk to correct inconsistencies. By cons, this can add, again, traces of the files you would like to see disappear. The file system is currently used most often in GNU / Linux, ext3, can work with several modes. The most commonly used in the paper does the names of the files and other metadata, not content. Other techniques, less common on a personal computer, can also be a problem: file systems with redundant writing and continuing to write even if an error occurs, such as RAID file systems, CHKDSK of systems that make snapshots file systems that cache in temporary folders, as clients (NFS file system over the network) file systems compressed one. Finally, it is important to remember that the file, even fully removed, may have also left their mark...
1. Source: man page for shred (1). http://manpages.debian.net/cgibin/man.cgi?query=shred&locale=fr
What they do not know...
For CD-RW or DVD ± RW (rewritable), it appears that no serious study has been conducted about the effectiveness of rewriting to make the data unrecoverable. A conservative assumption is to methodically destroy the media of this type that could contain data to remove.
Many other times we "erase"
It should be noted that just do not delete files by putting them in the trash. For example, when using the option "Clear Private Data" Firefox browser, it does nothing more than to delete the files. While the data have become inaccessible for Firefox, they are always accessible by looking directly at the hard drive. Finally, it is useful to emphasize here that reformatting a disk does not erase all the content that was there. As well as deleting files, it only makes the space of the contents above available .but the data still physically on the disk. Like destroying a library catalog, does not necessarily eliminate the present book on the shelves... One can always find files after reformatting, as easily as if they were simply "deleted”...
How to leave no trace?
To address the problem fundamentally, there is no simple method. The least difficult at the moment is to use the computer after you have started with a live system configured to use only RAM. So you cannot write anything on the hard disk or on the swap, and do keep the information (as long as the computer is on) in the RAM.
Portable software: a false solution
So-called "portable software" are software programs that are not installed on a given operating system, but that can boot from a USB stick or external hard drive - and therefore, carrying around to use of any computer. It has become very easy to download on the Internet such applications. Such "portable packs" have been posted are Firefox with Tor and Thunderbird with Enigmail. However, unlike the live systems, they use the operating system installed on the computer where they are used (in most cases, they are intended for Windows). The idea is the software you need, at hand, customized for your use. But this office carry with you everywhere," for example, is not necessarily the best way to preserve the confidentiality of its data.
Let us say right away: these programs do not protect most people who use "non-portable" software .Worse, the speeches promoting them to create an illusion of safety with huge nonsense like "you keep all your data on your key and no one can see the sites you visit, or read your mail." 1 It is not true unfortunately.
Main problems
These solutions "turnkey" therefore pose few problems rather unfortunate... It’s traces remains on the hard disk If the software was made "portable" correctly, it should not deliberately leave traces on the hard disk of the computer on which it is used. But in fact, the software has not absolute control. It largely depends on the operating system on which it is used, which may need to write the "virtual memory" on the hard drive , or record various traces of what it does in its journals and other "recent documents" . All that will then remain on the hard disk. There is no reason to trust an unknown system We saw earlier that many systems did absolutely not what you believe. However, since the software will use the portable version on the computer where it is launched, it will suffer from all the cookies and other malware that may be present... We do not know who compiled them, and how Changes to the software to make portable are rarely checked, even though they are generally not made by the authors of the software itself. Therefore, you can suspect that software, even more than their non-portable versions contain security vulnerabilities, whether accidentally or intentionally introduced. We discuss further this issue to have the choice of software that installs or downloads.
1. This excerpt comes from the early versions of the introductory text of FramaKey , a collection of portable software made by Framasoft , a French site for the promotion of free software. The new presentation of the FramaKey it says now "the web browser and mail client will protect your privacy and the host, leaving minimal traces" ... without elaborating on the nature of these traces. http://framakey.org/En/Index http://forum.framasoft.org/viewtopic.php?t=8359 , http://www.framasoft.net
One way to protect themselves: cryptography
Cryptography is the branch of mathematics that deals specifically with protecting messages. Until 1999, the use of cryptographic techniques was forbidden to the public. It became legal and other services enable online merchants to get paid without the customers to have bitten their credit card number. Cryptanalysis is the area consisting of "breaking" cryptographic techniques, for example to try to find a message that had been protected one. When you want to protect messages, there are three aspects:
Confidentiality: to prevent prying eyes; Authenticity: ensuring the source of the message; Integrity: ensuring that the message has not changed.
We may want three things at once, but it can also mean just one or the other. The issuer of a confidential message may wish to deny being the author (and therefore the one can’t authenticate). You can also imagine wanting to certify the origin (authentication) and the integrity of an official statement to be released publicly (far from being confidential). In what follows, we will talk about messages, but the cryptographic techniques that apply to any number, thus any data, once digitized. Note; cryptography does not try to hide messages, but to protect them. To hide messages, it is necessary to use Steganography techniques (like those used by the printers mentioned earlier), we will not discuss here.
1. For a good overview of different methods, called "attacks", commonly used in cryptanalysis, one can refer to the Wikipedia page. https://secure.wikimedia.org/wikipedia/en/wiki/Cryptanalyse
Protect data from prying eyes
As the kids have understood using codes to exchange messages or communicating their military orders, track the most serious data can be understood by those "in secret". Encrypting a file or storage media used to make it unreadable to anyone who does not have the access code (usually a passphrase). It will certainly be possible to access content, but the data looks like a series of random numbers, and will be unreadable. Often they called encrypt and decrypt.
How does cryptography work?
Basically, there are only three big ideas to understand how to encrypt messages 1 . The first idea: the confusion. It should obscure the relationship between the original message and the encrypted message. A very simple example is the "figure of Caesar": With a Caesar Cipher, the cipher alphabet wraps around the plain alphabet. For example, if there is a +1 shift, A=B, B=C, C=D, and so on to Z=A. Once you have figured out one or two of the letters in a Caesar cipher, the rest of the encryption will fall out easily.
Plaintext: ASSAULT >>>>>>>>>>>>>>>>>> cipher text: DVVDXOW “A + 3 letters= D “ Except with the figure of Caesar, it is easy to analyze the frequency of letters and find the words. So another big idea is broadcast. This will explode the message to make it more difficult to recognize. An example of this technique is the transpose column: e.g; “Google my secure idea”
│g││o││o││g││l││e│ │m││y││s││e││c││u│ ⇒ gmr oye osi ged lce eua │r││e││I││d││e││a│ Diffusion in 3 points
In these two small examples, we could have decided to shift 6 characters instead of 3, or to break the columns using two lines instead of 3. We call this piece that can change the encryption key an algorithm. the second master plan to encrypt messages is one-time pad. In cryptography, the one-time pad (OTP) is a type of encryption which has been proven to be impossible to crack if used correctly. Each bit or character from the plaintext is encrypted by a modular addition with a bit or character from a secret random key (or pad) of the same length as the plaintext, resulting in a ciphertext. If the key is truly random, as large as or greater than the plaintext, never reused in whole or part, and kept secret, the ciphertext will be impossible to decrypt or break without knowing the key. Suppose Alice wishes to send the message "HELLO" to Bob. Assume two pads of paper containing identical random sequences of letters were somehow previously produced and securely issued to both. Alice chooses the appropriate unused page from the pad. The way to do this is normally arranged for in advance, as for instance 'use the 12th sheet on 1 May', or 'use the
next available sheet for the next message'. The material on the selected sheet is the key for this message. Each letter from the pad will be combined in a predetermined way with one letter of the message. It is common, but not required, to assign each letter a numerical value: e.g. "A" is 0, "B" is 1, and so on. In this example, the technique is to combine the key and the message using modular addition. The numerical values of corresponding message and key letters are added together, modulo 26. If key material begins with "XMCKL" and the message is "HELLO", then the coding would be done as follows:
H 7 (H) + 23 (X) = 30 = 4 (E) E E 4 (E) 12 (M) 16 16 (Q) Q L 11 (L) 2 (C) 13 13 (N) N L 11 (L) 10 (K) 21 21 (V) V O message 14 (O) message 11 (L) key 25 message + key 25 (Z) message + key (mod 26) Z → ciphertext
If a number is larger than 25, then the remainder after subtraction of 26 is taken in modular arithmetic fashion. This simply means that if your computations "go past" Z, you start again at A. The ciphertext to be sent to Bob is thus "EQNVZ". Bob uses the matching key page and the same process, but in reverse, to obtain the plaintext. Here the key is subtracted from the ciphertext, again using modular arithmetic:
E 4 (E) - 23 (X) = -19 = 7 (H) H Q 16 (Q) 12 (M) 4 4 (E) E N 13 (N) 2 (C) 11 11 (L) L V 21 (V) 10 (K) 11 11 (L) L Z ciphertext 25 (Z) ciphertext 11 (L) key 14 ciphertext — key 14 (O) ciphertext — key (mod 26) O → message
Similar to the above, if a number is negative then 26 is added to make the number positive. Thus Bob recovers Alice's plaintext, the message "HELLO". Both Alice and Bob destroy the key sheet immediately after use, thus preventing reuse and an attack against the cipher. The KGB often issued its agents one-time pads printed on tiny sheets of "flash paper"—paper chemically converted to nitrocellulose, which burns almost instantly and leaves no ash The method can be implemented now as a software program, using data files as input (plaintext), output (ciphertext) and key material (the required random sequence). The XOR operation is often used to combine the plaintext and the key elements, and is especially attractive on computers since it is usually a native machine instruction and is therefore very fast. However, ensuring that the key material is actually random is used only once, never becomes known to the opposition, and is completely destroyed after use is hard to do. The auxiliary parts of a software one-time pad implementation present real challenges: secure handling/transmission of plaintext, truly random keys, and one-time-only use of the key.
Related problems Despite Shannon's proof of its security, the one-time pad has serious drawbacks in practice: it requires perfectly random one-time pads, which is a non-trivial software requirement secure generation and exchange of the one-time pad material, which must be at least as long as the message. (The security of the one-time pad is only as secure as the security of the one-time pad key-exchange). careful treatment to make sure that it continues to remain secret from any adversary, and is disposed of correctly preventing any reuse in whole or part — hence "one time". difficulties in completely erasing computer media. Which brings us to the third big idea: the secret lies only in the key. After many attempts, we realized it was a bad idea to assume that no one could understand the encryption algorithm. Sooner or later, someone will eventually find out ... by force if necessary. Today, the algorithm can be detailed on Wikipedia long, and the bottom up, allowing anyone to verify it. that is to say that the only way to decrypt a text will have the key that was used with it.
1. The following passage is a very partial adaptation of the comic Jeff Moser on the AES algorithm . http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html 2. http://en.wikipedia.org/wiki/XOR 3. Quantum cryptography and VA theorem Kotel'nikov's one-time key and sampling:
h p://www.ufn.ru/ru/ar cles/2006/7/k/
4. http://www.schneier.com/crypto-gram-0210.html#7
Want a picture?
Specifically, to ensure the confidentiality of our data, we use two operations: * Encrypt: ┃ plaintext algorithm ┆ ┆ + + key ┃ ┃ → ┆ ┆ ciphertext ┃ (secret) ┃ ┆ (public) ┆ ┃ (secret) ┃ ┆ (public) ┆ * Decipher: ┆ ┆ + ciphertext ┆ ┆ + algorithm key ┃ ┃ → ┃ ┃ plaintext ┆ (public) ┆ ┆ (public) ┆ ┃ (secret) ┃ ┃ (secret) ┃
For an example of practical use, consider the following message: The spaghetti is in the closet. After the encrypted message using the software GnuPG with AES256 algorithm, and as passphrase "this is a secret," we get: -----BEGIN PGP MESSAGE----jA0ECQMCRM0lmTSIONRg0lkBWGQI76cQOocEvdBhX6BM2AU6aYSPYymSqj8ihFXu wV1GVraWuwEt4XnLc3F+OxT3EaXINMHdH9oydA92WDkaqPEnjsWQs/oSCeZ3WXoB 9mf9y6jzqozEHw== =T6eN -----END PGP MESSAGE----Here is a look that takes text after encryption: content has become perfectly undrinkable. Data "in the clear," readable by everyone, have been transformed into another format, incomprehensible that does not have the key. For decryption, it suffices to use GnuPG again, with our ciphertext, this time. The latter we will ask the passphrase, and if this is correct, we will finally obtain the information that we needed to prepare lunch.
For a hard drive...
If you want to put cryptography on a storage medium (hard disk, USB stick, etc, only the operating system is responsible for carrying out "on the fly" operations of encryption and decryption. Thus, whenever data must be read from the hard drive, they will be decrypted to the passage so the software to access them is needed. Conversely, whenever a software request to write data, they will be encrypted before landing on the hard disk. For these operations, it is necessary that the encryption key keep in memory as long as the media will need to be used. In addition, the encryption key can’t be changed. Once it was used to encrypt data written to disk, it becomes essential to be able to read it again. To change the key, it should therefore be read and then rewrite the entire disk data... To avoid this painful operation, most of the systems used to encrypt storage media then use a trick: the encryption key is actually a lot, totally random, which is itself encrypted with a sentence Password 1 . The encrypted version of the encryption key is usually written on the storage medium at the beginning of the disc, "top" of the encrypted data.
With this system, change the access code is simple, as it will be enough to replace just this header with a new one.
1. LUKS system, used under GNU / Linux, can even use multiple versions of the encrypted encryption key. Each of these versions can be encrypted with a different passphrase, which allows multiple people to access the same data without having to hold the same secret.
Summary and limitations
Cryptography makes it possible to adequately protect its data, by encrypting all or part of your hard drive like any other storage medium (USB, CD, etc...), or its communications Also, modern computers are powerful enough for us to make an encryption routine, rather than reserve it for special circumstances or particularly sensitive information (if not, it immediately identifies these as important, so that it is better to dissolve in the mass). We can set up a passphrase to encrypt an entire hard disk, and /or give some people an encrypted part with their own passphrase. It is also possible to encrypt a particular file individually, or email, or attachment, with a different passphrase again. However, although it is a powerful and essential to information security, encryption has its limits - especially when not used properly. As explained before, when accessing encrypted data, it is necessary to keep two things in mind. First, once the data is decrypted, the latter are at least in RAM. Second, as data must be encrypted or decrypted, RAM also contains the encryption key. Anyone who has the encryption key can read everything that has been encrypted, and also be used to encrypt the data itself. We must be careful to:
The operating system and software have access to data and the encryption key as much as us, so it depends on the trust we put them Anyone who gets physical access to the computer, access to the contents of the RAM. When an encrypted disk is enabled, it contains, in short, the data on which we worked for the lighting of the computer (even if it is encrypted on the disk). But in all above it contains, as stated, the encryption key, which can be copied. So it is better to get used to, turn off the computer, and disable (unmount, eject) the encrypted disks when not in use.
In some cases it may be necessary to provide hardware solutions to power off quickly and easily 1 , so the encrypted disks again become inaccessible without the pass phrase unless you do a cold boot attack . It is also possible that a keylogger has been installed on the computer, and it stores the passphrase.
Moreover, a certain limit which makes it possible “legal" attack in many countries .for example ,In France, anyone is supposed to give the password to the authorities when requested, as explained in Article 434-15-2 of the Penal Code 2 : “Is punished by three years imprisonment and a fine of 45,000 euros to the fact, for anyone with knowledge of the secret agreement decryption of an encryption may have been used to prepare, facilitate or commit a crime or a crime to refuse such agreement to the judicial authorities …………………>>>>>>>>>>>>>>…... ………………………………………………………… …………………………………………>>>>>>>>>>>>>>>>>………………………………… , the penalty is increased to five years of imprisonment and a 75,000 euro fine.” Please note there: when requested. That is to say that the law is vague enough to allow requiring any person holding encrypted data. It may possibly be asked the passphrase of a carrier. Note that person, to our knowledge, has so far never been convicted of that. Finally, it may be wise to remember that the math used in cryptographic algorithms sometimes have faults. And a lot more often, the software implementing them have weaknesses. Some of these problems can be transformed in a simple matter of "double click”...
1. For this reason, it is fashionable to not leave the battery plugged into a laptop when not in use. It is then sufficient to remove the power cable to turn it off. 2. The legal term is "encryption". A search on the word “Légifrance” give an exhaustive list of legislation for this area.
Ensure the integrity of data
We saw some tracks to ensure the confidentiality of our data. However, it may be as important to ensure their integrity, that is to say, to check they have not changed (accidentally or maliciously). May also wish to ensure that the source of our data, confirm its authenticity. Specifically, after reading these pages, you can understand how it is critical to ensure that the software you want to install on your computers would not have changed the way to see its hidden malware.
The power of the chopper
Most of the techniques to ensure the integrity and authenticity are based on mathematical tools that cryptography has dubbed "hash functions." In recent work like choppers, can reduce anything into very small pieces. And if our grinder works well for use in cryptography, we know that:
with small pieces, impossible to reconstruct the original object without trying all the objects of the earth the same object, when passed through a grinder, always give the same pieces; Two different objects must provide various pieces.
When these properties are met, we just have to compare pieces from two different objects to see if they were the same. The small pieces that come out of our chopper commonly called a checksum or fingerprint. It is usually written in a form that looks like: f9f5a68a721e3d10baca4d9751bb27f0ac35c7ba Since our chopper works with data of any size and any shape, compare fingerprints can allow us to more easily compare images, CDs, software, etc... Our chopper is not magic either. One can imagine all the same although reducing anything in small cubes of equal size, one can end up with the same small cubes from two different objects. This is called a collision 1 . This pile is fortunately mathematical dangerous than when it is possible to cause ... what has happened for several hash functions after several years of research.
1. http://en.wikipedia.org/wiki/MD5
Check the integrity of software
An example: Alice 1 wrote a program and distributes it on CD, which can be found in the clubs of users of GNU / Linux. Bob wants to use the Alice program, but said he would have been very easy for a malicious administration of a CD to replace Alice by malware. CD Alice ⇻ 94d93910609f65475a189d178ca6a45f 22b50c95416affb1d8feb125dc3069d0 Bob can then compare it with that it generates from the CD that he has obtained: He can’t get a CD directly from Alice, who lives in another city. By cons, he met Alice for some time, and knows his voice on the Phone. So he asked and Alice gives the checksum of the CD:
CD Bob ⇻ 94d93910609f65475a189d178ca6a45f 22b50c95416affb1d8feb125dc3069d0
As the numbers are the same, Bob is happy and is sure; he uses the same CD as that provided by Alice. Calculate the checksums doesn’t not take much longer than reading the full CD ... or a few minutes at most. Now, let's get into the skin of Eve, which was paid to take over Bob's computer without his knowledge. For this, she wants to create a CD that looks like Alice, but contains malicious software. Unfortunately for her, the hash function only goes in one direction. She must start with the original CD to get Alice. Then she changes the CD to introduce malicious software. This first version closely resembles the original. This might fool more than one person who would not care, but she knows that Bob will check the checksum of the CD which will install the new version. As Alice uses the SHA256 hash function, which has no known defects, it remains to Eve to try a large number of data variation of the CD, in the hopes of obtaining a collision, is the same checksum as Alice. Unfortunately for her, and fortunately for Bob, even with many powerful computers, the chances of Eve in a reasonable time (for example a few years) are extremely low. So, just get a fingerprint or checksum by trusted intermediaries to verify the integrity of data. The challenge is then to obtain the fingerprints by means of confidence to be able to check their authenticity...
1. The names used in this example are the names traditionally used in cryptographic scenarios. Alice and Bob are trying to communicate while escaping the surveillance of Eve. The latter name comes from the consonants in English with Eavesdropping
Verify a password
Another example of using hash functions for verifying the authenticity of a request for access. If computer access is protected by a password, such as logging in GNU / Linux one it requires that the computer can verify if the password is correct. But passwords are not stored on the computer because it would be too easy to read. But how does the computer sure the password typed is correct? When you choose a password on a computer, the system, in fact records, through a hash function, an imprint of the password to verify access, in the same way the password that was entered. And if the fingerprints are the same, it considers that the password was correct. It is therefore possible to verify that the password matches, without keeping the password itself!
1. Remember that these passwords are not used to protect data
The password of an account does not protect its data
All modern operating systems (Windows, Mac OS X, GNU / Linux) offer the possibility of having different users on one computer. We must know that the passwords that protect these users sometimes do not guarantee the confidentiality of all data. While it may be convenient to have your own space, with its own settings (bookmarks, wallpaper ...), but a person who would have access to all data on the computer there are no trouble doing: just plug the hard drive on another computer or start it on another operating system to access all data written to disk. Also, if using separate accounts and passwords can have some benefits (such as the ability to lock the screen when you move away a few minutes), it is necessary to keep in mind that it really does not protect the data.
Symmetrical, asymmetrical?
Encryption techniques mentioned so far are based on a single secret key, which allows both to perform encryption and decryption. In this case we speak of symmetric encryption. This is in contrast with the asymmetric encryption that does not use the same key to encrypt and decrypt. Also called "public key encryption", that is mainly used for communication "online" One of the most interesting properties of asymmetric cryptography is the possibility of digital signatures. Like its paper, a digital signature to affix a mark of recognition on the data. These digital signatures using asymmetric cryptography that is the easiest way to verify the origin of software. 1
1. can refer to the particular site http://www.cryptage.org/ and its bibliography
Choose appropriate responses
The panic has now taken hold of us. Everything we do on a computer betrays us, day after day. Moreover when we believe, wrongly, to be "safe." This part is explaining some ideas, just as important as they are general; we provide an overview of a methodology summary for anyone to answer the question: how to decide on a set of practices and adequate tools to our situation? We then describe some typical situations, which we call use cases to illustrate our point.
Risk Assessment
When we asked what measures put in place to protect data and digital communications, it becomes quickly realize that by the material, we advance a little in the dark. First, because most of the solutions that could be put in place also have their disadvantages: sometimes they are very difficult to deploy, maintain or use, sometimes there is a choice between different techniques, none of which completely meets "specifications" that one has set; sometimes they are too new to be sure they actually work, etc..
What does it protect?
As part of this text, we want to protect generally into the broad category of information: for example, the content of electronic messages, data files (photos, leaflets, address book) or very existence of a correspondence between such and such a person. The word "protect" covers different needs:
Privacy: hide information from unwanted eyes; integrity: store information in good condition, and prevent them from being changed without our permission. Accessibility: ensuring that information remains accessible to people who need them.
It is therefore to define, for each set of information to protect, the need for confidentiality, integrity and accessibility. As these will generally fall into conflict, we realize now that it will, eventually, set priorities and find compromises among themselves in terms of security.
Against whom do we want to protect information?
Quickly, the question of the capacities of people who would post what we want to protect .it is so hard to know what the best people can actually do and what means or what budgets they receive. Following the news, and various other things, we can realize that this varies greatly depending on who you are dealing with. Between the corner policeman and U.S. National Security Agency (NSA), there is a gap on the possibilities of action, means and techniques used. For example, the encryption is one of the best ways to prevent a person who lights, stealing a computer or seizure under legal access to all data residing there. But the laws in many countries have foreseen this: in the course of an investigation, a person must provide the encryption key to allow investigators access to data, or he may pay fairly heavy penalties. The law allows investigators with limited technical means to act against this type of protection, even if in reality we know of no case where this law was applied. At the same time, organizations have more resources, such as the NSA or the DGSE, and nothing is certain about their options. What did they advance in the field of cryptography cracking? Are they aware of flaws in some ways, they would not be disclosed, and that would allow them to read the data? On these issues, there is obviously no way to be sure that how do these entities act, but at the same time, their scope is limited, and there are few cases where we may be faced with them. It is also an important factor to consider: cost. Indeed, it means in place, modern technologies are complex, and their cost is high, it means they will be used only in specific cases and just as important to the people involved. For example, there is little chance of a computer under intense tests in costly expertise for a case of shoplifting.
Therefore, before seeking a solution, the question is who might attempt to gain access to our sensitive information, to discern whether it is necessary to look for complicated solutions or not. A completely secure computer is in any case impossible, as well as in this story, but rather to put obstacles in the way of those who might spy what you want to protect. The more we think how great these people, the more and strong poles must be used. Assess the risks, so it's primarily question: what data you want to protect, and who may be interested in these data. From here you can have a vision of what means they have (or at least, as far as possible, try to learn) and therefore define an appropriate security policy.
Define a security policy
A chain is only the strength of its weakest link. There is no point to install three huge locks on a security door located next to a dilapidated window frail. Similarly, encrypted USB key does not mean too much if the data stored therein is used on a computer that will retain various traces clearly on his hard drive. These examples teach us something, such "solutions" targeted are rubbish as they are not part of a set of practices articulated consistently. Moreover, the information sought to be protected are mostly related to practices outside the scope of digital tools. So it must be comprehensively assess risk and consider appropriate responses. Overall, but located: a given situation is a singular set of issues, risks, know-how ... and therefore opportunities. There is no miracle solution to suit everyone, and solve all the problems of a magic wand. The only feasible way is to learn enough to be able to imagine and implement a security policy appropriate to its circumstances.
A matter of compromise
You can always better protect its data and digital communications. There is no limit to the possibilities of attack and surveillance, or to devices that can be used to protect themselves. However, each extra protection you want to set up a corresponding effort in terms of learning, time, not only an initial effort to get started, to install the protection, but also very often a complex of Use extra time spent typing passphrases, perform repetitive and tedious procedures to focus attention on technique rather than the use that would be the computer. In each situation, there is a suitable compatibility between ease of use and the desired level of protection. Sometimes it is simply no compromise: it is sometimes concluded that the efforts would be needed to protect against a credible risk would be too painful, and it is better to take the risk ... or simply not use of digital tools to store some data or to talk about certain things. There are other ways, with proven efficacy for a long time: some manuscripts of the Bible have survived for centuries, buried in jars stored in caves...
How?
To answer the question: what set of practices, tools adequately protect me against the risks previously evaluated? For example you can do your current practices, and put yourself in the shoes of the enemy - as sickening as it is - you ask the following questions: 1. Faced with such a security policy, what are the angles of attack the most practicable? 2. What are the means to implement to do this? 3. Do you think these methods can be used by opponents? If you answer "yes" to the third question, take the time to learn about solutions that would protect against these attacks, and then imagine the changes caused by these practical solutions and security policy that result. If it sounds feasible, put yourself in the shoes of the enemy, and ask yourself again the matters set out above. Repeat this process of reflection, research and imagination to find a feasible way, a tenable compromise. In case of doubt, it is always possible to ask a trustworthy person and more skilled in the art to get into the skin of the opponent will be pleased to see that you made yourself the bulk of reflection, which will encourage definitely help you on the issues that remain beyond your reach.
A few rules
Before looking more closely at the case study and practical security policies that could be put in place, there are some principles, some large families of choice...
Simple Vs complex
Security, a simple solution should always be preferred to a complex solution. First, because a complex solution offers more "attack surface", that is to say more places can reveal security problems ... which will surely happen. Second, because a solution is more complex, it takes knowledge to imagine, implement, maintain ... but also to examine, evaluate its relevance and its problems. What is that, in general, a more complex solution, the less it will have undergone sharp eyes - and outside - to establish its validity. Finally, quite simply, a complex solution, which does not entirely in the mental space of the people who have developed, is more likely to generate security problems resulting from complex interactions of individual cases or difficult to detect. For example, instead of spending hours to set up systems to protect a particularly sensitive computer against intruders from the network, it may even possible to remove the network card physically.
White list, black list
The current reflex, when we learn a threat, we try to prevent it. For example, after discovering that such software leaves traces of our activities in such case, this site would be cleaned regularly. Up to discover that the same software also left its mark in another file, and so on. The principle of the blacklist: a list of folders that store temporary files, software that send reports, etc... And this list is completed over the discoveries and surprises, on this basis, we trying to do our best to guard each of these threats. In other words, a blacklist operates on the basis of trust-but-in-some-cases. The principle of the white list is reversed, as that is the suspicion-but-in-some-cases. It prohibits, except what is explicitly allowed. It prohibits the registration of files on the hard disk, except in one place, at a particular time. Software are prohibited from accessing the network, except certain software well chosen.
Those are the basics.
Any security policy based on the principle of the blacklist is a big problem: such a list is never complete, because it only considers the problems that have already been identified. It is an endless task, hopeless, to maintain a black list, so we can do it ourselves or we delegates to people with computer sharp skills, and something is better to be forgotten.
The problem is that despite their defects, tools based on a blacklist approach abound (as we shall see), as opposed to those based on the method white list. Implement the white listing approach therefore requires that an initial effort, it can be important, is soon rewarded: learning to use a live system that does not write anything on the hard drive without being asked, it takes considerable time, but once done it is better than long sessions of hard drive cleaning, that always inefficient because based on the principle of black list. Another illustration is provided by antivirus software, designed to prevent the execution of malicious programs. Because they operate on the principle of the blacklist, their databases must be constantly updated, always it is late. An answer to this problem, with the white list approach, is to prevent the execution of any program that has not been previously recorded, or limit the policy options for each program, these techniques, known as Mandatory Access Control, also need to maintain lists, but it is in this case white lists, and a symptom of an outdated list will be the malfunction of software, rather than hacking into the computer. Also, it is much more interesting to have the means, where possible, to rely on white lists the largest possible, in order to do lots of cool things with computers, with some confidence and build, when the white list is not adequate, solid on blacklists of known provenance, keeping in mind the intrinsic problem with the blacklists method is that will eventually complete, but sharing our discoveries.
1. The terms "white list" and "black list" can evoke a racist dimension, whether the terms themselves, or their ranking. However, it seemed unwise not to use the terms established and currently used by all programs, manuals and other technical documentation.
We're not robots
Some practices can be very demanding ... devilishly effective until we make a mistake. So as we end up necessarily make one, it is better to anticipate rather than pay the piper. For example, a USB flash drive intended for use only on computers using a free system, and we really careful not to leave, may still end up being forgotten on a table ... and be connected to Windows by a person who has confused with another. But if it was formatted from the beginning with a file system compatible with Windows, it should limit the damage... In short, we are not robots. It is better to give solid material safeguards, to impose itself as an endless vigilance - it also provides peace of mind.
Use-by date
Once you defined security policy, do not forget to review it from time to time! The world of computer security is evolving very quickly, and a solution considered reasonably safe today may well be easily challenged next year. We shouldn’t forget to think in our security policies it is important to monitor the software life which depends on: their problems, with an impact on safety, their updates , sometimes with good or bad surprises ... All this takes a little time, and as foreseen from the start.
Use case
It is enough of theories, now we illustrate these concepts with some use cases: from situations, we will indicate the method used to define an appropriate security policy. Many of the technical solutions will be explained in the following, to which we refer as needed. Concepts in this section go on the assumption that all the computers involved are never connected to networks, and especially the Internet.
Use case: a new beginning
(How to clean a computer after years of reckless practices)
Context
Consider a computer used without special precautions for several years. This machine may pose one or more of the following: 1. Hard drive keeps track of past events; 2. The operating system is proprietary software (eg Windows), and full of malware. In addition, troublesome files are stored in a perfectly transparent. Indeed, this computer is used for a variety of popular activities, some of which, dare we admit, are perfectly legal, such as:
listen to music and watch movies made over the Internet; help undocumented immigrants to prepare their cases for the prefecture; draw a nice greeting card for Grandma; manufacture of false documents menus greatly simplifying administrative procedures (inflate payroll, when you are tired of being denied rentals, apartment based apartment ') maintain accounting family; produce text, music or videos of "terrorists" - more precisely threatening, according to the European definition of terrorism a "cause [...] massive destruction [...] an infrastructure [...] may [...] to produce economic losses considerable, "" in order to [...] unduly compelling public authorities [...] to do or abstain from doing any act "for example, employees of your Telecom, in a struggle threaten to put out of harm's billing system, and thus enable users to make free phone calls.
1. Framework Decision 2002/475/JHA of the Council of the European Union on the fight against terrorism, June 13, 2002. http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32002F0475:FR:NOT
Assess the risks
What does it protect? Now we were talking of risk assessment:
Confidentiality: prevent an unwanted eye falls too easily on the information stored in the computer; Integrity: prevent such information from being modified without our knowledge; Accessibility: ensuring that information remains accessible when you need it.
Here, accessibility and confidentiality are paramount. Against whom do we want to be protected? This is important: according to the answer given to it, the policy can vary. The legal consequences This computer may be seized during a search. For example, your son has generously donated a gram of shit to a friend broke, which, after being caught, the police informed of the origin of the thing ... as a result of what your son is considered criminal trafficker drugs. Hence they search. In such cases, the computer is very likely to be examined by the police, jeopardizing the goal of confidentiality. The range of means likely to be implemented will be the policeman, turning on the computer and clicking everywhere. The legal expert will examine much more closely the hard drive; however it is unlikely that extra resources used by legal expert that usually is in the hands of special services and military centers. Burglary This computer could be stolen during a burglary. Unlike the police, the thieves may not have much to do with your little secrets ... and do not denounce. Worst of all is that they recover your data. However, it is unlikely to implement major ways to find them on the hard disk of the computer.
Define a security policy
Ask yourself now, by putting you in the shoes of the opponent, the issues outlined in our methodology.
First step: just open the eyes to see
1. It is practicable to connect the hard drive on another computer, examine its contents, and find all your little secrets. 2. Means necessary: a different computer will be used to find the bulk of your secrets, a court expert, can also find files you thought you deleted; Nostradamus deduce the date of exercise of your seedlings. 3. Credibility of the attack: high. We must therefore adapt your practice. Against such attacks, encrypt the hard drive is the obvious answer: install and use a numerical system is now relatively simple. So the steps to do would: 1. Launch a live system to do the following in a relatively safe: o temporarily save the files that need to survive from the spring cleaning; on an external drive or an encrypted USB drive o eject / unmount and disconnect the external storage o Delete "for real" the entire internal hard drive of your computer. 2. Install a free operating system, especially the installation program to encrypt the hard disk, with virtual memory (swap) included. 3. Copy data previously saved to the new system. 4. Establish what is needed to delete files in a "secure" way. 5. Clear the files that are on the backup media temporarily, which may eventually reuse. And then from time to time, be sure that deleted data without special procedures are not recoverable in the future. It will also ensure regular updating of the system to fill the "security holes" that could be used by malicious software. This route seemed feasible.
Second step: the dresser drawer was not encrypted
1. The equivalent of the files sought to be protected behind perhaps in the next room, in the third dresser drawer, on paper or on a memory stick. 2. Necessary means: search, burglary, or other cold call. 3. Credibility of the attack: high, it is precise
4. Against this kind of situations we are trying to protect here. Again, there is a security policy must be thought as a whole. Without a minimum of reasons in practice, there is no point to bother to type passphrases long as a day without bread. It is time to sort the papers in the drawers, and clean up any USB key, CD, DVD with data we now calculate: 1. 2. 3. 4. save to support the encrypted data to be retained for USB sticks and external hard drives: delete content for real for CD and DVD: destroy and dispose the waste Decide what to do on previously saved data: the copy on the hard disk or newly encrypted archive.
Third step: the law as a means of coercion
1. The police have the right to require you to give access to encrypted information, as explained in the chapter on cryptography. 2. Means necessary: sufficient persistence in the investigation to enforce this law. 3. Credibility of the attack is still depending on the police to find incriminating evidence on the computer. Within the strict framework of the investigation by the gram of shit, it's unlikely but not impossible. If the police comes to demand access to encrypted data, will arise in practice, this question do information in the computer incur more risk than the refusal to give the passphrase? It depends how we feel. Give in this situation, do not talk about encrypting whole point of hard drive: he can at least find out what was revealed. That said, it may be appropriate to organize them to live under such a delicate situation: the new goal could be to have an enough "clean" hard so that it is not the disaster if we give it to the law, or if the cryptographic system used is broken. As a first step, it is often possible to compromise on access to files on completed projects which we will not need often, we treat this in the case of use of the archive, and it is good to study after this one. Then, the question of compartmentalization arises, in fact, it is possible to increase overall security, again, the security level of all activities carried out ... it would be too painful to use. It is therefore necessary to specify the respective requirements in terms of confidentiality for these various activities. And from there, to sort out and decide which, more "sensitive" than others, should receive preferential treatment.
Step Four: Networking
All concepts in this section are valid for a computer offline. Other angles of attack are conceivable, if connected to a network. In the next section of this guide book we explain the study in details.
And beyond these problems, several angles of attack are still possible against such a security policy.
Angle: a breach in the encryption system used
As already explained in these pages, any security system is eventually broken. If the encryption algorithm is broken, it will make the headlines, everyone will know and it will be possible to react. But if its implementation in the Linux kernel is broken, it will not go in release distribution. It is better that only experts in computer security be informed. For example, a way to stay current is to subscribe to security announcements of Debian website 1 . The emails received in this way are in English, but they give the address of the page where you can find their other translation. That said, even if the encryption system used is "broken", it is still necessary that the opponents know it ... policeman will know nothing but a legal expert, though. Moreover, in the radius science fiction, remember that it is difficult to know what advances have military and government agencies - like NSA.
1. The mailing list is named Debian-security-announce. http://lists.debian.org/debiansecurity-announce
Angle of attack: cold boot attack
1. Angle: the cold boot attack is described in the chapter on traces. 2. Means necessary: physical access to the computer while it is on or off recently, for example during a search. 3. Credibility of the attack depends to our knowledge; this attack has never been used, at least publicly, by the authorities. So its credibility is very low. It may seem unnecessary to protect against this attack in the situation described here, but it is better to take, now, good habits, rather than have surprises in recent years. What habits? Here are some that make more difficult the attack:
turn off the computer when not in use; be possible to cut the power quickly and easily: switch easily accessible power strip, remove the battery from laptop when it is plugged in (... then you just have to unplug the power cord to turn off the machine); Make access to the compartment containing the RAM of your computer longer and more difficult, for example by gluing / welding.
Angle: the eye and video surveillance
Data confidentiality based on the fact that the passphrase is kept secret. If it is typed in front of a video surveillance camera, an adversary with access to the camera or its potential recordings can discover this secret, then enter the computer and access the data. A watchful eye in a bar could see the passphrase as it is typed. Such an attack requires monitoring who uses this computer, until one of them types the passphrase in the wrong place. It may take time and it is expensive. In the situation described here, such an attack is pure science fiction at present, few organizations able to implement means, apart from various special services: anti-terrorism, espionage... To guard against such an attack, you should:
choose a long passphrase , making it impossible to recall "on the fly" by a human observer; Check around, looking for potential eye (human or electronic) side, before you type the passphrase.
Angle: the non-encrypted and BIOS
As explained a "cipher" is not entirely: the small program that asks us to start the encryption pass phrase from the rest of the data is stored unencrypted on the part of the hard drive called boot. An attacker with access to the computer can easily, within minutes, modify the software, install a keylogger, which will retain the passphrase to pick it up later, or simply send it through the network. If this attack is mounted in advance, the adversary can decrypt the hard drive when he will hear the computer during a search for example. The means to this attack are: there is no need to be Superman to get access for a few minutes, the room where the computer resides. The only protection against this attack is feasible to store the startup programs, including this little non-encrypted file ( /boot ) 1,2 on external media like a USB key, which will be permanently stored in a safer place as the computer. It is the integrity of the data, not confidentiality, which is then protected. This practice requires a lot of skill and discipline; we do not develop in this guide. In next section, we show how to have complete installation of operating system in your USB key. Such practices is useful when once obtained physical access to the computer, if /boot is not available and therefore not modifiable. It is possible to perform the same type of attack on the BIOS of the machine. This is slightly more difficult, because it depends on the model of computer used, but it's possible. We know no way to protect them.
1. http://www.bootdisk.com/bootdisk.htm 2. https://help.ubuntu.com/8.04/installation-guide/i386/boot-usb-files.html
Angle: malware
We learned in a previous chapter that the software installed on a computer without our knowledge can steal data. In this case, such software is able to transmit the encryption key from the hard drive to an opponent ... then he will get through this key, access to encrypted data, when he has physical access to the computer. Install malicious software on the Debian system discussed here requires the skills of the highest level of the attacks discussed above, but also more prepared. Such an attack is therefore, again,
science fiction, at least in regard to the situation at hand. In other situations, it should sometimes be extremely careful about the source data and software that is injected into the computer, especially when connected to the Internet... The recipe for installing software provides some useful leads on how to properly install new software.
Angle of attack: brute force
Attack to a cryptographic system by "brute force" is the simplest, dumbest and slowest ways. But is usual when you cannot implement another kind of attack... For hard drive encrypted in step 1, it takes considerable time (many years) and/or a lot of money and specialized skills ... at least if the passphrase is strong. Even if an organization is ready to use many resources to access your data, they rather to set up one cheaper and equally effective, listed above of the attacks.
Working on a sensitive document
Context
After a fresh start of the computer used to carry out this project that was equipped with an encrypted system, then you need to work on a particular project, the more "sensitive", such as:
a leaflet must be written; a poster should be drawn; a book must be design then exported to PDF; leakage of information must be organized to reveal the awful practices of an employer; A film must be edited and burned to DVD.
In all these cases, the challenges are much the same. Since it would be too difficult to increase the overall, again, the security of the computer, it was decided that this particular project should receive preferential treatment.
Conventions vocabulary
Subsequently, we will name:
Working files: all files needed to carry out the work: images or footage used as bases, documents saved by the software used, etc..; The work: the final result (leaflet, poster, etc.).
In short, the raw material and finished product.
Assess the risks
We now try to define the risks that expose the practices described in this use case. What does it protect?
Confidentiality: ensuring that no unwanted eye finds the work too easy and / or work files; Integrity: ensure that these documents may be changed without our knowledge; Accessibility: to ensure that these documents remain accessible when needed.
Here, accessibility and confidentiality are paramount. Accessibility is important, because the main objective is still to achieve the work. And term of confidentiality, it all depends on the publicity of the work. Restricted to work If the content of the work is not completely public or completely secret, we hide both the work and work files. Publicly disseminated work If the work is intended to be published, the issue of confidentiality is reduced to that of anonymity. Working files better go under the carpet: in fact, discovered information on a computer reveals that its owners have done the work ... with potentially unpleasant consequences this may have.
But that's not all: if the work, or intermediate versions are stored on this computer (PDF, etc...), Date of creation is most likely stored in the file system and the metadata. The fact that this date is prior to the publication of the work can easily bring adversaries to draw conclusions about its annoying genealogy. Against whom do we want to protect them? All possibilities described in this guide: the computer used to perform the work can be stolen, more or less accidentally, by any cops or robbers.
Addicted to Windows?
The first question that arises is: which operating system to use? It depends, of course, the software used for this project: If you are running GNU / Linux, continue reading this chapter to study the options available to us. If you work only on Windows (unfortunately), there are still feasible paths that can limit the damage. Come to see what this road looks like, ignoring the following paragraphs, which are dedicated to GNU / Linux.
An overview of available tools
Problems to the initial situation are the same as “a new beginning.” But before putting on the table your potential security policies, we are launching a quick overview of available tools and methods. Blacklist vs. white list We have already seen an encrypted Debian system; it retains fewer traces of our activities on the hard disk. The problem with this approach is that it is a type of "black list", and we have explained the limitations in these pages: regardless of the time, regardless of expertise we put on work, even with an especially understanding of the bowels of the operating system, we always forget one little option hidden, there will always be unwanted traces which we had not thought of. Instead, some live systems operate on the principle of "white list" as we do not explicitly request, no trace is left on the hard disk.
Consider only the standard "confidentiality"; the live system is better than installation version. Live system problems A live system has its value, but also is a source of inconvenience. For example, if our favorite software not given in the live system, which is indispensable to the project must:
Authors of the live system could add the desired software; install the software in the live system at the beginning of each work session; Build a custom version of the live system, integrating the software, which is not (yet) an easy operation to the time of writing.
... And it happens that none of these solutions is feasible without risking a nervous breakdown. However, the other hypothesis is not easy: to limit the traces of an encrypted Debian system – it means that extend the blacklist of undesirable marks - is an infinite task, which in addition requires a good understanding of the operating system, and the results still largely unsatisfactory. Therefore, most experienced people who participated in the writing this project now advise the use of live systems suitable for working on sensitive documents ... as far as possible.
Some tips to decide
Let us now try to dispel the confusion that has been created by this overview. It is not always easy to decide between these two options. If required software for the project is installed on your favorite live system, then the answer is simple: use it as much as possible. This is the safest and, in this case, less difficult to implement. In this case, we will discuss a security policy based on it. Otherwise ... it gets complicated. We gave three tracks there is little to use still a live system that is missing software: ask the authors of this system to fill the lack; install the missing software each time you use the live system, or make a customized version of the live system. Although they require effort, these tracks deserve to be tried and that’s why we list them. If any of these works, the question is answered, it is sufficient to establish a security policy based on the use of a live system. If the hypothesis of the live system seems at this stage, hopelessly impractical, we will have to make our decision, like it or not, to do without live system ... and limit the damage as much as possible and this case should be taken carefully and consider a security policy based on Debian encrypted .
Note that it is possible to install a Debian in Virtual Box, but this is for experienced users.
Working on a sensitive document with a live system...
After presenting the context in the beginning of the use cases, we have decided to use a live system, and now it is time to explore its limits.
The live system
All systems are not particularly live for the practices. It is therefore important to choose a specifically system designed to (try to) leave no trace on the hard disk of the computer which it is used. The tool on how to use a live system provides a method to select, download and install a live system "discreetly".
The USB key
All sensitive documents will be stored on a removable storage medium such as a USB drive. Most operating systems keep track, like the serial of the USB drives that are connected. So it is best to bring a new USB key that will never be connected to something other than a live system. This USB drive must be encrypted. The encryption operation must therefore also be done from the chosen live system. For this, we must start the live system previously installed, and then follow the steps needed to complete the encryption of USB.
Limitations
Some limitations common are to this method and that based on an encrypted Debian that is discussed below.
Working on a sensitive document on a Debian encrypted...
After presenting the context in the beginning of this guide, and we decided, despite all the problems it poses, not to use a live system, we are now trying to find a way to limit the damage somewhat.
Step one: where one starts
After a fresh start, the computer used to conduct this project was equipped with an encrypted system. Consider also the second step (the dresser drawer was not encrypted). All of steps mentioned above remain under construction, which detailed the main possible attacks in this situation. We are now trying to deal with some of them.
Second step: the drawers full of holes, but still drawers
The third stage of the new departure suggested to have a hard enough "clean" so that it is not a disaster if we give it to the law, or if the cryptographic system used is broken ... and that's what we trying to do. As a first draft, here is a possible method: 1. Before starting work on this particular project, create a new user, which will be dedicated on the Debian system. 2. The whole session on this project must take place by logging on the system, as the dedicated user. 3. Any working file associated with this project will be stored on removable media and encrypted (USB key, external hard drive). 4. At the end of the project, will be cleaned: o archive files that are worthwhile, already stored on external media encrypted, but other aspects are taken into account: So it is still necessary to refer to use cases o Delete "for real" external media encrypted; o Delete the system user dedicated to the project; o Delete "for real" files belonging to that user on the system's hard drive; o Delete "for real" free space on the hard drive. Most of the more obvious traces of this project are separated from the rest of the system:
work files are stored encrypted on external media, which can be conveniently "put away" when not in use;
Configuration files of the dedicated user, and the history of his operations, are stored in his personal file.
These two locations are properly cleaned when the project is completed, if the disaster (if your system is in the law hand and they discovered a problem in the cryptographic system) comes after the fact, residual traces on the hard disk will be less obvious and less likely that if we had done it in the ordinary way. To establish such a working method look at use cases include:
create a user ; encrypt a USB drive ; archive a completed project ; Delete a user ; Delete "for real”.
Step Three: holes, our drawers?
Now consider the holes that weaken the drawers of the previous step. If the disaster occurs during the project If the disaster occurs during the project, the hard drive of the computer certainly does not contain explicitly, work files, but it contains all the tracks. Without evidence, it is probably sufficient for anyone 1 to build a firm belief about the nature of the work. If the disaster happens later Even if the disaster happens after the project ends, and after cleaning recommended here, it would be wrong to feel immune, because as the beginning of this guide explains, the major disadvantage of the method described here is that it is based on the principle of black list, a principle widely criticized in these pages ... and there will always undesirable marks, which we did not think, on the hard disk of the computer used, in addition to those we know well now : newspapers, RAM and "virtual" automatic backups. ... And even more complicated than that Some limitations common to this method that based on a live system are discussed below.
1. The baker of the village, the journalist of Le Figaro, even a judge.
Working on a sensitive document on Windows...
After presenting the context in the beginning of this guide and we decided using Windows, despite all the problems it poses, we are now trying to find a way to limit somewhat the case.
Starting point: windows or a sieve of security holes
Start a computer as the classic from a hard disk where Windows is installed. We will not dwell on this; the first part of this work has extensively described the many problems it poses. Windows is a sieve, in short, full of security holes. One can imagine sticking a few patches on the sieve. A hard disk is hidden and can be dismantled. But there are times when it is used, sometimes days or weeks. This patch is based on two assumptions:
We're lucky. It is sufficient that the accident (search, burglary, etc...) Occurs at the wrong time. Our discipline is quite strict. Indeed, if we forget or we do not take the time to go "store" the hard drive when no longer needed, and the accident occurs, that time is lost, end of the game.
In addition, tools exist to encrypt data on Windows. Anyway the fact remains that those tools must rely on the features offered by the black box that is Windows. We can not therefore be wary, and in any case, Windows will have access to our data clearly, and no one knows what it can do. To conclude this short tour in the court of doubtful miracles, adding that; the only "solution" in this case would be a black list approach, including the crass inefficiency has been explained previously.
Second step: Windows in a locked compartment (almost) tight
A serious solution would be to run Windows in a sealed compartment, and open it when needed knowingly, through a door to allow it to communicate with the outside so strictly limited. In other words, implement this solution based on a logic type of white list: nothing could enter or exit from Windows; we allow exceptions on a case by case reflecting on their impact.
Virtualization one can implement such systems. This is a set of techniques that allow hardware and software to run multiple operating systems, separately from each other (almost) on a single computer as if they were working on separate physical machines. It is relatively easy these days to run Windows inside a GNU / Linux, by cutting all network access at the same time - especially in the insulation of the Internet. Caution: It is advised to read this entire chapter before rushing on practices; description of the hypothesis is quite long, and its limitations are discussed at the end of this chapter. It would be a shame to spend four hours to follow these recipes, before realizing that any other solution would, in fact, more appropriate. Begin by summarizing the proposed hypothesis. The idea is to run Windows in a sealed compartment inside an encrypted Debian system like that has been mentioned before. What will be the hard drive for Windows; it is actually a large file, stored next to all our other files on the hard drive of our encrypted Debian system. This file, which really has nothing in particular, called a virtual disk image, sometimes abbreviated as a disk image. The fact is that this pseudo-disk is a file, which more accurately describes the proposed procedure.
1. For more information, see: Wikipedia on the subject. https://secure.wikimedia.org/wikipedia/en/wiki/Virtualisation
Install Virtual Box
We describe how to install Virtual Box software, which will be used to run Windows in a sealed compartment.
Install "clean" Windows in Virtual Box
Prepare an own virtual disk image: this guide "explains how to install Windows in Virtual Box by cutting off all network access from the start. From that time, we call Windows system invited by the encrypted Debian system, which in turn is the host.
Install the necessary software in the "clean" Windows
Now in the "clean" Windows you need necessary software 1 for the works: it will avoid it again at the beginning of each new project ... and it will prevent to use a "dirty" Windows image for a new project. Since the guest Windows is not allowed out of the box to get the files itself, it is necessary to send from the "outside" the necessary software installation files. Such an operation will also be useful later, to send all kinds of files. For now, as we are preparing an image of 'clean' Windows as the basis for each new project, do not hurry up at all, and let to send only what is needed to install the software you want. Create, on the host system, a folder named Windows Software, and then copy only the files needed to install the software you want. Then share this folder with the guest Windows, without making the division permanent recipe “send files to the virtualized system, " that explains how to do it practically. And regarding to the installation of the software within the guest Windows: a person who is addicted to Windows enough to read these pages is, undoubtedly, more competent than those who write these lines. Caution: Once that's done, it is imperative to do nothing else in this virtualized Windows.
1. If it is necessary to hide who produces films, having video editing software can be compromised because it would be difficult to deny the activity if necessary.
Freeze "clean" Windows
Now Freeze the disk image that has been prepared, it means: We save it in a corner. Thereafter, it will no longer serve as a starting point.
New project, new beginning
A new project requiring the use of starting Windows, here's what happens: 1. Clean the disk image is cloned to give rise to a new disk image, identical in all respects, is thawing; 2. the new disk image, after thawing, can now be started as a watertight compartment, it will be used exclusively for the new project, and is now a dirty image; 3. In this new dirty image, a new Windows user is created, the name given to it must be different each time of a new project and that user will be used exclusively for this new project. This is because the software tends to write the name of the current user in the metadata files that are recorded, and it is better to avoid making possible untoward overlap. The technical information for creating a new virtual machine from a clean image is explained in details. Now that we have a watertight compartment, see how to open doors selectively, as needed.
How to send files to the imprisonment Windows?
Since the guest Windows is not allowed out of the box to get the files itself, it may be necessary to send it from the "outside", for example:
Raw material ( images or text from other sources); Software required for new project, and not in the thawed virtual image.
We have already seen how, but it was a very special case: the installation of new Windows software in a "clean" guest. Share files with a "dirty" Windows requires more thought and care, we will now study it. The approach is slightly different, depending on the medium, to import files (CD, DVD, USB folder on the encrypted hard disk system), but the precautions for use are the same:
Windows should only have access to the files you want to import. This is not about to give it access to a folder that contains, pell-mell files for projects that should not be cut between them. That means starting with a separation phase and storage. When Windows needs to read (copy) the files in a folder, it is given only read access to that folder. You give the right to write to Windows here or there, it will leave the least annoying trace.
Note that, when deciding to share a folder on the host system with a guest Windows, Virtual Box proposes to make the permanent division. It avoids re-handling whenever it is necessary to send a file to the guest Windows, but it involves the risk of drop files in that folder without thinking that they can be read by Windows and its minions. Therefore, to avoid mix brushes, we recommend:
create a folder to import the project; name this folder as explicitly as possible, for example: readable file by Windows; Never share other folders with the guest Windows.
The section “send files to the virtualized system" explains how to do it practically.
How to get files from the imprisonment Windows?
The guest Windows is not allowed, by default, leaving traces outside its sealed compartment. But almost inevitably comes when it is necessary to make out the files, and then we need to allow, explicitly for example:
To take the box to copy, or at the printer, exporting a PDF file; To send project on DVD, or the freshly made film.
When you need to get a CD or DVD not encrypted, and the host machine is equipped with a burner, just "lend" this device, temporarily to the guest Windows to burn on this system. There is no requirement to recover the files to a non-encrypted, it is possible to export them to an empty folder, dedicated to this use, and store on an encrypted volume that can be:
an encrypted USB key, which activates on Debian by typing the same passphrase; The hard drive of Debian which is encrypted by the host office.
This dedicated folder will be shared via Virtual Box with the guest Windows. Emphasize the words empty and dedicated: Windows can read and edit this folder content, and it would be wrong to allow it to play back when we only need to export a file. To avoid mix brushes and limit contagion, we recommend:
create an export file per project; name this folder as explicitly as possible, for example: Directory where Windows can write; Never share other folders with the guest Windows, apart from the import folder that is necessary as mentioned in the previous paragraph.
Sections “recover files from a virtualized system "and" encrypt a USB "explain how to do it practically.
When the project is completed
When this project is completed, it is necessary to clean, but all above: 1. The resulting work is exported to the appropriate media (paper, VHS, etc..), with the help of the preceding paragraph that explains how to get files from the guest Windows; 2. If necessary Work files are archived. Then it comes the time of spring cleaning, eliminating as much as possible traces of the completed project from the host system:
The image of dirty disc is removed and delete the Virtual Box "for real"; Imported file is deleted "for real"; The export folder is deleted "for real" ... after checking for last time, that everything must be kept has been archived elsewhere.
Sections “erase disk images "and" delete files "explain how to perform these operations.
Another new project?
If a new project you want to do and it requires also using Windows, do not reuse the same dirty Windows. Begin it on new disk image and new windows.
Third stage: possible attacks and measures
The hypothesis described above is based on the use of the Debian as host, in the first stage. All attacks on the encrypted Debian are applicable to this solution. It is now time to study the corresponding cases, especially from the second stage. Back again? But it is good. If, despite these concerns, the assumption that we have just described seems to be an acceptable compromise, it is now necessary to learn about the limitations shared by all alternatives considered in this case to use. Suppose that one of the attacks described from the third stage “seems credible. If successful, the contents of the encrypted hard disk of the host system would be readable clearly by the attacker. Yet our work files contained in the virtual disk image used by our guest ... Windows is a ambiguous file on the hard disk of the host system. These work files, and any trace recorded by the software used in Windows, and then become readable by the attacker. We will consider two tracks to limit the damage. One is to type "black list", the other is a "white list".
Store the virtual disk image out of the hard disk Of the host system
One idea is to store virtual disk image used by the Windows guest out of the hard drive of the host system. For example, on an external encrypted hard drive. So even if the disk is decrypted on the host system, our work files remain inaccessible ... as long as the external hard drive that contains them, properly "stored." This approach is to type "black list" with all the problems it poses. Work files and Windows are certainly taken from the host system's hard drive, but do not forget one thing: these data will be used by software run by the host system, namely: VirtualBox. In next we explain that still various traces remain, on the internal hard drive of the computer used. To follow this track:
Learn about the limitations shared by all alternatives considered in this case to use; Refer to the recipe used to encrypt an external hard drive.
Use a live system as host
The counterpart of this approach "blacklist" is a solution of type "white list", combining the use of a live system, and storing virtual disk image on an encrypted external hard drive. To follow this track:
learn about the limitations shared by all alternatives considered in this case to use; Refer to the recipe used to encrypt an external hard drive, and one that explains how to use a live system.
Common limitations to these security policies
Any security policy studied here is vulnerable to a number of attacks. It is based on an encrypted Debian system, a live system, or the spell of the infamous Windows. Steps 4 and 5 of the new start are exploring some of the imaginable attacks, in science fiction; it is depending on the time, place, actors and circumstances. Now is the time to read them again with open eyes.
Moreover, the " issues "addressed in the first section, are relatively general, so it may be appropriate to reconsider the actual situation precisely, for example in particular cases of electricity, magnetic fields and radio waves , and the effects of different cookies .
Use case: archive a completed project
Context
A significant project is near to complete, for example, a book was printed and a film was edited, compressed and burned to DVD. In general, there will be no longer necessary to access permanent work files (high-resolution imagery, uncompressed footage). In fact, it may be useful to be able to find them later, e.g. for a repeat, an updated version... Suppose that a system is particularly susceptible to attack that is frequently used as extracting information from the computer that rarely used in daily use. Moreover, it is easier to deny any links to files when they are stored on a USB stick.
Is it really necessary?
The first question to ask before archiving such files is: is it really necessary to keep them? It is sometimes the best solution.
Assess the risks
What does it protect? When we were talking of risk assessment, we should consider these cases:
Confidentiality: prevent an unwanted eye falls too easily on the archived information; Integrity: prevent such information from being modified without our knowledge; Accessibility: ensuring that information remains accessible when you need it.
Here, accessibility is secondary for privacy: the whole idea of archiving: making data access more difficult for everyone to give them a better confidentiality.
Against whom do we want to protect them? The risks considered in our “new beginning "apply here as well: a burglary, a search; that is not directly related to protecting information you want here. Add to these risks, the possibility that the book, film or any other product is related to Commissioner, Minister, CEO or equivalent. It happens. Assume that:
That authority has heard evidence to suspect him who committed the masterpiece; This authority is able to mandate a cohort of heavy armed men, in the morning on the homes of suspects.
Such an inappropriate intrusion will lead to a minimum, the seizure of any computer equipment that can be discovered. This material will then be given by the intruder to other henchman authorities, who practice a kind of autopsy to uncover the data on this material.
Method
The simplest method at present is: 1. Create a USB key or external hard drive encrypted ; 2. Copy the archived files to this device; 3. Delete and overwrite the contents of working files. After these steps, the key or hard drive can be stored in a place other than the computer used commonly. One might consider using CD or DVD, for their low cost, but at present it is more difficult to quantify correctly the data on these media.
What is a pass phrase?
Since the files will be stored in encrypted form, it is necessary to choose a passphrase. However, since the purpose is archiving, the passphrase is not often used. And a pass phrase often used is likely to be forgotten ... making it impossible to access the data. Faced with this problem, we can consider some ideas. Write the passphrase somewhere The difficulty is, we should store this document in order to find it ... but not for others to locate and identify it as a passphrase.
Use the same passphrase for its system daily The passphrase of daily system, if it is encrypted, is a phrase that saved regularly, which is likely to remember. For cons:
If one is forced to reveal the common passphrase, access to the archive is also possible; It is necessary to have very strong confidence in the computers which you will access the archives. Otherwise, one can get "bitten" without his knowledge, the passphrase; can then be used to read not only archived information, but also all data stored on the computer.
Share the secret to many It is possible to share a divided secret to many. This requires several people to gather to gain access to archived content: it can make it difficult for both desired and undesirable access.
A hard drive? A key? Several key?
Depending on the choices made above, including the passphrase, one wonders what media to use. Knowing that technically, now the easiest way is to have a single passphrase support. An external hard drive can hold more data than a USB key, and is therefore sometimes necessary: to archive a video project, for example. Store several projects on the same support allows you to simplify the task, but it becomes difficult to separate the projects according to the desired levels of confidentiality. Moreover, by doing so, people can access the archives of a project also have access to others, which is not necessarily desirable. Furthermore, if the passphrase is a shared secret having a support that can be transmitted, is much easier access to people who share the secret.
Tools
In this third part, we will explain how to apply in practice some of the tracks mentioned above. This part is a technical appendix to the previous: once understood the issues related to privacy in the digital world, once selected the appropriate responses, remains the question of "How?” which this Annex provides some answers.
Effective Use of methods
The tools and recipes that follow are very partial solutions, which are not part of a set of practices articulated consistently. Dip into the toolkit without having previously studied the part about choosing an appropriate response and set a security policy, is a wrong way to solve a particular problem.
You can’t please everyone
Assume, for most recipes in this guide, we use GNU / Linux with the GNOME desktop have been written and tested under Debian GNU / Linux 6.0 (codename Squeeze). However, these revenues are generally prepared with other Debian based distributions, such that Ubuntu: http://www.ubuntu.com/ or gNewSense: http://www.gnewsense.org/Main/HomePage . If one does not use GNU / Linux, may refer to use a new start or use a live system.
The correct interpretation of tools
In a number of tools, procedures are presented step by step, and explain, whenever possible, the meaning of the proposed actions to perform.
Use a terminal
Often, we use a personal computer by clicking on menus and icons. However, there is another way to "talk" by typing bits of text that are called "commands". We call this way of interacting with a computer "terminal", "shell" or "command line". This guide seeks whenever possible to avoid the use of this tool, which is quite confusing when you are not used to. However, its use has sometimes been necessary.
What is a terminal?
A detailed explanation on the use of command lines is not the purpose of this guide, and the Internet is full of tutorials and courses one . However, it seems necessary to ask some basics on how to use it.
So we'll just start by opening a terminal: a standard GNOME desktop, simply click Applications → Accessories → Terminal. A window appears that says: LOGIN @NAME_ OF_ THE_ MACHINE: ~ $ At the end is a square, called "slider", which is where to enter the command text. Specifically, with the login name roger and a machine named debian, there will be like this: roger@debian:~$ █ It is from this state, called the "command prompt", which can directly type the commands you want to run on the computer. The net effect of these commands is often the same as that which can be obtained by clicking the right place in a graphical interface. For example, if in the terminal you just opened, we type gedit as an input, the result is opening a text editor. We could have done exactly the same thing by clicking Applications → Accessories → Text Editor gedit. By cons, we can’t enter a new order in our terminal as they will not leave the text editor. In this guide, the t the terminal is mainly used to perform actions that are not offered by graphical user interface (GUI) for now.
On orders
Orders are orders as we give to the computer through the terminal. These "command lines" have their own language, with their words, letters, and their syntax. Some remarks on the subject are therefore useful.
Syntax An example, taken from a tool that will be presented later: sfill -l -v /home ^^^^^ ^^ ^^ ^^^^^ program option option argument In this command line, you can see, in order:
Command is called sfill. The command is usually an installed program on the system;
Two options, -l and -v that modify program behavior sfill. These may be optional depending on the program (and beginning with a dash or two for them to be distinguished); An argument /home, which states that on which the command will work. There may be several, or none, depending on the order.
Each of these elements must be separated from the others by one (or more) space (s). So there is a space between the command and the first option, between the first option and the next, between the last option and the first argument, between the first and subsequent arguments, etc. To know the available commands, their options and arguments, no mystery: each order normally has a manual page. To access, simply go to System → Help and then in man pages. But these may be difficult to understand in appearance of technical, and are usually available in English.
Inserting the path of a file When using a terminal, it is often necessary to specify folders and files. It is talk of "path" because it usually describes which folder and subfolder is a file. To separate a file in it, use the character / (pronounced "slash"). As an example, here is the document path recipe.txt which is located in the Documents folder of the account's alligator: /home/alligator/Documents/recipe.txt Like many commands expect the file names as arguments, it becomes tedious to type their full path names by hand. There is one simple way to insert a path: when you catch the mouse icon to a file, and it is moved to release the terminal, the path is written where the cursor is. However, this works with real files or folders and will not work, for example, for files in the trash, the folder icon on the desktop or USB keys.
Execution Once we have entered an order, we ask the computer to the "run" by pressing the Enter key.
End or interruption of the order The execution of the command takes more or less time. When completed, the terminal always returns to the state it was before it issues the command, the "command prompt"
roger@debian:~$ █ We then say that the terminal "makes by hand.” If you want to interrupt the execution of an order before it is finished, you can press the Ctrl key and while keeping this button press the C key. Then the order is stopped immediately, just like when you close the window of a program.
Typography Most of the symbols used to enter commands are full of common symbols. When a command uses the symbol " - " it is only the" dash "that can be obtained by typing. Other symbols are rarely used outside the terminal, but are available with standard keyboards. They are even shown on the keyboard, and accessed using the right Alt key, denoted AltGr. Here, based on a standard PC keyboard French, the correspondence of a few buttons with the symbols they write and their names (although some will actually be used in this guide):
Keys AltGr + 2 AltGr + 3 AltGr + 4 AltGr + 5 AltGr + 6 AltGr + 8 AltGr + 0 AltGr +) AltGr + =
Result ~ # { [ | \ @ ] }
Symbol name tilde sharp brace left bracket pipe backslash at sign right bracket right brace
Names to replace Sometimes we will name something that has been found for later use. For example, suppose that the identifier is LOGIN. We're working under the identifier: daisy. When you write "type LOGIN replacing LOGIN ID by its own account ", it will actually hit daisy. If you type LOGIN, it will not work...
Terminal? Terminal administrator?
In the menu Applications → Accessories there are two inputs to obtain a terminal: Terminal and Terminal administrator. The first allows a terminal works only with usual command. It therefore cannot be used to perform special operations such as creating an encrypted partition. The symbol at the end of the "command prompt" will be one dollar ( $ ). The second command provides a terminal with administrative rights. This is also called a root shell that will have access to the entire system, without restriction ... with the risks involved. The symbol at the end of the "command prompt" is a hash ( # ).
Another warning
Moreover, orders must be typed accurately. Forget space, omit an option, the wrong symbol, be inaccurate in an argument changes the direction of the order. And as the computer does exactly what is asked, if we change the order, it will do exactly nothing...
Exercise
We will create an empty file named "test", which will then remove. In a terminal, enter the command: Touch test And press Enter so the computer executes it. The command: touch gave the order to create an empty file; the argument test gives the name of this file. No options are used.
One can then verify the file was created by running ls (which means "list"): ls Once the order is initiated, the computer responds with a list. On the one used for testing, we have: Desktop test Desktop is the name of the file that already existed, and test is the file name that you just created. Another computer could have responded with many other files in addition to Desktop and test. That meets the command ls is just another way to see what can be obtained elsewhere. By clicking on the desktop, the icon of the personal file, it may be noted in the file browser the appearance of a new icon representing the file test that you just created... We will now delete this file. The command line to do is a general syntax: rm [options] DELETE_ A_ FILE_ NAME We will use the option -v. To insert the file name to be deleted, we will use the trick given above to specify the path of the file. We will therefore:
type rm -v in our terminal, type a space to separate the option -v of the sequence, In the Personal Folder window, we will take with the mouse the icon of the test and place in the terminal.
Similar to windows that we use: “del name of the file” (by drag and drop in command prompt called CMD) At the end of this operation, we should get something like: rm -v '/home/LOGIN/test' We can then press the Enter key and see that the computer responds: « /home/LOGIN/test » deleted This indicates that it has deleted the requested file. You can still check his absence by launching a new ls : ls
you should note the absence of test in the list. On the same computer as earlier, this gives: Desktop And the icon should also have disappeared in the file browser. Apparently it was removed ... although, as explained in the first part, the content still exists on disk. As it was an empty file named "test", we can say that this is no big deal.
Watch out for signs!
Most shells automatically log the command line that was typed in a "history". It is convenient to find the latest order that we could use, but it also leaves a trace on the disk of our business. The standard shell in Debian is called bash. To temporarily disable the recording of history in the terminal that is used, simply do: unset HISTFILE Furthermore, the commands are stored in the cookie .bash_history (found in the personal file). We therefore might want to clean from time to time.
To read more
This first experience could be the beginning of a long passion. To maintain it, nothing better than taking the time to read “Starting console " and using the terminal in Linux from related websites.
1. http://ubuntu-en.org
Choose a passphrase
A passphrase is a secret that is used to protect encrypted data. This is used to encrypt a hard drive, documents... When we speak of a password, we consider a pass phrase must consist of at least 10 words. A good passphrase is a passphrase which one can remember, and must be impossible to guess. A simple technique to find a good passphrase difficult to guess, yet easy to remember is to use song lyrics: 1. We often do not sing aloud. 2. Avoiding the chorus, find a verse that you like. 3. Consider this verse and transform it somewhat. For example, we can put the punctuation, replace the words by writing SMS, etc.. Whenever we need to type the passphrase, we sing our own song (mentally). It is best to avoid accented characters or other symbols are not directly available on a U.S. keyboard. This can avoid problems with missing buttons, and especially bad character encoding. For example: There's a dark secret in me don’t leave me locked in your heart We can transform it like this: There is a DARK secret in me: do not leave me locked in Ur heart! I am sure you can find numerous methods to use complex passphrase.
Boot from a CD or USB stick
We'll see how to start a PC to external media, such as a Debian installation CD or a live system on a USB key. This is played early in the boot of the computer in the BIOS. We have seen that it selects the device (hard drive, USB drive, CD-ROM, etc.), Where you want to use the system.
Try simply
Put the CD in the drive, or connect the key, and then (re) start the computer. Sometimes it works alone. If it is working, reading more is useless!
Trying to choose the boot device
Of the recent BIOS, it is often possible to choose a boot device on an individual basis. (Re) start the computer by looking carefully at the very first messages that appear on the screen. Search for messages in English that look like:
Press [KEY] to select temporary boot device [KEY] = Boot menu [KEY] to enter MultiBoot Selection Menu
These messages say to use the key to select a boot device. This key is often F12 or F10. On the Mac, there is an equivalent of this option: immediately after turning on the computer, you must press and hold the alt key (sometimes labeled option). After a while, you should normally appear the Boot Manager. Let back to our PC. Often, the BIOS is going too fast, you do not have much time to read the message, understand it and press the key. Never mind, once identified the correct key, reboot the machine and press the question (do not press and hold, but press and release several times) when turning on the computer.
With a little luck, a message like this appears: +----------------------------------+ | Boot Menu | +----------------------------------+ | | | 1: USB HDD | | 4: IDE HDD0: BDS GH87766319819 | | 8: Legacy Floppy Drives | | | | <Enter Setup> | If it works, you win. Choosing the right entry in this menu, moving with the arrow keys ↑ and ↓, then press Enter. For example, to boot from a USB flash drive, choose USB HDD. The computer should boot from the selected device. More is useless!
Change the BIOS settings
If selecting a temporary boot device does not work, we have to get into the BIOS to manually select the boot order. To spice up the thing, the BIOS are almost all different, so it is impossible to give a recipe that works consistently one. Enter the BIOS Again, (re) start the computer by looking closely at the first messages that appear on the screen. Search for messages that look like:
Press [KEY] to enter setup Setup: [KEY] [KEY] = Setup Enter BIOS by pressing [KEY] Press [KEY] to enter BIOS setup Press [KEY] to access BIOS Press [KEY] to access system configuration For setup hit [KEY]
These messages say to use the key [KEY] to enter the BIOS. This key is often Delete or F2, sometimes F1, F10, F12, Esc, Tab (↹) or something else. The following table summarizes the access keys in BIOS for some common manufacturers of computers 2 .
manufacturer model Keys observed Acer Recent models F2, delete Acer Old models Ctrl+Alt+Esc, F1 AST, ARI Ctrl+Alt+Esc, Ctrl+Alt+delete Compaq Recent models F10 Compaq Old models F1, F2, del CompUSA del Cybermax Esc Dell Recent models F2 Dell Old desktops Ctrl+Alt+Enter, del Dell Old laptops Fn+Esc, Fn+F1 eMachines Tab (↹), del, F2 Fujitsu F2
manufacturer model Keys observed Gateway F1, F2 HP F1, F2, Esc HP tablet PC F10, F12 IBM Recent models F1 IBM Old models F2 IBM/Lenovo Recent models F1, F2 IBM/Lenovo Old models Ctrl+Alt+F3, Ctrl+Alt+Ins, Fn+F1 Intel Tangent del Micron F1, F2, del NEC F2 Packard Bell F1, F2, del Shuttle F1, del Sony F1, F2, F3 Tiger del Toshiba F1, Esc Toshiba Equium F12
Often, the BIOS is going too fast, and we did not have time to read the message, understand it and press. Never mind, once identified the correct key, reboot the machine by pressing the button in question (do not press and hold, but the press and release it several times). Sometimes you need to reboot and try again... If an image is displayed instead of the message we hoped, it may be that the BIOS is configured to display a logo rather than messages. Try pressing Esc or Tab (↹) to see the messages. If the computer starts too quickly to allow time to read the messages it displays, it is sometimes possible to press the Pause button (usually top right of the keyboard) to freeze the screen. Press again any key can "unfreeze" the screen.
Change the boot sequence Once in the BIOS, the screen is often blue or black, and full menus. In general, an area at the bottom or right of the screen explains how to navigate between the options, how to change tabs ... It is often in English. The keys to use for moving are usually described as, for example ←↑↓→: Move. These are the arrow keys ↓ and ↑ and / or ← and →. Sometimes the Tab key (↹) is useful too. BIOS screen
The idea is to dig into it until you find something that contains boot, for example:
First Boot Device Boot Order Boot Management Boot Sequence
If no, try something like Advanced BIOS Features.
Once found the correct input, and then find how it is changing. For example: Enter: Select or +/: Value . The goal is then to put the CD or USB first, according to which you want to start. Sometimes you have to enter a submenu. For example if there is a menu Boot order and it is written in support Enter: Select, press Enter to reach the menu. Other times, the options are changed directly. For example, if an option as First boot device and is written using +/-: Value, press the + key or - until the correct value, such as IDE CDROM, is selected. Sometimes it is rather to use the Page Down key or Page up key. Other times, they are like keys F5 and F6. At other times, these keys are used to up and down the device in a list corresponding to the boot order. How to choose new configuration Once we managed to select the right support for starting, we must ask ourselves if we want to leave it forever or not. If you want to leave, it may be useful to place the hard drive second in the boot sequence. Thus, if the first support is absent, the computer will boot to the hard drive. If you do not put the hard drive in the boot, the computer will not start over, even in the absence CD or USB drive. However, the fact of leaving the computer boot from external media can have unfortunate consequences: it becomes a little easier for a hacker to start using this support, for example to carry out an attack. One can certainly set up the BIOS password to access the computer, which must be entered before any startup. But it is useless to count on it to protect anything: this protection can mostly be circumvented easily. Save and Exit Once the new configuration is established, it remains to save and exit. Again, read the help screen, such as F10: Save . Sometimes you have to support one or more times so hit Esc to get the right menu. A message will appear asking if you are sure you want to save and exit. For example: +-------------------------------------+ | Setup Confirmation | +-------------------------------------+ | | Save configuration and exit now | | | | <Yes> <No> | | | +-------------------------------------+ We really want to save, so we select yes and press Enter.
1. Protocols illustrated for some BIOS are available on http://www.hiren.info/pages/biosboot-cdrom 2. Sources: http://pcsupport.about.com/od/fixtheproblem/a/biosaccess_pc.htm and http://michaelstevenstech.com/bios_manufacturer.htm
Use a live system
A live system is GNU / Linux system that works without being installed on the hard disk of the computer. Warning, this does not mean that there will be no traces on the hard disk, for example, many live systems use the swap space present on the hard drive if they detect it. In addition, they sometimes use them to automatically detect partitions.
Discrete live systems
By cons, some systems are designed specifically for live to leave no trace on the hard disk of the computer on which they are used, unless it is not specifically asked to do so. There is then (if the people behind the live system have not deceived) nothing written on the hard disk. Everything will be done from the live system will only be written in memory , which fades more or less alone for real when we turned off the computer, at least after a while. Use of such live systems is one of the best ways to use a computer without a trace. We see here how to get a live system, and how to start it. The usual way to use a live system is to burn a CD. This is called a Live CD. However, it is also possible to use a live system that does not record anything on the computer from a USB stick. However, it is possible to write data to a USB key that it is not possible on a CD, there are fewer guarantees for the people who wrote the live system and have made mistakes. It also becomes easier for attackers to change your live system, for example, saving your passwords and your keystrokes.
Download a live system
Tails is available for download on the web page: http://tails.boum.org/download/index.en.html https://tails.boum.org/download/index.fr.html It can be downloaded either directly with a web browser (via HTTP), or using BitTorrent. BitTorrent is a protocol for file sharing "Peer-to-peer” and therefore allows all the computers that perform the download to participate in the distribution files. This requires the use of dedicated software for download. Where possible, this method has the advantage of ensuring availability of some files in case a problem happens on large servers with direct download. If you choose to download the image directly with their web browser, you can go directly to verify its authenticity.
Download torrent
To download publications in peer-to-peer, you must first download a small file, called a torrent. This file contains information that will be required to download software to find the source files that are to be obtained. On the download page for Tails, we can see that is mentioned a number of BitTorrent. They correspond to the latest recommended version of Tails. It may be useful to understand how these files are named:
the architecture for which it works, such as i386 and PowerPC ; Version, for example 0.7.
There are also several extensions for the same file names:
The files .torrent corresponds to the torrent that can download the live system. The files .asc contain cryptographic signature .torrent .
So we will download the file .torrent to our architecture - select i386 which is more popular.
Download the image of the live system
On a standard Debian, simply double-click the file .torrent downloaded, and the software will start downloading. A window showing the files that are downloaded will open, after checking the destination folder, simply click Add to start the download. If the BitTorrent client does not open by itself, we will open it by hand:
Debian or Ubuntu; the menu Applications → Internet open the Transmission BitTorrent client. If not there, it is necessary, first, install the package transmission-gtk ; Mac OS X; it is also possible to install Transmission ; http://www.transmissionbt.com/download Windows; you can install the free client Vuze. http://www.vuze.com
Verify the authenticity of the live system
The downloaded image of the live system is signed with GnuPG, which uses asymmetric encryption. The download page for Tails gives an outline to perform the operation.
Install the live system on the selected media
According to a version that was downloaded to CD or USB drive, how to install it on the medium in question is different.
Burn a CD
The downloaded file is an "ISO image", that is a file format that most CD burning software recognize as "raw CD image." In general, if you insert a blank or rewritable disc in the drive, and right-click the downloaded file and choose Burn a disc; burning software will do writing the image on the CD. On Windows, if you do not already have software capable of burning ISO images, free software InfraRecorder (www.infrarecorder.org) will do the job.
Perform a raw copy to USB
The downloaded ISO image is a bit special, and can also be used to start the live system from a USB stick. Now the problem will be to make a copy of the raw image into the USB which is not quite the same as a classic print, such as copy / paste. Now bring a blank USB key one .
The path of the USB
For further operations, it is necessary to determine the name that the system assigns to the USB drive. To do this, we will start the Disk Utility from the menu Applications → System Tools. Once it opened, you can plug the USB drive. An entry is in the list on the left. After selecting, the disc information appears on the right side of the window. Next to the tag device, you can read the path of the USB drive. It should look like /dev/sdx . From the perspective of the computer, this is the path of the USB key, we will write later in place of the device. We must also ask the system no longer deal with what it contains. Always in the right part, we will then select in turn each of the drawn volumes. Each time, we will click on Unmount the volume if this button is available. Rather than closing the Disk Utility, it is better to minimize its window. We will still need it. Start copying raw We will now open a Terminal, while keeping a mouse click on the icon of the downloaded ISO image. We will start by typing the command: cat Then add a space and we will indicate the source of the copy. To do this, we must, with the mouse, grab the icon of the ISO file and drop it into the terminal which appears like: cat '/home/lea/Desktop/tails-i386-0.7.iso' It's still not finished, because we must now specify the destination of the copy, by adding at the end of our command: > THE_ DEVICE
Once done, the full command should look like: cat '/home/lea/Desktop/tails-i386-0.7.iso' > /dev/sdx The copy starts as soon as we press Enter, and then only shows a simple square to the next line. After patience, you can close the terminal. Then remains to reopen the window of the Disk Utility and click on Disconnect safely to ensure that the copied data on your USB stick have arrived at their destination. We can then close the Disk Utility.
1. Data at the beginning of the key will be lost.
Boot from a live system
When copying or burning is complete, you can restart the computer with the support of the live system, and verify that the copy is working ... we have configured the BIOS to boot from the right support.
Install an encrypted system
We have seen that any computer - except with some live systems - leaves everywhere traces of open files, performed work, Internet connections, etc... We also saw that system encryption is a way to expose a little, data stored on the computer and the traces it leaves behind. It is possible to install a GNU / Linux Debian as 1 , an encrypted part of the hard drive. At startup, the computer will ask for a passphrase to releases the encryption disk, which provides access to data, and allows the system startup. Without passphrase, anyone who wants to view the contents of the disc will face to undecipherable data.
1. To encrypt the hard drive during installation of Ubuntu, it is necessary to use the CD named alternate install: http://www.ubuntu.com/download/ubuntu/alternative-download http://www.ubuntu.com/download/ubuntu/download
Limitations
Warning: This simple encrypted installation does not solve all the problems of confidentiality. It protects the data under certain conditions.
Limits of an encrypted system
We highly recommend reading the following prerequisites:
encryption and limitations Studying in detail the practical limitations of such a system and possible attacks against it.
Otherwise, the installation of an encrypted system can provide a false sense of security, the source of many problems.
Limits of a new facility
When installing a new system and starting from scratch, there is no simple way to verify that the installation CD is reliable and does not contain malware. Sometimes it will eventually realize and perhaps it is too late...
Limitations in the management of equipment
Use a free operating system like Debian has a disadvantage: the manufacturers of equipment have generally little attention. Sometimes it is not so easy or completely impossible to use a computer or one of its devices with Debian. The situation has improved in recent years: the operation of the equipment tends to homogenize, and especially the spread of free systems will help manufacturers to improve directly or indirectly, their equipment operation one. However, before replacing an operating system, it can be a good idea to ensure that the necessary hardware works well with a live system. Tails, for example, is based on Debian. The hardware that works with one should work with other without difficulty.
1. For some materials, problems may come from defects in the functioning of integrated firmware. These problems can be corrected by updates provided by manufacturers. This can be a good idea to make update the BIOS, the Embedded Controller or other components prior to installation. Unfortunately, these procedures differ too much from
one material to another to be detailed in this book, but can usually be found on the manufacturer's website ...
An installation media
For installing the system, the simplest is to use a CD, DVD or USB stick. However, Debian has several variants, and it is therefore necessary to first choose the best method suited to your situation.
The installation CD
The fastest way is to use an installation CD. The CD contains only the first pieces of the system. It then downloads software to install from the Internet. This requires that the computer you want to install Debian is connected to the Internet, preferably via a network cable (not Wi-Fi, which rarely works inside the installer). Files (also called "images") containing a copy of the installation CD are on the site of the Debian Project 1 . You should download the one whose name ends with amd64-i386-netinst.iso , this image will work on all home computers manufactured after 2006 2 .
The DVD with the graphical environment
You can also download a DVD containing all the basic system with the usual graphical environment. This requires access to a DVD or a USB drive of sufficient size. There are several installations DVD, depending on the processor architecture. On the site of Debian, the architectures are called amd64 3 and i386 4 . Most new computers (PC and Mac) run faster with the architecture amd64. This is at least the case for computers containing Athlon64, Athlon X2, Turion 64, Phenom, Core 2, i3, i5, i7. For older PC, use i386 . The computers which capable to operate in amd64 are also capable to operate in i386, so it is preferred architecture in doubt. Only the first DVD is needed to complete the installation. The file name to download should look like: debian-6.0.1a-amd64-DVD-1.iso .
Use a USB key
The Debian installation system can transfer the contents of the installation CD, or the DVD, to a USB flash drive dedicated to this. Then we can install Debian on a computer without a CD or DVD. Transfer the DVD requires a USB key with a capacity of more than 5 GB and installation CD by the network requires a USB key with a capacity of 512 MB. Please note that this operation requires using whole capacity of the USB.
1. The images of multi-architecture network installation: http://cdimage.debian.org/debiancd/current/multi-arch/iso-cd/ 2. For the "old" Macs (iBook G4, for example), it is necessary to use the image whose name ends with powerpc-netinst.iso which can be found on http://cdimage.debian.org/debiancd/current/powerpc/iso-cd/ . Note: It is not possible to transfer that image on a USB key. 3. The installation DVD for architecture amd64 : http://cdimage.debian.org/debiancd/current/amd64/iso-dvd/ 4. The installation DVD for architecture i386 : http://cdimage.debian.org/debiancd/current/i386/iso-dvd/
Check fingerprint of the installation media
It is good to check the fingerprint of the downloaded image and verifying the authenticity of the downloaded installer. In addition, if the software has not been verified but use to check the print, , it may be corrupted.
where you downloaded the image from the installation media, download files SHA1SUMS and SHA1SUMS.sign ; If we only have a live system , it is possible to put the downloaded image on a USB drive, then check the fingerprint from the live system; check the GnuPG signature of the print, available in the file SHA1SUMS.sign ; Finally, check that the fingerprint of the downloaded file is the one expected.
Prepare the Installation Media
Once the image of the installation media is chosen and downloaded, we still have to transfer it to a CD, DVD or USB stick.
Burn installation CD or DVD
The downloaded file is an "ISO image", a file format that most CD burning software recognizes it as "raw CD image." In general, if you insert a blank disc in the drive, we do a right click on the file and we choose Burn a disc. Burning software transform the image to the blank disc - at least, it works with Tails, and more generally on Debian or Ubuntu. On Windows, if you have not already installed software capable of burning ISO images, free software InfraRecorder (http://infrarecorder.org ) will do the job.
Create a USB installation
To create a USB installation, you must do the following from a system based on Linux as Debian or Tails. Bring a blank USB key. The present data at the beginning of the key will be lost. Identify the location of the USB For further operations, it is necessary to determine the name that the system assigns to the USB drive. To do this, we will start the Disk Utility from the menu Applications → System Tools. Once it is open, you can plug the USB drive. An entry should appear in the list on the left. After selected, you can read the disc name in the right, under the title Hard, next to the tag device. It should look like /dev/sdx : thus the computer has identified the storage medium that can just connect. That's what we will write later in some commands, instead of the_device. We must ask the system not to deal longer with what it contains. So on the right side; we select each of the volumes drawn. Each time you click on the Remove button if this volume is available, then click lock the encrypted devices for each encrypted partition. Instead of closing the Disk Utility now, it is better to minimize its window, we will still need it. Start copying raw We will now open a Terminal, while keeping a mouse click on the icon of downloaded ISO image. We will start by typing the command: cat
Then add a space. We will indicate the source of the copy. To do this, we must, with the mouse, grab the icon of the ISO file and drop it into the terminal. After releasing the button, it should appear look like: cat '/home/domi/Desktop/debian-6.0.1a-amd64-i386-netinst.iso' It's still not finished, because we must now specify the destination of the copy, by adding at the end of our command: > The _device Once done, the full command should look like something this: cat '/home/domi/Desktop/debian-6.0.1a-amd64-i386-netinst.iso' > /dev/sdx The copy starts as soon as we press enter. After it, you can close the terminal. Then the window reappears from the Disk Utility and you click on Disconnect safely to prevent any damage to the newly copied data on your USB stick.
Put the "firmware" on a USB stick
Some devices may require the computer to function; the system provides them with a "firmware" The firmware is a program that has the feature to run on computer chips and not on the computer processor. An example is a program that controls the movement of mechanical parts of a hard drive or operation of a radio Wi-Fi card. Most of the firmware are delivered directly with the hardware. Unfortunately, most of the firmware are not free. So we have to put all non-free firmware required to operate the computer to the installer: for example the one for Wi-Fi cards. Even if it is highly unlikely, it is conceivable that the microcode owner of a Wi-Fi card is spying on us without our knowledge. Get additional firmware Much of the non-free firmware is still distributed by the Debian Project. They come in an archive named firmware.tar.gz that can be downloaded on the page: http://cdimage.debian.org/cdimage/unofficial/non-free/firmware/squeeze/current/
Use a USB key in addition to a CD or DVD If you use a CD or DVD to complete the installation, it is necessary to copy additional firmware on a USB key. It is possible to use a USB drive that already contains data, but the key should not be encrypted. To do this, create a new directory in the key that you named firmware Archive Manager) the contents of the archive that you just downloaded.
1
, and extract (with
Simply (with a GNU / Linux) double-click the file firmware.tar.gz you just downloaded. Archive Manager opens: click on the Extract button in the top menu and then select the folder location as firmware of the USB key. We can then remove the key. Use a single USB If you are installing from a USB stick, it is possible to copy the firmware on the same key. For this, we must first open the Disk Utility from the menu Applications → System Tools. Then:
plug the USB into the computer; select the USB drive from the list on the left; In the right side, click on the area indicated as free volumes under the title; click on the Create a partition; choose FAT as the type and firmware as the name; Click on the Create button.
We can now close the Disk Utility; use the Archive Manager to extract the contents of the archive downloaded previously on the space of the USB firmware, and then remove it.
1. The directory name should really be firmware, otherwise it will not work.
The actual installation
Install the Debian from the installation media (CD, DVD or USB key). From there, the actual installation can begin: plan ahead of time and some crossword puzzles, because the computer can work longer without special supervision. Check, in the case of a network CD installation, the connecting cable of the computer should be connected to the network. The Debian installer has its own documentation 1 . If you are in doubt from reading the steps described below, it may be worthwhile to check it out. Moreover, for most choices it asks us to do, the installation program will automatically offer us an answer that could work in most cases...
Launching the installer
So we start from the installation media (CD, DVD or USB stick). The first menu named Install boot menu appears. In case we chose a multi-architecture CD, some options will be present in duplicate, marked as "64-bit." The option selected automatically by the installer will be installed or install 64-bit. For second case, the installation program has detected that the processor is compatible with the architecture amd64, which provides some advantages in terms of safety. It is more convenient to use the mouse during installation, and choose Graphical install, and rather 64-bit graphical install, if 64-bit install was selected on its own. This choice is made by moving the keys ↓ and ↑. Once selected the correct line, you must press the Enter key to start the program after installation.
Choose the language and keyboard layout
After a little patience, a menu named Select a language appears: the installer offers to choose a language for the rest of the installation. Always move with the arrows, select English and press Enter. A menu asks the country to fine-tune the adaptation of the system. Choosing a location, and press Enter. In choosing the keyboard layout, the default English should be if you have an English keyboard. The installer then loads the files it needs.
Network hardware and firmware
After a loading time, the Debian installer will detect the network adapters in the computer. A number of network cards require that the system provides them a firmware to operate. If we have already prepared a USB drive installation plus the firmware, a screen asking us to accept a SOFTWARE LICENSE AGREEMENT, or something similar. After reading it, can be answered yes to continue. In most other cases, we will see a message indicating a list of missing firmware, and asking to insert a removable media. If we took care to prepare the USB stick containing the firmware added, it can connect and answer yes. If the message appears again, means that the key does not contain the necessary files 2 . It is beyond the scope of this book to indicate how to get all the firmware that may be helpful. Finally, do not hesitate to answer No ... in most cases; the installation will be continued without further incident.
Network configuration and name of the machine
The installer takes a little time to configure the network, and then requests the hostname. Choose a pet name for the computer. this name will then be visible from the network, and may also be part of the files created or modified with the system that is being installed. The installer asks for the Domain. Without going into details, it is better to leave this field empty (it is so clear that the program can eventually be pre-filled).
Choice Debian Server
If this question does not appear at this time, do not worry, it's because that the installer is not the one used by the network. In this case, it will arrive a little later during the installation.
The installer asks to choose the country of the mirror of the Debian archive. It then asked the mirror of the Debian archive to use. The default can be for example ftp.debian.org or ftp.fr.debian.org . The installer asks if you need an HTTP proxy. It is left empty. Then the installer downloads the files it needs to continue.
Create users and choose passwords
The installer now asks us to choose the password for the superuser. This is the password that will be needed to achieve the administration of the computer. It is possible to spare one additional password, and allow the first account created on the system has the right to administrative operations 3 . To do this, simply do not enter a password for the superuser: simply leave the box blank. However, this choice must be carefully assessed: often it is simpler to use this method, especially because there is not an additional password to remember. However, in its default configuration, it can allow any program launched in this account. Without this, we will ask for confirmation in advance, to perform operations with administrator privileges, for fifteen minutes after entering the password.
It is then necessary to confirm the password for the superuser account. In Full name of the new user, choose the name associated with the first account created on the system. This name is often recorded in the documents created or modified, so it may be worthwhile to choose a new nickname. In ID for the user account, choose a username (login) for the account. It is pre-filled, but can be changed. The installer warns, in case you want to change it, it must begin with a lowercase letter and be followed by any number of numbers and lowercase letters. The installer asks a password for the user who has the right to administer the computer, if you decided not to enter a password "root" above.
Partition disks
Then CD starts the partitioning tool. It detects the partitions, and will propose to change them.
In Partition disks, choose guided partitioning. In the partitioning menu, choose Guided - use entire disk with encrypted LVM. Choose Hard disk to partition on which to install Debian GNU / Linux. If you want to remove the currently installed system, it is generally the first record of the list. The installer then suggests different partitioning schemes. Here, there are several possibilities: o All in one partition still works; o If you have a large disk (not less than 20 GB), you can choose this to store the directory /home, which will contain your personal data in a separate partition.
The installer warns as it will apply the current pattern of partitioning, which will be irreversible. Since we did well to preserve and what we wanted to keep, answer yes to write changes to disks and configure LVM? The installer will then replace the old contents of the disk with random data. It's very long - several hours on a large disk - and it therefore leaves time for other things! The installer asks an encryption Passphrase. Choose a good passphrase and type it. Confirm the passphrase by typing it again. The installer displays a list of all partitions it will create. You can trust him and Finish partitioning and write changes. The installer warns that it will destroy all data on disk. The whole disc has already been filled with random data, so if it contained important data have already been erased. Reply yes to “Must apply the changes to the disks?” The installer creates the partitions, which can take a little while.
Installing the base system
The installer will now install a GNU / Linux minimal.
Select Software
Then it asks “Would you like to participate in the study on the use of statistical packages? “ You can safely answer “yes” to disclose much more information: since the software will Anyway downloaded from the Debian servers, they may already know what packages are used if they wanted. The installer asked what software to install. Its proposal agrees in general: Desktop environment and Standard system utilities, plus Laptop appropriate. Then, to reach the submit button, use the Tab key (↹). The installer then installs the rest of Debian GNU / Linux. It is long; there is time to go and do something else.
Install the GRUB boot loader
The installer offers to set up the boot program, which allows booting Linux on some of the hard drive called "boot sector". Answer yes and wait. When finished, the installer asks to leave the installation CD, and restart the computer. Eject CD or DVD and choose Continue.
Restart the system
The computer then boots the new system. At one point, it asks the passphrase on a black screen: " Enter passphrase: “. Type it without worry and press Enter at the end 4 , although nothing appears. After starting a number of programs, a screen appears with the name of the machine and the user account name entered previously. You have to select it, and then enter the password for. This is an encrypted Debian system ready for use. For who had never used to walk in it can be a good idea to become familiar. At the top of the screen, the Applications menu provides access to many software already installed. The help pages that contain many tips and tricks are accessible through the System menu → Help.
1. The installation manual is available in many versions to choose from on http://www.debian.org/releases/squeeze/installmanual.html or for French user here: http://www.debian.org/releases/squeeze/installmanual.fr.html . It is written for PC 32-bit or PC 64-bit depending on the version of the installer, you will use. 2. For example, the file names starting with b43 firmware are for a type of Wi-Fi card, which are not directly distributed by Debian. To run them, it will attempt to install one of the functional system packages: firmware-b43-installer, firmware-b43-lpphy-installer or firmware-b43legacy-installer. 3. This is called sudo, as in the terminal, it will be possible, adding sudo to the beginning of the line, execute a command as "superuser." 4. If you are not very comfortable with typing, often in the early days we make a mistake in the passphrase, and it is more probable that no character is displayed. Do not worry about the repeated errors, and insist to successfully enter the phrase without fail ... After some time, typing errors will be rare.
Some tips to keep
It can now be useful to learn back up data and delete "for real”. It is also important to learn to keep your system up to date and it is important to install patches when they become available.
Some documentation on Debian and GNU / Linux
Here are some references and documentation on Debian GNU / Linux:
The reference guide official Debian ; http://www.debian.org/doc/manuals/debianreference/index.en.html The home page of the official documentation for using Debian ; http://www.debian.org/doc/user-manuals The Formation Debian GNU / Linux: an excellent self-study about Debian in French. http://formation-debian.via.ecp.fr
You can find much documentation on the use of GNU / Linux. Although they are often very useful but sometimes have uneven quality. In particular, many of them stop working when part of the system will be changed, or will be very concerned with the privacy you would expect from your system. It is therefore necessary to think critically and try to understand before applying. Here are some references to wikis and forums:
The official Debian wiki; http://wiki.debian.org and http://www.debian-fr.org/ ANDESE: a wiki and forum in French on Debian. http://www.andesi.org
Select, test and install software
This section offers some recipes about the management of its software:
How to find a Debian package? When trying to achieve new tasks with a computer, it is often necessary to install new software; Which selection criteria? Sometimes you choose a program to perform a certain task, and then it is common to feel lost in multiple solutions available. How to install a Debian package? Once we know which package contains the software we want to use, it is time to install it properly; How to modify the Debian repositories? Debian package containing types of programs named deposits. If the deposits that come with Debian contain virtually all the software you might need, it is sometimes useful to add new repositories.
Find Software
Sometimes you already know the name of the software you want to install - because we were advised, it has been found on the Internet and we want to know if it is in Debian. Other times, you know only the task, you want to do. In all cases, the database software available in Debian, certainly answers our questions. Here are some tips to find what you looking for:
find an application applies to search a program that could be opened in the Applications menu, otherwise ... Find a Debian package can be applied in all cases. It gives more choice, where it is still easy to get lost. For example, when we find the German dictionary for OpenOffice.org, or codec, drivers, etc...
Find an application
Open through the menu System → Administration archive. Then there are two techniques to search an application: o Enter keywords or the name of the application in the search box at the top right. The search results appear below. Descriptions of less common applications are rarely translated into non-English languages. o Browse the categories and subcategories by clicking on the icons that represent them. In the application list, after clicking on an application, you can press more to see its detailed description, and often a screenshot. Just click on Install, to install it. It is likely that the computer asks us the password administration before proceeding. You can also check the changes will be made.
Find any Debian package
In the System menu, go to the Administration submenu, and open the Synaptic Package Manager. Since the package manager can change the software installed on the computer, and then to choose which programs we trust, we are reassured that we request our password to open. In the package manager, let's reload the list of available packages by clicking the Reload icon. The package manager then downloads the latest information on available packages from a Debian server. Then there are two techniques to search a package:
Click the Search icon in the toolbar. There, Info and verify the name is selected in Search. Then type a set of keywords in the search box (for example " German dictionary openoffice") and click on Search; o Select a category from the left column. The search results or the packages will appear in the list at the top right. By clicking on the name of a package, its description appears in the lower right. Now, it remains to install the corresponding package.
o
Criteria selection
It is sometimes necessary to choose a program to perform a certain task, and then it is common to feel lost in the multiple of solutions available. Here are some criteria to make a proper decision. The advantage of using open source software over proprietary software has already been explained. The following steps will therefore only use the free software available.
Installation mode
It is usually best to install software provided by the GNU / Linux distribution (e.g. Debian). There are two main reasons for this. First, a practical issue: the distribution provides the tools to install and maintain, more or less automated, a software package: it alerts us when a security vulnerability affects any software that is used. But when you install software that is not provided by distribution, you must remember to update, recognize security vulnerabilities that are discovered, manage dependencies between software. It takes effort, time, and skills. On the other hand, a matter of security policy: when GNU / Linux distribution is chosen, it was implicitly decided to give some confidence to a group of people. Install software that is not provided by distribution means a similar decision about a new set of people, a new process. Such a decision not taken easily: when deciding to install software not belonging to Linux distribution, we expand the set of processes and people who are given the confidence, and therefore it increases the risks.
Maturity of distribution
The novelty, washes whiter than white is often a trap. Better, if possible, to choose a program that has reached a certain maturity: in the software actively developed and used for at least a few years, chances to discover problems and fix them are the biggest... including security vulnerabilities. To see this, look at the history of each software on their website or in the file named Change log (or similar), usually delivered with the software.
Production process and “community”
The label free software is essentially a legal requirement, which should never be enough to inspire confidence. Certainly, the fact that software is under a free license opens up the possibility of sustainable development inspires confidence. But the people developing the software may well intentionally or unintentionally, discourage cooperation and work in isolation. What do we care when the program is legally free, and in fact, no one will never read the source code? It is therefore necessary to quickly review the process of software production in the running, with the help of the following questions, which will allow us to gauge the extra dynamism of the process:
Who develops? A person, persons, an entire team? Is there the number of people who contribute to the source code by increasing or decreasing? Is development active? It is about responsive, long-term monitoring of resistance. Software development is an endurance race, not a sprint.
What about collective communication tools that underlie the development (lists and chat rooms, for example):
Is there easy access to the discussions leading the development of the software? Do these discussions bring many people together? Do these people take it to its development, or they only use it?
What atmosphere prevails? Dead calm, dead silence, joyous cacophony, serious chilling, open arms, implied hostility, tender complicity, etc..? Will there the volume of discussion in recent months / years, by decreasing or increasing? More than the gross volume, it is important the proportion of messages getting answered: software mature, stable and well documented will not necessarily lead to discussions, but if nobody is there to answer questions from neophytes, it can be a bad sign. Can we leave our suggestions for improvement? If so, are they considered? Are the answers still given by a small number of people, or are there any practical wider supports?
Popularity
Popularity is a difficult criterion in software. The fact that the vast majority of desktop computers currently run under Windows does not suggest that Windows is the best operating system available. However, if this software is not used by many people, it is doubtful of its long-term if the development team had to stop working on this software, what would become of it? What will take over? It can therefore be, as a rule, it is necessary to choose a software used by a sufficiently large number of people, but not necessarily the most widely used software. In order to measure the popularity of software, it is possible, on the one hand, using the same criteria as those described above regarding the dynamics of "community" formed around it. On the other hand, Debian publishes the results of its popularity contest 1 , which compares not only the number of people who have installed a particular software, but even more importantly, the evolution in time of their popularity.
Increased security
Here again is a standard double-edged. We can start with a look at safety monitoring 2 proposed by Debian. In seeking software by name, you can have the list of security issues that were discovered and sometimes resolved. If this software has a perfect safety record blank, it may mean either that any one cares, or that the software is written in an extremely rigorous. If security flaws were discovered in the software, there are several implications, sometimes contradictory. 1. These vulnerabilities were discovered and corrected: So they no longer exist;
So someone was concerned to find them, and someone else to fix them: it can be assumed that attention is given to this question. 2. These flaws have existed: Software may be written without safety is a particular concern; Other faults may exist, undiscovered or worse, not yet published.
To refine our intuition with respect to this software, it may be appropriate to consider the criterion "time": for example, it is not dramatic as some flaws were discovered in the early software development, if none has been discovered in recent years. we can then put that on account of the mistakes of youth. Conversely, if new vulnerabilities are discovered regularly, for years, and until very recently, it is quite possible that the software still has many security problems ... totally unknown or unpublished. To illustrate this, it is possible to compare the historical flaws of Claws Mail: http://www.clawsmail.org and the Thunderbird: http://www.mozilla.org/projects/thunderbird.
Development team
Who wrote this software? If one was able to answer this question, various indices can help us determine the confidence that can be given to the development team. For example:
The same people have also written another program, we already use intensively, our impressions of the other software are very relevant in the context of this study. Members of the development team have addresses that end up @debian.org , and therefore have the right to modify the software provided by Debian GNU / Linux, if we use this distribution, we are already giving, in fact, some trust these people. Members of the development team have addresses that end up @google.com , indicating that Google's payroll if there is no doubt as to their technical skills, one wonders how their work is guided by their employer, it is worthy of no confidence in its intentions regarding your personal data.
1. http://popcon.debian.org/ 2. The Debian security team maintains information for each packet seen on the security tracker. http://security-tracker.debian.org/tracker
Install a Debian package Open the package manager
Once we know which package contains the software we want to use, we install it. For this, we will use the Synaptic Package Manager that can be opened from the menu System → Administration. Since the package manager can change the software installed on the computer, and then to choose which programs you trust, you are reassured with request a password to open.
Reload the list of available packages
At the package manager, let's reload the list of available packages by clicking the Reload icon. The package manager then downloads the latest information on available packages from the Debian servers.
Search the package to install
Then you will find the package you want installed. You click on the Search icon in the toolbar. There, if you know the package name, it is written in the Search box, and select Name in the drop down box labeled Search.
Select the package to install
Then it comes the phase of actual installation package found above. There are different ways to do so, depending on whether one wishes to use the version available in official repositories for distribution, or a package from another repository, for example for a newer version. To install the default version Normally, the desired package is now somewhere in the list of packages. Once found the corresponding line, right-click on it, and we choose Mark for Installation. If this package depends on other packages, the package manager opens a window where it asks whether to Allow make other changes? In general, the proposals are relevant and can accept by clicking Add to the selection. To install a particular version Sometimes you want to install a particular version of a package that is available. For example, if we added specific deposits. Instead of choosing Select to install, you must select the package you need with a left click, then choose from the menu package, force version ... The rest does not change.
Apply Changes
It is possible to repeat the last two steps to install multiple packages simultaneously. Once we have prepared this installation, it only remains to launch it by clicking Apply in the toolbar. The package manager opens a window where list everything it will do. Have a look to check it was right, and then click on Apply. The package manager then downloads the packages from the Internet, edited, and then installs them. Sometimes the manager says that some packages could not be verified: this information should not be taken lightly. In this case, it is better to cancel the download, click on Reload in the main menu and start over package selection. If the indication appears again, this may be the result of an attack, a technical failure or configuration concerns. It is better to refrain from installing new packages before identifying the problem. Finally, if all went well, the package manager window displays as what changes have been implemented and we can click on Close. Then it is a good idea to close the package manager to prevent it falling into other hands.
How can I change Debian's repositories?
Debian package containing the programs are called (Debian's repositories) or deposits. maybe the deposits that come with Debian contain virtually all the software you might need, but it is sometimes useful to install new deposits, as backports.debian.org which contains some more recent than those included in the stable distribution of Debian, or debian-multimedia.org containing codecs and multimedia software non-free, or prohibited in some countries, such as patent issues. Attention: add a new Debian repository on a computer has to decide to trust people who care for them. If backports.debian.org deposits are held by members of Debian, it is not the case for many other deposits. The decision to trust them should not be taken lightly: if the deposit in question contains malware, it would be possible to install on the computer without even realizing it.
Authenticity of the deposit content
The Debian repositories are signed with GnuPG keys. This is to ensure that their content was not altered by malice or simple technical problem. This section discusses how to quickly find and check a GnuPG key. This asymmetric encryption is a technique beyond of our purposes to explain in detail. Suffice it here to give a protocol to verify a key from an impression or "fingerprint". This simplified protocol has limitations: in particular, it checks the key from an impression (a kind of checksum). The confidence that we will give only the key is the fingerprint or check this impression from what is written in this guide, it means to trust the source from which it was obtained... Again, everything should be optimized between usability and security. For prints with confidence, it is best to check them one-on-one. Unfortunately, this is usually not possible in practice when it comes to the Debian repositories. This is not a reason not to check at all. As part of the first section of this guide which does not address issues related to the use of networks. Section two will address them further; the best we have found to use:
Fingerprints in this guide, which were verified on the Internet from many different connections require to trust the source; If possible, fingerprints can be found on other computers on which the deposits in question have been previously installed if it can be accessed.
This protocol is very far from certain. It is, however, a good way to install malicious software. Some fingerprints verified by us Two prints of deposits among the most used are reproduced below:
Deposit Date Footprint 1D7F C53F 80F8 52C1 88F4 ED0B 07DC 563D 1F41 B907
debian-multimedia.org October 1999 deb.torproject.org
September 2009 A3C4 F0F9 79CA A22C DBA8 F512 EE8C BC9E 886D DD89
Compare these fingerprints with those on other computers If we can have access to computers on which the deposits that you want to use have already been installed, we can cross the tracks in this guide with those present on these computers.
To do this on various computers, open a Terminal from the menu manager Applications → Accessories. Then type: apt-key finger Then press Enter. This gives a list of deposits key, each in the following form: Pub 2048R/886DDD89 2009-09-04 [expire: 2014-09-03] Fingerprint key = A3C4 F0F9 79CA A22C DBA8 F512 EE8C BC9E 886D DD89 uid deb.torproject.org archive signing key Sub 2048R/219EC810 2009-09-04 [expire: 2012-09-03] This is the third line of each entry gives the name of the repository. It is in this list to find the name of the deposit that we want. In the example above, we have: uid deb.torproject.org archive signing key It is therefore deb.torproject.org key. The matching fingerprint is on the line just above: Fingerprint key = A3C4 F0F9 79CA A22C DBA8 F512 EE8C BC9E 886D DD89 Then write down the footprint for future comparisons. Retrieve the key of a deposit from the Internet We must first open System → Preferences → Passwords and Encryption Keys.
from the menu Distant select Search remote key; In Search of the key container, type part of name of the desired key or identifier, such as "torproject.org" or "1F41B907" (for debian-multimedia), then click Search; A window containing remote keys [...] appears. Here we have for example "deb.torproject.org archive signing key" to identifying 886DDD89 ; Click on this key, and then click the Import button. We can then close the window with the list of keys found at a distance.
To ensure that the key you just received is the one expected, it is now checking its mark:
Once the key is imported, go to the other tab key in the main window. Select the key to check, in our example "deb.torproject.org archive signing key." Right Click with mouse and in context menu that appears, choose Properties. Go to the Details tab. Footprint in there is the checksum of the key. To ensure we have the right key Check that the fingerprint matches with that found before.
If this is the case, you can export the key to a file before adding it to the software that will use it to check the contents of the deposits. To do this, close the window with the properties, to once again right-click the key, this time choose Export ... and save, for example on his desk, accepting the default name. We can close Passwords and encryption keys.
Add a new deposit
From the menu System → Administration, open update sources. Since this software lets you choose which programs you trust, you are reassured to request password to open. Configure the location of the deposit Go to the tab Third party software and click on the Add button. Enter the address of the deposit in the box to add the APT Line dialog box. For example, to add the backports (newer programs that are included in the stable Debian) must be entered: deb http://backports.debian.org/debian-backports squeeze-backports main If you want to also install non-free software, you can add contrib , non-free and main. Instead of the previous line, we could enter: deb http://backports.debian.org/debian-backports squeeze-backports main contrib non-free Once done, simply click on Add source update. We must have a file that contains the key that is signed the list of packages to add the deposit, and checking the key. Download from a website and trust it blindly is not a good idea. Add a new key with confidence The deposit containing the backports has become an official Debian repository with the release of the version of Debian Squeeze. The key to trust is the same as for the rest of the official packages. If you wish to use the deposit deb.torproject.org, provided by the Tor Project, it is necessary to add the key to confidence. After following the procedure of exporting the key, we proceed as follows:
Go to the Authentication tab and click on Import Key File ... Select the file where you saved previously downloaded the key - deb.torproject.org signing key.asc archive (for example on the desktop above) and click OK. We can then delete the file.
Update the packages available It is now possible to close the Sources of updates. The software then reloads the package lists. Accept by clicking Refresh. Install package with the deposit keys Once the key added, we have access to the repository. It usually provides a package containing the keys of this deposit, and allowing them to easily update. It is often called from the deposit name, followed by the word keyring. For example, for debian-multimedia.org, it's debianmultimedia-keyring . We must therefore take the time to install this package, if available 1 .
1. Deb.torproject.org officials have not set up packet keyring .
Erase data "for real"
We saw that when deleting a file, its content is not really deleted. However, there are programs that can delete files and their contents, or at least trying to do with the limitations explained earlier.
A little theory
For most of the recipes coming, we will use the software contained in the Debian package secure-delete. Guttmann method One standard way to recover data that has been overwritten on a hard drive is to capture and process the analog signal obtained from the drive's read/write head prior to this analog signal being digitized. This analog signal will be close to an ideal digital signal, but the differences will reveal important information. By calculating the ideal digital signal and then subtracting it from the actual analog signal, it is possible to amplify the signal remaining after subtraction and use it to determine what had previously been written on the disk.
For example: Analog signal: +11.1 -8.9 +9.1 -11.1 +10.9 Ideal Digital signal: +10.0 -10.0 +10.0 -10.0 +10.0 Difference: +1.1 +1.1 -0.9 -1.1 +0.9 Previous signal: +11 +11 -9 -11 +9 -9.1 -10.0 +0.9 +9
This can then be done again to see the previous data written: Recovered signal: +11 +11 -9 -11 +9 +9 Ideal Digital signal: +10.0 +10.0 -10.0 -10.0 +10.0 +10.0 Difference: +1 +1 +1 -1 -1 -1 Previous signal: +10 +10 -10 -10 +10 +10 However, even when overwriting the disk repeatedly with random data it is theoretically possible to recover the previous signal. The permittivity of a medium changes with the frequency of the magnetic field. This means that a lower frequency field will penetrate deeper into the magnetic material on the drive than a high frequency one. So a low frequency signal will, in theory still be detectable even after it has been overwritten hundreds of times by a high frequency signal. Documentation 1 of the package says: The deletion process works as follows: 1. How to crash (in safe mode) replaces the contents of the file 38 times. After each run, the disk cache is emptied; 2. the file is truncated, so that an attacker does not know which disk blocks belong to the record; 3. the file is renamed, so that an attacker can’t draw any conclusions about the content of the deleted file from its name; 4. Finally, the file is deleted. [...] The protocol described above is based on a publication of Peter Gutmann published in 1996 2 . Adopted compromise The 38 overwrites above comes from the study by Peter Gutmann. But it focuses on technology drives that no longer exist today. He has since added at the end of his article, a paragraph entitled Epilogue that tells us, in essence, a hard disk 3; simply overwrite the data several times with random data. But apart from the nature and number of overwrites; the process described above is quite topical. In addition, the NIST (National Institute of Standards and Technology, a U.S. government agency among others in this country used the security protocol,) has published a recent study 4 of the NSA, which explained that in modern hard disks, the data are so glued to each other that it becomes impossible to carry out tests to find the magnetic traces of deleted data, in fact, the data density of hard drives continues to grow, to increase their storage capacity.
Therefore, we content ourselves with a few random passages in the recipes that follow, specifying how to implement the original method of Gutmann. This will again make the right compromises, in each case, between speed and the desired level of protection, depending on the size of data to be overwritten, the age of the hard drive, and confidence that 'is given to NIST. For USB and other flash memory For USB (or other flash memory), a study in 2011 problematic.
5
showed that the situation was really
This study shows that can’t be guaranteed to have overwritten the entire contents of a given file, regardless of the number of overwrites. While this makes the data inaccessible by simply plugging the key, they are always accessible to anyone who looked directly into the flash memory chips. The only method that worked consistently was overwritten several times the entire USB drive. In most cases, two passages were enough, but on some models, twenty rewrites were necessary before the data are deleted for real. Based on these observations, the answer appears to be preventive by systematically encrypt USB drives, making operation very difficult to extract information directly from the flash memory chips. And after the event whole crashing, despite its limitations, still protect it against attacks. Other limitations of erase "secure" It can still remain on the file information to be found, especially if you use a file system like ext3, ext4, ReiserFS, XFS, JFS, NTFS, a writing system, compression or backup disk (e.g. RAID) or via a network.
On other systems
We have seen that it is illusory, if one uses a proprietary operating system, to seek a real intimacy. Although there are software supposed to delete files with their content on Windows and Mac OS X, so it's much harder to trust them.
Let's go
It can erase:
Individual files ; Any device ; File already deleted.
1. File README.gz installed on a Debian /usr/share/doc/secure-delete. 2. Peter Gutmann, Secure Deletion of Data from Magnetic and Solid-State Memory, Department of Computer Science, University of Auckland, 1996. http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html 3. Using technology PRML, appeared in 1990. https://secure.wikimedia.org/wikipedia/en/wiki/PRML , http://en.wikipedia.org/wiki/Partial_Response_Maximum_Likelihood , http://www.storagereview.com/guide/histFirsts.html 4. Special Publication 800-88: Guidelines for Media Sanitization. http://csrc.nist.gov/publications/nistpubs/800-88/NISTSP800-88_rev1.pdf 5. Reliably Erasing Data From Flash-Based Solid State Drives by Michael Wei, Laura M. Grupp, Frederick E. Spada and Steven Swanson. http://www.usenix.org/events/fast11/tech/full_papers/Wei.pdf
Delete files and their contents...
Here is the procedure for getting rid of files, taking care to deface what they contained. Attention! After overwriting the contents of files on a USB stick (or other storage device using flash memory) it is likely that data is still written in an inaccessible region of the key!
Install the necessary software
If the package secure-delete is not yet installed, install it.
Delete files and their contents from the file browser
You can configure the file browser of the GNOME desktop in order to delete files with their contents.
Command line
If you are comfortable with the use of terminal, deleting files and their contents with srm is simple. Just run the command:
srm -r -l -v file_name Note: The options -r , -l and -v proposed for use here as part of the command srm , have the following meanings:
The option -r indicates that the target will be deleted recursively, including subfolders The option -l indicates that srm wants overwrites the file contents twice, including once with random data. If you prefer using the original method of Gutmann (longer, and perhaps safer), do not use this option. The option -v indicates that you want to use the verbose mode when running the command: for example, indicates the terminal after the actions it performs. This allows following the progress of the order: a new star will appear after each overwrite the file.
On this subject, take a look at the section on command line (use a terminal)
Add a command to Nautilus to delete files and their contents
To use the srm from the GNOME graphical desktop, you will add a very small program (a script) in the GNOME file browser (called Nautilus).
Install the necessary software
If the package secure-delete is not yet installed, install it.
Download or write the script
In order to add this little program, there are two options: download if you have Internet access or copy it from this document. First option: download the script
Download the script on the desktop. Verify its checksum... Here are the SHA256 checksum: 20a3782bd00f269be825b84a61886e33d1b66169900d4b425cd2ecf2a5294f27
Second option: write the script When you can’t download the script, you must write it yourself by following these instructions:
Open the gedit text editor that is in the Applications menu, then Accessories. Write on the blank page that appeared:
#!/bin/bash if zenity --question \ -- text "Do you want to delete $ {*} overwriting its contents?" \ -- title "Delete overwriting data"; then srm -r -l "$@" && \ zenity --info --text "${*} has been deleted." \ - title "Deleted by overwriting the data" || zenity -- error \ -- text "An error occurred during the deletion of $ {*}." \ -- title "Deleted by overwriting the data" fi
French users can use the script below or use the file attached: #!/bin/bash if zenity --question \ --text "Voulez-vous vraiment supprimer ${*} en écrasant son contenu ?" \ --title "Supprimer en écrasant les données"; then srm -r -l "$@" && \ zenity --info --text "${*} a bien été supprimé." \ --title "Supprimer en écrasant les données" || zenity --error \ --text "Une erreur est survenue durant l'effacement de ${*}." \ --title "Supprimer en écrasant les données" fi
Save the file by clicking Save. With name: Deleted_ by_ overwriting_ the_ data and store on the desktop. Exit the text editor gedit.
Copy the script where the file browser looks for
Select the file Deleted_ by_ overwriting_ the_ data on the desktop. Right Click by the mouse. In the context menu that appears, click Cut. Open the File Browser that is in the menu Applications → System Tools. In the menu Go → Location ..., then type ~/.gnome2/nautilus-scripts/ and press Enter. Paste the file by clicking on the Edit menu click Paste.
Make the script executable
Select the file Deleted_ by_ overwriting_ the_ data on the desktop. Right Clicking the mouse button. In the context menu that appears, click Properties. In the box that appears dialoque, go to the Permissions tab, check Allow executing file as program. Close the box by clicking Close.
Check
In the context menu of the File Browser, a submenu Scripts containing the command “Deleted_ by_ overwriting_ the_ data” should appear
Use the script
Select files and folders to be deleted. Right clicking the mouse button. In the context menu that appears, click Scripts, then Deleted_ by_ overwriting_ the_ data.
Delete whole disk "for real"
Before discarding a hard drive, to recycle or to reinstall a clean system, or giving it to the people who want to recover the data contained therein, the best solution to prevent such attack is still to replace data with gibberish. Before using this recipe, you have to think twice and save the data carefully. If properly applied, it indeed makes the data very difficult to recover, even with analyzing the disc in a laboratory. We will see first how to erase the entire contents of a disk and how to make the contents of an encrypted partition inaccessible quickly.
Clear all the contents of a disk
To delete an entire volume (or disk partition), we will use the shred so it overwrites all the data three times with random data. This command, in addition to the files deletion, overwrites deleted space so that it becomes almost impossible to find what was in it before. To overwrite the contents of a disc, it is not necessary to use it ... if it contains the operating system normally used, so you have to put the hard drive in another computer or use a live system. Shred is a standard tool; any live system should do the trick. The command is very simple. It only requires knowing the location of the device (its path) you want to delete, and then be patient because the process takes several hours.
Find the device path
You must learn to identify without error the path used by the operating system to select the storage media you want to delete. If you want to delete an internal drive, it starts by disconnecting all external drives, USB drives, memory cards or other storage devices connected to the computer. On the one hand, it will avoid deleting by mistake, and also, this will make the search of internal drive easier. Of course, you should not do this if you just want to make the contents of an external drive inaccessible.
Open Disk Utility
A simple method to use the Disk Utility is starting it by the menu Applications → System Tools.
Find the device path
The list on the left shows the list of drives known to the system. You can click on one of them to see more information appear on the right. The icons, the specified size and disks name should identify the one you seek. If this is not enough, you can take a look at the partitioning scheme, looking at the picture that appears on the right:
to erase the disc contained a not encrypted GNU / Linux, there must be at least two partitions, one with a swap file system, ext3 in general; to erase the disc contained an encrypted GNU / Linux, there must be at least two partitions, one with an ext2 file system, the other usually encrypted or unknown; To erase the disc contains a Windows system, there must be rated one or more partitions NTFS or FAT32.
In addition, the device corresponding to the internal drive is usually the first on the list. Once the disc is found and selected, we can read the hard path in the right, under the title Hard, next to the tag device. The device path begins with /dev/ followed by three letters, the first two being sd or hd, for example, /dev/sdx. Write the path somewhere, you will write it instead of the_device. Warning: this path is not necessarily always the same. It is better to start this short procedure after restarting the computer, connect or disconnect a USB key or hard drive. This will avoid unpleasant surprises ... like losing the contents of another hard drive.
Launch the shred
Open Root Terminal from the menu Applications → Accessories. Enter the_device path specified above: Shred -n 3 -v the_device If you prefer using the original method of Gutmann (longer, and perhaps safer), replace -n 3 by -n 25 in the command line.
Once the command issued and verified, press Enter. The command shred will then write to the terminal what it does by adding the command to shred; the option -v that is, "verbose": shred: /dev/sdb: pass 1/3 (random)... shred: /dev/sdb: pass 2/3 (random)... shred: /dev/sdb: pass 3/3 (random)... At the end of the procedure, the terminal displays a new command prompt. We can then close the terminal.
Use the disc
Please note that this method not only deletes data from a full volume, but at the end of the operation, the disc has neither partition table or file system will be deleted. For reuse, it is necessary to create at least one new partition and its file system, with the Disk Utility, for example.
Delete the contents of an encrypted partition LUKS
Some encryption software have the ability to destroy the encryption key, making the encrypted content incomprehensible for a complete disc. The key contains of information and can be destroyed almost instantly; this method is much faster alternative to overwriting data for several times. This option is only feasible if the hard drive has been encrypted. If confidential data on the disk is not already encrypted, it is necessary to erase the entire disk, as explained above, before reuse or dispose safely. It is extremely fast to make the content inaccessible in a LUKS partition, the standard storage Keyes format of encrypted disks on GNU / Linux. Warning: On a USB (or other storage device using flash memory), this method does not guarantee that the data overwritten are really inaccessible. It is therefore much safer to overwrite the key for several times.
Identify the desired partition
As in the previous case, if you want to delete an internal drive, you start it by disconnecting all external drives, USB drives, memory cards or other storage devices connected to the computer. On the one hand, it will avoid deleting by mistake; on the other hand, this will make the search of internal drive easier. Of course, you should not do this if you just want to make the contents of an external drive inaccessible. Open Disk Utility A simple method to use the Disk Utility is starting it by the menu Applications → System Tools. Search the disc The list on the left shows the list of drives known to the system. You can click on one of them to see more information appear on the right. The icons, the specified size and disks name should identify the one we seek. The first device that the Disk Utility displays this list is usually the internal hard drive. Search the partition path When a disk is selected in the left list, more information about it appears in the right side of the window. We focus in particular the pattern of volumes, or partitions. Normally, encrypted partitions are given in the volumes as indicated with numbers ... but it is not always the case: the Disk Utility may also indicate that the partition type is unknown, and sometimes indicate a more common type (ext3, NTFS). Once the encrypted partition to be erased marked on the diagram, click on it. Its path will appear in the diagram on the right, next to the device label. From this path we will call the_ encrypted_ device. It must be something like /dev/sdx9.
Open a terminal administrator From the menu Applications → Accessories, open a Terminal administrator. Check the first location and retrieve the size of the LUKS header
In the terminal, the command cryptsetup luksDump gives full information on LUKS header, and the size on disk (into sectors 512 byte). Enter then, replacing the_encrypted_device by the path recognized above: cryptsetup luksDump the_encrypted_device if the device path was wrong, the terminal returns either no response, either: Device the_encrypted_device is not a valid LUKS device. If we got it right, it should rather be told something like: LUKS header information for /dev/sdx2 Version: 1 Cipher name: aes Cipher mode: cbcessiv:sha256 Hash spec: sha1 Payload offset: 2056 MK bits: 256 MK digest: a4 79 85 49 1f 3f 71 e5 1e c6 07 14 88 0c 02 27 59 80 25 58 MK salt: b7 b1 2a 5d 6d c5 b5 d2 06 55 a3 85 5d 07 af 9b c9 03 46 c6 e6 2f 29 1a 9d b7 58 05 44 cc 68 f9 MK iterations: 10 UUID: d73cbb8a-058f469e-935a-7f71debd8193 Key Slot 0: ENABLED Iterations: 170901 Salt: ec 1e 63 b7 13 fb 20 21 18 5d 86 44 42 d0 f2 af 52 a4 74 54 22 3f d8 0b ad 69 8c 46 f2 d3 79 4d Key material offset:8 AF stripes: 4000 We will need the size of the header (in sectors), written on the line Payload offset. It will be used later by the name of OFFSET.
Overwrite the LUKS header with random data
As in the previous recipe, we will use the shred to overwrite the data, but this time it will overwrite only the LUKS header (this header contains the key to decrypt the rest of the data). This will go a lot faster. In the terminal manager, type carefully to replace OFFSET and the_encrypted_device by the values we found: shred -n 3 -s $((OFFSET * 512)) -v the_encrypted_device Then press Enter. Note: the option -s is used here as part of this command to specify the size of space that must be securely erased. Once the terminal returns, the figures should be unreadable. To be sure, it is possible to find a LUKS header that was not well cleared by typing it again: cryptsetup luksDump the_encrypted_device If the header has been deleted, the terminal returns either no response, either:
Device the_encrypted_device is not a valid LUKS device. Finally it is possible or even advisable, to erase whole partition.
Make unrecoverable the data already deleted
When files have been deleted without special precautions, the data are still on the disk. The command sfill that is provided by the package secure-delete overwrite the remaining data on the free space on a hard drive. It is interesting to run it as root, so reserved parts of the disk for it (called "reserved blocks") are also deleted. Warning: like other ways to delete a file "for real", it does not work with some file systems that do not give sfill all free space. On this subject see the first part. Do not trust this method to a USB key, and prefer overwriting more than once all the data it contains.
Install the necessary software
If the package secure-delete is not yet installed, install it.
Making unrecoverable the data already removed from the file browser
You can configure the file browser of the GNOME desktop in order to make it unrecoverable for the data already deleted.
Command line
Warning: the method described below does not work properly on FAT32 file systems. To check the filesystem of a partition, you can right-click the disk icon on the desktop. Then on the Properties window at the end of the General tab, you can read the file system type. If the computer says vfat or fat, then sfill not overwrite free space if it is less than 4 GB! In this case, it is better to use the method based on the file browser, which has the advantage to operate correctly on a FAT32 file system. Open a terminal administrator Open a terminal by clicking on the Applications menu, then Accessories and finally Terminal administrator. Identify the location and start cleaning with sfill Prior to launching the command, you will need to tell sfill the folder paths already deleted on the partition and you want to make it more difficult to recover. So choose any folder on this partition: be called DOSSIER. In the terminal, then type: sfill -l -v DOSSIER And validate the command by pressing the Enter key. The option -l asks sfill to overwrite the space twice. If you prefer using the original method of Gutmann (longer, and perhaps safer), you must remove this option from the command line. An example For example: you want to overwrite the free space of the partition on which it contains personal file. For this, we must find login - the one before you type the password when connecting to the session. It appears in the beginning of the title bar of the file browser when you open its personnel file. We call it LOGIN. Then type in the terminal manager and replacing it with LOGIN above: sfill -l -v '/home/LOGIN' For the user lucia , it would: sfill -l -v '/home/lucia' Then wait a long time (many hours), especially if you have a large disk.
A possible compromise If after trying sfill , we see that it is really too slow to use, it is interesting to know that you can give the option -l again to sfill , to clear a less secure but faster: thus, instead of two overwrites, sfill will do that - with random data. This is less secure than the previous method, but it's better than not starting sfill at all. To do this, you have to start sfill as follows: sfill -l -l -v DOSSIER
Add a command to Nautilus to make unrecoverable the data already deleted
To perform the process described above from the GNOME file browser, you can add a little additional program (a script). This program has the advantage of overwriting of the contents of the space by creating multiple files. Thus this mechanism allows operating correctly on a FAT32 file system.
Install the required packages
It is necessary to add the package secure-delete, if it is not already done.
Download or write the script
In order to add this little program, two options: download if you have Internet access or copy it (by re-reading several times). First option: download the script
Download the script on the desktop from here: Verify its checksum. Here are the SHA256 checksum: c907691c03d12ad2eadc2ca9758615580d663695b503f6579bef6afa111ccff9
Second option: write the script When you can’t download the script, you must write it yourself:
Open the text editor gedit from the menu Applications → Accessories.
Write on the blank page:
#!/bin/sh test -z "$PWD" && exit 1 mkdir -p "$PWD/overwrite" trap "rm -rf $PWD/overwrite" EXIT { (echo 0 MAX=4000000 FREE="$(df -P "$PWD" | awk '/\// { print $4 }')" if [ "$FREE" -gt "$MAX" ]; then for n in $(seq 0 $((90 / ($FREE / $MAX))) 90); do echo "$n" FILE="$PWD/ overwrite /$FREE.$n.$$" echo "# overwrite of $FILE" dd if=/dev/zero of="$FILE" seek="$MAX" bs=1k count=1 shred -n 3 "$FILE" done echo 90 fi echo "# overwrite the remaining free space" RESULT=$(gksu --description "sfill" "sh -c ' sfill -l -l \"$PWD/overwrite\" && sfill -l -l \"$PWD/overwrite\" && sfill -l -l \"$PWD/overwrite\" || echo ERROR") test "$RESULT" = "ERROR" && exit 1 rm -rf "$PWD/overwrite" echo 100 echo "# Overwrite the free space successfully completed" ) || { echo "# An error has occurred." zenity -- error \ -- Text "An error has occurred during overwrite of the space." \ -- Title "Overwrite of free space" } ; } | Zenity --progress --title "Overwrite of free space"
French user can use following script:
#!/bin/sh test -z "$PWD" && exit 1 mkdir -p "$PWD/ECRASEMENT" trap "rm -rf $PWD/ECRASEMENT" EXIT { (echo 0 MAX=4000000 FREE="$(df -P "$PWD" | awk '/\// { print $4 }')" if [ "$FREE" -gt "$MAX" ]; then for n in $(seq 0 $((90 / ($FREE / $MAX))) 90); do echo "$n" FILE="$PWD/ECRASEMENT/$FREE.$n.$$" echo "# É crasement de $FILE" dd if=/dev/zero of="$FILE" seek="$MAX" bs=1k count=1 shred -n 3 "$FILE" done echo 90 fi echo "# É crasement de l'espace libre restant" RESULT=$(gksu --description "sfill" "sh -c ' sfill -l -l \"$PWD/ECRASEMENT\" && sfill -l -l \"$PWD/ECRASEMENT\" && sfill -l -l \"$PWD/ECRASEMENT\" || echo ERROR") test "$RESULT" = "ERROR" && exit 1 rm -rf "$PWD/ECRASEMENT" echo 100 echo "# É crasement de l'espace libre terminé avec succès" ) || { echo "# Une erreur est survenue." zenity --error \ --text "Une erreur est survenue pendant l'écrasement de l'espace libre." \ --title "É crasement de l'espace libre" } ; } | zenity --progress --title "É crasement de l'espace libre" Save the file using File → Save. The name “Overwrite the free space on this partition” and store on the desktop Exit the text editor.
Copy the script where the file browser looks for
Select the file “Overwrite the free space on this partition” on the desktop.
Right click the mouse button. In the context menu that appears, click Cut. Open the File Browser from the menu Applications → System Tools. Go to the menu→ Location…, enter ~/ .gnome2/nautilus-scripts / and press Enter. Paste the file from the menu Edit → Paste.
Make the script executable
Select the file “Overwrite the free space on this partition”. Right click the mouse button. In the context menu that appears, select Properties. In the dialog box that appears, go to the Permissions tab, check Allow executing file as program. Close the box by clicking Close.
Check
In the context menu of the File Browser, a submenu Scripts containing the command “Overwrite the free space on this partition” Should appear.
Use the script
Open a folder that is in the partition whose space will be overwritten. This can be, for example, a USB stick or an external drive that is not being used. Click on the bottom of the window (without selecting a file or folder) with the right click the mouse. In the context menu that appears, click Scripts, then “Overwrite the free space on this partition.”
Partition and encrypt a hard drive
We'll see how to encrypt a disk to put the data. This is not the same as to install an encrypted GNU / Linux. This may be an external hard drive, a USB key or only a portion of a hard drive or USB key. You can divide a hard drive or USB key into several independent pieces, called partitions. Below, the term hard drive refers to an external hard drive such as a USB key, unless otherwise indicated. Once a disk encrypted, its data are only available when you have entered a passphrase to decrypt it. Once the passphrase entered, the system has access to data on the hard drive. So do not write the passphrase anywhere, except on computers and systems with enough confidence.
It is also assumed that, except with a live system, traces of the presence of the hard disk will be kept by the computer. If you want to have a place on the hard disk where the data there are not confidential, but they can be accessed on computers untrustworthy, it is possible to cut the hard drive into two partitions:
An unencrypted partition, where contains non-confidential data, such as music, that can be used from any computer without typing the passphrase; An encrypted partition with confidential data, which opens only on computers that are trusted.
Encrypt a hard drive with LUKS and dm-crypt
We will explain how to encrypt a disk with the standard methods for GNU / Linux, called dmcrypt and LUKS. This system is now well integrated with the desktop environments, and most operations are possible without the need of special tools.
Other software that we recommend
There are other encryption software such as FileVault 1 , which is built into Mac OS X - but it is a proprietary software - or TrueCrypt - but there is less reason to trust it as standard encryption for GNU / Linux because it's not really free software 2 . In addition, when you use a software, even free, on your operating system, you implicitly trust it because it has always access to decrypted data.
In practice
If the hard disk has been used, it may be necessary to first erase its data for real. If the hard drive does not have free space, format it. Then, if you only want to encrypt one part of the hard drive, you must create a partition. As a result; it remains only to the initiate to contain encrypted data. And finally ready to be used.
1. The latest independent analysis of FileVault has done in 2006. In addition to being sensitive to the same attacks than other system, FileVault has some weaknesses that should be noted: by this encrypt system for a directory, traces will be written clearly on the rest of the hard disk ;The encryption passphrase is the same password for the session, generally low, registering a "master password" opens a new field of attack, the encryption key will be written to the hard drive if Use secure virtual memory was not chosen, or if a computer battery being empty temporally. However, keep in mind that this provides a limited level of protection, especially using FileVault on a computer with Mac OS X: http://crypto.nsa.org/vilefault/23C3-VileFault.pdf 2. TrueCrypt is released under a particular license, the "TrueCrypt Collective License" Development is not open, and only the sources of the latest version is available, making it difficult to verify the changes. In addition, the software is not considered by many free GNU / Linux distributions, including Debian, and does not mean the definition of open source. http://www.opensource.org/docs/osd
Prepare a hard
Below, when we talk about hard drive, it applies to an external hard drive as a USB drive unless it is specified otherwise. The procedure is explained here involves erasing all data located on disk 1. If you already have the un-partitioned space on its hard, we can directly proceed to the encryption.
Install the required packages
To encrypt your hard drive, you need to have installed the packages secure-delete, dosfstools and cryptsetup .
Format the hard drive with Disk Utility
Go to Applications → System Tools → Disk Utility. A window opens. The left side lists the disks known to the system. The right side can perform actions. Select the device On the left, in the disk devices section, there is the drive list. If the computer used contains an encrypted volume, there are encrypted volumes in our system. The icons, the specified size and disks name should identify the one you seek. Once the disc is found, select it from the list. Remove the volumes If the volume is mounted, unmount the volume button will be accessible from the menu on the right, under the Volumes tab. Click this button to remove the volume. If the disc contains multiple volumes, unmount all, one by one. Reformat the hard Attention: format a hard disk will delete all files in it. In the right menu, under the Disk tab, click Format Disk, then select as schematic Master Boot Record. The disk utility asks if you really want to format the device. It's time to check that you have chosen the right device before doing something stupid. If the choice is true, confirm by clicking on Format.
1. You could also use the software GParted. It is more difficult to use than the Disk Utility, but has the advantage of resize an existing partition while keeping the files in it.
Create an unencrypted partition
We will open the encrypted partition containing our confidential data only on computers that are trusted. It is time to create an unencrypted partition where the data is not confidential and can be used from any computer without having to type the passphrase. If you wish to encrypt the entire hard disk, you can skip to the next step. With the Disk Utility select the hard drive with the right click on the area of the diagram of free volumes. Then click Create Partition. Place the cursor to size for the not encrypted partition. The free space will serve for the encrypted partition. In the section Type, select FAT. You can also choose a name for the partition. Once done, click Create.
Create an encrypted partition
On the diagram of volumes, click on Open. In below, click on Create Partition: A window opens. In the Type section, choose FAT. Enter a name for the partition (with no spaces or special characters, otherwise it may not work well) and check the Encrypt the corresponding device. Validate by clicking Create. A window opens, which asks the passphrase. We must choose a good, and type in the two boxes, then confirm by clicking Create.
Fill the partition with random data
Finally, we will fill the empty space on the hard drive with random data. This allows hiding the place where our own data will be, and complicates the process of those who would try to decipher them. On the diagram of Volumes, click on the FAT partition below encrypted, then left under the scheme, click on Install the volume. Right below the diagram, identify the label mount point and write the mount point mounted next to, for example /media/secret . We will call this value” mount point”. This is the place that programs can access the decrypted content of the hard drive. Then open a Terminal Root (administrator) and type in - the mount point found instead of “mount point”:
sfill -l -l -v mount_ point ... Then press the Enter key. The process takes a few minutes to several hours depending on the hard drive size and speed (e.g. 2 hours for a 4 GB USB key). Once the command prompt appears again, you can close the Terminal administrator.
Disconnect the hard drive properly
Now back to the Disk Utility, click on Remove the volume. Wait a bit, then at the schematic of volumes, click on the encrypted volume above the FAT volume. Then click on Lock the volume in the diagram on the right (if there is an error message, it is not very serious), and then click Disconnect safely above on the right diagram. Then physically disconnect the external drive of the computer. We can now close the Disk Utility. Encrypted hard drive is now usable.
Use an encrypted hard drive
To enable the system to access data located on an encrypted disk, it is fortunately necessary to give the passphrase. A more or less simple operation in different environments...
With Debian (or other GNU / Linux)
On a GNU / Linux desktop environment configured to automatically mount external media, when connecting an external disk containing encrypted data, a window appears to ask for the passphrase. If this is not the case, it will appear when you ask the system to mount the partition, for example from the Computer. To close the encrypted partition, simply remove the hard drive as it usually does.
With other systems
You can access the encrypted partition on the hard drive with FreeOTFE 1 on Windows. For Mac OS X, nothing is available at the time. However, when we give the passphrase to a machine that uses proprietary software, there is no reason to trust. So the best thing is to put the data you want to access them on computers you don’t trust it, on a second partition, unencrypted hard drive, as explained above.
1. Available on the site FreeOFTE. http://www.freeotfe.org
Back up data
Making backups is a relatively simple in principle: make a copy of the files you would not want to lose to another storage medium than that in which the data is located. Of course, if our working data on hard disks or USB drives are encrypted, it is necessary that such copies being encrypted, too. Two other points to be considered for setting up a good backup policy:
define a method to perform regular backups, Test it, if backups are always readable from time to time.
The second option should really not to be neglected. Losing the original data is often difficult. Then the backups cannot restore what was lost. In the same vein, it seems also a good idea not to store the backups in the same location as the original data. Otherwise, you will have both risks: data lost and the data destroyed simultaneously...
File Manager and encrypted storage
Making backup is all about rigor and discipline. In simple cases, we don’t need the software specially designed to perform backups and we simply copy the content with the file manager.
Making backups
Encrypting our backups will be provided by encrypting external storage device (USB flash drive or hard disk). To make copies regularly and without much time to spend, it is recommended:
to have somewhere a list of files and folders to back up; To make a small days or weeks calendar with boxes that you tick after the backups being made. A good practice is to create a folder with the backup date to copy the data. This allows you to keep multiple backups if desired, and to remove any previous backups so easily.
Restore a backup
In case of original data lost, restoring is as easy as backing up: by copying in the other direction.
Ensure that backups are always readable
If we had performed our backups to external storage, you must first connect it to the computer. The obvious method to ensure that backups are always readable is probably simulating a restore. But doing it has a problem ... Size: you must have enough free space available to copy all the data saved to a temporary folder that is then removed. Here's another way, perhaps less easy to do, but does not have this constraint. It requires using a Terminal. We will start by typing the command (without input): find
Add a space and then you must specify the folder containing the backups, by dragging the folder icon with the mouse and dropping on the terminal. After releasing the button, which appears it should look like: find '/media/external/backups' And finally must enter at the end of the command: find '/media/external/backups'-type f-print0 | xargs -0 cat> / dev /null Reading will start as soon as you pressed Enter. The following line should remain blank until the end of the operation. After a while and return of the $ command prompt, you can close the terminal. If error messages appeared in the meantime, such as "Error I / O" or "Input / output error", this indicates that the backup is corrupt. In general, it is then necessary to get rid of media (CD or DVD, USB key or hard drive), take another one and make a new backup. Note: These two methods share the fault of not checking the data integrity. Establish a mechanism to do this is difficult without using more complex backup software.
Using already Dup
It may also prefer to use specialized software in making backups. One of them, called "Already Dup", has the advantages of easy to use and perform encrypted backups. These backups are "incremental", it means that the previous backups are not copied again, and it is possible to access files as they were at each backups. What makes it so simple can also be a limitation: it can handle only one configuration at a time. We can’t save different files on different media at different frequencies. It is especially ideal for safeguarding the essential content of the personnel file, but not much more. As it does not come with the default environment in order to use, it is necessary to install the Debian package deja-dup. Note: in the current version of Debian Squeeze, you should use already Dup from a "user" account with administrative rights on the machine.
Make a backup
Already Dup is opened via Applications → System Tools → Backup Tool Already Dup. The interface is very simple: we see two huge buttons, one to restore the other to Save. Clicking on the first save, the software starts a wizard to configure the backup: 1. You must first choose the location of the backup. In most cases we will choose Other ... from the dropdown list to specify a folder on an external storage device. We must also ensure that the box Encrypt backups is checked one before clicking the Next button. 2. Already Dup then asked to list the files to include in the backup. Leave the personal file is sufficient for most needs. 3. It also requests the list of folders to exclude from the backup. You can add for example music files and videos to not save. Once the files are chosen, you click next again. 4. A screen gives us a summary of the backup that you just configured. If everything is correct, click on Save will start the backup. 5. If you have already chosen to make encrypted backups, you must enter a passphrase. Because of Small defect in the software, it does not ask for confirmation, so it is crucial not to make mistakes. You can check Show password to see what was typed. 6. Hopefully, the backup starts ... now you have to wait. 7. Once the backup completed successfully, we propose Dup Already to renew the backup automatically at regular intervals. Just check Save automatically on a regular schedule and indicate the frequency in the list below. 8. Now we can close Dup. You can change all settings before restarting Already Dup and opening the Preferences window that is accessible from the Edit menu. When the backup schedule is enabled and the specified time since the previous backup has expired, Dup already displays a message on the desktop to say that you will make the next backup when the external media is connected again to the computer. As soon as after this message, a window will open automatically prompted to enter the passphrase needed to update the backup.
1. If the external media is encrypted, you can optionally decide not to encrypt the saved files. This is a passphrase less to invent and remember. However, you lose the ability to access compartmentalize, if the external drive would be used on other things that backups.
Restore a backup
Already Dup is opened via Applications → System Tools → Backup Tool Already Dup. The restore operation starts by simply clicking on the Restore button. If this is the first time you use already Dup (e.g. to restore the personnel file after the loss of a hard disk), it asks for the folder where the backups were performed. Otherwise, it uses the file already configured. If backups are encrypted, the software then asks the passphrase used. After a short delay, Already Dup asks us to choose, including the date, the backup to restore. Next step: we must specify the folder where the files will be written from the backup. You can either restore to the original location (which may replace the files with the version that was in the backup), or specify another folder. Finally, a final summary and screen for confirmation appears. After you click Restore, a window opens, if necessary, to request the password for the administrator. This is necessary to restore the file permissions as they were. Once the password provided, writing files from the backup will start in earnest.
Ensure that backups are always readable
The operation of Already Dup provides the previous backups are readable. However this does not guarantee... Unfortunately, the best method currently available with already Dup to ensure that we can restore its backups is ... to restore to a temporary folder that you will delete later. This is far from practical, as it requires access to an encrypted hard drive large enough. However, we can ensure that files containing backups are readable using the same methods as those described above.
Create a "user" account on a Debian system
The purpose of this recipe is to create a new "user" account, and to isolate some others.
Create new account
Open System → Administration → Users and Groups. Click Add. The system asks for the administration password. In the dialog box that opens, fill in the (login), the new account name, and OK. Warning: this name will remain in many traces: so you shouldn’t choose a name too suggestive. We must also choose a new password for the user, Confirm, and Validate. We will now choose the right, the new user allowed to do. Click on Advanced, then the Privileges tab users, including Access automatically check for external storage devices, Connect to wireless networks or Ethernet Use CD-ROM and use of audio devices. Now click OK and close the settings users.
Login with the new account
Open Applications → System Tools → New Connection. Select or enter the account name (login) and enter the password already chosen.
Making new files unreadable to other accounts
For this, we will edit a configuration file in text editor. Open Applications → Accessories → Text Editor gedit. Then choose File → Open ... In the dialog box to open files, right-click on the folder list. In the context menu, select Show hidden files. Then select the file, Profile and the Open. In this file find the line: #umask 022 And replace (think removing the #) by: umask 077 Close the file when saving the changes.
Prohibit the reading of the personal file to other accounts
In the menu bar, click File → personal file. In the window that opens, right-click on the bottom of the window (between file icons) and select Properties from the context menu. Then go to the Permissions tab. In the section for the Group (the second), choose File Access: None. Do the same in the Other. Then click the Apply permissions to the files included and Close. Lock Log The changes only take effect at the opening of a session. Prior to working effectively, we must close the session with System → Log off and open a new one immediately.
Remove a "user" account on a Debian system
This recipe is to remove a "user" account on the computer and delete a number of its tracks.
Close any sessions of the day
If a session is opened with the account to delete, log it off. This usually does not leave all its programs. So we will do it by hand: from the menu Applications → Accessories, open a Terminal administrator. Then type, replacing LOGIN instead of the login account to be deleted: killall -u LOGIN Keep the terminal open, we will need it again.
Delete Files from Personal Account
It performs a "normal" deletion (without deleting content), because we will overwrite the space just after. In the terminal type, replacing LOGIN by the name of the account to delete, then press Enter: find / -user LOGIN -delete It's a bit long ... and you can ignore the warning messages stating "No file or file type."
Delete Account
For a session with the right to administer, open System → Administration → Users and Groups. Select the account to delete and click Delete, and then provide the password required. A dialog box asks if you want to delete the personal file of the user account. After confirming the deletion of the correct account, select Delete Files (even if you just did in the previous step, it costs nothing). Keep the window open after the account deleted.
Delete Group Account
Also in the User Settings, click Manage Groups. Look for the group account name to be deleted (if no, that is good that it has been automatically deleted by a previous step: in this case, proceed to the next step), and select Remove. After verification, confirm to run if there is confirmation notice. It is then possible to close the dialog boxes.
Remove indexed traces
On GNU / Linux, there is a program that indexes file names and allows easy retrieval: locate. It must update its database file name to tell it to forget the files you just deleted. To do this, we must start in our Terminal administrator: updatedb
Overwrite the traces of deleted files
We want to erase all traces of deleted files from various locations where the account had the opportunity to leave:
/home : the folder of personal files; /tmp and /var/tmp : temporary files; /var : file an application data; /var/log: file system logs.
However, if these files are on the same partition, it does not make overwrite of the free space several times: it would be useless ... and very long.
Install the necessary software If the package secure-delete is not installed yet, do so.
Run crash Warning: on a SSD (memory-based flash), this does not guarantee that data is actually inaccessible. On this subject see the first part. The following command clears enough. Go to the previously opened terminal and type: df -P /home /tmp /var /var/log /var/tmp \ | tail -n +2 | awk '{ print $6 }' | sort -u \ | xargs --max-args=1 sfill -l -v Then wait, especially if you have a large disk. When finished, it is possible to close the terminal.
Remained Traces
Once this is done, the data should be deleted. But in fact, the traces of the presence of an account on a GNU / Linux are quite numerous and quite unpredictable and depend on programs that have been installed or used. Such a program could have been expected to save itself, as a few files which will be written to the location of the folder (which contains the account name), or write to the metadata of its file format unreadable to a Human login that created the documents. Find all traces of the work is a comprehensive long-term or even insurmountable task, and in a case like this we see the limits of the strategy from the blacklist. Nevertheless, the different cleaning previously done should have cleared much of these tracks, and if there is time and the need to address this research, there are a few tools that can help. For a list of all files and folders whose name contains "Anna" (login account to delete), you can type the following command: find / -mount -name '*Anna*' And for all files that contain the word "Anna" and found in /var or any of these subdirectories, use: rgrep -i /var Anna
However, it should expect a certain number of false positives for the last command. In most cases, it is imperative to remove all traces of the existence of an account; reinstallation of an encrypted system will be the simplest and fastest solution.
Share a secret
Sometimes you want to share a divided secret, without access to the entire secret for every person. It is good; several cryptographic techniques have been invented for it. They allow, but with slightly different mathematical calculations, cut a secret into pieces that can be reconstituted again one.
Share a passphrase
The most convenient is to share a secret passphrase of encrypted media. This step should ideally be made from a live system as not to leave traces of secrecy that we will share. Install the required package To realize the secret sharing, we will use the program ssss-split. For using, it is necessary to install the Debian package ssss. The tools in the package ssss are using the command line. All operations must be performed in a terminal, without the authority of administrator. Generate a random phrase In this case, no one should be able to remember or guess the pass phrase to be used for encryption. So we will generate a completely random passphrase by typing: head -c 32 /dev/random | base64 The computer will answer something like: 7rZwOOu+8v1stea98OuyU1efwNzHaKX9CuZ/TK0bRWY= Select this line using the mouse and copy it to the clipboard (via the menu Edit → Copy).
Divide the secret Before cutting the secret, you must decide in how many pieces it will be cut, and how many pieces are needed to reconstruct it. Then, in the terminal, use ssss-split as follows: ssss-split -t number_of_needed_pieces -n total_number_of_pieces The message WARNING: couldn't get memory lock can be safely ignored if you use a live well. When asked the secret, you can paste the clipboard using the menu Edit → Paste. Then press the Enter key to confirm the order. Each person sharing the secret must keep one of the lines displayed next. in their entirety, also taking note well the first digit followed by the dash. Here's an example of random key generated previously to share between 6 people and will require to gather only 3 of them to find the passphrase:
$ ssss-split -t 3 -n 6 Generating shares using a (3,6) scheme with dynamic security level. Enter the secret, at most 128 ASCII characters: Using a 352 bit security level. 1-b8d576a1a8091760b18f125e12bb6f2b1f2dd9d93f7072ec69b129b27bb8e97536ea85c7f6dcee7b43 99ea49 2-af83f0af05fc207e3b466caef30ec4d39c060800371feab93594350b7699a8db9594bfc71ed9cd2bf3 14b738 3-4718cb58873dab22d24e526931b061a6ac331613d8fe79b2172213fa767caa57d29a6243ec0e6cf77b 6cbb64 4-143a1efcde7f4f5658415a150fcac6da04f697ebfeb9427b59dca57b50ec755510b0e57ccc594e6b1a 1eeb04 5-fca1250b5cbec40ab14964d2cd7463af34c389f81158d1707b6a838a500977d957be38f83e8eefb792 66e74a 6-ebf7a305f14bf3143b801a222cc1c857b7e8582119374925274f9f335d283677f4c002f8d68bcce722 ebba1f
Create an encrypted media You can then create the encrypted media. When the passphrase indicated, you can copy the contents of the clipboard, as before, or transcribe by the eyes.
Reconstitute the passphrase
To reconstruct the passphrase, it is necessary to have at least as many pieces as the minimum number agreed at the cutting. This step should ideally be made from a live system as not to trace the shared secret. Install the required packages As before, you will need to have installed the package ssss and open a terminal. Recombine the secret To recombine the secret, use the program ssss-combine . It is necessary to indicate the number of pieces we have at our setting: ssss-combine -t NUMBER_ OF_ PIECES_ AVAILABLE The program then asks us to enter the pieces at our setting. We must hit Enter after each one. If all goes well, the program will then display the complete passphrase. For the previous example, this gives:
$ ssss-combine -t 3 Enter 3 shares separated by newlines: Share [1/3]: 4-143a1efcde7f4f5658415a150fcac6da04f697ebfeb9427b59dca57b50ec755510b0e5 7ccc594e6b1a1eeb04 Share [2/3]: 2-af83f0af05fc207e3b466caef30ec4d39c060800371feab93594350b7699a8db9594bf c71ed9cd2bf314b738 Share [3/3]: 6-ebf7a305f14bf3143b801a222cc1c857b7e8582119374925274f9f335d283677f4c002 f8d68bcce722ebba1f Resulting secret: 7rZwOOu+8v1stea98OuyU1efwNzHaKX9CuZ/TK0bRWY=
Attention, if one of the pieces has been typed wrong, the error that appears is not necessarily very clear:
$ ssss-combine -t 3 Enter 3 shares separated by newlines: Share [1/3]: 4-143a1efcde7f4f5658415a150fcac6da04f697ebfeb9427b59dca57b50ec755510b0e5 7ccc594e6b1a1eeb04 Share [2/3]: 2-af83f0af05fc207e3b466caef30ec4d39c060800371feab93594350b7699a8db9594bf c71ed9cd2bf31ab738 Share [3/3]: 6-ebf7a305f14bf3143b801a222cc1c857b7e8582119374925274f9f335d283677f4c002 f8d68bcce722ebba1f Resulting secret: ......L.fm.....6 _....v..w.a....[....zS..... WARNING: binary data detected, use -x mode instead.
Open encrypted media Once the pass phrase obtained, we can use copy / paste support to unlock the encrypted, then transcribe or by having the eyes.
1. For more details, see the Wikipedia article on the shared secrets. https://secure.wikimedia.org/wikipedia/en/wiki/Secret_r%C3%A9parti
Use the checksum
In the first part, we described the checksum, the "numbers" that verify the integrity of a file (or any other data). The principle is that it is almost impossible to have the same checksum for two different files. If Alice says to Bob in a letter that the program can download from her site has SHA256 checksum: 171a0233a4112858db23621dd5ffa31d269cbdb4e75bc206ada58ddab444651f And the received file has the same checksum, he is almost certain that no one falsified the program on the way, and he can run the program without too much fear. There are several algorithms for checksums. Among them:
MD5 is safer today and should be avoided; SHA1 is widely used, but is being broken. So we Should ignore it; SHA224, SHA256, SHA384 and SHA512 are still safe for now. We will use SHA256, but the same methods work with other algorithms.
Get the checksum of a file
To verify the integrity of a file, calculate the checksum. It is both possible to configure Nautilus, the file browser of the GNOME desktop to do check summing. On the other hand, if you are comfortable with the use of a terminal , you can get the SHA256 by running the command:
sha256sum file_name To get the SHA1, it will: sha1sum file_name And the same way is used for MD5 (md5sum) or other SHA (sha224sum, sha384sum for example).
Check the integrity of a file
We must get the checksum of the original file in a safe way. For example, if you have downloaded the file, you may have received the checksum in a letter, or phone. With one of the above, get the checksum of the file. Be careful to use the same algorithm as that used by its correspondent. If you are using SHA1 instead of SHA256, there will of course not the same checksum. If the correspondent is proposing several checksums, prefer the algorithm hardest to break. Check if the two checksums are the same - it's a bit tedious, but it's often easier to paste them one below the other in a text file.
Allow others to verify the integrity of a file
Among all above method to get the checksum of the copy of the file, prefer the algorithm harder to break. Send this checksum to your friend in a secure method, other than the way by which we send the file. For example, if the file is sent by email, you can send the checksum in a letter, or phone the best being of course in person.
Make a checksum in graphical mode
To make a checksum from the GNOME graphical desktop, you should add a very small program (a script) to the GNOME file browser (called Nautilus).
Download or write the script
In order to add this little program, two options: download if you have Internet access or copy it (by re-reading several times). First option: download the script Download the script from document on the desktop. Second option: write the script
Open the gedit text editor in the Applications menu, then Accessories. Write on the blank page that appeared:
#!/bin/bash ALGO=$(zenity --list --title="Calculate a checksum" \ --text="choose the type of checksum" \ --width=400 --height=300 --radiolist \ --column="" --column="Algorithm" \ False MD5 \ False SHA1 \ False SHA224 \ True SHA256 \ False SHA384 \ False SHA512) || exit COMMAND="$(echo "${ALGO}" | tr A-Z a-z)sum" RESULT=$(${COMMAND} "$@" | sed -e 's, \+,\n,' | tee >(zenity --progress --auto-kill --auto-close --pulsate)) echo "$RESULT" | zenity --list --title="${ALGO}" \ --text="checksums ${ALGO} selected files" \ --editable --width=800 --height=300 \ --column="${ALGO}" --column="file" \ --separator="$(printf '\n')"
Save the file by clicking the File menu Save. Rename it to calculating a checksum and store it on the desktop. Exit the text editor.
French user can use following script: #!/bin/bash ALGO=$(zenity --list --title="Calculer une somme de contrôle" \ --text="Choisir le type de somme de contrôle" \ --width=400 --height=300 --radiolist \ --column="" --column="Algorithme" \ False MD5 \ False SHA1 \ False SHA224 \ True SHA256 \ False SHA384 \ False SHA512) || exit COMMAND="$(echo "${ALGO}" | tr A-Z a-z)sum" RESULT=$(${COMMAND} "$@" | sed -e 's, \+,\n,' | tee >(zenity --progress --auto-kill --auto-close --pulsate)) echo "$RESULT" | zenity --list --title="${ALGO}" \ --text="Sommes de contrôle ${ALGO} des fichiers sélectionnés" \ --editable --width=800 --height=300 \ --column="${ALGO}" --column="Fichier" \ --separator="$(printf '\n')"
Copy the script where the Nautilus seeks
Go to the desktop, select the file Calculate_ a_ checksum. Right click the mouse button. In the context menu that appears, click Cut. Open the File Browser, in the menu Applications → System Tools. From the menu Go to click on location ... and then type ~/.gnome2/nautilus-scripts/ and press Enter. Paste the file by clicking on the menu Edit click Paste.
Make the script executable
Select the file Calculate_ a_ checksum. Right click the mouse button. In the context menu that appears, click Properties. In the dialog box that appears, go to the Permissions tab. Check Allow executing the file as a program. Close the box by clicking Close.
Verify
In the context menu of the File Browser, a submenu Scripts containing the command “Calculate_ a_ checksum” should appears.
Use the script
Select files that checksum should be calculated. Right click the mouse button. In the context menu that appears, click Scripts, then Calculate_ a_ checksum. Choose the desired algorithm and confirm. Checksums of the selected files are displayed.
Install and use a virtualized system
This collection of recipes is about the use of a virtual operating system within a GNU / Linux. They are used for working on a sensitive document on Windows.
Install Virtual Box Principle
The objective of this recipe is to install Virtual Box, the software that allows you to run an operating system (called guest) inside another (called the host): this is called virtualization. This technology, along with a security policy using it, is described further in the section; how to work on a sensitive document on Windows.
Install Virtual Box
The next step is to install packages virtualbox-ose-qt and virtualbox-ose-dkms .
Check the installation
Launch Virtual Box from the menu Applications → System Tools → VirtualBox OSE. A window will open and we welcome in VirtualBox. Let's finish it, because we still have some preparations to make before we use this software.
Add a link to the virtual disk file
We will need later to access the VirtualBox folder where places the virtual disk file. However, it is a bit tedious to find. So we will create once and a link for all to this file. Open the personal folder from the menu → personal file. The folder that stores its VirtualBox disk images is hidden. We must therefore show hidden files from the menu View → Show Hidden Files. Find the folder .Virtualbox and open it by double-click. Inside this folder, virtual disks are stored in the file HardDisks .if it does not exist, we must start to create it: Right click → Create a folder, and type HardDisks, paying attention to uppercase and lowercase, as the folder name. When we get there eventually, add a link to this file. Right click the mouse button and choose Link from the context menu that appears. Link to HardDisk icon appears. Select it, and then rename from the menu Edit → Rename ... name it a little clearer, for example virtual disks of VirtualBox. Then move the link to the personnel file (accessible from the Shortcuts menu). We can then re-hide hidden files by deselecting View → Show hidden files and then close files.
Create a folder to save images
As explained earlier, we will later want to save images of specific systems. Now create a folder for this, for example by adding the Personal Folder (accessible from the Shortcuts menu) folder Virtual Disks.
Install a Windows virtualized
First and foremost is to bring a CD to install the appropriate version of Windows, and insert it into the CD / DVD drive. If a window displaying the contents of the CD automatically, close it or ignore it.
Prepare the installation on VirtualBox
From the desktop, go to Applications → System Tools → VirtualBox OSE. The program starts. Click New and follow the wizard:
Choose a name for the virtual machine. Choose the type of system from the corresponding Windows versions available. Indicate the size of RAM dedicated to the virtual machine. For Windows, 512 Mb is the minimum recommended. Create a virtual hard disk to hold the virtual operating system: o check hard drive boot and create a new hard drive; o a window opens, click Next; o choose Image size variable (the disk image will extend as needed, until it reaches to a maximum specified size); o in location, name the disk image file (you can also choose a location by clicking the small folder to the right of this line, but it's good to leave the suggested location); o Choose the size of virtual image: to have all Windows features, it must be consistent! 20 GB is good if you have enough space but for small hard drive, try less ... o Click next and finish: the software created and a virtual hard disk selected. Click on finish.
In the main VirtualBox window, the list now contains our new virtual machine. It remains to install the operating system... But first, we'll click on the Configuration: This menu will then configure it. For now we'll just say two things:
1. We must cut off access to the network (for security reasons already mentioned): o go to the Network category; o Uncheck Enable the network card in all the tabs where it is already checked by default (usually in one: the first). 2. It should boot the system from the Windows installation CD / DVD: o go to the Storage submenu; o Storage in tree, select the line with a CD icon, entitled Empty; o Then, in attributes, line CD / DVD; select the host player [...], which corresponds to your CD / DVD. Click OK to save the settings.
Launch the virtual machine
If it’s not already done, launch it and put the Windows installation CD in the drive of the computer. With our new selected virtual machine, you can now click on the Start icon. The virtual machine starts ... it's time to use of virtual machine. When launched, the virtual machine is running in a window that allows you to manage its use:
top left: a menu bar containing Machine, Devices, Help; Bottom right: icons indicating how the virtual machine uses the equipment. You can for example check that all network connections are disabled by passing the mouse over it.
In the first click window, the software says it will capture the mouse; a first key pressed, it explains that capture the keyboard. We must consider what it says; it allows leaving the virtual machine! Finally, all this is explained by the software. So we have to install the Virtual Windows.
Install Windows
The virtual machine boots from the CD / DVD and started the installation. It will not fit into the details of the process. However, we can specify:
When you format the partition, it is better to choose quick Format with NTFS. Do not put personal information when the name and organization are required. Most of the time putting a simple dot (".") allows the boxes, to continue the installation. When configuring the network, an error message may be displayed. It's a good sign we have disabled the network of the virtual machine.
Start the guest system
Once the installation is completed, return to the main window of VirtualBox. Select the virtual machine you just installed and click the Setup icon. In the left list, select Storage. In Storage tree, select the line with a CD icon and drop-down list CD / DVD select items. Close the window configuration. Then, start the virtual machine by clicking Start.
Install software for guest system
In the window that welcomes Windows, open the Device menu, which proposes to install Guest Additions.... If it has not been done before, VirtualBox will offer to download the ISO image that contains them. A progress bar at the bottom left indicates that the download is in progress, and then VirtualBox asks if you want to put this disk image and mount in the virtual drive. Click Insert. A new CD-ROM is now added to the Windows environment. If the installer does not start automatically, you have to start VBoxWindowsAdditions found on this new CD. It remains then to accept the defaults to install the "Guest Additions". A new icon on the transparent cube then appears at the bottom right of the Windows desktop. It means that the "additions" have been installed. Turn off virtual Windows. The installation of the virtual Windows is now completed.
Save an image of a clean virtual disk
As indicated in the method of working on sensitive documents on Windows, you may need to save (or freeze) the disk image of a virtual machine.
Turn off the virtual machine
If the clean virtual machine, to be saved, is in use, you must first turn off (e.g. via the menu Machine ... → switch off → Send the signal extinction of VirtualBox).
Open the folder virtual disk of VirtualBox
In the Personal Folder, open the shortcut virtual disk of VirtualBox created earlier.
Back up
Select the virtual disk whose name matches that of the virtual machine, such as Windows 2000.vdi. From the Edit menu choose Copy. Go to the backup folder of clean images. If we followed the advice given above, this is the case of clean Virtual Disks of personal file of the account used. From the Edit menu choose Paste to obtain a copy of the file. Select the copy, and rename from the menu Edit → Rename.... Enter a new name, such as clean backup of Windows 2000.vdi .
Delete the virtual machine
If we are not going to use this clean machine, now it is the time to follow the recipe on the deletion of a virtual machine.
Delete virtual machine "for real"
This recipe is designed to cleanly remove a virtual machine.
Delete the virtual machine of VirtualBox
Open the main VirtualBox window, accessible from the menu Applications → System Tools. Select the virtual machine to be deleted. In the Machine menu choose Delete, and then confirm the deletion.
Delete the virtual hard disk and its contents
Open the folder virtual disk of VirtualBox. Use the tool to delete files with their contents to delete the virtual disk of virtual machine.
Prevent the virtual disk of VirtualBox exists longer
On the File menu of VirtualBox, open the Media Manager ... then in the Hard Disk tab, select the row for the deleted file (preceded by a yellow sign somewhat alarmist), and click the Remove button. The Virtual Media Manager and the VirtualBox window can now be closed.
Create a new virtual machine from a clean image
We explained previously how to create a clean virtual disk image to use for a new project, as recommended method for working on sensitive documents on Windows.
Choice of name
We will choose a name for the new virtual machine and the files that correspond to it. These files are located on the host system, the name almost inevitably leave traces on it, even after the virtual machine removed. Therefore we should choose the name carefully.
Copy the virtual disk image
We can’t simply copy the frozen file because VirtualBox would warn that there are two identical virtual disks. However, there is a command to copy a virtual disk, but it is only accessible from the command line. Let's begin by opening a terminal (Applications → Accessories → Terminal). Then, copy the image from previously section with the command: VBoxManage clonehd backup new_disk We will see how to build the command line, because you have to replace backup path to the backup of virtual disk, and new_disk by the path of new disk. Warning: if you want to type the file name by hand, be aware that the paths are relative to the file VirtualBox - if it does not change the options, it is .VirtualBox. To correct this, we can put such absolute paths.
The easiest way to do is to start by typing: VBoxManage clonehd Add a space and then with the mouse, grab the icon of the virtual disk (in the clean Virtual Disks folder) and drop over the terminal. To add the new disk, the operation is repeated with the folder icon virtual disks of VirtualBox created earlier. The display should now look like:
VBoxManage clonehd '/home/LOGIN/clean virtual disk/clean backup of Windows XP.vdi' '/home/LOGIN/virtual disk of VirtualBox'
A space was added automatically with the insertion of the path. We will delete it, and then add the name of the new disk, for example by writing /Project1.vdi.
Finally, it should look like:
VBoxManage clonehd '/home/LOGIN/clean virtual disk/Windows XP.vdi' '/home/LOGIN/virual disk of VirtualBox'/Project1.vdi
After all these steps, the command line is complete, and you can start running by pressing the Enter key.
Create a new virtual machine
Debian in the office, go to Applications → System Tools → VirtualBox OSE. The program starts. Click New and follow the wizard:
Choose a name for the virtual machine; Choose the type of Windows from the corresponding system proposed; Choose the size of RAM dedicated to the virtual machine, depending on the size needed for the project: if you want to use a big program like Photoshop, it must provide as much as possible (at least 512 MB) . you should know that VirtualBox will refuse attributed more than half of the total memory for the virtual machine; Choose HDD boot and use an existing hard drive. Click on the icon to the right of the window to open the Virtual Media Manager. Click on the Add button and select the image previously explained, and then click choose; Click Next and Finish.
We must now configure the first virtual machine. Click the Setup button, taking care to select from the last list.
We must disable access to the network (for security reasons already mentioned):
Go to the Network section; Uncheck the Enable network card in all the tabs where it is already checked by default (usually in one: the first).
Click OK to save the settings.
Create a "user" account for the new project As explained earlier, we want to work on a "user" account for each different project. Here's how to do it with Windows XP - it should not be too different to other versions. Start the new virtual machine by clicking Start. Once in the virtualized Windows, open Start → Control Panel and select User Accounts and create a new account. Then choose a name for the new account, keep in mind that this name will probably be stored in documents created. Then choose to create an Administrator account on the computer 1 and click Create Account. Then close the session from the Start menu. Care should be taken not to use this project to the newly created account.
1. Since we use a virtual disk for each specific project and we have no access to the network, this is not a big risk and we will make life easier.
Send files to a virtualized system
Since the Windows guest is not allowed out of the box to get the files itself, it may be necessary to send them from the "outside". Let us see how.
From a CD or DVD
This is necessary if you want to install additional software on Virtual Windows
Insert the CD to play in the drive, wait a few seconds, then take control with the host system (Ctrl + ↖ or Home) and in the open Window that shows windows, click on Device drives; CD / DVD and select the host [...]. Windows should then detect the CD inserted. If it is not detected, we can go to look for it in Start Menu → My Computer. If it does not work the first time, repeat the operation.
It can load software from the CD drive of the computer: it will be permanently installed on the virtual hard disk.
From a folder
It is possible to make a file readable by Windows host system. But make sure that it is not any folder... Create a folder reserved for this purpose in the host system Minimize the window welcome in the guest system. Then choose where you want to put the file exchange. For example: in the personal file right click and create a folder and give it a descriptive name (for example "file readable by Windows,"). Indicate the file location to the virtual machine manager Go to the VirtualBox window that is launched in which the Windows virtual machine and open the menu Devices → Shared Folders ... Add a folder by clicking the icon with a "+" at the top right. A box opens:
On folder path , click Other ... to locate the folder to share; On the file name, the name of the file will be inside the virtual machine is displayed, such as "sharing." You can change it, but the name should be short, and should not contain spaces; Check the box Read Only. Thus, the virtual system can only read the contents of the folder, but nothing to write; If and only if, the sharing of this folder must be permanent, select permanent Configuration, otherwise sharing will be activated only for this session.
Warning: before validation, you must be sure that you want to leave Windows to read the entire content of the file that has been asked to share. If it's good, click OK and close the window.
Tell Windows where to connect to find the shared folder
From the menu Start, open My Computer. In the menu Tools, click Map Network Drive. Windows offers a drive name (e.g. Z :) and asks for the file: Click Browse (right) VirtualBox Shared Folders → \\Vboxsvr → directory_name, then OK. You can choose if you want this whether available only for the duration of the session, or each new session.
Attention: after learning how to use this sharing system, you might be tempted to set it up to give direct access to devices plugged into the host system: it is the worst idea we can have, which alone would destroy the whole security policy.
Bring out the files in a virtualized system
The Windows guest is not allowed, by default, leaving traces outside its sealed compartment. But almost inevitably happens when it is necessary to bring files out. Let us see how.
By burning a CD or DVD
First of all, remove the CD or DVD that may be in the readers and it does not provide access to the virtual machine. If the virtual machine is on, turn it off. Then go to the VirtualBox main window and select from the left list which the virtual machine data are to be burned. Then click the Setup icon. In the Setup dialog box, select Storage in the left list, and in storage tree section, click on the line that starts with a CD icon. In CD / DVD drive; choose the host and select Direct Mode. Confirm by clicking Ok. It is then possible to restart the virtual machine, and write data from the inside.
An empty folder
You can allow Windows to write to a folder on the host system. But make sure that it is not any folder... Attention: by learning to use the system sharing, you might be tempted to set it up to give direct access to devices plugged into the host system: it is the worst idea we can have, which alone would destroy the whole security policy. Create a folder reserved for this purpose in the host system
Minimize the window welcoming the guest system. Choose where you want to put this folder exchange. For example, in the Personal folder, right click and create a folder and give it a descriptive name such as "folder where Windows can write."
Tell the virtual machine manager where the file is located
If the virtual machine is off, start it. Go to the VirtualBox window that is launched there the Windows virtual machine and open the menu Devices → Shared Folders ... Add a folder by clicking the icon with a "+" at the top left. A dialog box opens: o On folder path click Other ... to locate the folder to share; o On the file name, the name of the file will be inside the virtual machine appears. Choose a short name without spaces, such as "output"; o If you want to export a folder permanently (not for this session only) check the configuration permanent; o Do Not check the Read Only.
Warning: before committing, you must be sure that the file in question is empty. Windows will indeed not only to write but also read. If it's good, click OK and close the window with OK. Tell Windows where to connect to find the shared folder
From the menu Start, open My Computer. On the menu Tools, click Map Network Drive. Windows offers a drive name (e.g. Z: ) and asks for the file: Click Browse (right) VirtualBox Shared Folders → \\→ Vboxsvr directory_name, then OK. You can choose if you want this whether only available for the duration of the session, or each new session.
Keep an updated system
As explained before, the malware sneak into your computers, through "security holes". Corrections for these errors in programming (or design) are regularly made available as they are identified. Once these fixes are available, it is particularly important to replace the old versions of software. Indeed, the problems corrected, which could have previously been identified only by a few specialists are then publicly known and referenced ... thus easier to exploit.
Maintain a live system
A live system is an indivisible collection of software, run from a CD or a USB key, the only practical solution to use the latest versions of these programs is to make sure we use the latest version of live system. At startup, the system displays a window of live Tails to warn us when a new version that fixes security vulnerabilities is available. When that happens, we must destroy the CD of the old version and burn new version. For a CD rewritable (RW) or a USB key, it is sufficient to overwrite the old version with the new.
Maintain an encrypted system
Once installed, an encrypted system must be kept update; so we can continue to trust it. The following sections relate to Debian, but the concepts apply broadly to almost all other systems. The Debian Project publishes approximately every two years, a stable release. This represents an enormous effort to coordinate the compatibility of different versions of software, perform extensive testing and ensure that there is no major flaw.
The daily updates of an encrypted system
The interesting thing of a stable release of Debian is that, the software packages are not modified in depth and the improvements will be added, fixes bug related to security or preventing of normally use a program.
These new versions can be installed in general “with eyes closed", they should not disturb the little habits that we have taken. When the Desktop environment installed, the system will automatically check the availability of new versions in the configured repositories, when connected to the Internet 1. When this happens, a window and an icon will appear in the notification area to offer making the updates. After clicking on the icon, the system asks us to enter administration password. Once done, a window opens with the list of packages that can be updated. They all are selected normally. Just click on the button Install updates to start the procedure.
1. We can also perform these small updates (albeit a little less each day) on a computer that should not have any access to the network. The Debian Project frequently releases new minor versions (or point releases in English) that are advertised on the website of the project. The project then proposes DVD containing all the updated packages, this DVD for example be called debian-update-6.0.1a-amd64-DVD-1.iso . By adding this DVD to updated sources, it is then possible to use the Update Manager without the computer is connected to the network.
Transition to a new stable release
When a new stable version of Debian was released, the project shall maintain updated the previous stable release for a period of one year. It is therefore necessary to use this time to take the system update to this new version. It is a process more difficult than daily updates - not necessarily in the same way.
Move from Lenny to Squeeze
The detailed procedure here is for updating version of Debian called Lenny or 5.0, released in April 2009 to new version 6.0 or Squeeze, released in February 2011. Here we will document a procedure for easy upgrade that has been tested on Debian Lenny with a GNOME desktop environment and software only from the official repositories of Debian. You need to have an Internet connection or an installation DVD to update.
Warning: this simplified procedure is less likely to operate when the system was hacked by adding sources of unofficial updates. If so, go to the official release notes of the Debian project: http://www.debian.org/releases/squeeze/i386/release-notes/index.html , including some upgrades from Debian 5.0 (Lenny) and Part Issues to be aware for Squeeze .
Update the Debian Lenny In all above, it is necessary to have an updated Debian Lenny. Otherwise, the upgrade is likely to fail. If these updates were not made daily, it's time to catch up. Make sure you have enough free space on the hard disk Before avoid any unpleasant surprise, you must be at least 4 GB of free space on the hard disk to contain the system. We can check this by opening My Computer from the menu shortcuts. This is followed by rightclicking on the icon of the file system to achieve the Properties. In the window that opens, the information that we seek are at the bottom right of the graph, before the label free. Disable other Debian repositories The update is tested with the official packages from Debian Lenny. So we will disable all other Debian repositories, including deposits backports and volatile. To do this, open the Sources of updates from the menu System → Administration. Since you will choose which programs to trust, you must enter the administration password. In the Third-party software tab, uncheck all the repositories listed, and then click Close. At the time, if the software asks to reload the package information available, to confirm click on Reload. Update the Debian repositories used Start by changing the deposits configured to use those dedicated to the new version. It is not yet possible to do this operation through the GUI, it is necessary to open a Terminal administrator and type the following command: gedit /etc/apt/sources.list The text editor opens. In the menu, select Search → Replace. In the window that opens, search for “lenny "and replace it with" squeeze.” Then click the button Replace All, then Close the search window.
If an installation or update has been done before using a CD or DVD, it is a good idea to look for lines that begin with " deb cdrom: 'to remove them. You can then exit the editor to save the changes. You have amended the list of repositories, so you now download the list of packages that are available before you can install, for this, type the command: apt-get update Keep the Terminal open; we will need it in later.
Add the installation DVD to the list of Debian repositories If the computer is not connected to the Internet, or if the connection is slow, you can ask the system to use an installation DVD as a repository of Debian packages. To do this, return to the Administrator Terminal and type the following command: apt-cdrom add You must then insert the DVD and press Enter. Keep the terminal open, it should soon be reused. Disable the screen saver During the update, the screensaver may crash and make the screen locked. It is therefore prudent to disable it for the time of update. To do this, open screen saver from the menu System → Preferences. In the window that opens, uncheck Enable the screen saver when the computer is idle. Start updating The update is done in several steps that you will do with a Terminal administrator. Our first command tells the package manager, on the one hand, we prefer that we pose the least possible questions concerning the details of the update, and secondly, that these questions should be asked in a GUI: export DEBIAN_PRIORITY=critical DEBIAN_FRONTEND=gnome The second command performs the first part of the update: apt-get upgrade
Fast enough, the terminal displays would you like to continue [y/n]? After confirming by pressing Enter, you should see a first series of windows asking us how to handle some changes. When you are not trying the choice of Debian, click Next each time is sufficient. After a moment, a number of packages have been updated, and the terminal should return to the command prompt. The third command forces the system update. This ensures that the update will be in your local language already selected otherwise it is in English: apt-get install locales After confirming to continue press Enter, a window opens asking in English "Services to restart ...." Click on Forward. Some changes in the system later, the terminal invites us once again to put the orders. The fourth command will complete the upgrade of the system: apt-get dist-upgrade Let confirmation with Enter, and go. You can see a new set of windows. Unless you want to select other choices than those recommended by Debian, click on next (or forward). A little later in the process, the system will ask us if we move to a startup sequence based on dependencies? Again, it should work just by clicking Next. At this stage of the update, maybe the GNOME desktop displays various error messages, such as "The NetworkManager applet could not find some required resources. It can’t continue. "Or" An error occurred while loading or saving configuration information frontend. Some of your configuration settings may not work correctly... “It doent particularly matter, since it is being reinstall many system components. These problems should be resolved on their own once the process is complete. It is also a message that the "boot loader configuration of this system was not recognized.”The problems highlighted by the warning systems do not affect the encrypted system; you can simply click Next and ignore it. When the prompt reappears, you can enter a fifth and final order to make free disk space: apt-get clean We can now breathe. The biggest is done. However, it remains a few minor adjustments...
New management sudo Prior to adapt our environment to the new administration account management, we must first fix a bug that has remained in Debian. To do this, in the Terminal administrator we run the command below: rm –f /etc/dbus-1/system.d/system-tools-backends.conf The rest to do is the system configuration for "sudo", the password to perform administrative tasks is the same as that required to open the session. For the rest, it is necessary to know the name of the current account (login). If in doubt, you can read it on the desktop, under the icon "personal file ...” Then type the command should look like: sudo adduser LOGIN(username) Or in french adduser LOGIN sudo For the username "Anna", it would be: sudo adduser Anna Or in French adduser Anna sudo Once done, we will also do: EDITOR=gedit visudo In the window that appears, you must reach the last line which should look like: Anna ALL=(ALL) ALL And we will replace the user name (here Anna) by %sudo . This should give: %sudo ALL=(ALL) ALL Once this is done, you can close the window and saving your changes.
First reboot Now it is the time to reboot the system. It is Necessary among other things, to find a functional network for further operations. To do this, click System → Turn off ... and then Restart. Install the new manager login screen The new version of the program that manages sessions (we request a login and password at startup) will not install automatically when it is updated; because its configuration is not compatible with the old version. However, for a laptop or desktop, this should not be a problem. It is therefore necessary to install the package gdm3 . This may requires re-configuration later. The installation will require other packages to uninstall. This is usual to replace the old version. When a window appears that asks us to choose a window manager of default session, simply click Next. Reactivate the screen saver Open Screen Saver from the menu System → Preferences. In the window that pops up, recheck Enable the screen saver when the computer is idle. Reactivate the Debian repositories additional If the use of deposits backports or squeeze-updates (formerly volatile) is required, it is now possible to reactivate. Update the boot program (GRUB) This update is to configure the new version of the startup program called GRUB. To do this, open a Root Terminal, then type: export DEBIAN_FRONTEND=gnome After this first order, we will be able to run the update itself via the command: upgrade-from-grub-legacy
The system then asks us questions to be answered:
For the Linux command line, enter the space entry. For the Devices where to install GRUB, you must check the box that corresponds to the hard disk where is installed the system. In the vast majority of cases this should be the first in the list, named /dev/sda . To be sure, you can check the size of the hard drive in brackets corresponds to what is known about the computer. When in doubt, you can find the hard drive path using the method described previously.
Once the window has closed, you can return the terminal to execute the command proposed to us: rm -f /boot/grub/menu.lst* Ensure that the new system is working properly Finally, restart the computer again and log into the new version of Debian. It may help to ensure that the actions and common commands are functional. It may be necessary to diagnose and solve problems where it is appropriate. It is certainly better to do when making contact with the new system in order to leave for two years with a functional system. The most common problems are often described various documentation on Debian GNU / Linux. Remember also that there are official release notes for the Debian project.
Security-focused operating system
We already have explained what the operating system is and it is discussed in detail how to use and install the Debian in the most secure mode. The operating systems are different in size from only 16 KB (BareMetal: http://www.returninfinity.com/baremetal.html ) to some GB (usual OS). Although all of the operating systems are faced with security bug fixes in their lifetime; however, they do all strive to consistently approach all generic security flaws inherent in their design with new ideas in an attempt to create a secure computing environment. A Trusted operating system provides sufficient support for multilevel security and evidence of correctness to meet a particular set of government requirements. Here are the lists of most secure operating system: 1-BSD: BSD is a family of UNIX variants. There are several BSD variants, with only one being heavily focused on security. http://www.bsd.org/
2-OPENBSD: OpenBSD is an open source BSD operating system that is known to be concerned heavily with security. The project has completed rigorous manual reviews of the code and addressed issues most systems have not. OpenBSD also supplies an executable space protection scheme known as W^X (memory is writable xor executable), as well as a ProPolice compiled executable base. Also, since OpenBSD is exported with cryptography, we are able to take cryptographic approaches towards fixing security problems. http://www.openbsd.org
3-TrustedBSD:TrustedBSD is a sub-project of FreeBSD designed to add trusted operating system extensions, targeting the Common Criteria for Information Technology Security Evaluation (see also Orange Book). Its main focuses are working on access control lists, event auditing, extended attributes, mandatory access controls, and fine-grained capabilities. Since access control lists are known to be confronted with the confused deputy problem, capabilities are a different way to avoid this issue. As part of the TrustedBSD project, there is also a port of the NSA's FLASK/TE implementation to run on FreeBSD. Many of these trusted extensions have been integrated into the main FreeBSD branch starting at 5.x. http://www.trustedbsd.org 4-LINUX: Linux itself is inherently security-focused; however, many distributions and projects attempt to make Linux more secure. Among them, the most popular is Ubuntu. http://www.ubuntu.com http://en.wikipedia.org/wiki/Linux
5-Annvix: Annvix is a free, secure, Linux-based operating system. The Annvix project aims to provide a secure, stable, and fast Linux distribution specifically tailored to servers that provide reliable services such as Email, Web, DNS, FTP, File sharing, and more.Annvix was originally forked from Mandriva to provide a security-focused server distribution that employs ProPolice protection, hardened configuration, and a small footprint... There were plans to include full support for the RSBAC Mandatory access control system. However, Annvix is dormant, with the last version being released December 30, 2007 and it has not been in development since March, 2008 http://linsec.ca/Annvix:Home
6-EnGarde Secure Linux: EnGarde Secure Linux is a secure platform designed for servers. It has boasted a browser-based tool for MAC using SELinux since 2003. Additionally, it can be accompanied with Web, DNS, and Email enterprise applications, specifically focusing on security without any unnecessary software. The community platform of EnGarde Secure Linux is the bleeding-edge version freely available for download. Because there is no X Window System and EnGarde is configured via a graphical interface, it is recommended to configure the operating system using a second computer. The interface, accessible through a web browser, is one of the remarkable features of EnGarde Secure Linux. It was one of the very first Linux server platforms designed solely for security. http://www.engardelinux.org
7-Fedora: Fedora is a free, Red Hat sponsored community developed Linux distribution. It is one of those mainstream Linux distributions, with a concentrated effort to improve system security, as a consequence it boasts a fully integrated SELinux MAC and fine-grained executable memory permission system (Exec Shield) and all binaries compiled with GCC's standard stacksmashing protection, as well as focusing on getting security updates into the system in a timely manner. http://fedoraproject.org/en
8-Hardened Gentoo: Hardened Gentoo is a subproject of the Gentoo Linux project. Hardened Gentoo offers a ProPolice protected and Position Independent Executable base using exactly the same package tree as Gentoo. Executable space protection in Hardened Gentoo is handled by PaX. The Hardened Gentoo project is an extremely modular project, and also provides subprojects to integrate other intrusion-detection and Mandatory access control systems into Gentoo. All of these can be optionally installed in any combination, with or without PaX and a ProPolice base. http://www.gentoo.org
9-Hardened Linux: Hardened Linux is a small distribution for firewalls, intrusion detection systems, VPN-gateways and authentication jobs that is still under heavy development. It includes GRSecurity, PaX and GCC stack smashing protection. http://hardenedlinux.sourceforge.net/
10-Immunix: Immunix is a commercial distribution of Linux focused heavily on security. They supply many systems of their own making, including StackGuard; cryptographic signing of executables; race condition patches; and format string exploit guarding code. Immunix traditionally releases older versions of their distribution free for non-commercial use. Note that the Immunix distribution itself is licensed under two licenses: The Immunix commercial and non-commercial licenses. Many tools within are GPL, however; as is the kernel. http://distrowatch.com/table.php?distribution=immunix 11-Openwall Project: Solar Designer's Openwall Project (Owl) was the first distribution to have a non-executable userspace stack, /tmp race condition protection and access control restrictions to /procdata, by way of a kernel patch. It also features a per-user tmp directory via the pam_mktemp PAM module, and supports Blowfish password encryption.
12-Red Hat Enterprise Linux: Red Hat Enterprise Linux - offers the same security benefits as Fedora with the additional support of back-porting security fixes to the released versions of the packages (particularly the kernel) so the sys-admin does not have to perform a significant (and risky) upgrade to get a security fix. http://en.wikipedia.org/wiki/Red_Hat_Enterprise_Linux http://www.redhat.com/products/enterprise-linux
13-Ubuntu (humanity towards others): Like Fedora and Red Hat Enterprise Linux, Ubuntu provides security fixes for stable releases. It also has AppArmor installed by default and supports SELinux. Ubuntu locks the root account by default. But use user password for root tasks. Ubuntu and Kubuntu can be booted and run from a USB Flash drive (as long as the BIOS supports booting from USB), with the option of saving settings to the flashdrive. This allows a portable installation that can be run on any PC which is capable of booting from a USB drive.[49] In newer versions of Ubuntu, the USB creator program is available to install Ubuntu on a USB drive (with or without a LiveCD disc). https://launchpad.net/usb-creator http://www.ubuntu.com
14-Solaris: Solaris is a UNIX variant created by Sun Microsystems. Solaris itself is not inherently security-focused. Majority of Solaris source code has been released via the
OpenSolaris project, mostly under the Common Development and Distribution License. Enhancements to OpenSolaris, both securities related and others are backported to the official Solaris when Sun certifies their quality. http://en.wikipedia.org/wiki/Solaris_(operating_system) ; http://www.oracle.com/us/products/servers-storage/solaris/overview
15-Trusted Solaris: Trusted Solaris is a security-focused version of the Solaris UNIX operating system. Aimed primarily at the government computing sector, Trusted Solaris adds detailed auditing of all tasks, pluggable authentication, mandatory access control, additional physical authentication devices, and fine-grained access control
16- Security-Enhanced Linux: SELinux: is a secure, stable and full-featured OS for professional enterprise servers. Secure-Slinux is based on the Linux kernel and GNU glibc as well as GRSecurity and PAX. NSA Security-enhanced Linux is a set of patches to the Linux kernel and some utilities to incorporate a strong, flexible mandatory access control (MAC) architecture into the major subsystems of the kernel. It provides an enhanced mechanism to enforce the separation of information based on confidentiality and integrity requirements, which allows threats of tampering and bypassing of application security mechanisms to be addressed and enables the confinement of damage that can be caused by malicious or flawed applications. http://en.wikipedia.org/wiki/Security-Enhanced_Linux http://wiki.debian.org/SELinux, http://selinuxproject.org/page/SEAndroid; http://www.secure-slinux.org/ 16-Object-Capability systems: These operating systems are all engineered around a different paradigm of security, object-capabilities: http://en.wikipedia.org/wiki/Object-capability_model , where instead of having the system deciding if an access request should be granted (usually through one or several access control lists), the bundling of authority and designation makes it impossible to request anything not legitimate. KeyKOS: http://en.wikipedia.org/wiki/KeyKOS EROS: http://en.wikipedia.org/wiki/EROS_(microkernel) CapROS: http://en.wikipedia.org/wiki/CapROS seL4: http://en.wikipedia.org/wiki/L4_microkernel_family
In spite of all information presented here there are people who insist to use non-secure operating system such as windows. Or you may change your digital security policy to secure your communication with Ubuntu: Now it is a question; how to install and use them? So before we start talking about the communication security, that is good idea to learn, how to use Terminal and installing most popular operating systems: windows and Ubuntu
Feel the love of free and open source software
Why should you use GNU/Linux over Windows or Mac OS? There are a number of reasons, one of the biggest is that the large quantities of viruses, Trojans, back-door programs, security bugs, targeted government hacking, and other exploits over the years make them very difficult to trust, especially because you are not given the opportunity to look under the hood to see if what is going on is ok. The software is proprietary and closed source that means you trust your private information to a corporation whose sole focus is profit, not the security of your personal information and whose methods you are unable to audit for yourself. OS X suffers from similar issues that windows does. While it is based on UNIX (of which Linux is a “clone”), a large portion of the operating system is not open source and thus not available for third party review. Its increasing popularity has been resulting in increasing viruses and exploits (though still far fewer than windows) and its corporate culture of authoritarianism is reflected in the structure of the operating system. OS X also includes the built-in “feature” to remotely activate the webcam which, as a feature regardless of the OS it’s on, has been shown to be used for other purposes. GNU/Linux, however, is composed primarily (and can be made exclusively) of software whose source can be obtained and audited by essentially anyone, it has been built by a community of people for years. Its history is filled with few viruses and user-level exploits. Linux is also an easy to use operating system that supports a wealth of older hardware that makes this level of security accessible to the average individual.
Terminal
The Command Line
Before continuing with the rest of the book it is good to review “how the command line works”. If you are not familiar with the command line and you have made your decision to use safe Os: GNU/Linux, the following is intended to get you up to date in the basics quickly .
The basics
Although interactions on a computer happen so fast you don't think about it, each click or keystroke is a command to the computer, which it reacts to. Using the command line is the same thing, but more deliberate. You type a command and press the Return or Enter key. For instance, in my terminal I type: date And the computer replies with: Fri Feb 25 14:28:09 CET 2011
The command line can do much better The date command, as seen so far, compares poorly with the alternative of glancing at a calendar or clock. The main problem is not the unappetizing appearance of the output, mentioned already, but the inability to do anything of value with the output. For instance, if I'm looking at the date in order to insert it into a document I'm writing or update an event on my online calendar, I have to do some retyping. The command line can do much better than this. After you learn basic commands and some useful ways to save yourself time, you'll find out more in this book about feeding the output of commands into other commands, automating activities, and saving commands for later use. What do we mean by a command? in the context of this book, a command has a very specific meaning. It's a file on your computer that can be executed, or in some cases; an action that is built into the shell program. Except for the built-in commands, the computer runs each command by finding the file that bears its name and executing that file. We'll give you more details as they become useful.
Ways to enter commands To follow along on this book, you need to open a command-line interpreter or command-line interface (called a shell or terminal in GNU/Linux) on your computer. Pre-graphical computer screens presented people with this interpreter as soon as they logged in. Nowadays almost everybody except professional system administrators uses a graphical interface, although the pregraphical one is still easier and quicker to use for many purposes. So we'll show you how to pull up a shell.
Finding a terminal You can get a terminal interface from the desktop, but it may be easier to leave the desktop and use the original text-only terminal. To do that, use the < ctrl + alt + F1 > key combination. You get a nearly blank screen with an invitation to log in. Give it your username and password. You can go to other terminals with < alt + F2 > and so on, and set up sessions with different (or the same) users for whatever tasks you want to do. At any time, switch from one to another by using the < alt + F# > keystroke for the one you want. One of these, probably F7 or F8, will get you back to the desktop. In text terminals you can use the mouse (assuming your system has gpm running) to select a word, line or range of lines. You can then paste that text somewhere else in that or any other terminal. GNU/Linux distributions come with different graphical user interfaces (GUI) offering different aesthetics and semantic metaphors. Those running on top of the operating system are known as desktop environments. GNOME, KDE and Xfce are among the most widely used. Virtually every desktop environment provides a program that mimics the old text-only terminals that computers used to offer as interfaces. On your desktop, try looking through the menus of applications for a program called Terminal. Often it's on a menu named something such as Accessories, which is not really appropriate because once you read this book you'll be spending a lot of time in the terminal every day. In GNOME you select Applications > Accessories > Terminal.
In KDE, select K Menu -> System -> Terminal. In Xfce, select Xfce Menu -> System -> Terminal. Wherever it's located, you can almost certainly find a terminal program. When you run the terminal program, it just shows a blank window; there's not much in the way of help. You're expected to know what to do and we'll show you. The following figure shows the Terminal window opened on the desktop in GNOME.
Running an individual command Many graphical interfaces also provide a small dialog box called something like "Run command". It presents a small text area where you can type in a command and press the Return or Enter key.
To invoke this dialog box, try typing the < alt + F2 > key combination, or searching through the menus of applications. You can use this box as a shortcut to quickly start up a terminal program, as long as you know the name of a terminal program installed on your computer. If you are working on an unfamiliar computer and don't know the name of the default terminal program, try typing xterm to start up a no-frills terminal program (no fancy menus allowing choice of color themes or fonts). If you desperately need these fancy menus,
in GNOME the default terminal program should be gnome-terminal in KDE it should be konsole in Xfce try Terminal or version specific terminal names, for example in Xfce 4 you should find xfce4-terminal.
Terminal startup
When you start up a terminal, you see a little message indicating that the terminal is ready to accept your command. This message is called a prompt, and it may be as simple as: $ After you type your command and press the Return or Enter key, the terminal displays the command's output (if there is any) followed by another prompt. So my earlier interaction would be shown in the book like this: $ date Thu Mar 12 17:15:09 EDT 2009 $
You have to know how to interpret examples like the preceding one. All you type here is date. Then press the Return key. The word date in the example is printed in bold to indicate that it's something you type. The rest is output on the terminal. The Parts of a Command The first word you type on a line is the command you wish to run. In the "Getting Started" section we saw a call to the date command, which returned the current date and time.
Arguments Another command we could use is echo, which displays the specified information back to the user. This isn't very useful if we don't actually specify information to display. Fortunately, we can add more information to a command to modify its behavior; this information consists of arguments. Luckily, the echo command doesn't argue back; it just repeats what we ask it: $ echo foo foo In this case, the argument was foo, but there is no need to limit the number of arguments to one. Every word of the text entered, excluding the first word, will be considered an additional argument passed to the command. If we wanted echo to respond with multiple words, such as foo bar, we could give it multiple arguments: $ echo foo bar foo bar Arguments are normally separated by "white space" (blanks and tabs -- things that show up white on paper). It doesn't matter how many spaces you type, so long as there is at least one. For instance, if you type: $ echo foo foo bar bar
With a lot of spaces between the two arguments, the "extra" spaces are ignored, and the output shows the two arguments separated by a single space. To tell the command line that the spaces are part of a single argument, you have to delimit in some way that argument. You can do it by quoting the entire content of the argument inside double-quote (") characters: $ echo "foo foo bar bar"
As we'll see later, there is more than a way to quote text, and those ways may (or may not) differ in the result, depending on the content of the quoted text. Options Revisiting the date command, suppose you actually wanted the UTC date/time information displayed. For this, date provides the --utc option. Notice the two initial hyphens. These indicate arguments that a command checks when it starts and that control its behavior. The date command checks specially for the --utc option and says, "OK, I know you're asking for UTC time". This is different from arguments we invented, as when we issued echo with the arguments foo bar. Other than the dashes preceding the word, --utc is entered just like an argument: $ date --utc Tue Mar 24 18:12:44 UTC 2009 Usually, you can shorten these options to a shorter value such as date -u (the shorter version often has only one hyphen). Short options are quicker to type (use them when you are typing at the shell), whereas long options are easier to read (use them in scripts). Now let's say we wanted to look at yesterday's date instead of today's date. For this we would want to specify the --date argument (or shortly -d), which takes an argument of its own. The argument for an option is simply the word following that option. In this case, the command would be date --date yesterday. Since options are just arguments, you can combine options together to create more sophisticated behavior. For instance, to combine the previous two options and get yesterday's date in UTC you would type: $ date --date yesterday -u Mon Mar 23 18:16:58 UTC 2009 As you see, there are options that expect to be followed by an argument (-d, --date) and others that don't take any one (-u, --utc). Passing a little bit more complex argument to the --date option allows you to obtain some interesting information, for example whether this year is a leap year (in which the last day of February is 29). You need to know what day immediately precedes the 1st of March: $ date --date "1march yesterday" -u Sat Feb 28 00:00:00 UTC 2009 The question you posed to date is: if today were the 1st of March of the current year, what date would it be yesterday? So no, 2009 is not a leap year. It may be useful to get the weekday of a given date, say the 2009 New Year's Eve:
$ date -d 31dec +%A Thursday Which is the same as: $ date --date 31december2009 +%A Thursday In this case we passed to date the option -d (--date) followed by the New Year's Eve date, and then a special argument (that is specific to the date command). â ﭘCommands may once in a while have strange esoteric arguments... The date command can accept a format argument starting with a plus (+). The format %A asks to print the weekday name of the given date (while %a would have asked to print the abbreviated weekday: try it!). For now don't worry about these hermetic details: we'll see how to obtain help from the command line in learning command details. Let's only nibble a more savory morsel that combines the echo and date commands: $ echo "This New Year's Eve falls on a $( date -d 31dec +%A )" This New Year's Eve falls on a Thursday
Repeating and editing commands Use the Up-arrow key to retrieve a command you issued before. You can move up and down using arrow keys to get earlier and later commands. The Left-arrow and Right-arrow keys let you move around inside a single command. Combined with the Backspace key, these let you change parts of the command and turn it into a new one. Each time you press the Enter key, you submit the modified command to the terminal and it runs exactly as if you had typed it from scratch. Moving Around Anyone who has used a graphical interface has moved between folders. A typical view of folders appears where someone has opened a home directory, then a folder named "my-stuff" under that, and a folder named "music" under that. When you use the command line, folders are called directories. That's just an older term used commonly in computing to refer to collections of things. (Try making an icon that suggests "directory"). Anything you do in a folder on the desktop is reflected in the directory when you're on the command line, and vice versa. The desktop and the command line provide different ways of viewing a directory/folder, and each has advantages and disadvantages. Files contain your information--whether pictures, text, music, spreadsheet data, or something else--while the directories are containers for files. Directories can also store other directories. You'll be much more comfortable with the command line once you can move around directories, view them, create and remove them, and so on.
Directories are organized, in turn, into filesystems. Your hard disk has one type of filesystem, a CD-ROM or DVD has another, a USB mass storage device has yet another, and so on. That's why a CD-ROM, DVD, or USB device shows up as something special on the desktop when you insert it. Luckily, you don't have to worry much about the differences because both the desktop and the terminal can hide the differences. But sometimes in this book we'll talk about the information a filesystem has about your files. The "first" directory is called the root and is represented by the name / (just a forward slash). You can think of all the directories and files on the system as a tree that grows upside-down from this root (Figure below):
Root Directory
Absolute and relative paths Every file and directory in the system has an "address" called its absolute path or sometimes just its path. It describes the route you have to follow starting from the root that would take you to that particular file or directory.
For example, suppose you like the vim editor that we'll introduce in a later chapter, and are told you can start it by running the command /usr/bin/vim. This point underlines what we said in an earlier chapter: commands are just executable files. So the vim editor is a file with the path /usr/bin/vim, and if you run that command /usr/bin/vim you will execute the editor. As you can see from these examples, the slash / is also used as a separator between directories.
Can you find /usr/bin/vim in Figure above? The pathname can be interpreted as follows: 1. Start at the root (/) directory. 2. Move from / down to a directory named usr. 2. Move from usr down to a directory named bin. 2. vim is located in that directory. Note that you can't tell whether something is a file or a directory just by looking at its path. When you work with the command line you will be always working "in" a directory. You can find the path of this directory using the command pwd (print working directory), like this: $ pwd /home/ben You can see that pwd prints an absolute path. If you want to switch your working directory you can use the command cd (change directory) followed by an argument which points to the target directory: $ cd / You just changed your working directory to the root of the filesystem! If you want to return to the previous directory, you can enter the command: $ cd /home/ben As an alternative, you can "work your way" back to /home/ben using relative paths. They are called that because they are specified "in relation" to your current working directory. If you go back to the root directory, you could enter the following commands: $ cd / $ cd home $ cd ben
$ pwd /home/ben The first command changes your current working directory to the root. The second changes to home, relative to /, making your current working directory /home. The third command changes it to ben, relative to /home, landing you in /home/ben. Good to be back home Every user in the system has a directory assigned to him or her, called the home directory. No matter what your current working directory is, you can quickly return to your home directory like this: $ cd That is, enter the cd command without any arguments. All your files and preferences are stored in your home directory (or its subdirectories). Every user of your system with a login account gets her own home directory. Home directories are usually named the same as users' login names, and are usually found in /home, although a few systems have them in /usr/home. When you start your terminal, it will place you in your home directory. There's a special shortcut to refer to your home directory, namely the symbol ~ (usually called a tilde, and found near the very left top of most keyboards). You can use it as part of more complex path expressions, and it will always refer to your home directory. For example, ~/Desktop refers to the directory called Desktop that usually exists within your home directory.
The . and .. directories The entries . and .. are special and they exist in every directory, even the root directory itself (/). The first one is a shorthand for "this directory" while the latter is a shorthand for "the parent directory of this directory." You can use them as a relative path, and you can try and see what happens when you do this: $ pwd /usr/bin $ cd . $ pwd /usr/bin If vim is in /usr/bin, at this point you could run it by typing the relative path: $ ./vim
Continuing from the previous example, you can do this: $ cd .. $ pwd /usr Since they are actual entries in the filesystem, you can use them as part of more complex paths, for example: $ cd /usr/bin $ pwd /usr/bin $ cd ../lib $ pwd /usr/lib $ cd ../.. $ pwd / $ cd home $ pwd /home $ cd ../usr/bin $ pwd /usr/bin The parent directory of the root directory, /.., is root itself.Try moving around your computer on the command line and you will soon get used to it!
Basic commands
By now you have some basic knowledge about directories and files and you can interact with the command line interface. We can learn some of the commands you'll be using many times each day. ls The first thing you likely need to know before you can start creating and making changes to files is what's already there? With a graphical interface you'd do this by opening a folder and inspecting its contents. From the command line you use the program ls instead to list a folder's contents. $ ls
Desktop Documents Music Photos By default, ls will use a very compact output format. Many terminals show the files and subdirectories in different colors that represent different file types. Regular files don't have special coloring applied to their names. Some file types, like JPEG or PNG images, or tar and ZIP files, are usually colored differently, and the same is true for programs that you can run and for directories. Try ls for yourself and compare the icons and emblems your graphical file manager uses with the colors that ls applies on the command line. If the output isn't colored, you can call ls with the option --color: $ ls --color
man, info & apropos You can learn about options and arguments using another program called man (man is short for manual) like this: $ man ls Here, man is being asked to bring up the manual page for ls. You can use the arrow keys to scroll up and down in the screen that appears and you can close it using the q key (for quit). An alternative to obtain a comprehensive user documentation for a given program is to invoke info instead of man: $ info ls This is particularly effective to learn how to use complex GNU programs. You can also browse the info documentation inside the editor Emacs, which greatly improves its readability. But you should be ready to take your first step into the larger world of Emacs. You may do so by invoking:
$ emacs -f info-standalone that should display the Info main menu inside Emacs (if this does not work, try invoking emacs without arguments and then type Alt + x info, i.e. by depressing the Alt key, then pressing the x key, then releasing both keys and finally typing info followed by the Return or Enter key). If you type then m ls, the interactive Info documentation for ls will be loaded inside Emacs. In the standalone mode, the q key will quit the documentation, as usual with man and info.
Ok, now you know how to learn about using programs yourself. If you don't know what something is or how to use it, the first place to look is its manual and information pages. If you don't know the name of what you want to do, the apropos command can help. Let's say you want to rename files but you don't know what command does that. Try apropos with some word that is related to what you want, like this: $ apropos rename ... mv (1) - move (rename) files prename (1) - renames multiple files rename (2) - change the name or location of a file ... Here, apropos searches the manual pages that man knows about and prints commands it thinks are related to renaming. On your computer this command might (and probably will) display more information but it's very likely to include the entries shown. Note how the program names include a number besides them. That number is called their section, and most programs that you can use from the command line will be in section 1. You can pass apropos an option to display results from section 1 manuals only, like this: $ apropos -s 1 rename ... mv (1) - move (rename) files prename (1) - renames multiple files ... At this stage, the section number isn't terribly important. Just know that section 1 manual pages are the ones that apply to programs you use on the command line. To see a list of the other sections, look up the manual page for man using man man.
mv Looking at the results from apropos, that mv program looks interesting. You can use it like this: $ mv oldname newname Depending on your system configuration, you may not be warned when renaming a file will overwrite an existing file whose name happens to be newname. So, as a safe-guard, always use `i' option when issuing mv like this: $ mv -i oldname newname
Just as the description provided by apropos suggests, this program moves files. If the last argument happens to be an existing directory, mv will move the file to that directory instead of renaming it. Because of this, you can provide mv more than two arguments: $ mv one_file another_file a_third_file ~/stuff If ~/stuff exists, then mv will move the files there. If it doesn't exist, it will produce an error message, like this: $ mv one_file another_file a_third_file stuff mv: target 'stuff' is not a directory
mkdir How do you create a directory, anyway? Use the mkdir command: $ mkdir ~/stuff And how do you remove it? With the rmdir command: $ rmdir ~/stuff If you wish to create a subdirectory (say the directory bar) inside another directory (say the directory foo) but you are not sure whether this one exists or not, you can ensure to create the subdirectory and (if needed) its parent directory without raising errors by typing: $ mkdir -p ~/foo/bar This will work even for nested sub-sub-...-directories. If the directory you wish to remove is not empty, rmdir will produce an error message and will not remove it. If you want to remove a directory that contains files, you have to empty it first. To see how this is done, we will need to create a directory and put some files in it first. These files we can remove safely later. Let's start by creating a directory called practice in your home and change the current working directory there: $ mkdir ~/practice $ cd ~/practice
cp, rm & rmdir Now let's copy some files there using the program cp. We are going to use some files that are very likely to exist on your computer, so the following commands should work for you: $ cp /etc/fstab /etc/hosts /etc/issue /etc/motd . $ ls fstab hosts issue motd Don't forget the dot at the end of the line! Remember it means "this directory" and being the last argument passed to cp after a list of files, it represents the directory in which to copy them. If that list is very long, you'd better learn using globbing (expanding file name patterns containing wildcard characters into sets of existing file names) or some other tricky ways to avoid wasting your time in typing file names. One trick can help when dealing with the copy of an entire directory content. Passing to cp the option -R you can recursively copy all the files and subdirectories from a given directory to the destination: $ cp -R . ~/foo $ ls ~/foo bar fstab hosts issue motd $ cp -R . ~/foo/bar $ ls -R ~/ ~/foo: bar fstab hosts issue motd ~/foo/bar: fstab hosts issue motd In this case the current directory has no subdirectories so only files were copied. As you can see, the option -R can be passed even to ls to list recursively the content of a given directory and of its subdirectories. Now, if you go back to your home and try to remove the directory called practice, rmdir will produce an error message: $ cd .. $ rmdir practice rmdir: failed to remove 'practice': Directory not empty You can use the program rm to remove the files first, like this: $ rm practice/fstab practice/hosts practice/issue practice/motd And now you can try removing the directory again:
$ rmdir practice And now it works, without showing any output. But what happens if your directories have directories inside that also have files, you could be there for weeks making sure each folder is empty! The rm command solves this problem through the amazing option -R, which as usual stands for "recursive". In the following example, the command fails because foo is not a plain file: $ rm ~/foo/ rm: cannot remove `~/foo/`: Is a directory So maybe you try rmdir, but that fails because foo has something else under it: $ rmdir ~/foo rmdir: ~/foo: Directory not empty So you use rm -R, which succeeds and does not produce a message. $ rm -R ~/foo/ So when you have a big directory, you don't have to go and empty every subdirectory. But be warned that -R is a very powerful argument and you may lose data you wanted to keep!
cat & less You don't need an editor to view the contents of a file. What you need is just to display it. The cat program fits the bill here: $ cat myspeech.txt Friends, Romans, Countrymen! Lend me your ears! Here, cat just opens the file myspeech.txt and prints the entire file to your screen, as fast as it can. However if the file is really long, the contents will go by very quickly, and when cat is done, all you will see are the last few lines of the file. To just view the contents of a long file (or any text file) you can use the less program: $ less myspeech.txt Just as with using man, use the arrow keys to navigate, and press q to quit.
The Superuser (Root)
Some parts of the computer system are thought to require special protection (because they do). If somebody can change the basic cat or less command, for instance, they could cause you to corrupt your own files. So certain commands can be run and certain files can be accessed only by a user logged in with special privileges called superuser or root privileges. In the days when computer systems cost hundreds of thousands of dollars and were shared by hundreds of people, root was assigned to an actual person (or a small group) who constituted a kind of priesthood. Nowadays every owner of a PC can execute superuser commands (this is not always true on mobile devices, though). There is still a user account on each GNU/Linux system called root. This allows the system to make this user the owner of sensitive system files. The root user, incidentally, has nothing to do with the root directory (the / directory) in the filesystem. Superuser commands are powerful and must be used carefully, but their use is quite common. For instance, whenever a desktop user installs software, he or she must become superuser for a few minutes.
The sudo Command On many modern systems, whenever you want to enter a superuser command, you just precede it with sudo: $ sudo rm -r /junk_directory You are then prompted for your password, so nobody walking up casually to your system could execute a dangerous command. The system keeps your password around for a while, so you can enter further superuser commands without the bother of re-entering the password. Systems also provide a su command that logs you in as superuser and gives you a new shell prompt. Not all systems allow users to use it, though, because you can get carried away, start doing everyday work as superuser --and suddenly realize you've trashed your system through a typo. It is much safer to do your home system administration using sudo. If other people share your system and you want to give someone superuser privileges, for this you need to know a little more about System Administration.
Windows Command Prompt CMD
CMD is a tool that works similar to the terminal but in windows. There are a couple of things you can do in order to make the most of the command line from Windows.
Using the command line To launch the command line console (the black console box thingy), perform the following steps Open the Start menu and Click the Run... option
Then Type cmd /d or only cmd into the text box and hit enter to launch the command console
Here are some important command prompt's commands
1. Ipconfig: This is the top most command for seeing the ip address, subnet mask and default gateway also
includes display and flush DNS cache, re-register the system name in DNS.. This will most useful tool for viewing and troubleshooting TCP/IP problem.
To view ip ,subnet mask address : ipconfig To view all TCP/IP information, use: ipconfig /all To view the local DNS cache, use: ipconfig /displaydns To delete the contents in the local DNS cache, use: ipconfig /flushdns
2.systeminfo Have a need to display operating system configuration information for a local or remote machine, including service pack levels? Then systeminfo is the tool to use. When I need to connect to a system that I am not familiar with, this is the first tool I run. The output of this command gives me all the info I need including: host name, OS type, version, product ID, install date, boot time and hardware info (processor and memory). Also knowing what hot fixes are installed can be a big help when troubleshooting problems. This tool can be used to connect to a machine remotely using the following syntax: SYSTEMINFO /S system /U user
3. Hidden text There is a feature in windows to create hidden notepad file to save your usual password. But this way is not useful for important password. To use this simply go: RUN>type CMD>type notepad (file name).text:hidden For example go to CMD and type: notepad anna.txt:hidden Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. then press enter
C:\Documents and Settings\ASRock>notepad anna.text:hidden An empty notepad file will open and ask you to save>click yes. Type what you want there and save changes and close. To reveal your hidden file repeat above command and see file again.
4.net command Although this tool is more known as a command, the net command is really like a power drill with different bits and is used to update, fix, or view the network or network settings. It is mostly used for viewing (only services that are started), stopping and starting services:
o o o
net stop server net start server net start (display running services)
And for connecting (mapping) and disconnecting with shared network drives:
o o
net use m: \\myserver\sharename net use m: \\myserver\sharename /delete
Other commands used with net command are, accounts (manage user accounts), net print (manage print jobs), and net share (manage shares). Below are all the options that can be used with the net command. [ ACCOUNTS | COMPUTER | CONFIG | CONTINUE | FILE | GROUP | HELP |HELPMSG | LOCALGROUP | PAUSE | PRINT | SESSION | SHARE | START |STATISTICS | STOP | TIME | USE | USER | VIEW ]
5. Hidden files in each other Here I show you a simple unique method to hide a bundle of files to another one. An example is hiding some software and text in a jpg file. In practice you can use this method to hide files in other format such as pdf, png,.doc( word file) and so on. In order to accomplish this task, you will need to have either WinZip or WinRAR installed on your computer. In following example you are learning how to hide portable Joundo (JonDoSetup.paf), FreeGate and secrect notepad text in one jpg file! To do this; copy the picture and other files to the one of your main drive such as C or D.It is better to move them into a folder with name “test”
-rename your picture as 1 -select your files, you need to hide, then right click>add to archive and rename it as 2
-open cmd and type d: and then press enter to run your command on drive D( if your files are in drive D)
In the example above the files are in C drive. So the command should be as follow in windows xp:
Note: After every command you should press enter. Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. C:\Documents and Settings\ASRock>cd\ C:\>cd test C:\test>copy 1.jpg 2.rar 1file<s> copied C:\test>copy / In example above; files over 50 MB were hidden in one small jpg file. Output jpg file is then ready to send to picture uploading websites or even can be embedded to pdf file. Note: Pdf file doesn’t allow you to run .exe or rar file in usual manner, except you changed their security policy from registry. With embedding above picture, you can do that easily. 6. Tasklist and taskkill If you work with Task Manager (ctrl+alt+del), you can easily understand this. Task list is list of task which is running on windows currently. If you open any application,it will be added to task. To List the Tasks type in cmd as : tasklist This will show the list of task which are running as shown in the picture /b 1.jpg + 2.rar 1.jpg
To stop the Process or task ,there is two methods : Using Image Name: We can kill the task using its Image Name as follows:
tasklist /im notepad.exe
Using Process Id: we can stop the process using its process id as follows : tasklist /pid 1852
7. Type type is used to read the text document in command prompt. You can read multiple text in continuously type filename.txt
8.netstat Need to know who (or what) is making a connection to your computer? Then netstat is the tool you want to run. The output provides valuable information of all connections and listening ports, including the executable used in the connections. In additon to the above info, you can view Ethernet statistics, and resolve connecting host IP Addresses to a fully qualified domain name. Note: Some useful applications for the average PC user are considered, including checking for malware connections.
Syntax and switches The command syntax is netstat [-a] [-b] [-e] [-f] [-n] [-o] [-p proto] [-r] [-s] [-t] [-v] [interval] A brief description of the switches is given in Table below. Some switches are only in certain Windows versions, as noted in the table..Note that switches for Netstat use the dash symbol "-" rather than the slash "/".
Switches for Netstat command Switch -a Description Displays all connections and listening ports Displays the executable involved in creating each connection or listening port. (Added in XP SP2.) Displays Ethernet statistics Displays Fully Qualified Domain Names for foreign addresses. (In Windows Vista/7 only) Displays addresses and port numbers in numerical form Displays the owning process ID associated with each connection Shows connections for the protocol specified by proto; proto may be any of: TCP, UDP, TCPv6, or UDPv6. Displays the routing table Displays per-protocol statistics Displays the current connection offload state, (Windows Vista/7) When used in conjunction with -b, will display sequence of components involved in creating the connection or listening port for all executables. (Windows XP SP2, SP3) An integer used to display results multiple times with specified number of seconds between displays. Continues until stopped by command ctrl+c. Default setting is to display once,
-b
-e
-f
-n -o
-p proto
-r -s -t
-v
[interval]
Applications of Netstat Netstat is one of a number of command-line tools available to check the functioning of a network. It provides a way to check if various aspects of TCP/IP are working and what connections are present. In Windows XP SP2, a new switch "-B" was added that allows the actual executable file that has opened a connection to be displayed. This newer capability provides a chance to catch malware that may be phoning home or using your computer in unwanted ways on the Internet. There are various ways that a system administrator might use the assortment of switches but I will give two examples that might be useful to home PC users. Checking TCP/IP connections TCP and UDP connections and their IP and port addresses can be seen by entering a command combining two switches: netstat -an An example of the output that is obtained is shown in below.
Example output for command "netstat -an" The information that is displayed includes the protocol, the local address, the remote (foreign) address, and the connection state. Note that the various IP addresses include port information as well. An explanation of the different connection states is given in Table here:
Description of various connection states State Description Indicates that the server has received an ACK signal from the client and the connection is closed Indicates that the server has received the first FIN signal from the client and the connection is in the process of being closed Indicates that the server received the SYN signal from the client and the session is established Indicates that the connection is still active but not currently being used Indicates that the client just received acknowledgment of the first FIN signal from the server Indicates that the server is in the process of sending its own FIN signal Indicates that the server is ready to accept a connection
CLOSED
CLOSE_WAIT
ESTABLISHED
FIN_WAIT_1
FIN_WAIT_2
LAST_ACK LISTENING
SYN_RECEIVED Indicates that the server just received a SYN signal from the client SYN_SEND Indicates that this particular connection is open and active Indicates that the client recognizes the connection as still active but not currently being used
TIME_WAIT
Checking for malware by looking at which programs initiate connections To find out which programs are making connections with the outside world, we can use the command netstat -b (Note that for Windows Vista/7, this particular switch requires that the command prompt have elevated privileges.) Actually, it is better to check over a period of time and we can add a number that sets the command to run at fixed intervals. Also, it is best to create
a written record of the connections that are made over some period of time. The command can then be written netstat -b 5 >> C:\connections.txt Note that as written, this command will run with five-second intervals until stopped by entering "Ctrl+c", which is a general command to exit. (Some reports say that this can be fairly CPU intensive so it may cause a slower, single-core machine to run sluggishly. It was not noticeable on my dual-core machine.) A simple example of the type of output is shown in Figure below. Note that the Process ID (PID) is given when using Windows XP. In Windows Vista/7, the switch "o' has to be added to display PIDs. This command can be combined with other tools such as Task Manager to analyze what executable files and processes are active and are trying to make Internet connections.
Sample output for command "netstat -b" in Windows XP
Windows XP batch program to check connections and terminate automatically The previous example of using "netstat -b" to check connections at intervals has the disadvantage that it requires manual termination. It is also possible to use a batch file that runs a specified number of times with a given time interval and then terminates automatically. In Windows XP we can make use of a command from the Windows 2003 Server Tools called "Sleep". A possible batch file is:
@echo off echo Checking connections for /L %%X in (1,1,100) do (netstat -b >> C:\connections.txt)&&(sleep 5)
Copy and paste above command in a notepad and then save it as for example sleep.bat to make corresponding batch file. This particular example does 100 iterations of the netstat command at 30 second intervals and writes the results to a file C:\connections.txt. By using different combinations of the switches in firstTable, the type of output can be varied.
Batch program to check connections in Windows Vista and Windows 7 Windows Vista and Windows 7 do not require installing the "Sleep" file. A command " timeout" has been added to these operating systems that serves a similar purpose. A possible batch file for Windows Vista/7 is: @echo off echo Checking connections for /L %%X in (1,1,100) do (netstat -b >> "%USERPROFILE%\connections.txt")&& ((timeout /t 5 /nobreak)>nul) Copy and paste above code in a notepad file and then save it as for example timeout.bat. This batch file has to be run with administrator privileges.
9 - nslookup With the Internet, DNS (Domain Name Service) is the key for allowing us to use friendly names when surfing the web instead of needing to remember IP Addresses. But when there are problems, nslookup can be a valuable tool for testing and troubleshooting DNS servers. Nslookup can be run in two modes: interactive and noninteractive. Noninteractive mode is useful when only a single piece of data needs to be returned. For example, to resolve google.com:
To use the interactive mode, just type nslookup at the prompt. To see all available options, type help while in interactive mode.
Don't let the help results intimidate you. Nslookup is easy to use. Some of the options I use when troubleshooting are: set ds (displays detailed debugging information of behind the scenes communication when resolving a host or IP Address). set domain (sets the default domain to use when resolving, so you don't need to type the fully qualified name each time). set type (sets the query record type that will be returned, such as A, MX, NS) server NAME (allows you to point nslookup to use other DNS servers than what is configured on your computer) To exit out of interactive mode, type exit .
10- Ping and tracert - These tools can be helpful with connectivity to other systems. Ping will test whether a particular host is reachable across an IP network, while tracert (traceroute) is used to determine the route taken by packets across an IP network. To ping a system just type at the prompt: ping www.google.com. By default, ping will send three ICMP request to the host and listen for ICMP “echo response” replies. Ping also includes switches to control the number of echo requests to send (-n ), and to resolve IP addresses to hostname (-a ). To use tracert, type at the prompt: tracert www.google.com. You can force tracert to not resolve address to hostnames by using the -d switch, or set the desired timeout (milliseconds) for each reply using -w switch.
11 - gpresult - Used mostly in environments that implement group poicies, gpresults (Group Policy Results) verifies all policy settings in effect for a specific user or computer. The command is simple to use, just enter gpresults at the prompt. It can also be used to connect to computers remotely using the /S and /U switches.
12 - netsh - Without a doubt the most powerful command line tool available in Windows. Netsh is like the swiss army knife for configuring and monitoring Windows computers from the command prompt. It capabilities include:
Configure interfaces Configure routing protocols Configure filters Configure routes Configure remote access behavior for Windows-based remote access routers that are running the Routing and Remote Access Server (RRAS) Service Display the configuration of a currently running router on any computer
Some examples of what you can do with netsh:
Enable or disable Windows firewall:
netsh firewall set opmode disable netsh firewall set opmode disable
Enable or disable ICMP Echo Request (for pinging) in Windows firewall: netsh firewall set icmpsetting 8 enable netsh firewall set icmpsetting 8 disable
onfigure your NIC to automatically obtain an IP address from a DHCP server:
netsh interface ip set address "Local Area Connection" dhcp (For the above command, if your NIC is named something else, use netsh interface ip show config and replace the name at Local Area Connection). As you can see netsh can do alot. Instead of re-inventing the wheel, check out the following Microsoft article for more info on netsh.
Note: For further information about CMD and Terminal, please refer to the following link: 1. http://ss64.com 2. http://linux.about.com/od/commands/Linux_Commands_and_Shell_Commands.htm
Linux
To ensure a secure communications platform, it’s recommended to install Linux. Follow Installing Ubuntu Linux to create a secure communications platform or for additional information.
Installing Ubuntu Linux Introduction
Now you walk through installing Ubuntu 10.04, aka “Lucid Lynx”, the April 2010 Long Term Support (LTS) release with encrypted home directories.
What is Linux?
Linux typically refers to the collection of software that runs on top of the Linux Kernel. While in colloquial use, “Linux” often refers to a compiled selection of software packaged to run together as an operating system, the name Linux specifically refers to the kernel, which is the interface between the hardware and all the other software that runs on a computer. For the sake of brevity, Linux is a mature, secure operating system that includes a wide collection of powerful software that is usually both free as in beer (cost) and free as in speech (freedom). It offers powerful free tools that enable one to computer and communicate securely and privately.
What is Ubuntu Linux?
Ubuntu Linux is a Linux Distribution that is based on the Debian Linux distribution, with corporate support from Canonical and a 6 month release cycle. It is a distribution whose design is focused around ease of use and setup, stability, accessible security, a very wide array of prepackaged software, and has one of the largest adoption rates of any Linux distribution. The main Ubuntu release runs the GNOME Desktop Environment, but also has different flavors that run different desktop environments, such as Kubuntu, which runs the KDE Software Compilation, or Xubuntu, which runs the Xfce Desktop Environment. This guide recommends the Ubuntu 32bit 10.03 Lucid Lynx release of Ubuntu for ease of use and features.
How to install Ubuntu Linux
Here we recommend the use of the 32bit version of Ubuntu.
Download and prepare for installation – The link below also contains information on how to prepare the Ubuntu image you download for installation on your computer from whatever operating system you’re using.: http://www.ubuntu.com/download/ubuntu/download
Once you’ve prepared your install medium and booted your computer into Ubuntu, try it out first to make sure everything is working with your hardware. Ubuntu supports a wide variety of hardware, but lots of cutting edge hardware and certain classes of hardware (wireless cards, video cards, and sound cards usually pose the most problems) are currently unsupported or not fully supported. This is because the drivers for the hardware are usually written by volunteers who lack the documentation to the hardware. Also, make sure that you have backup copies of all the files you need before making any modifications to your hard drive (you have to complete all the installation steps in Ubuntu and click “Install” before it modifies your hard drive). Try Ubuntu on your computer first to make sure all your hardware is compatible.
After testing Ubuntu go ahead and reboot and start the install Select your timezone. In Step 3, select the keymap used by your keyboard. If uncertain that the current selection is correct, try typing in the input box. In Step 4 of the Ubuntu installer, you choose whether or not you want to install Ubuntu by itself on your computer, or side-by-side with another operating system (Windows or OS X, probably). This guide recommends installing Ubuntu by itself (if nothing else there are just fewer places for you to keep sensitive information and thus a lower probability of keeping it somewhere that’s easier to compromise), however if you really need a different operating system for some reason, it’s better to have a secured Linux
install with an encrypted home directory and using it for secure communication than attempting to secure windows or OS X. You shouldn’t need to use the “Advanced” options.
Step 5 includes the creation of a username, password, and enabling encrypted home directories. The ubuntu installer indicates the relative strength of a password (“strong” in the case of this screenshot); strong should be the minimum. Weak passwords severely compromise all other security measures. Unless you have a specific reason to use your real name (especially your full name), it’s recommended to use an unrelated alias for yourself in order to give as little personal information as necessary. Click the “Require my password to log in and to decrypt my home folder”
The ubuntu installer seems to skip step 6 every time I’ve used it. Review the installation details and install Ubuntu. This step should take about 10-30 minutes depending on the speed of your computer (maybe more for older machines), after which it will ask you to remove the boot installation media and reboot the computer into your new Ubuntu install!
There is a script and instructions attached to this document can guide you through installing common software that isn’t installed in Ubuntu by default, usually for space reasons or because of legal uncertainties in some countries (like restricted codecs–patent licenses), and making various customizations that people often want upon a new install of ubuntu. The script adds extra repositories: Ubuntu restricted, extras,Medibuntu Getdeb, Dropbox, and install from repository softwares like The GIMP, Pidgin, WINE, Chromium browser, Gnome Do, Guake, VLC media player, Mplayer, SMplayer, Thunderbird, Dropbox, Codecs and more. This script is actually available just for only Ubuntu 10.04 lucid Lynx. Features: - Zenity for a GUI - Adds extra repositories: Ubuntu restricted, extras, Medibuntu, Getdeb, Dropbox (only if you select to install Dropbox)
- Installs from repositories: The GIMP, Pidgin, WINE, Chromium browser, Gnome Do, Guake, VLC media player, Mplayer, SMplayer, Thunderbird, Dropbox, Codecs (multimedia, java, flash), additional archives support, DVD support and fonts, Ubuntu Tweak, Deluge Torrent, CompizConfig Settings Manager, Development tools (from build-essential to Subversion, GIT and so on). - Downloads and installs the following: Google Chrome browser (will download the build for 32 or 64 bit, depending on your Ubuntu version), official smiley themes for Pidgin (for all the protocols), the latest Flash Player for 64bit via Adobe’s website, Skype (32 or 64bit, depending on your Ubuntu version). - Tweaks: o Move window buttons to the right (Karmic style) Change Update Manager behavior to the one in Jaunty o Remove mounted drive icons from desktop o Disable the GDM login sound o Enable the icons in menus and buttons o Disable the GDM login user list o Remove the Ubuntu-docs package (frees up 252MB) o Change Gnome Calendar first day of the week from Sunday to Monday o Downloads, installs and configure sharp fonts o Fix ‘apt-get update’ delay for Google repository o Automatically mount NTFS drives on startup - Automatically accepts the JAVA license so you don’t have to - The Medibuntu server is currently down which made me develop a new feature: the script now tests the main Medibuntu server and 2 other mirrors and adds whichever of these 3 is working. - Lots of checks to make sure you run the script properly: will check if the script is ran as root, if Synaptic, apt-get, dpkg or Software Center is running and will ask you to close it before running the script, checks the internet connection to make sure you can actually install the packages, etc.
Help link: https://launchpad.net/ubuntustart ; http://www.webupd8.org
Download and Install Ubuntu Start script from the document Installation: Because this script need Zenity installed to work properly, first install it: sudo apt-get install zenity - Now download Ubuntu start from the link above and cd the directory where you downloaded the script, in my case cd /home/zinovsky/Downloads/ubuntu-10.04-start/ - Now make the script executable using this commad: chmod +x ubuntu-10.04-script Now run the script : sudo ./ubuntu-10.04-script You will got this screen as step one, choose what you want to do then click ok
After you will got a screen with step2, just check in the software you want to install and click OK
Encrypted Ubuntu 8.04
Data encryption is one of the best methods to protect your sensitive files; here you learn how to install a fully encrypted Ubuntu OS on your computer. The whole process is completely safe and it is recommended to be used by anyone out there who wants to protect his/her sensitive data. 1-First you need to download Ubuntu 8.04 CD (iso file) from one of links below: http://releases.ubuntu.com/8.04 (recommended) http://linux.softpedia.com/get/System/Operating-Systems/Linux-Distributions/Ubuntu-HardyHeron-32974.shtml (not recommended) 2-iso image needs to be burnt into a blank install cd with your favorite CD/DVD burning application, reboot your computer and boot from this newly created CD. Select your preferred language for the installation process...
Then, the Ubuntu boot menu will appear, select the first option 'Install Ubuntu' and hit Enter...
Choose your native language and region...
On the following screen, choose 'Yes' if you want to let the installer auto-detect your keyboard layout or choose 'No' to select a default layout from the next screen(s) (e.g. for a US English keyboard, select 'No', hit Enter, then on the second screen select 'U.S. English', hit Enter and on the third screen select 'U.S. English' again and hit Enter to continue)...
It will then detect some of your hardware components and configure the network with DHCP...
Enter a desired hostname when asked...
Configure the time zone...
Disk partitioning will start. Select the third option: Guided - use entire disk and set up encrypted LVM...
Choose the hard disk where Ubuntu will be installed...
Note: Please provide an MASTER (not SLAVE) empty hard drive for this installation, because all the data will be erased after you confirm the changes and in order to prevent the overwriting of the MBR (boot sector) in case you have another operating system
installed. Confirm the changes...
You'll be asked to enter a passphrase (a strong password; the longer, the better)...
Confirm the passphrase...
Note: Please write down the passphrase in case it's too long and you can't remember it! Now, the partitioning tool will format the hard drive and create the default partitioning scheme. Confirm the changes...
The hard drive partitioning process will start:
And the base system will be installed...
Create a user and set up a password for it...
You will be asked to enter a proxy for the package manager. If you use a proxy, please enter it now. If not, just hit Enter on this screen...
The rest of the software will be installed now...
Then the GRUB boot loader will be automatically configured and installed...
Set the system clock to UTC...
The installation is complete now, hit 'Continue' to eject the CD and reboot the system...
When the system starts, you will be asked to input the passphrase that you've setup during the system's installation...
The system will continue to boot...
That's it folks, your whole Ubuntu 8.04 is now fully encrypted!
But what to do if you want to use partitioning manually:
Please use a "heavy" passphrase, possibly spread some @£${[]}£$#¤%& or other signs between, it is possible make double words like this: "haPpy$horse jUmping£fences" (without the double quotes) - DO NOT use words from dictionaries - possibly use some childrens funny words phrase - use your phantasy - the longer passphrase is safer. Please keep the passphrase in a safe place, far away - do not ever tell anybody.
You can now use ubuntu in a normal way, and will not feel much difference from using an unencrypted ubuntu, except when making a backup. Here are packages, which is important to be installed (below is a quick way to install them). Open a terminal, and select one line at a time with the left mouse cursor - then paste the line into the terminal with the middle mouse wheel - enter: sudo apt-get install alien amarok amsn apt-doc apt-howto-en audacious audacity sudo apt-get install auto-apt avidemux ayttm camorama camstream checkinstall sudo apt-get install cheese codeine cryptkeeper debian-policy dpkg-dev sudo apt-get install effectv encfs etherape fdupes festival festvox-kallpc8k sudo apt-get install ffmpeg ffmpeg2theora filelight findimagedupes firestarter sudo apt-get install flashplugin-nonfree geany gimageview gocr gparted gqview sudo apt-get install graphicsmagick grokking-the-gimp gspca-source gstreamer0.10-fluendo-mp3 sudo apt-get install gxine htop idanish imagemagick inkscape istanbul k3b kde kdirstat sudo apt-get install kino koffice kompozer krename kvm lame-extras liblame-dev sudo apt-get install linux-source-2.6.24 lkl lynx mencoder menu menu-xdg mjpegtools sudo apt-get install mp3splt mp3wrap mplayer ocrad ogle openssh-server outguess sudo apt-get install pinfo pterm putty pwgen pysdm qemu recoll recordmydesktop sane sudo apt-get install sane-utils scrot secure-delete smartmontools soundconverter sox
sudo apt-get install squashfs-tools ssh stegdetect subversion sun-java6-jre sysv-rc-conf sudo apt-get install tor transcode ubuntu-restricted-extras usbmount vcdimager vlc wipe sudo apt-get install xawtv xine-ui xmms2 yakuake sudo apt-get install qc-usb-utils qc-usb-source motv gqcam luvcview streamer dspam sudo apt-get install pyvnc2swf xvidcap wink wengophone esound gwenview kipi-plugins sudo apt-get install bzr bazaar-doc sudo apt-get install virtualbox-ose virtualbox-ose-guest-modules-generic sudo apt-get install virtualbox-ose-modules-2.6.24-16-generic sudo apt-get install virtualbox-ose virtualbox-ose-guest-modules-2.6.24-16-generic sudo apt-get install virtualbox-ose-modules-2.6.24-17-generic sudo apt-get install virtualbox-ose-guest-modules-2.6.24-17-generic Comments: Modern hard disks have sufficient space, so sometimes it is better to install too many -than to few packages.
Warning: when you are logged in and using your encrypted Ubuntu, everybody can see what you are doing - so you have to log out and switch your computer off, in order to make your hard disk encrypted - also note, that you have to let the computer stay switched off for at least 10 minutes, in order to empty the RAM (random access memory) completely – it is possible to copy your ram in 10 minutes period, with specialized software, before cooling the ram completely. You could still have an encrypted directory on this encrypted hard disk, using e.g. encfs - and encrypt single files, using e.g. GNUpg .
How to make a lvm snapshot (on a 80 GB hard disk): Open a terminal, and run the following commands: sudo lvcreate -L25G -s -n snapshot /dev/vg01/sysroot (Creates a logical volume (LG) by the name snapshot - could be any name you choose - and copies all folders -and files from the sysroot logical volume (your Ubuntu 8.04), which existed just on the time of pressing the "Enter" button). sudo mkdir -p /mnt/snap (Creates a directory by the name /mnt/snap to be used for mounting the snapshot volume). sudo mount /dev/vg01/snapshot /mnt/snap (Mounts the "snapshot" logical volume onto /mnt/snap)
ls -l /mnt/snap (Lists all the folders existing in the "snapshot" logical volume - an exact copy of the directories in "sysroot" logical volume, which is your ubuntu 8.04 system) sudo tar -pczf snapshot.tar.gz /mnt/snap (Creates a tar archive file of the whole contents of the "snapshot" logical volume by the name "snapshot.tar.gz" - you could use another name - the size of the "snapshot.tar.gz" file might be aproximately 3.8 GB at this stage). Please note that a Linux system consists of only files (ONLY). You could encrypt this "snapshot.tar.gz" file using gpg (gnupg-agent package) - into "snapshot tar.gz.gpg" - and then copy this encrypted file onto an external harddisk - you will need to have gnupg-agent active with your secret -and public keys - (gnupg-agent is installed by default in ubuntu 8.04). If you created the gpg keys using the e-mail address "[email protected]" you could encrypt the file using following command: gpg -r [email protected] -e snapshot.tar.gz (would create an encryptet file by the name "snapshot.tar.gz.gpg"). You could then copy the "snapshot.tar.gz.gpg" onto an external harddrive, and keep it there as an encrypted backup file. If you later might need it, you just copy it back from the external harddisk into the /home/yourusername directory and decrypt it with the following command: gpg -o snapshot.tar.gz -d snapshot.tar.gz.gpg (will recreate the "snapshot.tar.gz" file) In order to empty the snapshot logical volume run: sudo rm -R /mnt/snap/* To restore the "snapshot.tar.gz" file into the snapshot logical volume run the following two commands: cd /home/yourusername (change directory, so you are standing in /home/yourusername directory - "snapshot.tar.gz" should be placed here).
sudo tar -pxzf snapshot.tar.gz -C / (restores the contents of "snapshot.tar.gz" file into the "snapshot" logical volume which is mounted on the /mnt/snap directory). You can now copy the contents of the "snapshot" logical volume back into the "sysroot" directory: sudo cp /mnt/snap/* / (This will copy the whole contents of the "snapshot" logical volume onto the "sysroot" directory). You could also open the Konqueror File Manager and drag and drop with the left mouse cursor: sudo konqueror (Opens Konqueror as sudo). In order to always have /mnt/snap mounted, add the following line in the /etc/fstab file: /dev/vg01/snap /mnt/snap ext3 relatime 0 0
You can open the /etc/fstab file using the kate editor with the following command: sudo kate /etc/fstab (Please remember to save the file after you have added the new line) Here follow som further lvm commands: sudo lvdisplay (Displays your logical volumes). sudo vgdisplay (Displays your volume group). sudo pvdisplay (Displays your physical volumes). sudo lvremove -f /dev/vg01/snapshot (Removes the "snapshot" logical volume).
Full installation of Ubuntu to a USB flash drive
This is a full installation of Ubuntu and will act just like an installation to an internal hard drive. All changes are saved in real time and the system can be fully updated and edited. We use” moving Wubi to flash drive” for practical installation on USB. Wubi is an officially supported Ubuntu installer for Windows users. It can install and uninstall Ubuntu in the same way as any other Windows application. It's simple and safe. Download Wubi from here: For last version of Ubuntu: http://ie.releases.ubuntu.com//oneiric/wubi.exe , http://www.ubuntu.com/download/ubuntu/windows-installer For Ubuntu 10.04: http://mirror.anl.gov/pub/ubuntu-iso/CDs/10.04/ http://mirror.anl.gov/pub/ubuntu-iso/CDs/10.04/wubi.exe Or please refer to http://mirror.anl.gov/pub/ubuntu-iso/CDs/ to obtain Wubi and Ubuntu image files from version 8.04 to 11.10
You have to open it to run the installer. You will find the detailed instructions below. If you need further help, the various support options are listed at the bottom of this page. If you are using Internet Explorer, you'll be asked whether you want to run or save the file. Choose 'Run' to launch the installer.
Most other browsers, like Firefox, will only ask you to save the file. Click 'Save' and then double-click the downloaded file to launch the installer.
Install If a security message like this appears, click 'Continue' to proceed with the installation. To install Ubuntu, all you need to do is choose your username and password. Please note that you have to enter your password twice to make sure you typed it correctly.
After choosing your password, click 'Install'. The files will be downloaded and installed automatically.
Wait until Ubuntu is downloaded and installed. Please note that the whole process can take a while – the downloaded file size is 700MB
When the installation is complete, you will be prompted to restart your computer. Click 'Finish' to restart.
After your computer restarts, choose 'Ubuntu' from the boot menu.
To uninstall Ubuntu, go to Add/Remove applet from the Control Panel and select to remove.
Click the Uninstall button
That’s all to it. Your Windows system to return back to where it was before installing Ubuntu
Moving WUBI to a USB Flash Drive
What is really neat about Ubuntu's WUBI installer is that it utilizes a disk image to house the entire operating system, making it very portable already. You basically just need a bootloader to go with it to make it run from USB. Moreover, since the filesystem on your USB is NTFS, you can still use the device to store files in Windows. Prerequisites for the following WUBI to USB tutorial
WUBI pre-installed on Windows HP USB Disk Storage Format Tool 2.2.3 USB flash drive or external hard drive (capacity must be greater than the local Ubuntu folder)-Ubuntu and WUBI are products of Canonical Ltd-The USB Format Tool is a product of Hirens
How to Move WUBI to a USB Flash Drive 1. Download: http://freesoftwarefinder.com/downloads/HPUSBDisk.exe the HP USB Format tool, and format your USB Flash Drive using the NTFS file system 2. Copy the following folders and files from your C: drive to the root of your USB device ubuntu wubildr wubildr.mbr 1. Download: http://download.gna.org/grubutil/grubinst-1.1-bin-w32-2008-01-01.zip and extract grubinst then run grubinst_gui.exe (right click – run as administrator in Vista/Win7) 2. From the Grub4DOS Installer: (1) Select your USB Disk from the drop down (2) Click Refresh Part List (3) Select Whole disk [MBR] from the drop down (4) Type wubildr for the Boot File
(5) Click Install
3. Reboot your PC with your BIOS set to Boot from the USB Device 4. Highlight the first entry in the Grub2 Menu and Press E to edit
5. Do the following while in edit mode:
(1) Delete all lines before line linux /boot/vmlinuz-2.6.31… (2) Change root=/dev/sda2 to root=/dev/sdb1
(3) Press Ctrl+X to boot
6. Your WUBI install should now be booting from your USB device 7. Once booted, open a terminal and type update-grub 8. Reboot and try out your USB WUBI Install Notes: update-grub automagically configures the new grub.conf file based on what it has detected from the running environment. * Once you have verified that your portable WUBI boots, you can uninstall the local WUBI install from your PC. Just make sure to remove the USB device before uninstalling. Additionally, to gain about 691MB of space, you can delete the "install" and "winboot" folders and the "uninstall-wubi.exe" file from the "ubuntu" folder on your USB device. Troubleshooting Tips: If Grub can’t find your USB Wubi install, you can try a different root=/dev/sdx# during step 7 above: Example, if your computer contains no other SATA devices:
root=/dev/sda1
Example, if your computer contains two other SATA devices:
root=/dev/sdc1
How to make Ubuntu Live USB from CD
Ubuntu USB Flash Drive creation via CD essentials
Working CD Drive and an Ubuntu Live CD 1GB or larger USB flash drive (I recommend a 4GB if using persistence)
Persistent Feature: Yes Installing Ubuntu to a Flash Drive via Startup Disk Creator: Note: Back up ALL data from your Flash Drive before proceeding! 1. Insert your Ubuntu CD and restart your computer, booting from the Live CD 2. Insert a 1GB or larger USB flash drive 3. Navigate to System > Administration > Startup Disk Creator: 4. Next, (1) Select your Flash Drive from Disk to use (2) Choose to Erase Disk (Make sure you have backed up any important data first)
5. Now, (1) Select the partition related to your Flash Drive, (2) For Persistence, select the option Stored in reserved extra space and adjust the slider to desired capacity (4) Click the Make Startup Disk button: 6. A bar appears to indicate the progress of the install. Once the installation is complete, remove the CD, restart your computer and set your Boot Menu or System BIOS to boot from your USB device. You should now be booting from your Ubuntu Startup Disk
Install Debian Live to a Flash Drive from Windows
Here is the process of installing Debian Live to a USB Flash Drive from Windows. Debian Live is a continuing project headed by Daniel Baumann, that offers (usb-hdd) Debian Images and ISO's of the Debian Live operating system with the Gnome, KDE, lxde or Xfce desktops. In addition, for those running from a Linux environment, a custom Debian Live ISO or USB Image can easily be created using the Live-Helper scripts Note: This Debian Live installation method will format and create a 704MB fat partition on your Flash Drive. In Windows, your drive will appear to be only 704MB, because Windows does not detect the rest of the space which will be utilized for the ext2 persistent feature.
Debian Live 5.0 Desktop Debian and Debian Logos: Trademarks of Software in the Public Interest, Inc.: http://www.spiinc.org/ Win32Disk Imager: win32-image-writer: https://launchpad.net/win32-image-writer/ Distribution Home Page: debian-live.alioth.debian.org: http://debian-live.alioth.debian.org/ Minimum Flash Drive Capacity: 1GB Persistent Feature: Yes
Installing Debian Live to USB using Windows Warning: The contents on your Flash Drive will be wiped out. Backup anything you want to save before proceeding. 1. Insert a 2GB or larger Flash Drive (for Debian Live with Persistence) 2. Download a Debain-Live Gnome, Xfce, KDE or lxde img (and save it to your desktop) http://cdimage.debian.org/cdimage/release/current-live/i386/usb-hdd 3. Download the Win32 DiskImager (and extract it's content to a folder on your desktop) http://launchpad.net/win32-image-writer/0.2/0.2/+download/win32diskimager-RELEASE-0.2r23-win32.zip 4. Navigate to where you extracted the contents of the Win32DiskImager and run Win32DiskImager.exe Note: you may notice a window saying: An error occurred when attempting to get the device information. Error 8: - simply click OK to continue
5. (1) Browse to and select your Debian-Live .img file (2) Select your USB Device (3) Click
Write to write the image to the device 6. A progress bar will indicate the progress of the write. Once it has finished, simply reboot your PC and set your BIOS or Boot Menu to boot from the USB Device
If all goes well, you should now be booting from your own Portable USB Debian Live Flash Drive. How to make the Debian Live install Persistent: The following information was suggested by Leong Yu Siang. After you’re up and running from your Debian Live created Flash Drive, do the following: 1. Navigate to System > Administration > Partition Editor
2. (1) Select your USB device from the drop down in the upper right corner (2) Right Click the Unallocated Space and select New
3. (1) Set the Filesystem to Ext2 (2) type live-rw for the label (3) Click Add
4. Once the process has finished, reboot your Debian Live system 5. At the splash boot screen, hit the Tab key 6. Add the word persistent to the string and then hit Enter If all goes well, you should now be booting into your Debian Live with persistence. In order to save and restore any changes you make, you need to perform steps 5 and 6 during each boot. Another option is to replace the live.cfg file in the syslinux directory on your Flash Drive with this (right click save as) live.cfg file which will add a default persistent boot option to the boot menu.If you would like to return your Flash Drive to its previous state, you can use http://www.ipauly.com/bootice/bootice_0.9.rar and Choose USB-FDD Mode and FAT32 format.
Downloading and installing Live-Helper: 1. Open a terminal and type sudo gedit /etc/apt/sources.list Add deb http://live.debian.net/debian/ etch main to the list and save the file. 2. Back at the terminal, type sudo apt-get update 3. Type sudo apt-get install debian-unofficial-archive-keyring 4. Type sudo apt-get install live-helper Configuring the settings for your Debian based Live CD: 1. Login as root and open a terminal (must be done as root user) 2. From the terminal, type lh_config Now we can edit the configuration files that have been created in (root's Home) debianlive/config/ directory
Open debian-live/config/chroot, Set the interactive parameter LIVE_INTERACTIVE="enabled" (this allows you to chroot to the filesystem and make changes before it is compressed) You should also set the live package to install. For example: LIVE_PACKAGES_LISTS="gnome" (will install the gnome desktop) Save changes and close the chroot file
Note: To create a USB Image instead of an ISO, open debian-live/config/binary and change the image type parameter from iso to usb-hdd LIVE_BINARY_IMAGES="usb-hdd" Building the Debian based Live Linux ISO or IMG: Now that we have made a couple of basic configuration changes we can proceed with the build process. 1. Back at the terminal type cd debian-live (moves us to debian-live, where our live distro is going to be built) 2. Type lh_build (starts the build process based on our live configuration settings) During the build process, live-helper will create a directory named chroot containing the Linux filesystem that will later be compressed. Once live-helper has finished installing the core components, it will start an interactive shell (change root directory to chroot) pausing the build and allow you to install additional packages and make changes or adjustments before it compresses the filesystem and builds the final Live Linux ISO.
3. At the terminal, when the script responds with the following: Pausing build: starting interactive shell…
Make your changes, if any and then type exit to allow live-helper to continue.
Burn the ISO and test your new creation: Once live-helper has finished, you'll find your completed ISO in the debian-live directory. 1. Burn the ISO to a CD or DVD 2. Test your new creation by rebooting from the CD/DVD. Or to Copy the IMG to the USB device: 1. From the terminal type fdisk -l and locate your USB device. Example: dev/sdX (where X represents your USB device) 2. Type dd if=binary.img of=/dev/sdX 3. Reboot your PC, booting from the USB device Note: With your CD/DVD or USB build, you can save your changes back to a USB device via the persistent feature. Simply create a partition on the device labeled casper-rw and type live persistent at boot to enable saving and restoring of settings/changes. Example: mkfs.ext2 -L casper-rw /dev/sdx2
Ubuntu Privacy Remix: UPR
Ubuntu Privacy Remix creates such a working environment on any PC with the following measures:
The system resides on a non-writable CD, i.e. it is in the original state after every reboot and cannot be modified afterwards. Spyware and other mailicious software cannot be installed permanently. All alterable user data reside on encrypted removable media like USB flash drives.
The system kernel is modified so that it ignores any network hardware. UPR therefore is an isolated system which can not be attacked via LAN/WLAN/Bleutooth/Infrared etc. UPR mounts removable media and TrueCrypt volumes with the 'noexec' option. This prevents executing malicious programs that were imported accidentally into the UPR-System via removable media. Therewith it is secured, that the running UPR-System can not be infected this way.
The system is based on free software which can be verified in source code. The system completely ignores any local hard disks. Neither can they be used by malicious software to save sensitive data outside the encrypted removable media - unencrypted and unnoticed for later attacks - , nor could this happen accidentally by the users inattention. Malicious software can also not be loaded from already compromised hard disks into UPR.
To ease working with a non-modifiable system, UPR introduces "extended TrueCryptVolumes", which can store program configuration like GnuPG settings, OpenOffice dictionaries etc. permanently and securely within an encrypted volume. These settings are automatically made available after opening such an "extended TrueCrypt-Volume". This method is only an optional alternative to using standard TrueCrypt volumes NOTE: Ubuntu Privacy Remix is NOT for anonymous internet surfing since its modified kernel ensures that no network hardware.
• No hard drive installation • Read-only filesystem • No Internet connection • TrueCrypt encryption software: you will learn more about it later • Extended TC-Volumes • GNOME 2.22 desktop environment Ubuntu Privacy Remix is based on the Ubuntu 8.04 LTS (Hardy Heron), it is dubbed Hardened Heron and includes some of the best cryptographic applications available today: GnuPG and TrueCrypt.
For more information about” how to use” and its “features” please refer to: https://www.privacy-cd.org/en/tutorials https://www.privacy-cd.org/en/features-mainmenu-35 Download: https://www.privacy-cd.org/index.php?option=com_content&view=article&id=66&Itemid=89
Windows
It is not recommended to use Windows as a secure communication platform. While Windows can be locked down to provide a more secure environment than is provided by default, the tendencies in Windows lean towards very lax security. There is also a multitude of pre-built exploits for windows that make it easier for attackers to compromise. Here are some bullet points against using windows for secure communications:
widespread distribution of malware/Trojans/viruses that could log key strokes, bypassing encryption schemes and/or logging other information targeted hacking and malware installation is actively used by governmental agencies with Windows being most susceptible Usually uses an unencrypted file system, main encryption tool is proprietary and cannot be scrutinized for exploits, back doors, or other weaknesses. User accounts are administrators by default Since Windows is proprietary and closed-source, there is no outside scrutiny for defects, back doors, or anything that “phones home”. You’re trusting Microsoft completely with whatever secrets you choose to put on your computer.
How to Install Windows XP
The procedure to install Windows XP home edition is very similar to the professional edition. Since Windows XP Pro is more advanced operating system, it will be used to demonstrate the installation procedure. The best way install Windows XP is to do a clean install. It is not difficult to perform a clean installation. Before you perform the installation I recommend that you check Windows XP Compatibility List here: ftp://ftp.microsoft.com/services/whql/hcl/WinXPHCLx86.txt to ensure that your hardware is supported by XP. If your hardware is not on the compatibility list you can check your hardware manufactures website to download the drivers for Windows XP. Save all the necessary drivers onto floppy disks or CD before you start the installation. All versions of Windows XP CD are bootable. In order to boot from CD/DVD-ROM you need to set the boot sequence. Look for the boot sequence under your BIOS setup and make sure that the first boot device is set to CD/DVD-ROM. You can then perform the following steps to install Windows XP: Step 1 - Start your PC and place your Windows XP CD in your CD/DVD-ROM drive. Your PC should automatically detect the CD and you will get a message saying "Press any key to boot from CD". Soon as computer starts booting from the CD your will get the following screen:
Step 2 - At this stage it will ask you to press F6 if you want to install a third party Raid or SCSI driver. If you are using an IDE Hard Drive then you do not need to press F6. If you are using a SCSI or SATA Hard drive then you must press F6 otherwise Windows will not detect your Hard Drive during the installation. Please make sure you have the Raid drivers on a floppy disk. Normally the drivers are supplied on a CD which you can copy to a floppy disk ready to be installed. If you are not sure how to do this then please read your motherboard manuals for more information. Step 3 - Press S to specify that you want to install additional device.
Step 4 - You will be asked to insert the floppy disk with the Raid or SCSI drivers. Press enter after you have inserted the disk. Step 5 - You will see a list of Raid drivers for your HDD. Select the correct driver for your device and press enter.
Step 6 - You will then get a Windows XP Professional Setup screen. You have the option to do a new Windows install, Repair previous install or quit. Since we are doing a new install we just press Enter to continue. Step 7 - You will be presented with the End User Licensing Agreement. Press F8 to accept and continue
Step 8 - This step is very important. Here we will create the partition where Windows will be installed. If you have a brand new unformatted drive you will get a screen similar to below. In our case the drive size is 8190MB. We can choose to install Windows in this drive without creating a partition, hence use the entire size of the drive. If you wish to do this you can just press enter and Windows will automatically partition and format the drive as one large drive. However for this demonstration I will create two partitions. The first partition will be 6000MB (C: drive) and second partition would be 2180MB (E: drive). By creating two partitions we can have one which stores Windows and Applications and the other which stores our data. So in the future if anything goes wrong with our Windows install such as virus or spyware we can reinstall Windows on C: drive and our data on E: drive will not be touched. Please note you can choose whatever size partition you like. For example if you have 500GB hard drive you can have two partitions of 250GB each.Press C to create a partition.
Step 8 - Windows will show the total size of the hard drive and ask you how much you want to allocate for the partition you are about to create. I will choose 6000MB. You will then get the screen below. Notice it shows C: Partition 1 followed by the size 6000 MB. This indicates the partition has been created. We still have an unpartitioned space of 2189MB. Next highlight the
unpartitioned space by pressing down the arrow key. Then press C to create another partition. You will see the total space available for the new partition. Just choose all the space left over, in our case 2180MB.
Step 9 - Now you will see both partition listed. Partition 1 (C: Drive) 6000MB and Partition 2 (E: Drive) 2180MB. You will also have 8MB of unpartitioned space. Don't worry about that. Just leave it how it is. Windows normally has some unpartitioned space. You might wonder what happened to D: drive. Windows has automatically allocated D: drive to CD/DVD-ROM. Select Partition 1 (C: Drive) and press Enter.
Step 10 - Choose format the partition using NTFS file system. This is the recommended file system. If the hard drive has been formatted before then you can choose quick NTFS format. We chose NTFS because it offers many security features, supports larger drive size, and bigger size files.
Windows will now start formatting drive C: and start copying setup files as shown on the two images below:
Step 11 - After the setup has completed copying the files the computer will restart. Leave the XP CD in the drive but this time DO NOT press any key when the message "Press any key to boot from CD" is displayed. In few seconds setup will continue. Windows XP Setup wizard will guide you through the setup process of gathering information about your computer. Step 12 - Choose your region and language.
Step 13 - Type in your name and organization. Step 14- Enter your product key.
Step 15 - Name the computer, and enter an Administrator password. Don't forget to write down your Administrator password.
Step 16 - Enter the correct date, time and choose your time zone.
Step 17 - For the network setting choose typical and press next. Step 18 - Choose workgroup or domain name. If you are not a member of a domain then leave the default settings and press next. Windows will restart again and adjust the display.
Step 19 - Finally Windows will start and present you with a Welcome screen. Click next to continue. Step 20 - Choose 'help protect my PC by turning on autoatic updates now' and press next.
Step 21 - Will this computer connect to the internet directly, or through a network? If you are connected to a router or LAN then choose: 'Yes, this computer will connect through a local area network or home network'. If you have dial up modem choose: 'No, this computer will connect directly to the internet'. Then click Next.
Step 22 - Ready to activate Windows? Choose yes if you wish to active Windows over the internet now. Choose no if you want to activate Windows at a later stage. Step 23 - Add users that will sign on to this computer and click next.
Step 24 - You will get a Thank you screen to confirm setup is complete. Click finish. Step 25- Log in, to your PC for the first time.
Step 26 - You now need to check the device manager to confirm that all the drivers has been loaded or if there are any conflicts. From the start menu select Start -> Settings -> Control
Panel. Click on the System icon and then from the System Properties window select the Hardware tab, then click on Device Manager.
If there are any yellow exclamation mark "!" next to any of the listed device, it means that no drivers or incorrect drivers has been loaded for that device. In our case we have a Video Controller (VGA card) which has no drivers installed. Your hardware should come with manufacturer supplied drivers. You need to install these drivers using the automatic setup program provided by the manufacturer or you need to manually install these drivers. If you do not have the drivers, check the manufacturer’s website to download them. To install a driver manually use the following procedure: (a) From the device manager double click on the device containing the exclamation mark. (b) This would open a device properties window. (c) Click on the Driver tab. (d) Click Update Driver button. The Wizard for updating device driver pops up as shown below:
You now get two options. The first option provides an automatic search for the required driver. The second option allows you to specify the location of the driver. If you don't know the location of the driver; choose the automatic search which would find the required driver from the manufacturer supplied CD or Floppy disk. Windows would install the required driver and may ask you to restart the system for the changes to take effect. Use this procedure to install drivers for all the devices that contain an exclamation mark. Windows is completely setup when there are no more exclamation marks in the device manager.
How to Install Windows 7
Here we demonstrate step-by-step how to install Windows 7 Ultimate. The guide is similar for other versions of Windows 7 such as Home Premium. The best way to install Windows 7 is to do a clean install. It is not difficult to perform a clean installation. Before you start the installation process I recommend that you check Windows 7 System Requirements list: http://windows.microsoft.com/systemrequirements to ensure that your hardware is supported by Windows 7. If you don't have Windows 7 drivers for all your hardware, it is a good idea to download all the drivers from the hardware manufacturer’s website and save all the necessary drivers on a CD-R or a USB drive before you start the installation. Windows 7 DVD is bootable. In order to boot from the DVD you need to set the boot sequence. Look for the boot sequence under your BIOS setup and make sure that the first boot device is set to CD-ROM/DVD-ROM. Step 1 - Place Windows 7 DVD in your DVD-ROMs drive and start your PC. Windows 7 will start to boot up and you will get the following progress bar.
Step 2 - The next screen allows you to setup your language, time and currency format, keyboard or input method. Choose your required settings and click next to continue.
Step 3 - The next screen allows you to install or repair Windows 7. Since we are doing a clean install we will click on "install now".
Step 4 - Read the license terms and tick I accept license terms. Then click next to continue.
Step 5 - You will now be presented with two options. Upgrade or Custom (Advanced). Since we are doing a clean install we will select Custom (Advanced).
Step 6 - Choose where you would like to install Windows 7. If you have one hard drive you will click next to continue. If you have more than one drive or partition then you need to select the appropriate drive and click next. If you need to format or partition a drive then click Drive options (advance) before clicking next.
If you have multiple hard drives and/or multiple partitions on those drive(s), take great care in confirming that you're deleting the correct partition(s). Many people, for example, have second hard drives or partitions that act as backup drives. That's certainly not a drive you want to be deleting. To Delete Other Operating System Related Partitions. If there are any other partitions that need to be deleted, you can do so at this time and then confirm Additional Partition Deletions.
Step 7 – after choosing the location, Windows 7 starts the installation process and starts copying all the necessary files to your hard drive as shown on the image below.
Step 8 - It will go through various stages of the setup and will reboot your system few times.
Step 9 - When your PC reboots it attempts to boot from DVD as it’s the first boot device. Do not press any key during the boot prompt so Windows 7 will continue with the installation by booting from the hard drive.
Step 10 - After the reboot your computer will be prepared for first use.
Windows 7 is now loading drivers, checking to make sure everything has been setup properly, removing temporary files, etc. You don't need to do anything here.
Step 11 - At this stage you need to choose a user name and computer name. Click next to continue. The user account you create here is the Administrator account which is the main account for your Windows 7 that has all the privileges.
Step 12 - Choose your password and password hint just in case you forget your password and need to jog your memory.
Step 13 - You can now type the product key that came with Windows 7 and click next. If you do not enter the product key you can still proceed to the next stage. However Windows 7 will run in trial mode for 30 days. You must therefore activate Windows within 30 days otherwise you can’t access your computer after 30 days.
Step 14 - Help protect your computer and improve Windows automatically. Choose Use recommended setting. Those who use cracked version of windows should select “ask me later “But it is not secure!
Step 15 - Review your time and date settings. Select your time zone, correct the date and time and click next to continue.
Step 16 - Select your computer's current location. If you are a home user then choose Home network otherwise select the appropriate option.
Step 17 - Windows will now finalize the settings for your computer and restart. Step 18 - After the final restart Windows 7 will start to boot up.
Step 19 - Finally you have the logon screen. Just type your password and press enter or click on the arrow to logon to Windows 7 for the first time.
Step 20 - After you have logged on to Windows 7 for the first time, you will see similar desktop to the image below. At this point you can start using your computer. However it may not be fully
configured. You need to make sure that all the hardware is detected correctly and the necessary device drivers are installed. This can be done from the device manager.
Step 21 - To go to device manager click - Start Menu -> Control Panel -> System and Security > System -> Device Manager. You will see all your hardware listed as shown on the image below. You need to check if you have any yellow exclamation marks next to the name of the devices, similar to "Multimedia Audio Controller" on the image below. This indicates that the driver has not been installed for this device. At this stage you can install the driver for this device. To do so, Right Mouse click on Multimedia Audio Controller -> Update Driver Software...
Step 22 - You can choose to "Search automatically for updated driver software" or "Browse my computer for driver software". If you have the driver CD or if the driver is on a USB drive then choose "browse my computer for driver software". Window 7 will search and install the driver from the CD or you can locate the driver manually. Once you have removed all the yellow exclamation marks from the device manager your Windows 7 configuration would be fully complete.
Step 23 - Finally check if you have successfully activated Windows 7. Click Start Menu -> Control Panel -> System and Security -> System. You will get a window similar to the image below. Towards the bottom you will see Windows is activated followed by your product ID. This shows that your copy of Windows 7 is fully activated.
How Setup Windows XP Mode in Windows 7
Windows XP Mode: http://windows.microsoft.com/en-US/windows7/products/features/windows-xp-mode for Windows 7 makes it easy to install and run your applications for Windows XP 32-bit directly from your Windows 7 32-bit or 64-bit based PC. It utilizes virtualization technology such as Windows Virtual PC to provide a Virtual Windows XP environment for Windows 7. Windows XP Mode provides Windows 7 Professional, Enterprise, or Ultimate users the flexibility to run many older productivity applications in a virtual Windows XP environment on a Windows 7based PC. Make sure that your processor supports hardware virtualization, and double-check that the hardware virtualization setting is enabled in your BIOS (the setting is often not enabled although your processor may be supported). You can use the official Intel Processor Identification Utility if you are running Intel: http://www.intel.com/p/en_US/support/highlights/processors/toolspiu , or you can use SecurAble to determine whether or not you’re AMD or Intel processor will support XP Mode. http://www.grc.com/securable.htm .SecurAble is a tiny app from Steve Gibson of the SpinRite fame. When you run the standalone app, it returns information about three features on modern processors: Maximum Bit Length (32-bit or 64-bit), Hardware D.E.P (provides protection against malicious code), and Hardware Virtualization (optimized processor instructions for virtual machines). If it’s not available or locked off, you might be able to go into the system BIOS and activate it. Look carefully in the BIOS because the setting is not always clearly labeled. If you still don’t see it, you might be able to update to the manufacturers latest version and get it to work. Make sure you know what you’re doing when updating your system BIOS and follow all the manufacturer’s steps, otherwise you can turn the PC into a giant paper weight.
If your system doesn’t support Hardware Virtualization, unfortunately you won’t be able to run XP Mode.
Windows Virtual PC: It is the latest Microsoft virtualization technology for Windows 7. It is the runtime engine for Windows XP Mode to provide a virtual Windows environment for Windows 7. With Windows Virtual PC, Windows XP mode applications can be seen and accessed from a Windows 7-based PC. Tips:
To Uninstall Windows XP Mode o Open Control Panel (All items view), click on Programs and Features, and select Windows XP Mode. To Uninstall Windows Virtual PC o Open Control Panel (All items view), click on Programs and Features, click on the View installed updates link in the left pane, and then select Windows Virtual PC (KB958559).
Windows Virtual PC: Requirements
1 GHz 32-bit / 64-bit processor required Memory (RAM) o 1.25 GB required, 2 GB memory recommended Recommended 15 GB hard disk space per virtual Windows environment Supported host (your computer) operating system: NOTE: Windows XP Mode can only be installed on Windows 7 Enterprise, Windows 7 Professional, and Windows 7 Ultimate. o Windows 7 Home Premium (32-bit or 64-bit) o Windows 7 Professional (32-bit and 64-bit) o Windows 7 Ultimate (32-bit and 64-bit) o Windows 7 Enterprise (32-bit and 64-bit) Supported guest (virtual machine) 32-bit only operating system: o Windows XP Virtual Applications feature is supported only on Windows XP Service Pack 3 (SP3) Professional o Windows Vista Virtual Applications feature is supported only on Windows Vista Enterprise and Windows Vista Ultimate o Windows 7 Virtual Applications feature is supported only on Windows 7 Enterprise and Windows 7 Ultimate
Procedure: 1. Go to the Windows Virtual PC website: http://www.microsoft.com/windows/virtualpc/download.aspx , select your 32-bit or 64-bit Windows 7 version and language.
2. Afterwards, click on the Windows XP Mode download button in step 3 at that site.
3. Click on Continue for Windows validation. When validation is completed, click on Continue to start the download process. NOTE: You will need to have cookies enabled to be able to do this.
4. Download and Install Windows XP Mode A) Click on Save, and then save the WindowsXPMode_en-us.exe file to your desktop. .
B) Double click on the downloaded WindowsXPMode_en-us.exe installation file to start installing it. NOTE: The part of the name in red will vary for you depending on what language you selected (step 1). C) Click on the Next button.
D) Click on the Next button.
E) If prompted by UAC, click on Yes. F) When Windows XP Mode is finished installing, click on the Finish button.
5. Download and Install Windows Virtual PC A) At the Windows Virtual PC website, click on the Windows Virtual PC download button in step 3 at that site.
B) Click on Save, and then save the Windows6.1-KB958559-x86-RefreshPkg.msu or Windows6.1-KB958559-x64-RefreshPkg.msu file to your desktop.
C) Double click on the downloaded Windows6.1-KB958559-x86-RefreshPkg.msu or Windows6.1-KB958559-x64-RefreshPkg.msu file to start installing it. D) If prompted by UAC, click on Yes. E) Click on Yes.
F) Click on the I Accept button.
G) When it is finished, click on the Restart Now button. WARNING: This will restart your computer immediately. Be sure to save and close anything that you have open first.
H) When the computer is finished restarting, continue on to step 6 below. 6. Download and Install Windows XP Mode Update NOTE: Enables Windows XP Mode for PCs without Hardware Assisted Virtualization Technology. While the Windows XP Mode Update download may be optional for PCs with Hardware Assisted Virtualization Technology, it will not hurt anything to install it to be safe if you are not sure if you do or not. You will not need to download and install the Windows XP Mode Update if you have the Windows 7 SP1 installed since the SP1 already contains it. You can open winver to see if you are running Windows 7 SP1 or not. Open the Start Menu. In the Search box, type in winver and press Enter.
A) At the Windows Virtual PC website, click on the Windows XP Mode Update download button in step 3 at that site.
B) Click on Save, and then save the Windows6.1-KB8977206-x86.msu or Windows6.1KB8977206-x64.msu file to your desktop.
C) Double click on the downloaded Windows6.1-KB8977206-x86.msu or Windows6.1KB8977206-x64.msu file to start installing it. D) If prompted by UAC, click on Yes. E) Click on Yes.
F) When it is finished, click on the Restart Now button. WARNING: This will restart your computer immediately. Be sure to save and close anything that you have open first.
G) When the computer is finished restarting, continue on to step 7 below. 7. To Open and Run Windows XP Mode A) Open the Start Menu, then click on All Programs, expand the Windows Virtual PC folder, and double click on the Windows XP Mode shortcut. 8. Check the I accept box, then click on the Next button.
9. Type in a password and type it in again to confirm it, and then click on the Next button. NOTE: If you would like to be logged on automatically whenever you open Windows XP Mode (step 7), then check the Remember credentials box.
10. Select (dot) the Help protect my computer by turning on Automatic Updates now box, and then click on the Next button. 11. Click on the Start Setup button.
12. You will now see this for a few moments while Windows XP Mode is being setup.
13. When setup is finished and you did not check the Remember credentials box in step 9 above, then you will need to enter your password entered and click on OK. If you did, then skip this and continue on to step 14. 14. The Windows XP Mode - Windows Virtual PC window will now open. You are now in Windows XP Mode.
1. Next, be sure to install Integration Components and enable Integration Features. NOTE: Sometimes this will be enabled for you automatically during installation. To Install Integration Components Click on Tools on the virtual machine menu bar, and click on Install Integration Components. NOTE: You may need to press CTRL+ALT+Left Arrow to move the mouse pointer out of the virtual machine to click on the menu bar. B) Click on Continue.
C) Click on Run Setup.exe. D) Click on Next.
E) If prompted by UAC, then click on Yes. F) When it's finished installing, click on Finish. G) Click on Yes to restart the virtual machine
H) Log on to the virtual machine by typing in your password for the virtual machine and pressing enter.
I) you will now need to enable the integration features. To Enable Integration Features NOTE: You will only be able to enable the integration features if you had already installed the integration components (step 1). After the first time you do this, you will usually only need to do step 3A to enable the integration features. A) Click on Tools on the virtual machine menu bar, and click on Enable Integration Features. NOTE: You may need to press CTRL+ALT+Left Arrow to move the mouse pointer out of the virtual machine to click on the menu bar. B) Check the Remember my credentials box, and click on Use another account.
C) Type in your user name and password for this virtual machine, then click on OK.
D) Integration features will now be enabled. To Disable Integration Features A) Click on Tools on the virtual machine menu bar, and click on Disable Integration Features. NOTE: You may need to press CTRL+ALT+Left Arrow to move the mouse pointer out of the virtual machine to click on the menu bar. B) Log on to the virtual machine by typing in your password for the virtual machine and pressing enter.
C) Integration features will now be disabled. 16. Set Windows XP Mode Settings A) In the Windows XP Mode window, click on Tools (menu bar) and Settings. B) In the left pane, select Close/Shut Down. C) In the right pane, select (dot) automatically close with the following
action, then select Shut Down and click on OK. 17. To Close Windows XP Mode A) Click on the X in the upper right corner of the Windows XP Mode window like you would any other window in Windows 7or ….. B) In the Windows XP Mode window click on Action (menu bar) and Close. 19. Installing a Program in Windows XP Mode NOTE: You would install a program in Virtual Windows XP just like you would in Windows 7 with the same access to everything in Windows 7. For example, hard drives, DVD drives, USB drives, Windows 7 folders and files, etc..... A) After you have installed any program (ex: CCleaner) in Windows XP Mode, you will notice that there will now also be a shortcut to it in the Windows 7 Start Menu in the Windows XP Mode Applications folder under Windows Virtual PC and Windows XP Mode. NOTE: Double clicking on the program's shortcut (ex: CCleaner) in the Windows 7 Start Menu when Windows XP Mode is closed will open and run the program in Windows 7 but as if it you were running it in Windows XP Mode. You could also move or copy this Windows XP Mode Applications shortcut where you like in Windows 7 for easy use.
The version of Windows is XP Professional SP3. You can easily send the Ctrl+Alt+Del command. To completely turn off the machine the first time you will need to shut it down from this screen.
You can use USB drives as well, just click USB on the toolbar and choose the drive you want XP Mode to recognize. While playing around in XP on your Windows 7 machine is cool, the main reason for XP Mode is to run applications that only work with XP on the new OS. You need to install the XP compatible program on the virtual machine first, just like you normally would. In this example the old school MusicMatch
Player version 7.5 on the XP VM is installed. To run the apps in XP Mode you need to close out of the VM first. Then go to the Start menu and Windows Virtual PC \ XP Mode Applications and the app you want to run.
The virtual machine process starts up but you don’t see the whole OS, just the application you want to run. You can use it just like you would if it were installed on Window 7. You can also go into the VM settings and change things like allocating more memory, hard drives, networking settings…etc.
Xp mode without hardware virtualization
Although one of the neatest new features in Windows 7 Professional and above is XP Mode, but not all machines are capable of running it. So you may want to learn; how to use VMware to run XP Mode on machines without Hardware Virtualization. Even if your computer doesn’t have hardware virtualization, you can still install XP Mode but just cannot run it as you can’t run Virtual PC. Enter VMware Player. This free program lets you create and run virtual machines, whether or not you have hardware virtualization. And, it can directly import XP Mode so you can use that copy of XP for free. A couple features are different, but it’s still a great replacement since you otherwise couldn’t use it at all. VMware Player is the easiest way to run multiple operating systems at the same time on your PC. With its user-friendly interface, VMware Player makes it effortless for anyone to try out Windows 8 developer release, Windows 7, Chrome OS or the latest Linux releases, or create isolated virtual machines to safely test new software and surf the Web. VMware Player can also be used to run a virtual copy of an old PC so that you can recycle the old machines you have under your desk or stored in the closet. Note: XP Mode does not work on Home Versions of Windows 7 and you’ll need VMware Player 3.0 Requirements: Download Windows XP Mode: http://www.microsoft.com/windows/virtual-pc/download.aspx Download VMware Player 3: http://www.vmware.com/products/player Download Securable to Test if your Machine Can Run XP Mode: http://www.grc.com/securable.htm Procedure After download xp mode as we mentioned before; Install it; just follow the default prompts as usual.
Then, download and install VMware player. The download is free, but requires registration. You may see some prompts about installing drivers; simply approve them. It is not usual but happens sometimes. When you are finished installing VMware Player, you will have to restart your computer.
Add XP Mode to VMware Player Now that your computer is rebooted, run VMware Player. We can import XP Mode by clicking File, and then click “Import Windows XP Mode VM.”
VMware Player will simply start importing your XP Mode. Converting XP mode to VMware format may take a couple minutes depending on your hardware, so just be patient.
When this is done, you should see a new virtual machine in VMware Player called XP Mode! Click “Play Virtual Machine” to run XP Mode. XP will run through its first-run setup process.
While it is loading, you may be prompted to install or update VMware Tools. This is required to integrate XP Mode into your computer, so click Update Tools or Install Tools depending on your situation.
The tools will automatically download and install, though you may have to approve an UAC prompt.
Now you can proceed with your XP setup. Accept the license agreement, and choose your locale and keyboard settings.
Enter a name for the virtual machine and an administrative password.
And enter the correct date, time, and timezone. It usually gets the correct time and date from your computer itself, but the time zone is often incorrect. XP will now finalize your changes, and then reboot.
When XP Mode restarts, choose your settings for updates. Then Windows may ask to search for drivers. Simply press cancel, as VMware Tools will contain everything we need.
After a short delay, you should see your XP desktop in VMware Player! There’s one last thing that needs to be installed – VMware Tools. This should automatically open in XP Mode; if not, click Start, then My Computer, and finally double-click on the CD drive which should say VMware Tools.
Now, simply run the Tools installer with the typical setup type, and reboot the XP Mode when it’s finished. Now VMWare is setup and we’re ready to start integrating it with Windows 7.
Integrate XP Mode in VMware Player with Windows 7 The real advantage of the default XP Mode in Windows 7 is that the XP programs are fully integrated with their Windows 7 counterparts. You can run them seamlessly with other programs, copy between them, and even open and save files to the same folders. Let’s set this up in VMware. Copy and paste from Windows 7 to XP Mode in VMware is activated by default. To use your XP programs seamlessly with Windows 7, click VM on the top of the VMware window, and click “Enter Unity.”
You can easily access any program or file in XP mode through a dedicated XP Mode Start Menu. When you hover over your Windows 7 Start button, a new button called “Windows XP Mode” will above it. Click there to access a full start menu from XP Mode right in Windows 7.
Here is an IE 6 window from XP running side-by-side with IE 8 in Windows 7.
By default, the virtualized windows will have a border and the VMware logo on their edge. To remove this logo, click VM in the VMware player window, then settings. Click on the Options tab, and choose Unity on the left. Now uncheck the boxes that say “Show borders” and “Show badges.” Without having the VMWare borders and badges give everything a more authentic XP Mode look and feel. Without having the VMWare borders and badges give everything a more authentic XP Mode look and feel.
You can even use removable devices, such as flash drives, in XP Mode in VMware Player. Whenever you connect a new device to your computer, VMware will remind you that you can add it to XP Mode.
Simply click VM, then Removable Devices. Select your device name, and click Connect.
Save Files in XP Mode to My Documents in Windows 7 By default, files created in XP Mode in VMware Player will be saved inside the virtual machine. It’s more convenient if they’re saved directly to the My Documents folder in Windows 7, so let’s change this. Click VM, then Settings. Click the Options tab, and then choose Shared Folders on the left. Now click the bullet for “Always enabled” and check the box for “Map as a network drive in Windows guests.”
Now click Add at the bottom of that window. This will let us add a shared folder. Let’s add the My Documents folder from Windows 7. Click Browse, and then select your My Documents folder. Click Ok, and then click Next.
Make sure the box is checked that says “Enable this share” and then click Finish. You can now close the settings window as well. Then Back in XP Mode, click Start, then right click on My Documents, and select Properties.
Click Move to find the new My Documents folder and find the folder we just shared from Windows 7 by clicking My Computer, then the drive that says “Shared Folders on ‘vmwarehost’” or something similar. Now select the folder we shared, Documents, and click Ok.
Click Ok in the main properties window. It may offer to copy the files from your old My Documents folder to the new one; choose Yes to make sure you have all of your documents in Windows 7. Now, whenever you go to save a file in XP Mode, it will automatically save in your My Documents folder on Windows 7. You can repeat the same process for any folder you wish, such as your My Pictures and My Music folders. Now you have your full XP Mode running on your computer without hardware virtualization. Almost all the same features are there; the only thing you’re missing is the Start Menu integration, but VMware’s menu is the next best thing. In our tests using VMware worked as good or better as actual XP Mode on a machine that supports hardware virtualization.
Why security matters
The increasing importance of information and communication has brought with it another phenomenon: the rise of a surveillance society. You can think of surveillance as an attempt by the powerful to maintain their dominance by asserting control over communication.
Nation states have responded to new communications technology by pursuing an infrastructure that can easily be re-purposed for total social control. Unlike earlier communication eras, the nature of current technology requires that our information is either secure in a way that frustrates governments, or is totally insecure in a way that makes possible the widespread and detailed monitoring of an entire populous.
Corporations have discovered that the gathering and analysis of massive amounts of personal data is necessary if they want to remain competitive in an information-rich world. In particular, nearly all advertising is shifting toward surveillance-based tracking of our personal behavior. In this context, secure communication has become vitally important.
State surveillance has a long history of resulting in the repression of social movements. Even indirectly, rampant surveillance has a chilling effect on social movements. Corporate surveillance is just as serious as state surveillance. Not only can the massive amounts of data kept on internet users be easily re-purposed for direct state repression, but corporations are now on the verge of obtaining unprecedented power over consumers.
When people start to learn about the rise in surveillance they start to feel overwhelmed. Some decide that it is impossible to be secure, so they resign themselves to live under perpetual surveillance or to forsake all forms of digital communication. Here, we believe there is a third way: our goal is to make a high degree of security easy and accessible for everyone. Much of the fight against surveillance takes place through the legal system and we applaud those who work in this arena. In contrast, our focus is on technology. When laws are unjust, we believe that a new technical reality is necessary in order to alter the legal and political possibilities.
Security overview
Type of security Human Device What is it? Simple changes you can make to your behavior. Steps to make your computer or phone less vulnerable to attack. Ways to encrypt individual messages you send and receive. Blocking sites that track you and encrypting your internet traffic. When is it useful? Helps prevent human error from being the weak leak in any security system. Useful whenever your device might physically fall into the hands of an attacker. Required if you want to ensure the confidentiality of a particular message while stored and transmitted. Helps protect against behavioral tracking, account hijacking, censorship, social network mapping, eavesdropping, and advertising.
Message
Network
Because network surveillance is so pervasive, it is a social problem that affects everyone all the time. In contrast, device and message security are important for people who are being individually targeted by repressive authorities. Improving your network security is fairly easy, in comparison to device or message security.
Having said that, it is important for people facing the prospect of targeted repression to employ device and message security, although this can take some time to learn. These help pages will aid in that journey.
Human Security
Simple behaviors to greatly improve your security
.
These security help pages include a lot of fancy talk about encryption. Ultimately, however, all this crypto-alchemy will be totally useless if you have insecure behavior. A few simple practices will go a long way toward increasing your security.
Save the world with better passwords
Because passwords are almost always the weakest link in any security system where they are used, the first step to better security is better password practice. A strong password should be long, complex, practical, not be related to you personally, secret, unique and fresh by change it regularly. Things to avoid:
Don’t pick a dictionary word or a proper noun! Passwords are often easy to crack because most people pick a password that is a variation on a word in the dictionary. There are simply not that many words in human languages: it is trivial for a computer to try them all! This includes words where you have replaced some letters with numbers. For example, “L0V3” is just as easy to crack as “LOVE”. Don’t use the same password for all your accounts. (insert here talk about password management tools). Also, it can be better to write down your passwords in a secure place rather than use the same one everywhere. Don’t forget to change your password. You should change your password at least once a year. Never tell anyone your password, especially if they ask for it.
How do you create a password that is strong and yet easy to remember? This can be really tough. The general trick is to start with multiple words you can easily remember, convert them into non-words, and add a few uppercase letters and symbols for good luck. Here are some ideas:
Although you should not use a single dictionary word, multiple words strung together can make a great password. For example, “9meLonrain”. Consider mixing words from different languages. For example: Them Eat 1e gateaU au ch()colaT' Create a non-sense acronym from a phrase that is easy for you to remember. For example, you could turn “The Revolution Will Not Be Televised” into “trwNbt” or even better “trwNbt!4”. Incorporating certain symbols, such as: 'c@t(heR1nthery3' 'To be or not to be? That is the question' becomes '2Bon2B?TitQ' 'Are you happy today?' becomes 'rU:-)2d@y?'
Risks evaluations
-watch communication channels you use and how you use them. Such as paper letters, faxes, landline phones, mobile phones, emails and Skype messages. -Consider how you store important information. Computer hard drives, email and web servers, USB memory sticks, external USB hard drives, CDs and DVDs, mobile phones, printed paper and hand-written notes are all likely possibilities. -information could be in the office, at home, in a trash bin out back or, increasingly, 'somewhere on the Internet.
Protection against physical intruder
-ask someone who will help you keep an eye on your office. -protect all of the doors, windows and other points. -install a surveillance camera or a motion-sensor alarm. -create a reception area -Protect network cables by running them inside the office. -Lock network devices such as servers, routers, switches, hubs and modems into secure rooms or cabinets. An intruder can install malware capable of stealing data there. -secure your access point if you’re using wireless. -consider the location of windows, open doors and the guest waiting area, if you have one. -Most desktop computer cases have a slot where you can attach a padlock that will prevent anyone without a key from getting inside. -Use a locking security cable for laptops and small desktop. - In Windows by clicking on the Start menu, selecting the Control Panel, and double-clicking on User Accounts. In the User Accounts screen, select your own account and click create a Password.
-There are a few settings in your computer's BIOS that are relevant to physical security. First, you should configure your computer so that it will not boot from its floppy, CD-ROM or DVD drives. Second, you should set a password on the BIOS itself, so that an intruder cannot simply undo the previous setting. - To store your Windows or BIOS passwords for a particular computer; make sure that you do not keep your only copy of the database on that computer. -Get in the habit of locking your account whenever you step away from your computer. On Windows, you can do this quickly by holding down the Windows logo key and pressing the L key. This will only work if you have created a password for your account, as described above. -Encrypt sensitive information on computers and storage devices in your office
Maintaining your computer hardware healthy
Computers do not adapt well to unstable electricity supplies, extreme temperatures, dust, high humidity or mechanical stress. - Electrical problems such as power surges, blackouts and brownouts can cause physical damage to a computer. Irregularities like this can 'crash' your hard drive, damaging the information it contains, or physically harm the electronic components in your computer. - If you can, you should install *Uninterruptible Power Supplies (UPSs) on important computers in your office. A UPS provides temporary power in the event of a blackout. Alternatively, you can still provide power filters or surge protectors, either of which will help protect you from power surges. -test your electrical network before you connect important equipment to it. Try to use power sockets that have three slots, one of them being a 'ground line', or 'earth'. - Against accidents in general, avoid placing important hardware in passages, reception areas or other easily accessible locations. UPSs, power filters, surge protectors, power strips and extension cables, particularly those attached to servers and networking equipment, should be positioned where they will not be switched off by an accidental misstep. - If you have access to high-quality computer cables, power strips and extension cables, you should purchase enough to serve your entire office and pick up a few extras.
- make sure they have adequate ventilation, or they might overheat - Computer equipment should not be housed near radiators, heating vents, air conditioners or other ductwork.
Security policy
Have good alarm systems and take care of keys and know how take them and which parts of the office should be restricted to authorized visitors. Securely dispose of paper rubbish that contains sensitive information. Have a contact phone in the event of a fire, flood, or other natural disaster and companies or organizations that provide services such as electrical power, water and Internet access.
Keep your software up to date
We already mentioned why this is important in section 1. -enable your windows update by right click on my computer>automatic update >choose automatic (recommended) you could even move away from the Microsoft Windows operating system entirely, and try using a more secure alternative called GNU/Linux or FreeBSD( most secure operating system that establish based on no security holes ). You can download a LiveCD version of Ubuntu Linux , burn it to a CD or DVD, put it in your computer and restart. Your computer will be running GNU/Linux. You’ll be back in Windows .if simply shut down your computer and remove the Ubuntu LiveCD. -use open source program and keep them update to get rid of new virus. To scan your computer and remove the viruses, without starting Windows on your computer refer to: http://www.askvg.com/download-free-bootable-rescue-cds-from-kaspersky-bitdefenderavira-f-secure-and-others
Be cautious on shared computers
Logout: make sure that you always logout when using web-mail. This is very important, and very easy to do. This is particular important when using a public computer. Don’t leave your computer unlocked and unattended. Avoid public computers: this can be difficult. If you do use a public computer, consider changing your password often or using the virtual keyboard link. If you share a computer with friends, create multiple logins which keep user settings separate. You should enable this feature and logout or “lock” the computer when not in use.
Record passwords
There is a feature in windows to create hidden notepad file to save your usual password. But this way is not useful for important password. To use this simply go: RUN>type CMD>type notepad (file name).text:hidden For example go to CMD and type: notepad anna.txt:hidden A new notepad file will open and ask you to save>click yes. Type what you want there and save changes and close. To reveal your hidden file repeat above command and see file again. But to record your password safely, portable keepass is a great tool with a master password, you shouldn’t forget at all; otherwise, there is no way to recover that.
Portable KeePass-Secure Password Storage
Computer Requirements
All Windows versions KeePass is also available for GNU Linux and Mac OS (in the KeePassX version http://www.keepassx.org ). You can find versions of KeePass for other platforms like iPhone, BlackBerry, Android, PocketPC, etc. If you however wish to try other similar programs we recommend: Password Safe available for Microsoft Windows and GNU Linux : http://passwordsafe.sourceforge.net 1Password available for Mac OS, Microsoft Windows, iPhone and iPad : http://agilewebsolutions.com/products/1Password
Portable KeePass is a secure and easy-to-use password management tool. Differences between Installed and Portable Versions of KeePass Given that portable tools are not installed on a local computer, their existence and use may remain undetected. However, keep in mind that your external device or USB memory stick, and portable tools are only as safe as the computer you are using, and may risk being exposed to adware, malware, spyware and viruses. There are no other differences between Portable KeePass and the version designed to be installed. How to Download and Extract KeePass Step 1. Click http://keepass.info/download.html to be directed to the appropriate download site.
Step 2. Click page.
Portable KeePass 2.17 (ZIP Package) to activate the Source Forge download
http://downloads.sourceforge.net/keepass/KeePass-2.17.zip
Step 3. Click to save the and then navigate to it.
Portable KeePass 2.17 (ZIP Package) to your computer;
Step 4. Right click to activate the pop-up menu and then select the Extract files... item to activate the following screen:
The Extraction path and options window Step 5. Navigate to the removable drive or USB memory stick as shown in Figure below, and then click to create a new folder in which to extract the .
Step 6. Enter a name for the new folder in either
or the document tree as shown in Figure below:
The Extraction path and options window document tree (resized) Note: Choosing a different name for the Portable KeePass folder may make its existence, and the fact that you are using it less obvious.
Step 7. Click
to extract its contents to the newly created Portable KeePass folder.
Step 8. Navigate to your external drive or USB memory stick, then open it to view the Portable KeePass folder.
The destination removable drive window displaying the newly extracted Portable KeePass folder Step 9. Double click In installation version Check the below: to begin using Portable KeePass. option as shown in figure
How to Create a New Password Database In the sections that follow, you will be taught how to create a master password, save your newlycreated database, generate a random password for a particular program, create a backup copy of the database and extract the passwords from KeePass when needed. To open KeePass, perform the following steps: Step 1. Select Start > Programs > KeePass Password Safe > KeePass or click the on your desktop to activate the KeePass main screen as follows: icon
How to Create a New Password Database Creating a new password database involves two steps: You must come up with a single, unique and strong master password that you will use to lock and unlock your database of passwords. Then, you must save that password database. To create a new password database, follow these steps:
Step 1. Select File > New as follows: This will activate the Create New Password Database screen as follows:
Step 2. Type in the master password you have invented into the Master Password field.
You will see an orange-green progress bar underneath the password entry. As you type in a password, the amount of green in the bar will increase if the complexity or strength of your password increases with the number of characters used. Tip: You should aim to have at least half the bar filled with green when you've done typing in your password.
Step 3. Click password as follows:
to activate the Repeat Master Password screen and confirm the
Step 4. Type in the same password as before, then click Step 5. Click to see if you are typing in your password correctly. Warning: This is not advisable if you fear that someone may be looking over your shoulder. Once you have successfully typed in the master password twice, the KeePass console is activated as follows:
After you have created the password database, you need to save it. To save the password database, follow these steps: Step 1. Select File > Save As as follows:
This will activate the Save As screen as follows:
Step 2. Type in a name for your new password database file. Step 3. Click your database. to save
Tip: Remember the location and file name of your database! It will come in very handy when you are creating a backup of it. Congratulations! You have successfully created and saved your secure password database. Now you can begin to fill it up with all your current and future passwords. How to Add an Entry The Add Entry screen lets you add account information, passwords and other important details into your newly-created database. In the example that follows, you will be adding entries to store passwords and user names for different websites and email accounts.
Step 1. Select Edit > Add Entry in the KeePass Password Safe screen to activate the Add Entry screen as follows:
Note: The Add Entry screen presents you with a number of fields to be completed. None of these fields are mandatory; information submitted here is largely for your own convenience. It may prove useful in situations where you are searching for a particular entry. A brief explanation of these different text boxes is presented as follows:
Group: KeePass lets you sort your passwords into pre-defined groups. For example: 'Internet' would be a good place to store passwords that relate to website accounts. Title: A name to describe the particular password entry. For example: Gmail password User name: The user name associated with the password entry. For example: [email protected] URL: The internet site associated with the password entry. For example: https://mail.google.com Password: This feature automatically generates a random password when the Add Entry screen is activated. If you are registering a new email account, you can use the 'default' password in this field. You can also use this feature if you want to change an existing password for one generated by KeePass. Since KeePass will always remember it for you, there is no need to even see the password. A randomly generated password is considered strong (that is, difficult for an intruder to guess or break). Generating a random password on request will be described in the following section. You can, of course, replace the default password with one of your own. For instance, if you are creating an entry for an account that already exists you will want to enter the correct password here.
Repeat Password: The confirmation of the password. Quality: A progress bar that measures password strength according to length and randomness. The more green there is on the scale, the stronger your chosen password. Notes: Here is where you type in descriptive or general information about the account or site for which you are storing information. For example: Mail server settings: POP3 SSL, pop.gmail.com, Port 995; SMTP TLS, smtp.gmail.com, Port: 465 Note: Creating or modifying the password entries in KeePass does not change your actual passwords! Think of KeePass as a secure electronic address book for your passwords. It only stores what you write in it, nothing more. If you select Internet from the Group drop-down list, your password entry might resemble the following:
Step 2. Click
to save your changes to the Add Entry screen.
Your password entry now appears in the Internet group.
Note: The bottom panel of this window displays information about the entry selected. This includes creation, editing and expiry time as well as notes you may have recorded in the entry. It does not reveal the password.
Expires: Check this item to activate text boxes in which you can specify an expiry date. By doing this, you could add a reminder for yourself to change the password at a specific time (every 3 months, for example). When a password has expired, it will appear with a red cross next to its name, with a red cross next to its name as shown in the example below:
How to Edit an Entry You may edit an existing entry in KeePass at any time. You can change your password (it is generally considered good security practice to change a password every three to six months), or modify other details stored in the password entry. To edit an entry, perform the following steps: Step 1. Select the correct Group in the left-hand side to activate the entries associated with it. Step 2. Select the relevant entry, then right click on that selected entry to activate the following window:
Step 3. Click password.
to save any necessary changes to this information, including the
To change an existing password (that you previously created yourself) for one generated and recommended by KeePass, please read the following section.
How to Generate Random Passwords Long, random passwords are considered strong in the world of security. Their randomness is based on mathematical principles and cannot simply be 'guessed' by someone who is trying to break into one of your accounts. KeePass supplies a Password Generator, to help you with this process. As you have seen above, a random password is automatically generated when you add a new entry. This section will describe how to generate one you. Note: The Password Generator can be activated from within the Add Entry and Edit/View Entry screens. Alternatively, select: Tools > Password Generator. Step 1. Click from within either the Add Entry or Edit/View Entry screen, to activate the Password Generator screen as follows:
The Password Generator screen presents a variety of choices for generating a password. You can specify the length of the desired password, the pool of characters from which it will be created and much else. For our purposes, we can use the default options presented. This means that the generated password will be 20 characters long and made up of lower and upper case letters, as well as numbers.
Step 2. Click to begin the process. When complete, KeePass will present the generated password to you.
Note: You can view the generated password by clicking . However, this creates a security risk as we discussed above. In essence, you will never need to see the generated password. We will explain more about it in section Using KeePass Passwords.
Step 3. Click
to accept the password and return to the Add Entry screen as follows:
Step 4. Click
to save this entry.
Step 5. Select File > Save to save your updated password database.
How to Exit, Minimize and Restore KeePass You can minimise or exit the KeePass program at any time. When you open or restore it again, you will be prompted to enter your Master Password. KeePass minimises itself, appearing in your system tray (at the bottom right corner of the screen) as follows: . KeePass also lets you lock the program by performing the following steps: Step 1. Select File > Lock Workspace to activate the following screen:
Step 2. Click to save your information and disable the KeePass console and the following icon will appear in your System Tray: Step 3. Double click this icon to restore KeePass to its normal size, and activate the following screen:
Step 4. Enter your Master Password to open KeePass
To close KeePass perform the following step: Step 1. Select File > Exit to close the KeePass program completely. If you have any unsaved changes in the database, KeePass will prompt you to save them.
How to Create a Backup of the Password Database file The KeePass database file on your computer is denoted by its .kdb file extension. You can copy this file to a USB memory stick. No one else will be able to open the database without the master password. Step 1. Select File > Save As from the main screen, and save a copy of the database to another location. You can run the entire KeePass program from a USB memory stick. Please refer to the Portable KeePass page.
How to Reset your Master Password You can change the Master Password at any time. This can be done once you have opened the password database. Step 1. Select File > Change Master Key
Step 2. Type in the new Master Password twice when prompted to do so.
Using KeePass Passwords Given that a secure password is not easily memorized, KeePass lets you copy it from the database and paste it onto whatever account or website requires it. For greater security, a copied password will only remain on the clipboard for about 10 seconds, so it will save time to have your account or website already open and running, so that you can paste the relevant password there as required. Step 1. Right click on the required password entry to activate a drop-down list,
Step 2. Select Copy Password as follows: The KeePass Password Safe screen
Step 3. Go to related account site and paste password into appropriate field:
the or the the
Tip: For efficient copying, pasting and switching windows, use the keyboard shortcuts. Press and hold the Ctrl key, then press C to copy a password. Press and hold the Ctrl key, then press V to paste that password. Press and hold the Alt key, then press the tab key to switch between open programs and windows. A Gmail Account displaying a pasted password
Note: By using KeePass all the time, you never actually have to see or know what your password is. The copy/paste functions take care of moving it from the database to the required window. If you use the Random Generator feature and then transfer this password to a new email account registration process, you will be using a password that you have never seen in plain view. And it still works!
Installing KeePassX on Ubuntu
To install on Ubuntu we will use the Ubuntu Software Center from Applications->Ubuntu Software Center.
Type KeePass in the search field at the top right and the application KeePassX should automatically appear in the listing.
Highlight the item (it may already be highlighted by default) and then press 'Install'. You will be asked to Authorise the installation process:
Enter your password and press 'Authenticate' the installation process will then begin.
Ubuntu does not offer very good feedback to show the software is installed. If the green progress indicator on the left has gone and the progress bar on the right has gone then you can assumed the software is installed. To check you can open the program from the menu Applications>Accessories->KeyPassX
Encrypting Passwords with KeePassX on Ubuntu First open KeePassX from the Applications->Accessories -> KeePassX menu.
The first time you use KeePassX you need to set up a new database to store your passwords. Click on File->New Database
You will be asked to set a master key (password).
Choose a strong password for this field - refer to the chapter about passwords if you would like some tips on how to do this. Enter the password and press 'OK'. You then are asked to enter the password again. Do so and press 'OK'. If the passwords are the same you will see a new KeePassX 'database' ready for you to use.
Now you have a place to store all your passwords and protect them by the 'master' password you just set. You will see two default categories 'Internet' and 'Email' - you can store passwords just under these two categories, you can delete categories, add sub-groups, or create new categories. For now we just want to stay with these two and add a password for our email to the email group. Right click on the email category and choose 'Add New Entry...':
So now fill this form out with the details so you can correctly identify which email account the passwords are associated with. You need to fill out the fields 'Title' and the password fields. All else is optional.
KeePassX gives some indication if the passwords you are using are 'strong' or 'weak'...you should try and make passwords stronger and for advice on this read the chapter about creating good passwords. Press 'OK' when you are done and you will see something like this:
To recover the passwords (see them) you must double click on the enter and you will see the same window you used for recording the information. If you click on the 'eye' icon to the right of the passwords they will be converted from stars (***) to the plain text so you can read it. Now you you can use KeePassX to store your passwords. However before getting too excited you must do one last thing. When you close KeePassX (choose File->Quit) it asks you if you would like to save the changes you have made.
Press 'Yes'. If it is the first time you used KeePassX (or you have just created a new database) you must choose a place to store your passwords. Otherwise it will save the updated information in the file you have previously created. When you want to access the passwords you must then open KeePassX and you will be asked for the master key. After typing this in you can add all your passwords to the database and see all your entries. It is not a good idea to open KeePassX and have it open permanently as then anyone could see your passwords if they can access your computer. Instead get into the practice of just opening it when you need it and then closing it again.
Encrypting Passwords with Keychain on Mac OSX
Mac OSX comes pre-installed with the build in password manager 'Keychain'. Because of it's tight integration with the OS most of the time you will hardly know it exists. But every now and then you will have a pop-up window in almost any application asking 'do you want to store this password in your keychain?'. This happens when you add new email accounts to your mail client, login to a protected wireless network, enter your details in your chat client etc. etc. etc. Basically what happens is that Mac OSX offers you to store all that login data and different passwords in an encrypted file which it unlocks as soon as you login to your account. You can then check your mail, logon to your WiFi and use your chat client without having to enter your login data all the time over and over again. This is a fully automated process, but if you want to see what is stored where and alter passwords, or lookup a password you will have to open the Keychain program. You can find the Keychain program in the Utilities folder which lives in the Applications folder. When you open it you will see that your 'Login' keychain is unlocked and see all the items contained in it on the right bottom side of the window. (note: the window here is empty because it seemed to be deceiving the purpose of this manual to make a screenshot of my personal keychain items and share it here with you)
You can double click any of the items in the Keychain to view it's details and tick 'Show password:' to see the password associated with the item.
You will note that it will ask you for your master or login password to view the item.
You can access modify any of the items and also use the Keychain to securely save any bits and pieces of text using the notes. To do this click on notes and then choose 'New secure Note item' from the file menu.
Device Security
1 Disk Encryption 2 Personal Firewall
Disk Encryption
Difficulty: Easy to Hard Why: Prevent access of information stored on your computer’s hard disk. Easiest: LUKS encrypion of partitions at fresh installation. Easy: formatting new partition with LUKS, move existent data there and scrub the old location of data: http://code.google.com/p/diskscrub/ Medium: LUKS encryption on LVM. Medium: ecryptfs over specific files/directories. Hard: encryption of whole disk, with key file placed in another device (like a pendrive). Hardest: Steganographic methods. In first section we discussed how to work with LUKS and dm-crypt in detail.
Personal Firewall
Firewall Difficulty: Easy Why: Make your computer less vulnerable to outside attack from the network.
Setting up LUKS encryption on USB drives
In Ubuntu, the easiest way to encrypt a whole drive is using LUKS, because it is easily readable by most Linux computers and can even be set up on a Windows PC, if absolutely necessary. LUKS is a cross-platform standard. Thanks to FreeOTFE: http://freeotfe.org , you get LUKS for Win32. http://code.google.com/p/cryptsetup
Following instructions are condensed adaptations of articles 1.https://help.ubuntu.com/community/EncryptedFilesystemsOnRemovableStorage 2.https://help.ubuntu.com/community/EncryptedFilesystemHowto You can Set up your drives using these instructions on Ubuntu 8.10 but you are be able to successfully mount and access the drives using Ubuntu 8.04 – Hardy Heron. The process may have been faster using eSATA and the method can also be easily adapted for creating a handy, encrypted USB “thumb” drive. Necessary Software In order to start, you must have the cryptsetup package already installed: sudo apt-get install cryptsetup Finding the drive After powering on the drive and hooking it up to the computer you need to identify the device: dmesg | tail -20 [33884.688746] usb 4-1: new high speed USB device using ehci_hcd ... [33884.764079] usb 4-1: configuration #1 chosen from 1 choice [33884.764868] scsi8 : SCSI emulation for USB Mass Storage devices [33884.765316] usb-storage: device found at 9 [33884.765321] usb-storage: waiting for device to settle before scan... [33888.042416] usb-storage: device scan complete [33888.043707] scsi 8:0:0:0: Direct-Access HDS72505 0KLA360 ... [33888.047550] sd 8:0:0:0: [sdb] 976773168 512-byte hardware sectors [33888.048292] sd 8:0:0:0: [sdb] Write Protect is off [33888.048300] sd 8:0:0:0: [sdb] Mode Sense: 00 38 00 00 [33888.048305] sd 8:0:0:0: [sdb] Assuming drive cache: write through [33888.049648] sd 8:0:0:0: [sdb] 976773168 512-byte hardware sectors [33888.050421] sd 8:0:0:0: [sdb] Write Protect is off [33888.050428] sd 8:0:0:0: [sdb] Mode Sense: 00 38 00 00 [33888.050432] sd 8:0:0:0: [sdb] Assuming drive cache: write through [33888.050438] sdb: unknown partition table
[33888.066470] sd 8:0:0:0: [sdb] Attached SCSI disk [33888.066545] sd 8:0:0:0: Attached scsi generic sg2 type 0 In the example above (from the first article) you can see that the drive has been recognized as /dev/sdb. Your drives may show up differently (mine appeared as /dev/sdd and /dev/sde.) I’ll continue to use /dev/sdb to refer to the drive we are working with, but you should replace it with whatever your result is.
Create the partition Before you can actually set up encryption or format the drive, you must create a partition. This is simply a portion of the drive you intend to store data on. A single physical drive may contain multiple partitions (as is usually the case with a Linux boot drive) or just one. At this point you could easily choose to set up both an encrypted and a non-encrypted partition on your drive. You don’t have a need for this, so continue with a single partition. While it can be accomplished via the command line, choose the graphical GParted program, available under the “System -> Administration -> Partition Editor” menu. Choose your device via the drop-down menu in the upper right-hand corner. Then, select the unallocated space and create a new partition that encompasses the entire available space. We do not want to format the partition, only create it, so select “unformatted” as the filesystem.
Click “Apply” and your new partition will be created. You should now have a partition named something like /dev/sdb1 (notice there’s now a number added.) Once you have created the partition successfully, close GParted.
Setting up encryption The next section is copied verbatim from the aforementioned article: The dm-crypt, sha256 and aes kernel modules will need to be loaded prior to encrypting the partition:
sudo modprobe dm-crypt sudo modprobe sha256 sudo modprobe aes If the following error messages appear when loading sha256 and aes: sudo modprobe sha256 WARNING: Error inserting padlock_sha ... No such device sudo modprobe aes WARNING: Error inserting padlock_aes ... No such device It is an indication that the system does not have a hardware cryptographic device.See https://bugs.launchpad.net/ubuntu/+source/linux/+bug/206129 The workaround is to add the following lines (using your favorite editor) to the bottom of /etc/modprobe.d/aliases and re-run the modprobe commands for the sha256 and aes kernel modules: alias sha256 sha256_generic alias aes aes_generic Note that this is only necessary when we are setting up the drive. Later we will access them through Gnome and won’t need these modules. Encrypting the partition Finally, we can run the command to encrypt the /dev/sdb1 partition. While there are other ways of securing your encrypted drive (such as key file stored locally or on a USB flash drive). Choose a strong passphrase; any password 12 characters or longer not consisting of dictionaryfindable words should suffice. Use the following command: sudo cryptsetup --verify-passphrase luksFormat /dev/sdb1 -c aes -s 256 -h sha256
The LUKS-formatting command above has the following options:
–verify-passphrase – ensures the passphrase is entered twice to avoid an incorrect passphrase being used -c aes – specifies the use of AES encryption (c for cipher): http://en.wikipedia.org/wiki/Advanced_Encryption_Standard -s 256 – specifies a 256-bit key size -h sha256 – use 256-bit SHA for password hashing: http://en.wikipedia.org/wiki/SHA
To reducing some computational overhead use 128-bit AES encryption instead. Therefore, command instead looks something like: sudo cryptsetup --verify-passphrase luksFormat /dev/sdb1 -c aes -s 128 -h sha256
Creating the filesystem After setting up the encrypted partition, you must open and map it in order to set up the filesystem and begin using it. Start with: sudo cryptsetup luksOpen /dev/sdb1 secureUSB it should prompt you for your passphrase and map the drive to /dev/mapper/secureUSB. Now you can format the encrypted partition with a filesystem using whatever method you prefer. Such as using “GParted “to format in ext3, I have already mentioned. Like before, select the device you want to create the filesystem on – in this case /dev/mapper/secureUSB. You should again see a block of unallocated space, which you should select and create a new partition within. You may be presented with a big, scary message about setting a disklabel – tell it to create (since you have no data to lose on the drive at this point anyway!) The create new partition screen will look just the same as before, only this time you will want to specify the filesystem type you want to use. Apply all the pending operations and wait for the formatting process – it can take quite a while, especially for large drives.
Mounting the encrypted drive Having successfully set up encryption and created a filesystem, we’re almost ready to to mount the drive and begin using it! (Of course, this is still assuming you’re using USB. If you’re using eSATA then this won’t work easily.
Shut down the computer, disconnect the drive, and reboot. Once you’re back up and logged in, reconnect the drive and Gnome should prompt you for the passphrase and then mount automatically.
If you want the drive to unlock automatically on this computer, select “remember forever.” After you’re unlocked and mounted, the final step is to take ownership of the drive’s root folder with a user other than your sudo/root user: sudo chown youruser:youruser /media/disk Where youruser is the user you want to have ownership and /media/disk is where gnome automounted the drive. For more information see: http://www.g-loaded.eu/2005/11/10/encrypt-devices-using-dm-crypt-and-luks/ http://www.emcken.dk/weblog/archives/164-encrypted-usb-drive-in-ubuntu.html
eCryptfs
eCryptfs is a POSIX-compliant enterprise-class stacked cryptographic filesystem for Linux. Layering on top of the filesystem layer eCryptfs protects files no matter the underlying filesystem, partition type, etc. During installation there is an option to encrypt the /home partition. This will automatically configure everything needed to encrypt and mount the partition. As an example, this section will cover configuring /srv to be encrypted using eCryptfs.
Using eCryptfs First, install the necessary packages. From a terminal prompt enter: sudo apt-get install ecryptfs-utils Now mount the partition to be encrypted: sudo mount -t ecryptfs /srv /srv You will then be prompted for some details on how ecryptfs should encrypt the data. To test that files placed in /srv are indeed encrypted copy the /etc/default folder to /srv: sudo cp -r /etc/default /srv Now unmount /srv, and try to view a file: sudo umount /srv cat /srv/default/cron Remounting /srv using ecryptfs will make the data viewable once again.
Automatically Mounting Encrypted Partitions There are a couple of ways to automatically mount an ecryptfs encrypted filesystem at boot. This example will use a /root/.ecryptfsrc file containing mount options, along with a passphrase file residing on a USB key. First, create /root/.ecryptfsrc containing:
key=passphrase:passphrase_passwd_file=/mnt/usb/passwd_file.txt ecryptfs_sig=5826dd62cf81c615 ecryptfs_cipher=aes ecryptfs_key_bytes=16 ecryptfs_passthrough=n ecryptfs_enable_filename_crypto=n Adjust the ecryptfs_sig to the signature in /root/.ecryptfs/sig-cache.txt. Next, create the /mnt/usb/passwd_file.txt passphrase file: passphrase_passwd=[secrets] Now add the necessary lines to /etc/fstab: /dev/sdb1 /mnt/usb ext3 /srv /srv ecryptfs defaults 0 0 ro 00
Make sure the USB drive is mounted before the encrypted partition. Finally, reboot and the /srv should be mounted using eCryptfs.
Other Utilities The ecryptfs-utils package includes several other useful utilities:
ecryptfs-setup-private: creates a ~/Private directory to contain encrypted information. This utility can be run by unprivileged users to keep data private from other users on the system. ecryptfs-mount-private and ecryptfs-umount-private: will mount and unmount respectively, a users ~/Private directory. ecryptfs-add-passphrase: adds a new passphrase to the kernel keyring. ecryptfs-manager: manages eCryptfs objects such as keys. ecryptfs-stat: allows you to view the ecryptfs meta information for a file.
More information is here: https://launchpad.net/ecryptfs http://manpages.ubuntu.com/manpages/natty/en/man7/ecryptfs.7.html https://help.ubuntu.com/community/eCryptfs
TrueCrypt : less secure way for disk encryption
You can encrypt your files, making them unreadable to anyone but you or you can hide them in the hope that an intruder will be unable to find your sensitive information. TrueCrypt or DiskCryptor can both encrypt and hide your file. While other software can provide encryption that is equally strong, TrueCrypt was designed specifically to make this kind of secure file storage as simple as possible. When your TrueCrypt volume is 'mounted' (whenever you can access the contents yourself), your data may be vulnerable, so you should keep it closed except when you are actually reading or modifying the files inside it.
- Disconnect encrypted volumes mounted when you walk away from your computer for any length of time. - Disconnect them before putting your computer to sleep. - Disconnect them before allowing someone else to handle your computer. - Disconnect them before inserting an untrusted USB memory stick or other external storage device, including those belonging to friends and colleagues. - If you keep an encrypted volume on a USB memory stick, remember that just removing the device may not immediately disconnect the volume. Even if you need to secure your files in a hurry, you have to dismount the volume properly, then disconnect the external drive or memory stick, then remove the device. You might want to practice until you find the quickest way to do all of these things.
If you decide to keep your TrueCrypt volume on a USB memory stick, you can also keep a copy of the TrueCrypt program with it. TrueCrypt's deniability feature is one of the ways in which it goes beyond what is typically offered by file encryption tools. This feature can be thought of as a peculiar form of steganography that disguises your most sensitive information as other, less sensitive, hidden data. it works by storing a 'hidden volume' inside your regular encrypted volume. You open this hidden volume by providing an alternate password that is different from the one you would normally use.
TrueCrypt - Secure File Storage
TrueCrypt is a program which secures your files by preventing anyone without the correct password from accessing them. It functions like an electronic safe, letting you lock up your files so that only someone with the correct password can open them. TrueCrypt works by letting you set up volumes or sections on your computer where you can securely store files. When you create data in, or move data to these volumes, TrueCrypt will automatically encrypt that information. As you open or take your files out, it automatically decrypts them for use. This process is called on-the-fly encryption. TrueCrypt will protect your data from being accessed by locking it with a password that you will create. If you forget that password, you will lose access to your data! TrueCrypt uses a process called encryption to protect your files. Please bear in mind that the use of encryption is illegal in some countries. Rather than encrypting specific files, TrueCrypt creates a protected area, called a volume, on your computer. You can safely store your files inside this encrypted volume. TrueCrypt offers the ability to create a standard encrypted volume or a hidden volume. Either one will keep your files confidential, but a hidden volume allows you to hide your important information behind less sensitive data in order to protect it, even if you are forced to reveal your TrueCrypt volume. This guide explains both volumes in detail. Computer Requirements
Windows 2000/XP/2003/Vista/7 Administrator rights required for installation or to create volumes but not to access existing volumes
GNU Linux, Mac OS and other Microsoft Windows Compatible Programs: Note: it is possible to use TrueCrypt for GNU Linux and Mac OS. Many GNU Linux distributions, for instance Ubuntu: http://www.ubuntu.com, support on-the-fly encryption-decryption for the entire disk as a standard feature. You can decide to use it when you install the system. You can also add the encryption functionality to your Linux system by using an integration of dm-crypt : http://www.saout.de/misc/dm-crypt and cryptsetup and LUKS: http://code.google.com/p/cryptsetup . Another approach is to use ScramDisk for Linux SD4L: http://sd4l.sourceforge.net , a free and open source on-the-fly encryption-decryption program.
For the Mac OS you can use FileVault, which is part of the operating system, to provide on-thefly encryption and decryption for the content of your home folder, and all the sub-folders. You may also find the free and open source program Encrypt This : http://www.nathansheldon.com/files. It can encrypt selected files into .DMG disk image. There are many encryption programs for Microsoft Windows. We recommend a few of them below:
The FREE CompuSec:
http://www.ce-infosys.com/english/free_compusec/free_compusec.aspx It is free, proprietary, on-the-fly encryption/decryption program. It can either encrypt a portion of or the entire computer disk, USB drives or a CD. The DataCrypt module of CompuSec can be used to encrypt individual files as well.
CryptoExpert 2009 Lite: http://www.cryptoexpert.com/lite is free, proprietary, on-thefly encryption-decryption program that creates container encryption files, similar to TrueCrypt. AxCrypt: http://www.axantum.com/AxCrypt is a free and open source program that can encrypt separate files. Steganos LockNote: https://www.steganos.com/us/products/for-free/locknote/overview is a free and open source program. You can use it to encrypt or decrypt any text. The text will be stored in the LockNote application: The mechanism to encrypt or decrypt a note is part of it. LockNote is portable, and installation is not required.
How to Install TrueCrypt Step 1. Double click appear. If it does, click ; the Open File - Security Warning dialog box may to activate the TrueCrypt License screen.
Step 2. Check the I accept and agree to be bound by the license terms option to enable the Accept button; click to activate the following screen:
The Wizard Mode in the default Install mode
Install mode: This option is for users who do not wish to hide the very fact that they use TrueCrypt on their computer. Extract mode: This option is for users who wish to carry a portable version of TrueCrypt on a USB memory stick and do not wish to have TrueCrypt installed on their computer. Note: Some of the options (for example, entire partition and disk encryption) will not work when TrueCrypt is extracted only. Note: Although the default Install mode is recommended here, you may still use TrueCrypt in portable mode later on. To learn more about using the TrueCrypt Traveller mode, please refer to Portable TrueCrypt .
Step 3. Click
to activate the following screen:
The Setup Options window Step 4. Click system. Step 5. Click to activate the Installing screen to begin installing TrueCrypt on your
to activate the following screen:
The TrueCrypt Setup confirmation dialog box Step 6. Click to launch the TrueCrypt web site, and complete the TrueCrypt .
installation, and then click
Note: All users are strongly encouraged to consult the help documentation available from TrueCrypt after completing this tutorial.
How to Create a Standard Volume TrueCrypt lets you create two kinds of volumes: Hidden and Standard. In this section, you will learn how to create a Standard Volume in which to store your files. To begin using TrueCrypt to create a Standard Volume, perform the following steps: Step 1. Double click or Select Start > Programs > TrueCrypt > TrueCrypt to open TrueCrypt. Step 2. Select a drive from the list in the TrueCrypt pane as follows:
The TrueCrypt console Step 3. Click to activate the TrueCrypt Volume Creation Wizard as follows:
The TrueCrypt Volume Creation Wizard window
There are three options for encrypting a Standard Volume. We will use the Create an encrypted file container option. Step 4. Click to activate the following screen:
The Volume Type window The TrueCrypt Volume Creation Wizard Volume Type window lets you specify whether you would prefer to create a Standard or Hidden TrueCrypt volume. Step 5. Check the Standard TrueCrypt Volume option. Step 6. Click to activate the following screen:
The Volume Creation Wizard - Volume Location pane You can specify where you would like to store your Standard Volume in the Volume Creation Wizard - Volume Location screen. This file can be stored like any other file.
Step 7. Either type in the name of the file into the text field, or click the following screen:
to activate
The Specify Path and File Name navigation window Note: A TrueCrypt Volume is contained inside a normal file. This means that it can be moved, copied or even deleted! You need to remember both the location and name of the file. However, you must choose new file name for the volume you create (also refer to section How to Create a Standard Volume on a USB Memory Stick). There, we will create our Standard Volume in the My Documents folder, and name the file My Volume as shown in figure above. Tip: You can use any file name and file extension. For example, you can name your Standard Volume recipes.doc, so that it will look like a Word document, or holidays.mpg, so it will look like a movie file. This is one way you can help disguise the existence of your Standard Volume. Step 8. Click to close the Specify Path and File Name window and return to the Volume Creation Wizard window as follows:
The TrueCrypt Volume Creation Wizard displaying the Volume Location pane Step 9. Click to activate following figure.
How to Create a Standard Volume on a USB Memory Stick To create a TrueCrypt Standard Volume on a USB memory stick, perform steps 1 to 7 in section How to Create a Standard Volume, where you activate the Select a TrueCrypt Volume screen. Instead of choosing My Documents as your file location, navigate to and then choose your USB memory stick. Then, enter a file name and create the Standard Volume there. How to Create a Standard Volume At this stage, you are ready to choose a specific encryption method (or algorithm as it is referred to on the screen) to encode the data that will be stored in your Standard Volume.
The Volume Creation Wizard Encryption Options pane Note: You may leave the default options here as they appear. All algorithms presented in the two options here are considered secure.
Step 10. Click
to activate the TrueCrypt Volume Creation Wizard screen as follows:
The Volume Creation Wizard displaying the Volume Size pane The Volume Size pane lets you specify the size of the Standard Volume. In this example, it is set at 10 megabytes. However, you may specify a different size. Consider the size of the documents and file types you would like to store, and then set an appropriate volume size for them. Tip: If you would like to backup your Standard Volume to a CD later on, then you should set the size to 700MB or less. Step 11. Type in your specific volume size into the text field, and then click activate the following screen: to
The TrueCrypt Volume Creation Wizard featuring the Volume Password pane Important: Choosing a secure and strong password is among the most important tasks you will perform when creating a Standard Volume. A good password will protect your encrypted volume
and the stronger the password you choose, the better. You don't have to create your own passwords, or even remember them, if you use a password generation program like KeePass. Step 12. Type your password and then re-type your password into the Confirm text fields. Important: The Next button will remain disabled until passwords in both text fields match. If your password is not particularly safe or secure, you will see a warning advising you of this. Consider changing it! Although TrueCrypt will still work with any password you have chosen, your data may not be very secure. Step 13. Click to activate the following screen:
The TrueCrypt Volume Creation Wizard featuring the Volume Format pane TrueCrypt is now ready to create a Standard Volume. Move your mouse randomly within the TrueCrypt Volume Creation Wizard window for few seconds. The longer you move the mouse, the better the quality of the encryption key. Step 14. Click to begin creating your standard volume.
TrueCrypt will now create a file named My Volume in the My Documents folder as earlier specified. This file will contain a TrueCrypt Standard Volume, 10 Megabytes in size that you can use to securely store your files. After a Standard Volume has been successfully created, the following dialog box will appear:
The TrueCrypt volume has been successfully created message screen Step 15. Click TrueCrypt console. Step 16. Click to complete creating your Standard Volume and return to the
to close TrueCrypt Volume Creation Wizard.
Portable TrueCrypt
Differences between the Installed and Portable versions of TrueCrypt Given that portable tools are not installed on a local computer, their existence and use may remain undetected. However, keep in mind that your external device or USB memory stick, and portable tools are only as safe as the computer you are using, and may risk being exposed to adware, malware, spyware and viruses. Portable TrueCrypt allows you to use a powerful and simple file encryption tool without being detected. Having Portable TrueCrypt on removable device or USB memory stick lets you use it from different workstations. There are very few differences between both the installed and portable versions of Portable TrueCrypt, the main one being that Portable TrueCrypt does not permit the encryption of the entire disk or system disk. For more information regarding the differences between TrueCrypt and Portable TrueCrypt, please refer to the following page: http://www.truecrypt.org
Downloading, Extracting and Using Portable TrueCrypt Note: The folder into which Portable TrueCrypt is to be extracted must be created manually on the removable device or USB memory stick before the extraction process. Step 1. Navigate to your removable device or USB memory stick in which to extract the Portable TrueCrypt program, and then right-click to activate its associated menu. Step 2. Select the New item to activate its sub-folder, and then select the Folder sub-menu item, as shown in Figure below:
The Windows explorer folder and sub-folder Step 3. Enter the name of the folder. Note: You may give this folder a less obvious name to conceal the existence of the Portable TrueCrypt program. Portable TrueCrypt can be extracted from the same archive as installation version. To download Portable TrueCrypt, perform the almost similar following steps: Step 1. Open www.truecrypt.org/downloads Step 2. Click following screen: beneath the section to activate the
The Opening TrueCrypt Setup 7.0a.exe installation prompt Step 3. Click then navigate to it. Step 4. Double click appear; if it does, click to save the installation file to your computer, and
; the Open File - Security Warning dialog box may to activate the TrueCrypt installation wizard.
Step 5. Check the Extract option to extract TrueCrypt portable to a removable drive or USB device as shown in Figure below:
The Wizard Mode - Select one of the modes window
Step 6. Click
to activate the Extraction Options window as follows:
The Extraction Options window Step 7. Click to activate the Browse for Folders window as follows:
The Browse for Folder window Step 8. Navigate to your destination folder on either the external drive or USB memory stick, and then click , to return the Extraction Options window as follows:
The Extraction Options window displaying the destination folder Step 9. Click to begin extracting TrueCrypt to your removable drive or USB memory stick; a few seconds later, the following windows will appear:
The TrueCrypt pop-up confirmation dialog box and Extraction Complete window Step 10. Click and then click to complete the installation process. option was enabled (as it usually is by default), the
If the following screen will appear:
An example of Portable TrueCrypt extracted to a removable drive Step 11. Navigate to and then double click to run Portable TrueCrypt.
Please refer to the Truecrypt chapter in the Hands-on Guide section from this point onwards, for instructions on how to use TrueCrypt. How to Eliminate All Traces of Having Extracted Portable TrueCrypt Important: After you have successfully extracted Portable TrueCrypt to your external/removable device, you must delete the installation file from your computer to further eliminate any traces of you having downloaded and installed Portable TrueCrypt. Step 1. Navigate to the folder in which Portable TrueCrypt was downloaded, and then right click the installation file to activate the Windows pop-up menu; then, select the Delete command to move it to your Recycle Bin. Step 2. Double click to open its associated window, and then select and delete the file.
Note: If you have either CCleaner or Eraser installed, you can use either of them to eliminate all traces of your having ever downloaded and installed Portable TrueCrypt.
How to Mount a Standard Volume In TrueCrypt, to mount a Standard Volume refers to making the standard volume available for use. In this section, you will learn how to mount your newly created standard volume. To begin mounting your standard volume, perform the following steps: Step 1. Double click TrueCrypt. or Select Start > Programs > TrueCrypt > TrueCrypt to open
Step 2. Select any drive from the list as follows:
The TrueCrypt console In this example the Standard Volume will be mounted as the M: drive. Note: In the following figure, the M: drive has been selected for mounting the standard volume; however, you may choose another listed drive. Step 3. Click The Select a TrueCrypt Volume screen will appear as follows:
The Select a TrueCrypt Volume screen Step 4. Select the standard volume file that you created, then click and return to the TrueCrypt console. Step 5. Click to close figure 2
to activate the Enter password for prompt screen as follows:
The Enter password prompt screen Step 6. Type the password in the Password: text field. Step 7. Click to begin mounting the Standard Volume.
Note: If the password you typed is incorrect, TrueCrypt will prompt you to re-type your password and click mounted as follows: . If the password is correct, the Standard Volume will be
The TrueCrypt console displaying the newly mounted Standard Volume Step 8. Double click the highlighted entry in TrueCrypt or double click the corresponding drive letter in the My Computer screen to access the Standard Volume (now mounted on drive M: on your computer).
Accessing the Standard Volume through the My Computer screen Note: We have just successfully mounted the My Volume standard volume on a virtual disk M: This virtual disk behaves like a real disk, except that it is entirely encrypted. Any files will be automatically encrypted when you copy, move or save them to this virtual disk (a process known as on-the-fly encryption). You can copy files to and from the Standard Volume just as you would copy them to any normal disk (for example, by dragging-and-dropping them). When you move a file out of the Standard Volume, it is automatically decrypted. Conversely if you move a file onto the Standard Volume, TrueCrypt automatically encrypts it. If your computer crashes or is suddenly switched off, TrueCrypt will immediately close the Standard Volume. Important: After transferring files to the TrueCrypt volume, make sure that no traces of the files are left behind on the computer or USB memory stick that they came from.
How to Dismount the Standard Volume In TrueCrypt, to dismount a Standard Volume simply means to make a volume unavailable for use.To close or dismount a Standard Volume and make its files accessible only to someone with a password, perform the following steps: Step 1. Select the volume from the list of mounted volumes in the main TrueCrypt window as follows:
Selecting the Standard Volume to be dismounted Step 2. Click to dismount or close your TrueCrypt standard volume.
Important: Make sure to dismount your TrueCrypt volume before putting your computer to Standby or Hibernate mode. Better yet, always shut-down your computer or laptop if you plan on leaving it unattended. This will prevent anyone from being able to gain your volume password. To retrieve a file stored in your standard volume once you have closed or dismounted it, you will have to mount it again.
How to back up your Volume
Backing up your documents, files and folders on a regular basis is critical. Backing up your TrueCrypt volume is vital, and (fortunately) easy to do. Don't forget that your volume must be dismounted before you back it up. Step 1. Navigate to your Standard Volume file (in figure below, it is located in the My Documents folder).
The My Documents window displaying the My Volume file Step 2. Save the file to an external memory device, like a CD, DVD or a USB memory stick. Tip: If you have large amounts of data that you want to encrypt and archive repeatedly, why not create a new Standard Volume which is the same size as a CD or DVD? This could be used as a secure storage technique. Before you back up the standard volume to a removable device, make sure that the device size corresponds to the size of your volume. Backup Medium CD DVD
Suggested TrueCrypt Volume Size 700mb 3900mb
USB memory Suggested 25% of total capacity (e.g. For 128MB USB stick, use 30MB for your Standard Volume) stick
About Hidden Volumes In TrueCrypt, a Hidden Volume is stored within your encrypted Standard Volume, but its existence is concealed. Even when you 'mount' or open your standard volume, it is not possible either to find or to prove the existence of the hidden volume. If you are forced to reveal your password and the location of your standard volume, then its content may be revealed, but not the existence of the hidden volume within. Imagine a briefcase with a secret compartment. You keep files that you do not mind having confiscated or losing in the normal section of your briefcase, and you keep the important and private files in the secret compartment. The point of the secret compartment (especially a welldesigned one), is to hide its own existence and therefore, the documents within it. How to a Create a Hidden Volume The creation of a TrueCrypt Hidden Volume is similar to creating a TrueCrypt Standard Volume: Some of the panes, screens and windows are even the same. Step 1. Open TrueCrypt. Step 2. Click Step 3. Click to activate the TrueCrypt Volume Creation Wizard. to accept the default Create an encrypted file container option.
Step 4. Check the Hidden TrueCrypt volume option as follows:
The TrueCrypt Volume Creation Wizard with the Hidden TrueCrypt volume option enabled Step 5. Click to activate the following screen:
The TrueCrypt Volume Creation Wizard - Mode window Direct mode: This option lets you create the Hidden Volume within an existing Standard Volume.
Normal mode: This option lets you create a completely new Standard Volume in which to store the Hidden Volume.In this example, we will use the Direct mode.
Note: If you would rather start a new Standard Volume, please repeat the process from the section How to Create a Standard Volume. Step 6. Check the Direct Mode option and then click Volume Creation - Volume Location window. to activate the TrueCrypt
Note: Make sure the Standard Volume is unmounted before selecting it. Step 7. Click to activate the following screen:
The TrueCrypt Volume Creation Wizard - Select a TrueCrypt Volume window
Step 8. Locate the volume file using the Select a TrueCrypt Volume window as shown in the figure. Step 9. Click Step 10. Click to return to the TrueCrypt Volume Creation Wizard. to activate the Enter password screen.
Step 11. Type in password you used when creating the Standard Volume into the Password text field to activate the following screen:
The TrueCrypt Volume Creation Wizard - Hidden Volume Message pane Step 12. Click after you have read the message to activate the Hidden Volume Encryptions Options screen. Note: Leave both the default Encryption Algorithm and Hash Algorithm settings for the Hidden Volume as they are. Step 13. Click to activate the following screen:
The TrueCrypt Volume Creation Wizard - Hidden Volume Size window You will be prompted to specify the size of the Hidden Volume. Note: Consider the kind of documents, their quantity and size that need to be stored. Do leave some space for the Standard Volume. If you select the maximum size available for the Hidden Volume, you will not be able to put any more new files into the original Standard Volume.
If your Standard Volume is 10 Megabytes(MB) in size and you specify a Hidden Volume size of 5MB (as shown in figure above), you will have two volumes (one hidden and one standard volume) of approximately 5MB each. Ensure that the information you store in the Standard Volume does not exceed the 5MB you have set. This is because the TrueCrypt program itself does not automatically detect the existence of the Hidden Volume, and it could accidentally overwrite it. You may risk losing all files stored in the hidden volume if you exceed your previously established size. Step 14. Type in the desired hidden volume size into the corresponding text box as it’s shown in figure above. Step 15. Click to activate the Hidden Volume Password window.
You must now create a different password for the hidden volume from the one used to protect your standard volume. Again, remember to choose a strong password. Please refer to the KeePass chapter to learn more about creating strong passwords. Tip: If you anticipate being forced to reveal the contents of your TrueCrypt volumes, then store your password for the standard volume in KeePass, and create a strong password that you only have to remember for hidden volume. This will help you to conceal your hidden volume, as you will not leave any trace of its existence. Step 16. Create a password and type it in twice, and then click following screen: to activate the
The TrueCrypt Volume Creation Wizard - Hidden Volume Format pane
Leave the default File System and Cluster options as they are. Step 17. Move the mouse cursor around the screen to increase the cryptographic strength of the encryption and then click to format the hidden volume.
After the hidden volume has been formatted, the following screen appears:
The TrueCrypt Volume Creation Wizard message screen Note: Figure 8 both confirms that you have successfully created a hidden volume, as well as warning you against the dangers of overwriting files in the hidden volume when storing files in the standard volume. Step 18. Click to activate the Hidden Volume Created window and then click
and return to the TrueCrypt console. The hidden volume has now been created inside your standard volume. You may now store documents in the hidden volume, which remain invisible even to someone who has obtained the password for that particular standard volume. How to Mount the Hidden Volume The method for mounting or making a Hidden Volume accessible for use is exactly the same as that for a Standard Volume; the only difference is you will use the password that you have just created for the Hidden Volume. To mount or open the Hidden Volume, perform the following steps: Step 1. Select a drive from the list (in this example, drive K):
A mount drive selected in the TrueCrypt Volume screen Step 2. Click to activate the Select a TrueCrypt Volume window.
Step 3. Navigate to and then select your TrueCrypt volume file (same file as for the standard volume). Step 4. Click Step 5. Click to return to the TrueCrypt console. to activate the Enter Password for prompt screen as follows:
The Enter Password screen Step 6. Type the password you used to create the hidden volume, and then click Your hidden volume is now mounted (or opened) as follows: .
The TrueCrypt main screen displaying the newly mounted Hidden Volume Step 7. Double click on above entry or access it through the My Computer window.
Tips on How to Use the Hidden Disk Feature Securely The purpose of the hidden disk feature is to escape a potentially dangerous situation by appearing to hand over your encrypted files, when someone in a position of power demands to see them, without actually being forced to reveal your most sensitive information. In addition to
protecting your data, this may allow you to avoid further jeopardizing your own safety or exposing your colleagues and partners. For this technique to be effective, you must create a situation where the person demanding to see your files will be satisfied by what you show them and let you go. To do this, you may want to implement some of the following suggestions:
Put some confidential documents that you do not mind having exposed in the standard volume. This information must be sensitive enough that it would make sense for you to keep it in an encrypted volume. Be aware that someone demanding to see your files may know about hidden volumes. If you are using TrueCrypt correctly, however, this person will not be able to prove that your hidden volume exists, which will make your denial more believable. Update the files in the standard volume on a weekly basis. This will create the impression that you really are using those files. Whenever you mount a TrueCrypt volume, you can choose” enable the Protect hidden volume against damage caused by writing to outer volume feature”. A very important feature, it lets you add new 'decoy' files to your standard volume without the risk of you accidentally deleting or overwriting the encrypted contents of your hidden volume. As mentioned earlier, exceeding the storage limit on your standard volume may otherwise destroy your hidden files. Do not enable the Protect hidden volume feature when forced to mount a TrueCrypt volume, because doing so requires you to enter the secret password to your hidden volume and will clearly reveal that volume's existence. When you are updating your decoy files in private, however, you should always enable this option. To use the Protect hidden volume feature, perform the following steps: Step 1. Click on the Enter Password prompt shown in figure 10, above. This will activate the Mount Options window as follows:
The Mount Options window Step 2. Check the Protect hidden volume against damage caused by writing to outer volume option. Step 3. Type in your Hidden Volume password, and then click .
Step 4. Click to mount your standard volume. After you have successfully mounted it, you will be able to add decoy files without damaging your hidden volume. Step 5. Click to dismount or your make your standard volume unavailable for use, when you have finished modifying its contents. Remember: You only need to do this when you are updating the files in your standard volume. If forced to reveal your standard volume to someone else, you should not use the Protect hidden volume feature.
Installing TrueCrypt on Ubuntu
TrueCrypt is not available in the standard Ubuntu repositories. This means you cannot use the Ubuntu Software Center or apt-get (a command line method for installing software on Ubuntu) to install it. Instead you must first visit the TrueCrypt downloads page (http://www.truecrypt.org/downloads).You will see a drop-down menu under the heading Linux.
From the '(Select a package)' drop down menu you can choose from four options:
This is a little technical - the console version is the one you choose if you are either very technical and don't like Graphical User Interfaces or you wish to run this on a machine that you have only a terminal (command line or 'shell') access to (like a remote server for example). Assume you are running this in your laptop its best to choose the easy 'standard' option - this will give you a nice user interface to use. From these two options you need to choose the one most suitable for the architecture of your machine. Don't know what this means? Well, it basically comes down to the type of hardware (processor) running on your computer, the options are 32bit or 64-bit. Unfortunately Ubuntu does not make it easy for you to find this information if you don't already know it. You need to open a 'terminal' from the Applications->Accessories menu and type the following, followed by the [enter] key uname -a The output will be something like 'Linux bigsy 2.6.32-30-generic #59-Ubuntu SMP Tue Mar 1 21:30:46 UTC 2011 x86_64 GNU/Linux'. In this instance you can see the architecture is 64-bit ('x86_64'). In this example I would choose the 'Standard - 64-bit (x64)' option. If you see 'i686' somewhere in the output of the uname command then you would choose the other standard option to download. Once selected press the 'download' button and save the file to somewhere on your computer. So the installation process is still not over. The file you downloaded is a compressed file (to make downloading it is faster) and you need to first de-compress the file before you install it.
Fortunately Ubuntu makes this easy - simply browse to the file on your computer and right click on it and choose 'Extract Here'.
You will see a new file appear next to the compressed file:
Nearly done! Now right click on the new file and choose 'open' :
If all is well you will see a window open like this:
Choose 'run' and you see the following:
Now we are getting somewhere...press 'Install TrueCrypt'. You will be displayed a user agreement. At the bottom press 'I accept and agree to be bound by the license terms' (sounds serious). You will then be shown another info screen telling you can uninstall TrueCrypt. Press 'OK' then you will be asked for your password to install software on your computer. Enter your password and then you will finally see a screen like this:
TrueCrypt is installed and you can access it from the Applications->accessories menu...close the setup window.
Installing TrueCrypt on OSX
1. To install TrueCrypt on OSX first visit the download page (http://www.truecrypt.org/downloads) and press the download button under the OSX section.
2. Download this to your computer find the .dmg file and open it to acces the installation package.
3. Open the installation package, and click away through the dialogues.
4. Choose the standard installation. (You can choose to do a customized installation and deselect FUSE, but why would you? You need it!)
6. After the installation finishes you can find the program in your Applications folder
Steganography
Steganography is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message, a form of security through obscurity. The word steganography is of Greek origin and means "concealed writing" from the Greek words steganos (στεγανός) meaning "covered or protected", and graphei (γραφή) meaning "writing". The first recorded use of the term was in 1499 by Johannes Trithemius in his Steganographia, a treatise on cryptography and steganography disguised as a book on magic. Generally, messages will appear to be something else: images, articles, shopping lists, or some other covertext and, classically, the hidden message may be in invisible ink between the visible lines of a private letter. The advantage of steganography, over cryptography alone, is that messages do not attract attention to themselves. Plainly visible encrypted messages—no matter how unbreakable—will arouse suspicion, and may in themselves be incriminating in countries where encryption is illegal. Therefore, whereas cryptography protects the contents of a message, steganography can be said to protect both messages and communicating parties. Steganography includes the concealment of information within computer files. In digital steganography, electronic communications may include steganographic coding inside of a transport layer, such as a document file, image file, program or protocol. Media files are ideal for steganographic transmission because of their large size. As a simple example, a sender might start with an innocuous image file and adjust the color of every 100th pixel to correspond to a letter in the alphabet, a change so subtle that someone not specifically looking for it is unlikely to notice it.
Techniques
Physical Steganography has been widely used, including in recent historical times and the present day. Possible permutations are endless and known examples include:
Hidden messages within wax tablets — in ancient Greece, people wrote messages on the wood, then covered it with wax upon which an innocent covering message was written. Hidden messages on messenger's body — also used in ancient Greece. Herodotus tells the story of a message tattooed on the shaved head of a slave of Histiaeus, hidden by the hair that afterwards grew over it, and exposed by shaving the head again. The message allegedly carried a warning to Greece about Persian invasion plans. This method has obvious drawbacks, such as delayed transmission while waiting for the slave's hair to grow, and the restrictions on the number and size of messages that can be encoded on one person's scalp.
During World War II, the French Resistance sent some messages written on the backs of couriers using invisible ink. http://en.wikipedia.org/wiki/Invisible_ink Hidden messages on paper written in secret inks, under other messages or on the blank parts of other messages. Messages written in Morse code on knitting yarn and then knitted into a piece of clothing worn by a courier. Messages written on envelopes in the area covered by postage stamps. During and after World War II, espionage agents used photographically produced microdots to send information back and forth. Microdots were typically minute, approximately less than the size of the period produced by a typewriter. World War II microdots needed to be embedded in the paper and covered with an adhesive, such as collodion. This was reflective and thus detectable by viewing against glancing light. Alternative techniques included inserting microdots into slits cut into the edge of post cards. http://en.wikipedia.org/wiki/Microdot During World War II, a spy for Japan in New York City, Velvalee Dickinson, sent information to accommodation addresses in neutral South America. She was a dealer in dolls, and her letters discussed the quantity and type of doll to ship. The stegotext was the doll orders, while the concealed "plaintext" was itself encoded and gave information about ship movements, etc. Her case became somewhat famous and she became known as the Doll Woman. Cold War counter-propaganda. In 1968, crew members of the USS Pueblo intelligence ship held as prisoners by North Korea, communicated in sign language during staged photo opportunities, informing the United States they were not defectors, but rather were being held captive by the North Koreans. In other photos presented to the U.S., crew members gave "the finger" to the unsuspecting North Koreans, in an attempt to discredit photos that showed them smiling and comfortable.
Digital Modern steganography entered the world in 1985 with the advent of the personal computer being applied to classical steganography problems. Development following that was slow, but has since taken off, going by the number of "stego" programs available:
Concealing messages within the lowest bits of noisy images or sound files. Concealing data within encrypted data or within random data. The data to be concealed is first encrypted before being used to overwrite part of a much larger block of encrypted data or a block of random data (an unbreakable cipher like the one-time pad generates ciphertexts that look perfectly random if you do not have the private key). Chaffing and winnowing: http://en.wikipedia.org/wiki/Chaffing_and_winnowing
Mimic functions convert one file to have the statistical profile of another. This can thwart statistical methods that help brute-force attacks identify the right solution in a ciphertextonly attack: http://en.wikipedia.org/wiki/Ciphertext-only_attack Concealed messages in tampered executable files, exploiting redundancy in the targeted instruction set. http://en.wikipedia.org/wiki/Instruction_set Pictures embedded in video material (optionally played at slower or faster speed). Injecting imperceptible delays to packets sent over the network from the keyboard. Delays in keypresses in some applications (telnet or remote desktop software) can mean a delay in packets, and the delays in the packets can be used to encode data. Changing the order of elements in a set. Content-Aware Steganography hides information in the semantics a human user assigns to a datagram. These systems offer security against a non-human adversary/warden. Blog-Steganography. Messages are fractionalized and the (encrypted) pieces are added as comments of orphaned web-logs (or pin boards on social network platforms). In this case the selection of blogs is the symmetric key that sender and recipient are using; the carrier of the hidden message is the whole blogosphere: http://en.wikipedia.org/wiki/Blogosphere Modifying the echo of a sound file (Echo Steganography). Secure Steganography for Audio Signals. Image bit-plane complexity segmentation steganography: http://en.wikipedia.org/wiki/BPCS-Steganography
Network All information hiding techniques that may be used to exchange steganograms in telecommunication networks can be classified under the general term of network steganography. This nomenclature was originally introduced by Krzysztof Szczypiorski in 2003. Contrary to the typical steganographic methods which utilize digital media (images, audio and video files) as a cover for hidden data, network steganography utilizes communication protocols' control elements and their basic intrinsic functionality. As a result, such methods are harder to detect and eliminate. Typical network steganography methods involve modification of the properties of a single network protocol. Such modification can be applied to the PDU (Protocol Data Unit),to the time relations between the exchanged PDUs,or both (hybrid methods). Moreover, it is feasible to utilize the relation between two or more different network protocols to enable secret communication. These applications fall under the term inter-protocol steganography. Network steganography covers a broad spectrum of techniques, which include, among others:
Steganophony - the concealment of messages in Voice-over-IP conversations, e.g. the employment of delayed or corrupted packets that would normally be ignored by the receiver (this method is called LACK - Lost Audio Packets Steganography), or, alternatively, hiding information in unused header fields.
WLAN Steganography – the utilization of methods that may be exercised to transmit steganograms in Wireless Local Area Networks. A practical example of WLAN Steganography is the HICCUPS system (Hidden Communication System for Corrupted Networks)
Printed Digital steganography output may be in the form of printed documents. A message, the plaintext: http://en.wikipedia.org/wiki/Plaintext , may be first encrypted by traditional means, producing a ciphertext: http://en.wikipedia.org/wiki/Ciphertext . Then, an innocuous covertext is modified in some way so as to contain the ciphertext, resulting in the stegotext. For example, the letter size, spacing, typeface: http://en.wikipedia.org/wiki/Typeface , or other characteristics of a covertext can be manipulated to carry the hidden message. Only a recipient who knows the technique used can recover the message and then decrypt it. Francis Bacon developed Bacon's cipher as such a technique. The ciphertext produced by most digital steganography methods, however, is not printable. Traditional digital methods rely on perturbing noise in the channel file to hide the message, as such, the channel file must be transmitted to the recipient with no additional noise from the transmission. Printing introduces much noise in the ciphertext, generally rendering the message unrecoverable. There are techniques that address this limitation, one notable example is ASCII Art Steganography. Audio In steganography, the message used to hide the secret message is called the host message or cover message. Once the contents of the host message or cover message are modified, the resultant message is known as a stego message. In other words, a stego message is a combination of a host message and a secret message. Audio steganography requires a text or audio secret message to be embedded within a cover audio message. Due to availability of redundancy, the cover audio message before steganography and the stego message after steganography remains the same. Text Steganography can be applied to different types of media including text, audio, image, video, etc. However, text steganography is considered to be the most difficult kind of steganography due to the lack of redundancy in text as compared to image or audio. However, it requires less memory and provides for simpler communication. One method that could be used for text steganography is data compression. Data compression encodes information in one representation, into another representation. The new representation of data is smaller in size. One of the possible schemes to achieve data compression is Huffman coding. Huffman coding assigns smaller length codewords to more frequently occurring source symbols and longer length codewords to less frequently occurring source symbols.
Unicode steganоgraphy uses lookalike characters of the usual ASCII set to look normal, while really carrying extra bits of information. If the text is displayed correctly, there should be no visual difference from ordinary text. Some systems, however, may display the fonts differently, and the extra information would be easily spotted. Using Sudoku puzzles This is the art of concealing data in an image using Sudoku which is used like a key to hide the data within an image. Steganography using sudoku puzzles has as many keys as there are . This is equivalent to around 70 possible solutions of a Sudoku puzzle, which is bits, making it much stronger than the DES method which uses a 56 bit key
Application Note: Steganography is used by some modern printers, including HP and Xerox brand color laser printers. Tiny yellow dots are added to each page. The dots are barely visible and contain encoded printer serial numbers, as well as date and time stamps. Example from modern practice The larger the cover message is (in data content terms—number of bits) relative to the hidden message, the easier it is to hide the latter. For this reason, digital pictures (which contain large amounts of data) are used to hide messages on the Internet and on other communication media. It is not clear how commonly this is actually done. For example: a 24-bit bitmap will have 8 bits representing each of the three color values (red, green, and blue) at each pixel. If we consider just the blue there will be 2 8 different values of blue. The difference between 11111111 and 11111110 in the value for blue intensity is likely to be undetectable by the human eye. Therefore, the least significant bit can be used (more or less undetectably) for something else other than color information. If we do it with the green and the red as well we can get one letter of ASCII text for every three pixels. Stated somewhat more formally, the objective for making steganographic encoding difficult to detect is to ensure that the changes to the carrier (the original signal) due to the injection of the payload (the signal to covertly embed) are visually (and ideally, statistically) negligible; that is to say, the changes are indistinguishable from the noise floor of the carrier. Any medium can be a carrier, but media with a large amount of redundant or compressible information are better suited. From an information theoretical point of view, this means that the channel must have more capacity than the "surface" signal requires; that is, there must be redundancy. For a digital image, this may be noise from the imaging element; for digital audio, it may be noise from recording techniques or amplification equipment. In general, electronics that digitize an analog signal suffer from several noise sources such as thermal noise, flicker noise, and shot noise. This noise
provides enough variation in the captured digital information that it can be exploited as a noise cover for hidden data. In addition, lossy compression schemes (such as JPEG) always introduce some error into the decompressed data; it is possible to exploit this for steganographic use as well. Steganography can be used for digital watermarking: http://en.wikipedia.org/wiki/Digital_watermark , where a message (being simply an identifier) is hidden in an image so that its source can be tracked or verified (for example, Coded AntiPiracy), or even just to identify an image (as in the EURion constellation).
Using by terrorists The Federal Plan for Cyber Security and Information Assurance Research and Development, published in April 2006 makes the following statements:
"...immediate concerns also include the use of cyberspace for covert communications, particularly by terrorists but also by foreign intelligence services; espionage against sensitive but poorly defended data in government and industry systems; subversion by insiders, including vendors and contractors; criminal activity, primarily involving fraud and theft of financial or identity information, by hackers and organized crime groups..." (p. 9–10) "International interest in R&D for steganography technologies and their commercialization and application has exploded in recent years. These technologies pose a potential threat to national security. Because steganography secretly embeds additional, and nearly undetectable, information content in digital products, the potential for covert dissemination of malicious software, mobile code, or information is great." (p. 41–42) "The threat posed by steganography has been documented in numerous intelligence reports." (p. 42)
Moreover, an online "terrorist training manual", the "Technical Mujahid, a Training Manual for Jihadis" contained a section entitled "Covert Communications and Hiding Secrets Inside Images. By early 2002, a Cranfield University MSc thesis developed the first practical implementation of an online real-time Counter Terrorist Steganography Search Engine. This was designed to detect the most likely image steganography in transit and thereby provide UK Ministry of Defence Intelligence Staff a realistic approach to "narrowing the field", suggesting that interception capacity was never the difficulty but rather prioritising the target media. Despite this, there are no publicly reported instances of terrorists using computer steganography. Al Qaeda's use of steganography is somewhat simpler: In 2008 a British man, Rangzieb Ahmed, was alleged to have a contact book with Al-Qaeda telephone numbers, written in invisible ink. He was convicted of terrorism.
It is claimed that In 2010, the Federal Bureau of Investigation revealed that the Russian foreign intelligence service uses customized steganography software for embedding encrypted text messages inside image files for certain communications with "illegal agents" (agents under nondiplomatic cover) stationed abroad . Note: although along with growing Steganography technologies, many monitoring software are invented, but to overcome them is possible by mixing modern and old Steganography techniques.
In practice Steganography applications conceal information in other, seemingly innocent media. Steganographic results may masquerade as other file for data types, be concealed within various media, or even hidden in network traffic or disk space. We are only limited by our imagination in the many ways information and data can be exploited to conceal additional information. The following provides a list of stegangraphy and related products. NOTE: Some of the programs listed here contain strong encryption components, and the export of them from the US is restricted by the EAR regulations.
1. Blindside by John Collomosse. http://www.blindside.co.uk/
Last
known
addresses:
[email protected]
2. BMP Secrets by Parallel Worlds. Parallel Worlds is a company based in Kiev, capital of Ukraine. Tel.: +380 (44) 442 6077 Tel./Fax.: +380 (44) 442 0516 Pager: +380 (44) 461 0146 ab# 100252 GSM SMS: [email protected] e-mail: [email protected] · General Information: [email protected] · Services: [email protected] · Customer and Product Support: [email protected] · Products Sales: [email protected] · Web design: [email protected] · Other questions: [email protected] Visit Parallel Worlds page at http://www.pworlds.com Visit our steganography page at http://www.pworlds.com/techn/steganography.phtml Visit BMP Secrets page at http://www.pworlds.com/products/bmp-secrets.phtml http://www.pworlds.com 3. BMPEmbed v1.54 (DEMO) Data Embed by Brook Sandford and Ted Handel (LANL.gov) IMAGES: (BMP ) 4. BMPTable v2.16 (DEMO) Data Embed by Brook Sandford and Ted Handel (LANL.gov) Brook Sandford [email protected] Ted Handel [email protected] IMAGES: (BMP ) 5. Camouflage 2.0 by Frederic Peters. Last known contact information for the author: Frédéric Péters, rue Chantraine, 38 4420 Montegnée Belgique e-mail :
[email protected] [email protected] IMAGES: (TGA (24-bit uncompressed, 640x480, minimum of 921618 bytes). Author recommends using PNG. ) 6. Contraband Hell Edition (CHE) by Julius B. Thyssen & Hens Zimmerman of Immortalware / JTHZ Productions based in Amsterdam, The Netherlands. Last known urls: http://come.to/us or http://www.jthz.com/puter/ CHE runs on Win9x and process 24bit BMP images 7. Contraband, Contraband 9g by Julius B. Thyssen & Hens Zimmerman of Immortalware / JTHZ Productions based in Amsterdam, The Netherlands. Last known urls: http://come.to/us or http://www.jthz.com/puter/ CHE runs on Win9x and process 24-bit BMP images 8. Courier v1.0 by Kelce Wilson. Last known address: http://pages.prodigy.net/robyn.wilson/ runs on Win32 systems and embeds in IMAGES: (BMP (24-bit - will convert lower resolutions to 24-bit) ) 9. Covert.tcp C source code for Covert Channels in the TCP/IP Protocol Suite by Craig H. d Rowland. Published in f،®sT - moٌ @¥ (First Monday), Vol.2 No.5 - 5 May 1997. The article and source code are available from http://www.firstmonday.dk/issues/issue2_5/rowland/ 10. Data Stash v1.1, v1.1a Lim, Chooi Guan Previous addresses: [email protected] http://www.skyjuicesoftware.com/software/ds_info.html Claims to embed in the following media: IMAGES: (any binary ) AUDIO: (any binary ) TEXT: (yes, but suggest avoiding ) FILE/DISK: (any binary ) OTHER: (any binary ) 11. dc-Steganograph The application is also known as: DC-Stego and DiSi-Steganograph. A DOS program that hides data in 320x200 256 color PCX-files. Author's last known address: http://members.tripod.com/~Nikola_Injac/stegano/ 12. DCT-Steg (aka DCT-Jpeg) by Stefan Katzenbeisser embeds in JPEG images by manipulating the DCT coefficients 13. Digital Picture Envelope by the Digital Picture Enveloping Research Group. Product is based on the BPCS Steganography research. Previous addresses: [email protected] http://www.know.comp.kyutech.ac.jp/BPCSe/Dpenve/DPENVe-home.html The application runs on Win32. IMAGES: (BMP (adaptive) ) 14. Diskhide by MTC Medincom (Russia). DOS application that hides data on disks 15. Dmagic by ذerek de Oliveira (Russia) Previous addresses: [email protected] and [email protected] Hides files and folders on Windows systems 16. DPT (Data Privacy Tool) by Bernard Last known URL: http://www.xs4all.nl/~bernard/home_e.html Hides in BMP images. The author recommends 24-bit BMPs
17. EasyPrivacy Pro v2.1.1 by D4F Corp Last known addresses: Landstrasse 25, 9490 Vaduz, Liechtenstein ( Europe ) [email protected] or [email protected] http://www.digi4fun.com/EasyPrivacy.html The application runs on Win32 systems and embeds in BMP images 18. EIKONAmark by I. Pitas is now a series of watermarking products that embed in a variety of media types. The original EIKONAmark processed images: (input: BMP, JPG, TIF, TGA, GIF output: TIF, TGA, JPG) 19. Empty Pic by Robert Wallingford. Previous addresses: [email protected], [email protected], and [email protected] URL: http://www.crtelco.com/~robertw/ Empty Pic is a command line tool for Windows that "hides" a GIF image by replacing the palette with a single color. The original may be restored with the software. 20. Encrypt Pic by Fredric Collin. Previous addresses: [email protected], http://members.nbci.com/_XMCM/fredc/index2.html http://members.nbci.com/_XMCM/fredc/encryptpic.html http://members.xoom.com/fredc/encryptpic.html The application runs on Win32 systems. Data is embedded in BMP images. 21. Encrypted Magic Folders (EMF) (also Magic Folders) by PC Magic Software Addresses: [email protected] http://www.pc-magic.com/ This application hides and encrypts files and folders 22. EzStego by Romana Machado, author of Stego1a2 for the Mac. EzStego is "steganography made easy" - previously available at http://www.stego.com. EzStego is an implementation of Stego in Java. Stego is available at http://www.nic.funet.fi/pub/crypt/steganography/ 23. F5 by Andreas Westfeld (Dresden, Germany) Previous addresses: [email protected] http://www.inf.tu-dresden.de/~aw4 The application hides in JPEG images by manipulating the DCT coefficients 24. FatMacPGP 2.6.3 Previous address: http://www.math.ohio-state.edu/~fiedorow/PGP This application is for MAC computers 25. FFEncode Hides data in a Morse code of null characters. The file maybe downloaded from http://www.rugeley.demon.co.uk/security/encrypt.htm (UK). 26. Folder Guard Jr. (also see Folder Guard) by WinAbility (Andrei Belogortseff). Previous address: WinAbility, P.O.Box 5534 Buffalo Grove, IL 60089-5534 U.S.A. http://www.winability.com WIN: (9x/Me/NT/2000 ) FILE/DISK: (hide files & folders ) 27. Folder Guard by WinAbility (Andrei Belogortseff). WinAbility? P.O.Box 5534 Buffalo Grove, IL 60089-5534 U.S.A. http://www.winability.com This product has more features than Folder Guard Jr. WIN: (Win 9x/Me/@K/XP/Vista ) FILE/DISK: (hide files & folders )
28. Ghost Host by Kelce Wilson. Previous address: http://pages.prodigy.net/robyn.wilson/ WIN: (Win ) FILE/DISK: (Hides (appends) "ghost" files at the end for other files. ) 29. Gif-It-Up by Lee Nelson. Win32 application that hides in GIF images. 30. Gifshuffle by Matthew Kwan (Darkside Technologies) - Australia. Previous addresses: [email protected] http://www.darkside.com.au/gifshuffle/ WIN: (Win (DOS) ) IMAGES: (GIF (palette manipulation) ) 31. Giovanni by BlueSpike, Inc (Scott Moskowitz). http://www.bluespike.com Bluespike offers watermarking products for various media formats 32. Gzsteg by Andy Brown and Ken Pizzini hides in GZ compressed files and is available at http://www.nic.funet.fi/pub/crypt/steganography/ 33. Hermetic Stego by Peter Meyer, Hermetic Systems This program is capable of hiding in a BMP image or across multiple BMP images. More information and download from http://www.hermetic.ch/hst/hst.htm 34. Hidden by Evgeny Vasjuk Previous addresses: [email protected] [email protected] http://www.bashnet.ru/~evgenyww/ FILE/DISK: (hide files and folders ) 35. Hide and Seek by Colin Maroney Hide and Seek 4.1 http://www.nic.funet.fi/pub/crypt/steganography/ (Finland) and Hide and Seek 5.0 is significant update to hideseek v4.1 which includes a lot of new features. Available at www.rugeley.demon.co.uk (UK) Hide and Seek for Windows 95 is also available 36. Hide In Picture by Davi Tassinari de Figueiredo. Previous addresses: [email protected] http://www.brasil.terravista.pt/Jenipabu/2571 PORTUGAL http://www.brasil.terravista.pt/Jenipabu/2571/e_hip.htm WIN: (9x/Win32) IMAGES: (BMP ) 37. Hide Unhide (Hide) by GRYPHON Microproducts (no longer exists). Previous address: PO BOX 10087, Silver Spring, MD 20914, USA DOS command line IMAGES: (TIFF) 38. Hide by Toby Sharp. Previous addresses: Secret Software [email protected] http://www.geocities.com/toby.sharp/hidev2.zip WIN32 IMAGES: (24-bit color, 8-bit grayscale ) 39. Hide4PGP by Heinz Repp hides data in BMP, WAV, and VOC files. Available from the author's website: http://www.heinz-repp.onlinehome.de/Hide4PGP.htm (Germany) 40. Hideme (Hide Me) for Windows (encryption tool) by Terry Mechan Olympic Communications Previous address: [email protected] http://www.fis.lv/olympic Hides files & directories by encrypting them and placing them in a "hide me" file
41. In Plain View (IPV) by 9-Yards Computing. Previous addresses: [email protected] http://www.9-Yards.com Win32 IMAGES: (BMP (24-bit) ) 42. InThePicture (ITP) 2.01, 2.02 by INTAR Technologies. Previous addresses: 23 Sapphire Drive Barons Wood Royal Leamington Spa Warwickshire, CV31 3LB ENGLAND Administrative Contact, Billing Contact: Hogg, Ash (AH2184) [email protected] Intar Technologies Limited 12 Penfold Close Bishops Tachbrook Leamington Spa CV33 9SF UK +44-(0)1926-426621 (FAX) +44-(0)1926-426621 http://www.intar.com/ITP/itpinfo.htm WIN: (9x ) IMAGES: (BMP (4-bit, 8-bit, 24-bit) ) 43. Invisible Encryption by Bernd Binder Fractal Iteration of Information (FITIN) Germany http://www.fitin.com (down for some time) Written in JAva IMAGES: (GIF ) 44. Invisible Files 2000 (IF2000), Pro v5.0 (IF2000 Pro) by ANNA Ltd. Previous addresses: [email protected] Technical Support: [email protected] Any other questions: [email protected] FAX: (508) 355-8507 http://www.softsecurity.com WIN: (9x ) FILE/DISK: (hides files and folders ) 45. Invisible Secrets (numberous versions - also marketed as 1-2-Free Steganography) originally by NeoByte? Solutions. Headquarters: Aleea Rogerius 12 Bloc H1, Ap. 11 Oradea Romania Previous addresses: Corporate WWW: http://www.neobytesolutions.com Invisible Secrets homepage : http://www.invisiblesecrets.com WIN: Win32 Claims to hide in: IMAGES: (BMP, PNG, JPG) AUDIO: (WAV) TEXT: (HTML) 46. jpeg-jsteg DOS hides information in the DCT coefficients of JPEG's JFIF image format. FTP-Server: http://www.nic.funet.fi/pub/crypt/steganography/ (Finland) 47. JPHS (aka JPHide JPSeek, JP hide and seek) by Allan Latham Previous address: http://linux01.gwdg.de/~alatham/stego.html Windows Command line and linux versions IMAGES: (JPG ) 48. JPHSWin by Allan Latham. A Windows OS graphical implementation of JPHS. WIN: (9x ) IMAGES: (JPG ) 49. Jsteg Shell by John Korejwa Previous address: http://www.tiac.net/users/korejwa/jsteg.htm GUI front end for jpeg-jsteg. WIN: (9x/NT ) IMAGES: ( JPG - LSB of DCT coefficients ) 50. Magic Folders (MF) (also see Encrypted Magic Folders) by RSE Software Inc.(PC Magic Software). http://www.pc-magic.com/ FILE/DISK: (Hide files and folders ) 51. Makes Files Invisible (MFI) by PC Magic Software Previous address: MFI Registration 1157 57th Drive SE Auburn, WA 98092 (253) 939-4105 http://pc-magic.com WIN: (3.x/9x ) FILE/DISK: (hide files ) 52. Mandelsteg by Henry Hastur DOS Command line product. Generates GIF images of Mandelbrot Fractal graphics for hiding data.
53. Mimic by Peter Wayner. Generates text using context free grammar 54. MP3Stego, MP3Stego_GUI by Fabien Petitcolas. http://www.petitcolas.net/fabien/steganography/mp3stego/index.html AUDIO: (MP3 ) 55. MP3Stegz, by Achmad Zaenuri claims to hide a file (of any type) inside mp3 without changing it's size and sound quality. http://achmadz.blogspot.com/2008/05/hide-any-fileinside-mp3-file.html AUDIO: (MP3 ) 56. Nicetext by George Davida and Mark T. Chapman Previous addresses: [email protected] http://www.nicetext.com/ http://www.ctgi.net/nicetext/ Pseudo-random text-based stego using context-free grammer and customizable dictionaries 57. Outguess by Niels Provos http://www.outguess.org/ Another tool for hiding in DCT coefficients of JPEG images. 58. Paranoid by Nathan Mariels. Paranoid is primarily an encryption program that allows you to encrypt files with IDEA, triple DES, and an algorithm written by the author Nathan Mariels. It is a steganography program in that it allows you to hide files in sounds. FTP-Server: ftp://ftp.hacktic.nl/pub/crypto/macintosh/ (The Netherlands) 59. PGE - Pretty Good Envelope Hides data file into a GIF or JPG file of any size or resolution using a very simple method of appending the message to the file, and then appending a 4 byte little endian number which points to the start of the message. The encryption used is considered "weak" by the author, using another encryption method prior to applying PGE is recommended. Download from Version 1.0 (includes encryption) http://www.rugeley.demon.co.uk/security/encrypt.htm (UK) or version 2.0 (does not include encryption)http://www.afn.org/~afn21533/rgdprogs.htm (US). Stealth by Timo Rinne and Cirion oy Available 60. PGM http://www.nic.funet.fi/pub/crypt/steganography/ (Finland) IMAGES: (PGM ) at
61. PGPn123 A Windows front-end to PGP, which will hide a text file inside text. Basically a PGP shell tool that also includes a steganography option. Two versions are available: pn123-05.zip (freeware) and an enhanced version pn123e18.zip (shareware). Both may be available at http://www.stegoarchive.com (US) 62. PicSecret by Andrew Lee (Cortic Software). PicSecret allows users to hide text messages in images. Available for Mac OS X (free) and as a web-interface online at http://www.picsecret.com 63. PIILO, PILO by Tuomas Aura (now with Microsoft Research). Hides in PGM images 64. PixelTag by Joshua Smith and Barrett Comiskey (previously with MIT Media Lab). Previous address: http://www.media.mit.edu/pixeltag 65. Puff v1.01, 2.00 and OpenPuff v2.00, v3.01 by Cosimo Oliboni (Italy): Puff/OpenPuff is a significant rewrite and uses multiple encryption algorithms. Puff 2.X is not compatible
with v 1.01. Due to a cryptography rewrite, v3.X is not compatible with v2.X. V3.00 was removed due to a bug in the unhiding routine - this is fixed in v3.01. Carriers for steganogrphic content includes: Images: (BMP, JPG, PCX, PNG, TGA), Audio: (AIFF, MP3, NEXT/SUN, WAV), Video: (3GP, FLV, MP4, MPG, SWF, VOB) in unused space, Files: (WIN PE MODULES). http://members.fortunecity.it/blackvisionit/PUFFV200.HTM 66. S-Mail by Security Software Development (SSD) Ltd. Previous addresses: Nassau BAHAMAS http://www.ssdltd.com http://www.privacysoftware.com/ Versions for DOS 5.0+ and Win32 Hides in EXE and DLL files 67. S-Tools by Andrew Brown - S-Tools hides in a variety of cover media. This software is a good illustration of different versions hiding in different media. These versions cover hiding in BMP, GIF, WAV, and even on unused floppy disk space. Download: S-Tools 1.0 S-Tools 2.0 S-Tools 3.0 S-Tools 4.0 FTP-Server: ftp://ftp.funet.fi/pub/crypt/mirrors/idea.sec.dsi.unimi.it/code/ (Finland) 68. Safer v2.0 (kill v1.2, unkill v2.0) by C. Petermann (CpH). Versions available for DOS 5.0+, OpenDOS, Win32, and Amiga operating sytems Hides data on floppies 69. SandMark watermarking software by Christian Collberg and Gregg Townsend. Previous address: http://www.cs.arizona.edu/sandmark/ Unix/Linux: ( ) Watermarks Java code 70. ScramDisk by Anonymous (AMAN) Author of the program wishes to remain anonymous. ScramDisk support could once be obtained through the alt.security.scramdisk newsgroup. The author uses the pseudonym AMAN. Information about Scramdisk is hosted by Sam Simpson. ([email protected]) Previous address: http://www.scramdisk.clara.net/ Several products have been derived from Scramdisk. A sourceforge project is also avilable providing Scramdisk 4 Linux (SD4L) based on this product. Win32 AUDIO: (WAV ) 71. Scytale by Patrick Buseine is a Windows PGP interface that includes an option to hide data in .PCX files. Previous website http://scytale.rever.fr/main.html (France) 72. SGPO (SteganoGifPaletteOrder) by David Glaude and Didier Barzin. Previous contact information: David GLAUDE: [email protected] http://www.geocities.com/SiliconValley/Heights/2099/index.htm. Didier BARZIN: [email protected] http://student.ulb.ac.be/~dbarzin/. Written in Java IMAGES: (GIF (palette) ) 73. SilentEye by Anselme Chorein. SilentEye is a cross-platform application with binaries and source code available for Windows and Linux with MAC OSX version coming soon. Steganographic processing supports BMP images and WAV audio files. http://www.silenteye.org. 74. Snow (also variants include !SnowDOS, SnowJava, JSnow By Matthew Kwan is available in both DOS and JAVA executable formats. "snow exploits the steganographic nature of whitespace. Locating trailing whitespace in text is like finding a polar bear in a
snowstorm. And it uses the ICE encryption algorithm, so the name is thematically consistent." Information and software is available at http://www.darkside.com.au/snow/index.html (Australia) 75. Snowdisk by Scott G. Miller. Previous address: [email protected] Linux software for hiding on unused diskspace. Fills the disk space with the encrypted contents of and random data. 76. Spam Mimic (spammimic) by David Mckellar. See: http://www.spammimic.com/ for more information Generates spam-like text and fake PGP blocks to hide data 77. Spyder by Lucas (Luke) Natraj. Command line tool IMAGES: (BMP 8-bit ) 78. Stash (Stash-It) by Chris Losinger, Smaller Animals Software, Inc. Previous Contact information: Administrative Contact, Billing Contact: Losinger, Chris (CL4280) [email protected] Smaller Animals Software, Inc. 8701 Walkelin Ct Raleigh, NC 27615 919-844-7951 (FAX) 9198447951 http://www.smalleranimals.com Win32 IMAGES: (256-color PCX, BMP / 24-bit BMP, TIFF, PNG, PCX) 79. Stealth A PGP tool for steganography which strips any standard headers off of a PGP encrypted message to make the result look like random noise. Download from Adam Back's site http://cypherspace.org/adam/stealth/ (UK) Version 2.01b is avilable at ftp://ftp.hacktic.nl/pub/crypto/steganographic/ (The Netherlands) Versions are also available at: http://www.nic.funet.fi/pub/crypt/steganography/ (Finland) 80. Stealthencrypt Internet Security Suite by Herb Kraft or Amy Seeberger, Sublimated Software. Previous contact information: 703 Pier Avenue B330 Hermosa Beach, CA 90254 http://www.stealthencrypt.com/ Windows IMAGES: (BMP, TIF ) 81. Stegano (also WinStegano and steg_win) by Thomas Biel DOS and Windows applications for hiding data in BMP images 82. Steganos - Steganos Security Suite by Fabian Hansmann (Steganos.com) hides data in BMP, VOC, WAV and ASCII files. See http://www.steganos.com for the latest information. (Germany) Earlier versions of steganos are available at: ftp://ftp.funet.fi/pub/crypt/mirrors/idea.sec.dsi.unimi.it/code/ (Finland) Steganos 1.4 is a small DOS program Steganos for Windows 95 is an upgrade version 1.4 The Steganos Security Suite was introduced in version 2.0 Version 3r5 is avilable at ftp://ftp.hacktic.nl/pub/crypto/steganographic/ (The Netherlands) 83. StegFS (Steganographic File System) by Andrew D. McDonald. Previous addresses: http://www.mcdonald.org.uk/andrew/ http://ban.joh.cam.ac.uk/~adm36/StegFS Linux 84. Steghide by Stefan Hetzl. http://steghide.sourceforge.net/ Source code is aviailable and several ports are available for different operating systems. IMAGES: (BMP) AUDIO: (WAV, AU )
85. StegMark (also StegComm and StegSign) by DataMark Technologies (Singapore). Contact information: DataMark Technologies Pte Ltd Suite 106, Innovation Centre, Block 1, 16 Nanyang Drive Republic of Singapore 637722 Tel: (65)-793-7725 (65)-7937726 Fax: (65)-793-7790 Email: [email protected] http://www.datamarktech.com/index.htm Claims to embed in multiple file formats and media types IMAGES: (BMP, JPG, GIF, TGA, TIFF, PNG ) AUDIO: (MIDI, WAV, AVI, MPEG ) 86. Stego - Steganosaurus, Stegosaurus by John Walker - Text-based steganography program to send encrypted messages and files. For more information and syntax see: http://www.fourmilab.ch/nav/topics/crypto.html (Switzerland) public domain. 87. Stego (Stego v1.0a2) by Romana Machado is a steganography tool that enables you to embed data in Macintosh PICT format files, without changing the appearance or size of the PICT file. Thus, Stego can be used as an "envelope" to hide a previously encrypted data file in a PICT file, making it much less likely to be detected. Available at: http://www.nic.funet.fi/pub/crypt/steganography/(Italy) and ftp://ftp.hacktic.nl/pub/crypto/macintosh/ (The Netherlands) 88. Stegodos also known as Black Wolf's Picture Encoder by Black Wolf. This is a command line tool (actually several) that hide in 256-color screen captures. The screen captures are 320x200. Available at http://www.nic.funet.fi/pub/crypt/steganography/ (Finland) and ftp://idea.sec.dsi.unimi.it/security/crypt/cypherpunks/steganography/ (Italy) 89. Stegotif by Giovambattista Pulcini. Previous addresses: http://www.verrando.com/pulcini http://www.geocities.com/SiliconValley/9210 Win32 command line IMAGES: (TIFF, TGA (LSB 24-bit RGB) ) 90. Stegowav by Giovambattista Pulcini Previous addresses: http://www.verrando.com/pulcini http://www.geocities.com/SiliconValley/9210 Command line tool (WinDOS) AUDIO: (RIFF (8/16 bits) PCM wave (.WAV) ) 91. Stegowav by Peter Heist. Previous addresses: [email protected] and [email protected] Java code AUDIO: (Microsoft WAV ) 92. StegParty by Steven E. Hugg. Previous Contact Info: Hamco Software (COMETBUSTERS-DOM) 1249 Turkey Point Rd Edgewater, MD 21037 USS Previous e-mail [email protected] http://www.cometbusters.com/hugg/projects/stegparty.html Unix/Linux Generates text to hide data (not random gibberish) 93. Stext by Ulrich Kuehn. Previous address: [email protected] Command line application that generates text to hide information 94. SubiText also TextSign Watermark by Compris.com Previous contact information: Compris.com Opelstr. 10 D-67661 Kaiserslautern-Siegelbach Germany phone: (+49) 06301 - 703340 fax: (+49) 06301 - 703119 E-Mail:mailto:[email protected] http://www.textsign.com/
95. Suresign (Signum) by Signum Technologies http://www.signumtech.com Windows and MAC versions of the watermarking application. Claims: IMAGES: (Invisible watermark and visible logo with Photoshop Plug-in ) AUDIO: (WAV files with the Cool Edit Audio Plug-in ) 96. SysCop by MediaSec Technologies LLC Previous contact information: MediaSec Technologies LLC 321 South Main Street, Suite 2 Providence, RI 02903 USA Tel: (401) 453 6363 x 108 Fax: (401) 453 0444 Email: [email protected] http://www.mediasec.com Digital watermarking products for for Windows, Mac, and Linux Carriers: Images, MPEG-1, MPEG-2 97. Textego by Chirs Huson. Previouis address: http://www.soltec.net/~huson/ TEXT: substituion cipher that makes text files look like a cross between mad libs and bad poetry 98. TextHide (see SubiText) 99. Texto Texto by Kevin Maher is a text steganography program which transforms uuencoded or PGP ascii-armoured ascii data into English sentences. Texto text files look like something between mad libs and bad poetry, (although they do sometimes contain deep cosmic truths) and should be close enough to normal english to get past simpleminded mail scanners. FTP-Server: http://www.nic.funet.fi/pub/crypt/steganography/ (Finland) 100. Virtual Steganographic Laboratory (VSL) by Michal Wegrzyn is a graphical block diagramming tool that allows complex using, testing and adjusting of methods both for image steganography and steganalysis. VSL provides friendly GUI along with modular, plug-in architecture. Available at Sourceforge: http://sourceforge.net/projects/vsl/ 101. VisualCrypto (Visual Cryptography) by Jouko Holopainen . Previous contact information: Purjehtijantie 4 A 10 FIN-90560 Oulu FINLAND [email protected] as of 1996-05-14 Versions for Windows, MAc, and Linux IMAGES: (Input from PGM (B&W) images and output to Postscript (PS). ) 102. Vodka-tonic by lordlsd is a cryptography-steganography hybrid tool. It can hide data into different filetypes and encrypt the information. Available at http://www.astalavista.com/index.php?section=directory&cmd=detail&id=3181 103. wbStego by Werner Bailer is a steganography to hide data in bitmaps, text files and HTML files. Available at http://www.8ung.at/wbailer/wbstego/ (Austria) 104. WitnesSoft No longer available. Used to be offered by Aliroo. WitnesSoft contained DocSec - Invisible, scannable label for organizational document security. PrintAuthentic Invisible, programmable background for official document authentication. SoftProtect Built in marking mechanism for software protection. CopyRight - invisible page marking of for copyright protection of printed intellectual property.
105. Wnstorm - White Noise Storm Wnstorm (White Noise Storm) is a cryptography and steganography software package which you can use to encrypt and hide files within PCX images. Available at http://www.nic.funet.fi/pub/crypt/steganography/ (Finland) 106. Xidie Security Suite Xidie is one of the most complete, innovative and complex application in steganography branch. Offer over 50 carrier types including many new technologies like ADS, Microsoft Office carrier, Registry keys etc. Most of carrier types implemented in Xidie are unique:Tiff and Word, Excel workbooks, Access databases Registry keys, Microsoft console documents, Event log files Cookies, subtitles, dictionary and PDF documents, Alternate data streams and attaching method with multiple files Technical specifications: carrier. Commercial site: http://www.stegano.ro http://web.clicknet.ro/xidie/index.html 107. Z-File (Zfile Camouflage and Encryption System) by INFOSEC Information Security Company, Ltd. (Taiwan) Previous addresses: http://www.in4sec.com (no longer) http://www.infosec.com.tw (no longer) Win32 application IMAGES: (BMP) 108. http://sourceforge.net/projects/camerashy/?_test=b 109. http://wbstego.wbailer.com/
An example: SilentEye SilentEye is a cross-platform application design for an easy use of steganography, in this case hiding messages into pictures or sounds. It provides a pretty nice interface and an easy integration of new steganography algorithm and cryptography process by using a plug-ins system. SilentEye is free to use (under GNU GPL v3). Main Features
Windows Mac OS X Linux
Hide information into images and sounds (LSB) o JPEG o BMP o WAVE Encrypte data o AES128 o AES256 Capacity to hide text or file zlib compression of message Drag & Drop
Architecture Media format and encryption are supported by plug-ins :
Format Plug-in : o Image format plug-ins (ex: BMP, JPEG), which allow you to save informations into output files (ex: .jpeg). o Audio format plug-ins (ex: WAVE), provided output for .wav files Cryptography plug-ins: o Allow application to encrypte data before hidding them (ex: AES 256)
Using this architecture provides easy integration of new steganography algorithm and cryptography process.
Preview
Protect your computer from malware and hackers
No computer is safe against hackers or malicious software, called malware. So what you can do to avoid virus infection
Worms, macroviruses, trojans and backdoors are some of the more well-known viruses. Spread over the Internet, using email, malicious webpages or other means to infect unprotected computers. Others spread through removable media, particularly devices like USB memory sticks. They can also take control of your computer both software and hardware! Antivirus: Avast is a free excellent anti-virus for windows and needs to register once every 14 months, although it is a little big and need more CPU than some other useful program such as Kaspersky or NOD32. In most cases you should use more programs to stop infections, for example NOD32 only detects 70-75% of threats, and so you have to use malware byte or spybot as a supplement. -To avoid crashing your system, don’t run two antivirus programs at the same time. -allow your program to receive updates -Enable your anti-virus -Scan on your computer regularly. -do not open any attachment received from an unknown source. -disable your operating system's 'AutoPlay' feature. Under Windows XP, right-clicking on your CD or DVD drive, selecting Properties and clicking on the AutoPlay tab. For each content type, select the Take no action or Prompt me each time to choose an action options then click OK.
Avast! - Anti-Virus
Avast! is a full-featured anti-virus program that detects and removes malware and viruses from your computer. Although Avast! Is free for non-commercial use on a home or personal computer, your free copy must be registered after installation, otherwise it will expire in 30 days. Registration also ensures that you will automatically receive the latest Avast! And Program versions and virus definitions as they become available. There are two basic parts to dealing with malware and other assorted viruses when using Avast!. The first is scanning your computer to identify such threats. The second involves either deleting or moving such threats to the Avast! Virus Chest. Deleting and/or moving malware and viruses to the Virus Chest effectively prevents them from interacting with different computer systems, for instance, the file system or email programs. it may seem unusual to store such malware or viruses. However, if they have attached themselves to important or sensitive information, you may want to recover or save that infected document, file or program as far as possible. In rare instances, Avast! may misidentify legitimate code or programs as being malware or a virus. Generally referred to as 'false positives', that code or those programs might be important to your system, and you may want to recover them.
A Short Guide to Dealing with Virus Outbreaks There are a number of precautions you can take to limit hostile or malicious threats to your computer system; for instance, avoiding dubious or problematic web sites, or regularly using anti-virus or anti-spyware programs like Avast! or Spybot. However, we also sometimes find ourselves having to share a local-area network (LAN) and/or Internet connection. The following points are offered for consideration when dealing with a virus attack in a community setting or while at work:
Disconnect your computer from the Internet or the local network - physically. If you have a wireless connection, disconnect your computer from the wireless network itself. If possible, switch off and/or remove your wireless card. If your computer is on a network, you should immediately disconnect all computers on that network from the Internet, and then disconnect them from the local network. Every user should stop using the network and begin running Avast! or similar trusted anti-virus software to detect and delete the virus. This may seem like an exhausting process, but it is imperative in maintaining individual system and network integrity. Schedule a boot-time scan for all computers on the network. Write down the names of any viruses that you find, so that you can research them - and then delete them, or move
them to the Avast! Virus Chest. To learn how to perform a boot-time scan, please refer to section 4.6 How to Perform a Boot-time Scan. Even if a virus has been either deleted or repaired, repeat the previous step, and run boottime scans on all computers, until Avast! no longer displays any warning messages. Depending on the severity of the malware or virus attack, you may not have to perform a boot-time scan more than once.
Homepage: www.Avast.com Computer Requirements:
All Windows Versions Although we recommend Avast! Free Antivirus in this chapter, there are other free antimalware programs compatible with Microsoft Windows that are worth recommending as well:
Avira Anti Virus Personal Edition: http://www.free-av.com AVG Anti-Virus: http://free.avg.com
After installing Avast, Click (through MAINTENANCE and Registration menu items) to activate the following two screens in quick succession:
The Free Antivirus Registration screen The Avast! Free Antivirus Registration pops-up window advises you that information is being retrieved. It is followed by another screen warning you that Avast! will expire in 30 days if you do not register your software by then. (It also displays information about commercial software products and promotions currently available.)
The Your Registration Status screen Step 3. Click to activate again, followed by this screen:
The Antivirus Free Registration - Registration Form Note: The Name and Email are the only mandatory text fields. They are identified by asterisks and outlined in small red squares. The other fields are not mandatory in the registration process. Step 4. Type your name and email address into the corresponding text fields, and then click to activate the following screen:
Thank You for Registering pop-up screen Step 5. Click follows: to access the YOUR REGISTRATION pane in the main user interface as
The YOUR REGISTRATION pane registration confirmation You have now completed registering of your copy of Avast!,
To update Avast , Click
to activate the following screen:
The main interface displaying the Maintenance UPDATE pane
The Maintenance UPDATE pane is used to update the program and virus definitions manually. Click to begin updating the engine and virus definitions.
Click after the engine and virus definition process has been completed, to return to the Maintenance UPDATE screen. Updating the Avast! program upgrade follows a similar procedure to updating the engine and virus definitions. Click upgrade process. to start the update process, and start the Program
Click after the program upgrade process has been completed, to return to the Maintenance UPDATE pane.
How to Use the Pop-up Menu to manually update Avast!
The Avast! program upgrade and virus definition updates can be performed through the Avast! pop-up menu. The pop-up menu can be used to directly access the Maintenance UPDATE screen. To manually update the Avast! Engine and virus definitions using the pop-up menu perform the following steps: Step 1. Right click in the System Tray to activate the following pop-up menu:
The Avast! pop-up menu
How to Perform a Boot-time Scan The Avast! boot-time scan lets you perform a full scan of your hard drive before the Microsoft Windows Operating System starts running. At the moment the boot-time scan is performed, the majority of malware programs and viruses are still dormant, that is, they have not had the opportunity to activate themselves, or interact with other system processes yet. As such, they are usually quite easily exposed and removed. The boot-time scan also directly accesses the disk, and bypasses the drivers for the Windows file system, a favourite target of most computer threats. This will display even the most persistent 'rootkits' - the name for a particularly malignant form of malware. It is strongly recommended that you run a boot-time scan even if there is only a remote suspicion that your computer system may be compromised or infected. The Boot-time Scan option is recommended for a complete and thorough scan of your computer system. It may require some time, depending on your computer speed and the amount of data and number of hard drives you may have. The Boot-time Scan is always scheduled for the next time you start your computer.
To scan your system at boot time, perform the following steps: Step 1. Click Step 2. Click computer. Step 3. Click to activate the BOOT-TIME SCAN pane. to schedule a boot-time scan the next time you start your
to start the boot-time scan immediately, if you prefer.
Note: A boot-time scan starts before the operating system and interface are loaded; as such, only a blue screen appears, displaying the progress of the scan as follows:
The Avast! Boot-time scheduled scan Avast! will prompt you for a response every time a virus is detected, and to Delete, Ignore, Move or Repair any or all identified viruses, but it is recommended that you do not ignore them under any circumstances. A list of these commands only appears if a virus is detected on your system.
How to Deal with Viruses
During the Avast! installation process, the Avast! Virus Chest was created on your hard drive. The Virus Chest is simply a folder isolated from the rest of your computer system, and used to store malware and viruses detected during the scan, as well as infected or threatened documents, files or folders. If you have already updated your program upgrade and virus definitions, you will be familiar with the MAINTENANCE tab - which is also how you access the Avast! Virus Chest. To begin dealing with any malware or viruses detected during a scan, perform the following steps:
Step 1. Click
to activate the following screen:
The SCAN RESULTS window displaying THREAT DETECTED! warning Step 2. Click to display the drop-down list of possible actions to be applied to the detected threats as shown in Figure above.
Note: In this exercise, we are concerned with moving infected files to the Virus Chest. However, the drop-down list displays three other options and they are described below: Repair: This action will attempt to repair the infected file. Delete: This action will delete - permanently - the infected file. Do nothing: This action means exactly what it says, and is definitely not recommended for treating potentially harmful malware or virus threats. Step 3. Select the Move to Chest item, and then click screen: to activate the following
The viruses have been moved to the Virus Chest successfully
How to Use the Virus Chest The Avast! Virus Chest is an electronic 'dead zone' or 'quarantine', where you can examine the virus and determine its potential threat by either researching it on the Internet, or submitting it to a virus laboratory - an option available in Avast! when you right-click a virus listed in the Virus Chest. Double clicking a virus in the Virus Chest will not activate or run the malware or virus because the Virus Chest keeps it isolated from the rest of your system. Tip: Alternatively, you can transfer important or sensitive information to the Avast! Virus Chest to keep it safe during a virus attack. You are now free to decide how to deal with the virus once it has been safely moved to the Avast! Virus Chest.
Step 1. Click
and click
to activate the following screen:
The Virus Chest displaying two viruses Step 2: Right click either virus to display the menu of actions that can be applied to a selected virus as follows:
The pop-up menu of actions for viruses in the Virus Chest Note: Double clicking a virus in the Virus Chest will not activate or run it. It will only display the virus properties, or basically the same information you would obtain by selecting Properties from the pop-up menu. The following list describes the actions used to deal with viruses in the pop-up menu as follows: Delete: This item will delete the virus irreversibly. Restore: This item will restore the virus to its original location. Extract: This item will copy the file or virus to a folder you have specified. Scan: This item will resubmit the virus to another scan.
Submit to virus lab...: This item will let you submit a virus for further analysis against a database of known viruses. Selecting this item will activate a virus submission form for you to fill out and submit. Properties: This item will reveal more details about the virus selected. Add...: This item lets you browse your system for other files you would like to add to the Virus Chest. This is potentially very useful if you have files you would like to protect during a virus outbreak. Refresh all files: This item will update your files, so that you will be able to view the latest files.
Advanced Virus Removal Methods Sometimes the protection offered by Avast!, Comodo Firewall and Spybot is simply not sufficient; despite our best efforts, our personal and work systems do become infected by malware and other viruses. In section A Short Guide to Dealing with Virus Outbreaks, a few methods were offered for dealing with persistent malware and viruses. However, there is more that can be done to eliminate such threats from your computer. Method A: Using Anti-malware Rescue CDs/DVDs Some anti-malware software companies also offer a free anti-virus 'rescue' CD/DVD. These can be downloaded in ISO image format (that is, a format that can be easily burned onto a CD or DVD). To begin using these anti-malware CDs/DVDs, perform the following tasks: 1. 2. Download and burn the anti-malware program to a CD. You can use free program like http://www.imgburn.com to burn the image to the disk. Insert the disk to infected computers, CD/DVD player and then restart your computer from this CD/DVD. Often you can do this by pressing key F10 or F12 on your keyboard just after switching on the computer. Pay special attention to the instruction on the screen of your computer while it starts to learn how to do this on your computer.
3.
Re-connect your system to the Internet so that the anti-malware program will automatically update its virus definitions if necessary, after which it will begin scanning your computer hard drives to remove any detected software threats.
Method B: Re Installing the Microsoft Windows Operating System Note: Before you begin, make sure you have all the appropriate license or serial numbers, and installation copies for the Windows OS and other programs you require. This procedure may be time consuming but worth the effort if you can't eliminate malware and virus threats the other way. In rare instances, a virus infection can be so destructive that the software tools recommended earlier may be rendered useless. In situations like this, we recommend that you perform the following tasks: 1. Create a backup or copy of all your personal files on the computer. 2. Reinstall the Microsoft Windows operating system formatting the entire disk. 3. Update the Microsoft Windows operating system after the installation has been completed. 4. Install avast! (or your preferred anti-virus program) and update it. 5. Install whatever programs you require and remember to download the latest versions and all the updates for each program. Note: Under no circumstances should you connect your backup disk to your computer before you have successfully performed these tasks. You might risk infecting your computer again. 1. Connect your backup disk to your computer and scan it thoroughly to detect and eliminate any existing problems. 2. After you have detected and deleted any problems, you may copy your files from the backup disk to the computer hard drive.
Spyware
It is malicious software that can track the work you do and send your information to unauthorized person and they reveal confidential information about you. As Malicious WebPages are a major source of spyware infection, you should pay extra attention to the websites you visit and make sure that your browser settings are secure. Watch for browser windows that appear automatically, and read them carefully instead of just clicking yes or OK. When in doubt, you should close 'pop up windows' by clicking the X in the upper right-hand corner, rather than by clicking Cancel. -in Mozilla Firefox, you can install the NoScript add-on to prevent auto play potentially dangerous programs. -Never accept content from unknown websites.
Portable Spybot
Portable Spybot - Search & Destroy is used to detect and remove different kinds of adware, malware and spyware from your computer. It offers free updates and lets you immunise your Internet browser against future infection by known malware. There are no other differences between Portable Spybot and the version designed to be installed on a local computer.
Differences between the Installed and Portable Versions of Spybot - Search & Destroy Given that portable tools are not installed on a local computer, their existence and use may remain undetected. However, keep in mind that your external device or USB memory stick, and portable tools are only as safe as the computer you are using, and may risk being exposed to adware, malware, spyware and viruses.
There are no other differences between Portable Spybot and the version designed to be installed on a local computer.
How to Download and Extract Portable Spybot - Search & Destroy To begin downloading and extracting Portable Spybot - Search & Destroy, perform the following steps: Step 1. Click http://portableapps.com/apps/security/spybot_portable appropriate download site. to be directed to the
Step 2. Click page; Step 3. Click to save the computer, and then navigate to it. Step 4. Double click box may appear; if it does, click
to activate its associated Source Forge download
installation file to your
; the Open File - Security Warning dialog to activate the following screen:
The Language Installer window Step 5. Click Step 6. Click to activate the following screen: to activate the License Agreement window. option after you have read the to activate the following screen:
Step 7. Click to enable the License Agreement, and then click
Step 8. Click
to activate a screen resembling the following:
Step 9. Navigate to your destination external drive or USB memory stick, as shown in Figure above, then click to confirm the location of the Spybot - Search & Destroy Portable file, and return to the Choose Install Location window.
Step 10. Click
to begin installing the Spybot - Search & Destroy Portable program,
to complete the installation process, and then navigate to the removable then click drive or USB memory stick which the Portable Spybot - Search & Destroy program was saved.
The newly installed Portable Spybot program with its folder highlighted in blue Step 11. Open the Portable Spybot - Search & Destroy folder, and then double click to begin launch Portable Spybot - Search & Destroy.
Firewalls
Like a security guard that sees incoming/outgoing data communication between your computer and network. It is critical that you defend yourself against untrusted connections from the Internet and from local networks. When one of these programs tries to contact the outside world, your firewall will block the attempt and give you a warning unless it recognizes the program and verifies that you have given it permission to make that sort of connection. COMODO and Zone Alarm are both free excellent firewall. Get Zone Alarm-Free Firewall from its official website: http://www.zonealarm.com Or CNET: http://download.cnet.com/ZoneAlarm-Free-Firewall/3000-10435_4-10039884.html After downloading, simply install it .Program installation was largely a smooth experience, taking about 5 minutes. Users will have to reboot their computers after it’s done. The e-mail checker built into the toolbar is compatible with Hotmail, Gmail, Yahoo, RR, Univision, and POP3 accounts. Unfortunately, there's no IMAP support.
Comodo Firewall
COMODO Firewall is a full featured and renowned firewall, free for personal use. It helps to protect your computer from unauthorized connections to and from the Internet. Homepage www.personalfirewall.comodo.com Alternatively you can grab Comodo free Firewall from CNET here: http://download.cnet.com/Comodo-Firewall/3000-10435_4-75181464.html Computer Requirements
Windows 2000/XP/2003/Vista Administrator rights required for installation
GNU Linux, Mac OS and other Microsoft Windows Compatible Programs: GNU/Linux comes with a built-in firewall (netfilter/iptables: http://www.netfilter.org ) and very good network security setup. There are various user-friendly interfaces to the built-in firewall, we particularly recommend GUFW (Graphical Uncomplicated Firewall): https://help.ubuntu.com/community/Gufw
How to Install COMODO Firewall Overview of the COMODO Firewall Installation Installing COMODO Firewall is a relatively easy and quick procedure, divided into two stages: the first involves manually disabling the Windows Firewall, and the second is the actual COMODO Firewall software installation. Ideally, you should only use one firewall program for your computer system at any given time. If you are currently using another firewall on your computer, it must be uninstalled before you install COMODO Firewall, so as to eliminate potential software conflicts between similar types of programs.
How to Disable the Windows Firewall To disable the Windows Firewall program, perform the following steps: Step 1: Select Start > Control Panel > Windows Firewall to activate the Windows Firewall screen. Step 2. Check the Off (not recommended) option to disable the Windows Firewall as shown in Figure 1 below:
The Windows Firewall with the Off option enabled Step 3. Click to complete disabling the Windows Firewall.
How to Install COMODO Firewall Note: COMODO Firewall does not automatically uninstall older or previously existing versions of its software. It must be manually uninstalled it before you begin installing the latest version. To begin installing COMODO Firewall, perform the following steps: Step 1. Double click to begin the installation process. The Open File to activate the following
Security Warning dialog box may appear. If it does, click confirmation dialog box:
The Select the language confirmation dialog box Step 2. Click to activate the End User License Agreement. Please read the End User License Agreement before proceeding with the rest of the installation process, and then click to activate the Free Registration screen. Step 3: Do not enter your email address into the Enter your email address (optional) text field; simply click to activate the Extracting the Packages screen.
After the extraction process has been completed, the Firewall Setup Destination Folder appears. Step 4. Click to accept the default path and activate the Firewall security level selection screen, and then check the Firewall Only option as follows:
The Firewall Security level selection screen
Definition of Firewall Security Level Options Each firewall security level option caters to users of different levels. Each option balances different kinds of protection with complexity of usage, as well as the number of security alerts you may receive. A brief description of each security level is provided as follows: Firewall Only mode: This option lets you run COMODO Firewall without the Defense + feature enabled. It readily identifies popular applications which are relatively safe (like web browsers and email clients); reducing the number of security alerts you may receive. It offers general explanations of why a particular alert screen has appeared. In addition, the actions to be undertaken are relatively simple. Firewall with Optimum Proactive Defense mode: This option combines the solid protection of the Firewall Only mode with the Defense+ feature enabled. Defense+ offers active protection against malware designed to circumvent different firewalls. The COMODO Firewall Alerts offer more in-depth explanations of why a certain application or request is being blocked and you have the option of partially isolating or 'sandboxing' a suspicious file or program. Firewall with Maximum Proactive Defense mode: This option combines the security of the Firewall with Optimum Proactive Defense option with 'anti-leak' protection against more 'passive' security threats, for instance details about open ports on your computer being sent over the Internet. The sandbox feature is fully automated. Step 6. Click to activate the COMODO Secure DNS Configuration screen, with the I would like to use COMODO Secure DNS Servers option enabled as follows:
The COMODO Secure DNS Configuration screen
Important: Although no Domain Name System (DNS) server is ever completely secure, the advantages of using the COMODO Secure DNS Servers outweigh the disadvantages. It offers additional protection from pharming and phishing, which are two popular methods used by malicious forces to 'hijack' or redirect your computer to a dangerous or hostile site. COMODO Secure DNS Servers may also protect you from government interference, while being easy to set up during the installation process, and by facilitating safer access to web sites which are registered with COMODO. For instance, accidentally typing in the wrong URL will activate a message from the COMODO Secure DNS Servers resembling the following:
A typical example of a COMODO Secure DNS Server notification Step 7. Click to activate the Ready to Install COMODO Firewall screen, and then
click to begin the installation process, and activate the Installing COMODO Firewall screen. After the installation process has been completed, it will activate the Completed the COMODO Firewall Setup Wizard screen. Step 8. Click to activate the Done confirmation screen, and then click activate the following confirmation dialog box: to
The Firewall Installer confirmation dialog box Step 9. Click installation procedure. to restart your computer, and complete the COMODO Firewall
After your computer restarts itself, the The New Private Network Detected! Screen appears as follows:
The COMODO Firewall New Private Network Detected! Screen Tip: If you are working in a LAN environment, simply check the “I would like to be fully accessible to other PCs in this network “option to enable file/folder/printer and/or Internet connection sharing. Step 10. Either type in a name in the Give a name to this network for your network text field or simply accept the default name offered as shown in Figure above. Leave the options listed under Step 2 - Decide if you want to trust the other PCs in this network unchecked, and then click to complete the installation. The COMODO Firewall desktop icon and the COMODO Firewall connectivity icon simultaneously appear with figure above. Before you connect to the Internet, the connectivity icon appears in the System Tray as follows:
The COMODO Firewall connectivity icon outlined in black in the System Tray Going online or launching on-line related programs (for instance, web browsers) will trigger a series of light orange downwards-pointing arrowheads and/or light green upwards-pointing arrowheads, indicating incoming and outgoing Internet connection requests, and are depicted as follows:
The COMODO Firewall connectivity icon in action
After COMODO Firewall has been running for a few moments, the COMODO Message Center pop-up message appears as follows:
The COMODO Message Center pop-up screen Note: Click the Learn more hyperlink to be directed to the COMODO forums community-based help. Tip: Right-click the COMODO Firewall connectivity icon in the System Tray (as displayed in figure 8) to activate the following pop-up menu and its associated sub-menus as follows:
The connectivity icon Configuration menu and sub-menu The connectivity icon menu lets you change the COMODO Firewall products you are using. Selecting the Configuration item activates the Manage My Configurations sub-menu where you can select either COMODO - Proactive Security or COMODO - Internet Security to enable the sandboxing feature. In addition, each product may have its security level adjusted from within the connectivity icon pop-up menu as follows: The connectivity icon Firewall Security Level sub-menu
How to Allow and Block Access Using COMODO Firewall Every time Comodo Firewall receives a connection request, it activates a pop-up Firewall Alert prompting you to either Allow or Block access to your system to and from the Internet. First try with a safe program such as Firefox: Remember my answer, will automatically allow or block connection requests from this program the next time it attempts to connect to your computer, based on whatever choice you have specified here. Enable the Remember my answer option if and only if you are completely sure of your decision. If you have either determined a request is unsafeclick to direct COMODO Firewall to deny access to your system.To open the COMODO Firewall main user interface. Select Start > Programs > Comodo > Firewall > Comodo Firewall. You may right-click the COMODO Firewall icon to activate its pop-up menu, and then select Open as follows:
The Comodo Firewall user interface in the default Summary mode Click to activate the corresponding detailed summary of the outbound requests at a given moment as follows:
An example of the Active Connections window displaying Internet traffic details
Click to activate a similar Active Connections window for the inbound requests at a given moment.
Tip: Click to stop all inbound and outbound requests, if your Internet service suddenly slows down or stalls, and you have reason to suspect a malicious process or program is either downloading itself or in operation. Doing so immediately sets the Firewall operational mode to . Review the detailed summary in the Active Connections window to identify the possible source of the problem. After you are certain you have resolved the issue successfully, click processing inbound and outbound requests to COMODO Firewall and return to usual. to begin as
Advanced Configurations and Settings
Right click the connectivity icon to activate the pop-up menu and sub-menu as follows:
The Firewall Behavior Settings window lets you customize firewall security by using a variety of features and options, including the firewall security level, the number and type of security alerts received and packet analysis and monitoring.
Safe Mode: This mode is the default setting for the COMODO Firewall, including the Optimum Proactive Defense and Maximum Proactive Defense installations. Block All: This mode stops all Internet-related traffic and overrides any firewall configurations and rules you have specified. It will neither generate traffic rules for applications, nor record or 'learn' their behaviors.
Custom Policy: This mode applies only the user-defined COMODO Firewall security policies and network traffic policies that you have previously defined in the Firewall Tasks > Network Security Policy and the Defense+ Tasks > Computer Security Policy windows. The Defense+ system constantly monitors the activities of all executable files currently residing on your computer. An executable file is simply an application or program, or a part of it, and typically but not exclusively, is identified by the following file extensions: .bat, .exe, .dll, .sys, and others.
To manually enable the Defense+ system and activate the Defense+ Settings window, perform the following steps: Step 1. Click the Defense+ tab in the COMODO Firewall main user interface and then click
Paranoid Mode: This mode is the highest available level of security, and monitors all and any executable files apart from those you have specified as safe, including those on the Trusted Software Vendor list.
Information recovery
When losing information happens to you, it is extremely important that you already have an upto-date backup and a well-tested means of restoring it. First of all you should prevent to lose your information and make sure they are in safe place, free of malware and protected by a good firewall and strong passwords, but sometimes virus attacks, hackers, electrical short circuits, power spikes, water spills, theft, confiscation, demagnetization, operating system crashes and hardware failure, to name just a few. Preparing for disaster is just as important as defending against it. To make a backup policy, fist you should know where your information are located; home, office, or on the web such as your mail. The master copy is generally the most up-to-date version of a particular file or collection of files, and corresponds to copy that you would actually edit if you needed to update the content. Obviously, this distinction does not apply to files of which you have only one copy, but it is extremely important for certain types of information. One common disaster scenario occurs when only duplicates of an important document are backed up, and the master copy itself gets lost or destroyed before those duplicates can be updated. Imagine, for example, that you have been travelling for a week while updating the copy of a particular spreadsheet that you keep on your USB memory stick. At this point, you should begin thinking of that copy as your master copy, because the periodic, automated backups of the outdated version on your office computer are no longer useful. Write down the physical location of all master and duplicate copies of the information identified above. This will help you clarify your needs and begin to define an appropriate backup policy.
Defining your backup strategy Essentially, you need to make sure that each data type is stored in at least two separate locations. Electronic documents - Create a full backup of the documents on your computer using a program like Cobian Backup, which is described in more detail below and protect your electronic document backups using encryption
Program databases - Once you have determined the location of your program databases, you can back them up in the same way as electronic documents.
Email - Rather than accessing your email only through a web browser, install an email client like portable Thunderbird and configure it to work with your account. Most webmail services will
provide instructions on how to use such programs and, often, how to import your email addresses into them. You can learn more about this in the Further Reading section, below. Make sure that you leave a copy of your messages on the mail server, rather than just moving them over to your computer.
Mobile phone contents - To back up the phone numbers and text messages on your mobile phone, you can connect it to your computer using the appropriate software, which is generally available from the website of the company that manufactured your phone. You may need to buy a special USB cable to do this, however. As an alternative, you can use the phone to copy your text messages and contact information from your SIM card onto the phone itself, and then copy them onto a backup SIM card. This method can be particularly useful as an emergency backup solution, but remember to keep the extra SIM card safe. The ability to copy contact information and text messages between a mobile phone and its SIM card is a standard feature, but if your phone allows you to store this kind of information on a removable flash memory card instead, then backing it up may be even easier.
Printed documents - Where possible, you should scan all of your important papers, and then back them up along with your other electronic documents, as discussed above.
Creating a digital backup When backing up your electronic documents, you should remember to back up your program databases, as well as text files, word processing documents, presentations, PDFs and spreadsheets and multimedia files. Email stored by an application such as Thunderbird is a special example of a program database.
Storage devices
Compact Discs (CDs) CDs store around 700 Megabytes (MB) of data. These discs may begin to deteriorate after five or ten years. To create a backup you will need a CD burner and blank disc. Disc can be CD-RW to erase and updating files.
Digital Video Discs (DVDs) - DVDs store up to 4.7 Gigabytes (GB) of data and they can use with a DVD-RW burner and they have a lifespan similar to what is mentioned above for CDs.
USB memory sticks - A USB memory stick holds as much information as the capacity of the device allows. They are inexpensive widely available with more advantages than CDs or DVDs with life around 10 years.
Upload to remote server –encryption of data before uploading to any remote server is mandatory and it but the speed and stability of your own Internet connection.
Backup Software Cobian Backup - Secure File Storage
Cobian Backup is used for creating archives of your digital files. They can be stored on your computer, office network, removable devices or Internet servers. Cobian Backup is a userfriendly tool that can be set to run automatically, at regularly scheduled times, and to include only files that have changed since your last backup. Homepage: www.educ.umu.se/~cobian /cobianbackup.htm Computer Requirements
XP, 2003, Vista, 2008, Windows 7 Windows 95, 98 and ME are compatible with Cobian version 7 When archiving greater numbers of documents and files, you will benefit from using either a specialized program to backup files (like Cobian Backup) or a file synchronization tool. There are many tools for helping you like below: Freebyte Backup is a freeware backup program designed for Microsoft Windows; http://www.freebyte.com/fbbackup Unison File Synchronizer is a free and open source program for Microsoft Windows, Mac OS, and GNU/Linux; http://www.cis.upenn.edu/~bcpierce/unison
Allway Sync is a freeware Microsoft Windows files synchronization tool; http://allwaysync.com . It has a portable version too. FreeFileSync: http://freefilesync.sourceforge.net is a free and open source files synchronization tool for GNU/Linux and Microsoft Windows; Time Machine is a backup utility developed by Apple, included with Mac OS (version 10.5 and up); https://secure.wikimedia.org/wikipedia/en/wiki/Time_Machine_%28Mac_OS%29 Ubuntu GNU/Linux users please read Backup Your System guide describing tools you may use. https://help.ubuntu.com/community/BackupYourSystem
How to Install Cobian Backup Installation Note: Before you begin the installation process, verify that you have both the latest versions of the Microsoft Windows Installer and the Microsoft.NET Framework. Installing Cobian Backup is a relatively easy and quick procedure. To begin installing Cobian Backup, perform the following steps: Step 1. Double click ; the Open File - Security Warning dialog box may appear. If it
to activate the light blue Extracting the resource progress status bar, does, click followed a few moments later by the following screen:
The Cobian Setup Please select a language window
Step 2. Click
to activate the Please read and accept the license agreement screen; again to activate the following screen:
check the I accept option, and then click
The Select an installation directory window Step 3. Click to activate the following screen:
The Installation type and Service options window Step 4. Check the Use Local System account option in the Service options pane, so that your own resembles Figure above.
Important: This option ensures that Cobian Backup will be running silently in the background all the time, so that your backups will occur as scheduled. Step 5. Click to activate the following message prompt:
The Cobian Backup 10 message prompt Step 6. Click to activate the next installation screen, and then click continue with the installation process. to
Step 7. Click to complete the installation process. After the installation process has been completed, the Cobian Backup icon will appear in the Windows System Tray as follows:
How to Backup Your Directories and Files In this section you will learn how to perform a simple backup or archive of a specified files and/or folders. Cobian Backup uses a backup task which can be configured to include a specified group of files and/or folders. A backup task can be set to run on a specified day and time. To create a new backup task, perform the following step: Step 1. Click to create a new backup task, and activate the New task window as follows:
The New task pane The left sidebar lists a number of tabs and their associated screens - used to set different backup options and parameters - are displayed in the pane at right. All the options in the General tab are described below: Option Descriptions Task Name: This Task Name text field lets you enter a name for the backup task. Use a name that identifies the nature of the backup. For example, if the backup is going to contain video files, you could name it Video Backup. Disabled: This option must be left unchecked. Warning: Enabling the Disabled option will override the rest of the options, and prevent the backup task from running. Include Subdirectories: This option lets you include all the subdirectories/folders within a selected directory/folder for the backup task. This is an efficient method for backing up a large number of folders and/or files. As an example, if you select the My Documents folder and check this option, then all files and folders in My Documents will be included in the backup task.
Create separated backups using timestamps: This option lets you specify that the date and time of the backup task will be automatically included in the folder name containing your backup file. This is a good idea because it means that you will easily be able to identify when the backup was performed. Use file attribute logic: This option is only relevant when you choose to perform an incremental or differential backup (see below). File attributes contain information about the file. Note: The following option is only available for Windows OS versions more recent than and including Windows XP. Use Volume Shadow Copy: This option lets you backup files which are locked. Cobian Backup verifies this information to determine whether there has been a change in the source file from the last time a backup was performed. If you then run a Differential or Incremental backup, the file will be updated. Note: You will only be able to run a full or 'dummy backup' if you disable this option (the dummy backup option is explained below). Backup type Descriptions Full: This option means that every single file in the source location will be copied to your backup directory. If you have enabled the Create separated backups using timestamp option, you will have several copies of the same source (identified by the time and date of the backup in the folder title). Otherwise, Cobian Backup will overwrite the previous version (if any). Incremental: This option means the program will verify if the files selected for backup have been changed since the last backup was performed. If there has been no change, it will be skipped over during the backup process, saving backup time. The Use file attribute logic option needs to be checked in order to perform this backup. Differential: The program will check if the source has been changed from the last full backup. If there is no need to copy that file, it will be skipped, saving backup time. If you have run a full backup before on the same set of files, then you can continue backing it up, using the Differential method. Dummy task: You can use this option to get your computer to run or shut down programs at certain times. This is a more advanced option which is not really relevant to our basic backup procedure.
Step 2. Click
to confirm your search options and parameters for your backup task.
How to Create a Backup File To begin creating a backup file, perform the following steps: Step 1. Click in the left sidebar of the New task window to display a blank version of the following screen:
The New task (MyBackup) window displaying the Source and Destination panes Step 2. Select the files you want to back up. (In Figure above, the My Documents folder is selected.) Step 3. Click in the Source pane to activate the following menu:
The Source pane - Add button menu Step 4. Select Directory if you want to back up an entire directory, and Files to back up individual files. To specify individual files or directories to be backed up, select Manually, and type in the file path or directory for your backup.
Note: You can add as many files or directories as you like. If you wish to back up files currently on your FTP server, choose the FTP site option (you will need to have the appropriate server login details). When you have selected the files and/or folders, they will appear in the Source area. As you can see in Figure above, the My Documents folder is displayed there, meaning this folder will now be included in the backup task. The Destination pane specifies where the backup will be stored. Step 5. Click in the Destination pane to activate the following menu:
The Destination pane - Add button menu
Step 6. Select Directory to open a browser window where you select the destination folder for your backup file. Note: If you want to create several versions of the backup file, you may specify several folders here. If you selected the Manually option, you must type in the full path to the folder where you want to keep the backup. To use a remote Internet server to store your archive, select the FTP site option (you will need to have the appropriate server login details). The screen should now resemble the example above example with file(s) and/or folder(s) in the source area and folder(s) in the destination area. However, don't click OK just yet! You still need to set a schedule for your backup. How to Schedule Your Backup Task For your automatic backup to work, you need to fill in the Schedule section. This section lets you specify when you want the backup to be performed. To set the schedule options, perform the following steps: Step 1. Select from the left sidebar, to activate the following pane:
The Properties for myBackup displaying the Schedule type pane The Schedule type options are listed in the drop-down menu, and described below: Once: The backup will be done once only at the date and time specified in the Date/Time area. Daily: The backup will be done every day at the time specified in the Date/Time area. Weekly: The backup will be done on the days of the week selected. In the example above, the backup will be done on Fridays. You may select other days also. The backup will be done on all days selected at the time specified in the Date/Time area. Monthly: The backup will be done on the days typed into the days of the month box at the time specified in the Date/Time area. Yearly: The backup will be done on the days typed into the days of the month box, during the month specified, and at the time specified in the Date/Time area. Timer: The backup will be done repeatedly at intervals specified in the Timer text box in the Date/Time area. Manually: You will have to run the backup yourself from the main program window.
Step 2. Click follows:
to confirm the options and settings for the backup schedule as
The New task window displaying a configured Schedule type pane Once you have decided on a backup schedule, you have completed the final step. The backup will now run on the folders specified according to the schedule you have chosen. How to Compress Your Backup File Step 1. Create a backup task as documented in section How to Create a Backup File containing the backup files you want to archive. Step 2. Select follows: from the left sidebar to activate the New task screen as
The New task screen displaying the Compression and Strong Encryption panes The Compression pane is used to specify the method for compressing your backup. Note: Compression is used to reduce the amount of space for file storage. If you have a bunch of old files that you use only occasionally, but you still want to keep, it would make sense to store them in a format where they take up as little space as possible. Compression works by removing a lot of unnecessary coding out of your documents, while leaving important information intact. Compression does not damage your original data. The files are not viewable when compressed. The process must be reversed and your files 'decompressed' when you want to view the files again. The three sub-options in the Compression type drop-down list are: No Compression: This option does not perform any compression, as you would expect. Zip Compression: This option is the standard compression technique for Windows systems, and the most convenient. Archives once created can be opened with standard Windows tools (or you can download the ZipGenius: http://www.zipgenius.it program to access them). Selecting a compression type listed automatically enables the Split options section, and its corresponding drop-down list.
The Split options apply to storage on removable media, for example CDs, DVDs, floppy disks and USB memory sticks. The various split options will subdivide the archive into sizes that will fit onto your storage device of choice. Example: Let's say that you are archiving a large number of files, and you want to burn them to a CD. However, your archive size turns out to be larger than 700MB (the size of a CD). The splitting function will split the archive into pieces smaller than or equal to 700MB, which you can then burn onto your CDs. If you are planning to back up onto your computer's hard disk, or the files that you want to back up are smaller than the device you plan to store them on, you can skip this section. The following options are available to you when you click on the Split options drop-down list. Your choice will depend on the type of removable storage device available to you.
The Split Options drop-down list 3, 5" - Floppy disk. This option is big enough to perform backup of a small number of documents Zip - Zip Disk (check the capacity of the one you are using). You will need a special Zip Drive in your computer and the custom-made disks CD-R - CD disk (check the capacity of the one you are using). You will need a CD Writer in your computer and a CD writing program (see DeepBurner Free: http://www.zipgenius.it version or other disk burning tools: http://www.thefreecountry.com/utilities/dvdcdburning.shtml ). DVD - DVD disk (check the capacity of the one you are using). You will need a DVD Writer in your computer and a DVD writing program (see DeepBurner Free version or other disk burning tools). If you are backing up onto several USB memory sticks you may want to set a custom size. To do this, perform the following steps:
Step 1. Select the Custom size (bytes) option, then type the size of the archive in bytes into the text field as follows:
The Custom size text field To give you an idea of sizes
1KB (kilobyte) = 1024 bytes - a one-page text document made in Open Office is approximately 20kb 1MB (megabyte) = 1024 KB - a photo taken on a digital camera is usually between 1 - 3 MB 1GB (gigabyte) = 1024 MB - approximately half hour of a DVD quality movie Note: When choosing a custom size to split your backup for a CD or DVD disk, Cobian Backup will not copy the backup to your removable device automatically. Rather, it will create your archive in those files on the computer and you will need to burn them to the CD or DVD disk yourself. Password Protect: This option lets you enter a password to protect the archive. Simply type, and then re-type a password into the two boxes provided. When you try to decompress the archive, you will be asked for the password before the task commences. Note: If you want to secure your archive, you should think about using another method than a password. Cobian Backup lets you encrypt your archive. This will be covered in section, How to encrypt the Backup File. Alternatively, you may also refer to the Truecrypt Hands-on Guide to find out how to create an encrypted storage space on your computer or removable device. Comment: This option lets you write something descriptive about the archive, but it is not a requirement. How to Decompress Your Backup File To decompress your backup, perform the following steps: Step 1. Select > Tools > Decompressor as shown below;
The Tools menu displaying the Decompressor option The Decompressor window appears as follows:
The Cobian 10 Backup - Decompressor window Step 2. Click decompress. to open a browse window to enable you to select the archive you want to
Step 3. Select the archive (.zip or .7x file) and then click
.
Step 4. Select a directory into which you will unpack (output) the archived file. Step 5. Click archive. to open another window that lets you choose the folder in which to unpack the
Step 6. Select a folder, and then click
.
Use Windows Explorer to view the files that go to that folder.
About Encryption Encryption may be a necessity for those wishing to keep their backup secure from unauthorized access. Encryption is the process of encoding, or scrambling, data in such a way that it appears unintelligible to anyone who does not have the specific key needed to decode the message.
How to Encrypt Your Backup File The Strong encryption pane is used to specify the encryption method to be used. Step 1. Click the Encryption type drop-down box to activate its list of different encryption methods as follows:
The Encryption type drop-down list
To keep things simple, we recommend that you choose from either the Blowfish or the Rijndael (128 bits) methods. These will provide excellent security for your archive, and let you access the encrypted data with a chosen password. Step 2. Select the Encryption type you want to use. Note: Rijndael and Blowfish both offer approximately the same level of security. DES is weaker but the encryption process is faster. Step 3. Type and re-type the password into the two boxes provided as below.
The The Encryption type and Passphrase text fields The strength of the password is indicated by the bar marked 'Passphrase quality'. The further the bar moves to the right, the stronger the passphrase.
Step 4. Click .
How to Decrypt Your Backup File Decrypting your backup file is easy and quick. To decrypt your backup file, perform the following steps: Step 1. Select > Tools > Decrypter and Keys:The Tools menu with Decrypter and Keys item selected This will activate the Decrypter and Keys window as follows:
The Cobian Backup 10 Decrypter and Keys window
Step 2. Click Step 3. Click
to select the archive you want to decrypt. to select the folder in which to store the decrypted archive.
Step 4. Select the same encryption type you selected in section How to Encrypt Your Backup File, in the Methods drop-down list.
The New Methods drop-down list Step 4. Select the appropriate encryption method (the one you used to encrypt your backup file). Step 5. Type your passphrase into the Passphrase text fields.
Step 6. Click
.
The file(s) will be decrypted to the location that you specified.
Recovering from accidental file deletion
Recuva is an easy-to-use data recovery tool. It lets you scan for and retrieve previously deleted documents, files, folders and other information, including emails, images and video formats. Recuva also uses secure overwriting techniques for erasing important, private or sensitive information. A file deleed using the standard Windows operating system Delete function, even after the Recycle Bin has been emptied, might still exist on the computer. Recuva cannot recover files after programs like CCleaner or Eraser have been used to wipe free disk space. Homepage www.piriform.com/recuva Computer Requirements
All Windows Versions (Note: Support for Windows 98 has been discontinued.)
GNU Linux, Mac OS and other Microsoft Windows Compatible Programs: For GNU Linux users, we recommend R-Linux: http://www.r-tt.com/data_recovery_linux Mac OS users will appreciate TestDisk and PhotoRec: http://www.cgsecurity.org , which are also compatible with Microsoft Windows and GNU Linux. In addition to Recuva, there are other free file recovery programs compatible with Microsoft Windows that are well worth recommending:
NTFS Undelete : http://ntfsundelete.com Disk Digger : http://diskdigger.org PCInspector File Recovery : http://www.pcinspector.de/Default.htm?language=1 FileRestorePlus : http://undeleteplus.com
How to Download and Extract Recuva Portable To begin downloading and extracting Recuva Portable, perform the following steps: Step 1. Click http://www.piriform.com/recuva/download/portable to be directed to the appropriate download site, and automatically activate the following screen: Step 2. Click navigate to it. to save the installation file to your computer; and then
Make a folder with name Recuva Portable in your removable disk and extract portable version to activate the Portable Recuva wizard. there. Double click
Perform Different Scans Using Recuva
Before You Begin Here, you will learn how to perform different types of scans, and be introduced to the General and Actions tabs in the Options screen. Note: A scan will simply retrieve and display the files which are potentially recoverable. The actual recovery procedures are discussed in How to Recover and Securely Overwrite Files Using Recuva. How to Perform a Scan Using the Recuva Wizard The Recuva Wizard is recommended in situations where neither the full nor partial name of the file you would like to recover is known. It is also recommended if this is the first time you are using Recuva. The Recuva Wizard lets you set the scan parameters by letting you specify the file type and/or from where the file was deleted. To begin scanning for deleted files, perform the following steps:
Step 1. Click or select Start > Programs > Recuva > Recuva to launch the program, and activate the following screen:
The Welcome to the Recuva Wizard screen Tip: If you know the exact or even partial name of a file you would like to recover, click to go to the Piriform Recuva main user interface, and then follow the steps in section 3.2 How to Perform a Scan without Using the Recuva Wizard. Step 2. Click to activate the following screen:
The Recuva Wizard File type screen
The Recuva Wizard File type displays a list of different file types, and describes what files might be recovered when each option is enabled. Step 3. Check the Other option as shown in Figure above, and then click the following screen: to activate
The Recuva Wizard File Location screen
Note: The default setting for the Recuva Wizard File Location screen is the I'm not sure option. This option will extend the scan to all drives as well as removable media, except CDs, DVDs and optical media. It may, therefore, require a longer time to generate results.Files are most frequently deleted from Recycle Bin in the Windows operating systems, to minimize the chance of your accidentally deleting private or sensitive information. Step 4. Check the In the Recycle Bin option as shown in Figure above, and then click to activate the following screen:
Thank you, Recuva is now ready to search for your files
Note: For this exercise, do not enable the Deep Scan option. This scanning technique will be discussed in section How to Perform a Deep Scan. Step 5. Click to begin recovering your deleted files.
During the file recovery process, two progress status bars appear in quick succession. The Scanning the drive for deleted files progress bar lists the deleted files. The Analyzing the file contents progress bar groups and sorts the deleted files into file types and degree of recoverability. They also display the duration of the scanning and analysis processes. Your Piriform Recuva main user interface may then resemble the following screen:
The Piriform Recuva main user interface with deleted files The Piriform Recuva main user interface lists information about each deleted file, arranged in six columns. Each column is described as follows: Filename: This displays the name and file extension of the deleted file. Click the Filename title to arrange the deleted files in alphabetical order. Path: This displays where the deleted file was found. Given that the In the Recycle Bin option was enabled in this example, the file path is C:RECYCLER for all the deleted files. Click the Path title to view all the files listed under a particular directory or file path.
Last modified: This displays the last time the file was modified before it was deleted, and can be useful in helping to identify the file you would like to recover. Click Last modified to list the deleted files according to the oldest or most recent. Size: This displays the size of the file. Click Size to list the deleted files beginning with the largest or smallest deleted file. Status: This displays the extent to which the file is recoverable, and corresponds to the file status icons discussed in Figure 6 below. Click Status to sort the deleted files into the three basic categories, and list them from Excellent to Unrecoverable. Comment: This displays why a given file may or may not be recoverable, and the extent to which a deleted file has been overwritten in the Windows Master File Table. Click Comment to view the extent to which a file or group of files have been overwritten. Each file is associated with a colored status icon which indicates the extent to which each file can be successfully recovered:
The file status icons The following list describes each status icon:
Green: The chances for a full recovery are excellent. Orange: The chances for recovery are acceptable. Red: The chances for recovery are unlikely.
How to Perform a Scan without Using the Recuva Wizard To access the Recuva main user interface directly, (that is, not use the Recuva Wizard), perform the following steps:
Step 1. Click
or select Start > Programs > Recuva > Recuva to activate Figure 1.
Step 2. Check the Do not show this Wizard on startup option, and then click activate the following screen:
to
The Recuva main user interface The Piriform Recuva main user interface is divided into the results pane on the left and the Preview, Info and Header tabs in which to sort and view information about a specific deleted file. It lets you set certain scan options, similar to those in the Recuva Wizard. Step 3. Click to activate the drop-down list and select the drive to be scanned; the Local Disk (C:) is the default and used in this example as follows:
The hard drive drop-down list The Filename or path drop-down list lets you specify the kind of file you are looking for, and loosely corresponds to the Recuva Wizard File type screen displayed in the second Figure.
The File name or path drop-down list The Filename or path feature is a combination of a text box and drop-down list. It has two main uses: To let you directly search for a specific file, and/or to sort through a list of deleted files, according to file type. Alternatively, the Filename or path feature can be used to search for files of a specific type, or to sort through a general list of deleted files in the results pane. To begin scanning for a file of which all or part of the name is known, perform the following steps: Step 1. Type in the name or partial name of a file you would like to recover as follows (in this example, the file triangle.png is being scanned):
The File name or path drop-down list displaying triangle.png Tip: Click to reset the File name and path (which appear greyed out).
Step 2. Click to begin scanning for your deleted file(s); shortly thereafter, a screen will appear resembling the following:
The Recuva user interface displaying the triangle.png file in the Preview tab
How to Perform a Deep Scan Using Recuva The Enable Deep Scan option lets you conduct a more thorough scan; naturally, a deep scan takes a longer time, depending on your computer speed and the number of files you have. This option might prove useful if your initial scan does not display the files you would have liked to recover. Although a deep scan may even take hours depending on the amount of data stored on your computer, it may improve your chances of recovering the files you require. The Recuva Deep Scan option can be enabled either through checking the Enable Deep Scan option in the Recuva Wizard . Step 1. Click to activate the Options screen, then click the Actions tab as follows:
The Options screen displaying the Actions tab Step 2. Check the Deep Scan (increases scan time) option, then click Step 3. Click to begin scanning for deleted files using the Deep Scan option. As mentioned earlier, a deep scan can potentially take a few hours, depending on the size of your hard disk and computer speed: .
The Scan displaying the estimated number of hours required for a deep scan
An Introduction to the Options Screen In this section, you will learn how to use the different settings to successfully recover and overwrite your private or sensitive information in the Options screen. To configure these settings, perform the following steps: Step 1: Click to activate the following screen:
The Options screen displaying the General tab in default mode The Options screen is divided into the General, Actions and About tabs. The General tab lets you define a number of important settings, including Language (Recuva supports a spectacular 37 languages seamlessly), View mode and disabling or enabling the Recuva Wizard.
The View mode drop-down list The View Mode lets you select how you would like to view the deleted files, and can also be enabled whenever you right click a file in the Piriform Recuva.
List: This option lets you view the deleted files in a list as shown before. Tree: This option lets you view the directory path of deleted files in the form of an expandable tree.
Thumbnails: This option lets you view the deleted files as graphics or images where possible. Most importantly perhaps, the Advanced section of the General tab lets you set the number of times your data can be overwritten by random data to protect it from recovery by hostile or malicious parties. The Secure overwriting drop-down list displays four options for overwriting your private information. Its default mode is Simple Overwrite (1 pass) displayed in Figure above. A pass refers to the number of times your document, file or folder will be overwritten with random data to render it completely unreadable. Step 2: Select the DOD 5220.22-M (3 passes) option as follows:
The Secure overwriting drop-down list with the DOD 5220.22-M (3 passes) selected A single pass may prove quite effective in overwriting a given document, file or folder; however, there are parties with the resources and skills to recover a relatively light secure overwrite. Three passes is a solid balance between the time required to perform a secure overwrite, and the ability to recover that document, file or folder. Step 3. Click to save your General tab configuration options.
The Options screen displaying the Actions tab
Show files found in hidden system directories: This option lets you display files in hidden system directories.
Show zero-byte files: This option lets you show you files that have little to no content, and which are basically irrecoverable. Show securely deleted files: This option lets you display files that have been securely deleted in the results pane. Note: If you have already used CCleaner or a similar program, it changes the filename to ZZZZZZZ.ZZZ when it securely deletes a file, for security reasons.
Deep Scan: This option lets you scan the entire drive for the deleted document or file; if previous scans have proven ineffective in locating your file, the Deep Scan may prove useful. However, it does require more time. Please refer to section How to Perform a Deep Scan Using Recuva. Scan for non-deleted files (for recovery from damaged or reformatted disks): This option lets you attempt to recover files from disks that may have sustained physical damage or software-related corruption.
Recover and Securely Overwrite Files Using Recuva
In this section, you will learn how to recover a previously deleted file, as well as how to securely overwrite any private or sensitive information. Recuva lets you create a new folder for storing your recovered files. Although Recuva does let you use existing folders, for reasons of safety and security, we recommend that you copy your recovered files to a removable device like a backup drive or USB memory stick. Important: Although Recuva does an excellent job of securely overwriting information, it may leave a file marker indicating the existence of such a file. To protect your privacy and security, it makes sense to save any important, private or sensitive information to a removable device, and not to the original location or path. How to Recover a Deleted File To begin recovering a deleted file, perform the following steps: Step 1. Connect your removable disk or a USB memory stick to your computer. Step 2. Check the check box next to a file you want to recover to enable the Recover... button or double click that file to both check and highlight that file. Step 3. Click Browse For Folder screen. to activate the
Step 4. Select a destination and then click to create your recovery folder as shown in Figure below.
The Browse For Folder dialog box displaying the newly created folder on a removable device
Note: In this example, the folder for storing your recovered documents and files has been given an obvious label. However, keeping your digital privacy and security in mind, we encourage you to be more careful in labelling your own folder. Step 5. Click follows: to begin the file recovery process; a progress status screen appears as
The Recovering files progress status screen After the files have been recovered, a confirmation will appear resembling the following screen:
The Operation Completed screen Note: Recuva supports multiple file recovery. Simply check the check boxes of the files you would like to recover and perform steps 3 to 5. Now that you are comfortable with recovering a previously deleted file, you are ready to learn how to use the pop-up menu to perform multiple file recoveries and secure overwriting of files. How to Use the Pop-up Menu Recuva offers different options for selecting the documents, files or folders you would like to delete or securely overwrite.
Checking is generally used to quickly select several non-contiguous or separate files for recovery or secure overwriting. Highlighting is generally used to quickly select contiguous multiple files in a block or group for recovery or secure overwriting.
Right click on a deleted file displayed in the Recuva main to activate the following pop-up menu:
The pop-up menu Recover Highlighted: This item lets you recover all or any highlighted deleted file(s). Recover Checked: This item lets you recover a checked deleted file. Check Highlighted: This item lets you check a highlighted deleted file. Uncheck Highlighted: This item lets you uncheck a highlighted deleted file. As you recall, the View Mode can also be set in the General tab in the Options screen. This item lets you select how you would like to view the deleted files.
List: This option lets you view the deleted files in a list as in following Figure. Tree: This option lets you view the directory path of deleted files in the form of an expandable tree. Thumbnails: This option lets you view the deleted files as graphics or images where possible. Highlight Folder: This option lets you select multiple deleted files according to their directory path, and lets you perform the actions listed in the pop-up menu on them. Secure Overwrite Highlighted: This option lets you securely overwrite a highlighted deleted file. Secure Overwrite Checked: This option lets you securely overwrite a checked deleted file, changing its status icon to red.
How to Securely Overwrite a Deleted File To securely overwrite a deleted file, perform the following steps: Step 1. Check the individual file you would like to have securely overwritten, and then right click the check box it to activate the pop-up menu. Step 2. Select to activate the following confirmation dialog box:
The Secure overwrite confirmation dialog box Step 3. Click to begin the overwriting process; depending on the size and status of the file as well as the Secure overwriting option you selected in the General tab in the Options screen, this could take some time. After the overwriting process has been completed, a screen resembling the following appears:
The Operation complete screen You have successfully completed recovering and securely overwriting files using Recuva previously deleted files.
How to destroy sensitive information
When you delete a file, even after you empty the Recycle bin, the contents of that file remain on your hard drive and can be recovered by anyone who has the right tools and a little luck. In order to ensure that deleted information does not end up in the wrong hands, you will have to rely on special software that removes data securely and permanently.
Deleting information
From a purely technical perspective, there is no such thing as a delete function on your computer. Of course, you can drag a file to the Recycle Bin and empty the bin, but all this really does is clear the icon, remove the file's name from a hidden index of everything on your computer, and tell Windows that it can use the space for something else. Until it actually does use that space, however, the space will be occupied by the contents of the deleted information, much like a filing cabinet that has had all of its labels removed but still contains the original files. This is why, if you have the right software and act quickly enough, you can restore information that you've deleted by accident, as discussed before. You should also keep in mind that files are created and insecurely deleted, without your knowledge, every time you use your computer. Suppose, for example, that you are writing a large report. It may take you a week, working several hours each day, and every time the document is saved, Windows will create a new copy of the document and store it on your hard drive. After a few days of editing, you may have unknowingly saved several versions of the document, all at different stages of completion. Windows generally deletes the old versions of a file, of course, but it does not look for the exact location of the original in order to overwrite it securely when a new copy is made. Instead, it simply puts the latest version into a new section of the metaphorical filing cabinet mentioned above, moves the label from the old section to the new one, and leaves the previous draft where it was until some other program needs to use that space. Clearly, if you have a good reason to destroy all traces of that document from your filing cabinet, removing the latest copy is not going to be enough, and simply throwing away the label would be even worse.
Remember, too, that computer hard drives are not the only devices that store digital information. CDs, DVDs, USB memory sticks, floppy disks, flash memory cards from mobile phones and removable hard drives all have the same issues and you should not trust a simple delete or rewrite operation to clear sensitive information from any of them.
Wiping information with secure deletion tools
When you use a secure deletion tool, such as those recommended in this chapter, it would be more accurate to say that you are replacing, or 'overwriting,' your sensitive information, rather than simply deleting it. If you imagine that the documents stored in those hypothetical filing cabinet discussed above are written in pencil, then secure deletion software not only erases the content, but scribbles over the top of every word. And, much like pencil lead, digital information can still be read, albeit poorly, even after it has been erased and something has been written over the top of it. Because of this, the tools recommended here overwrite files with random data several times. This process is called wiping, and the more times information is overwritten, the more difficult it becomes for someone to recover the original content. Experts generally agree that three or more overwriting passes should be made; some standards recommend seven or more. Wiping software automatically makes a reasonable number of passes, but you can change that number if you like. Wiping files There are two common ways to wipe sensitive data from your hard drive or storage device. You can wipe a single file or you can wipe all of the 'unallocated' space on the drive. When making this decision, it may be helpful to think about the other hypothetical example proposed earlier-the long report that may have left incomplete copies scattered throughout your hard drive even though only one file is visible. If you wipe the file itself, you guarantee that the current version is completely removed, but you leave the other copies where they are. In fact, there is no way to target those copies directly, because they are not visible without special software. By wiping all of the blank space on your storage device, however, you ensure that all previously-deleted information is destroyed. Returning to the metaphor of the poorly-labeled file cabinet, this procedure is comparable to searching through the cabinet, then erasing and scribbling repeated over any documents that have already had their labels removed.
Eraser is a free and open-source secure deletion tool that is extremely easy to use. You can wipe files with Eraser in three different ways: by selecting a single file, by selecting the contents of the Recycle Bin, or by wiping all unallocated space on the drive. Eraser can also wipe the contents of the Windows swap file, which is discussed further below. Always make sure you have a secure backup before wiping large amounts of data from your computer. Wiping temporary data The feature that allows Eraser to wipe all unallocated space on a drive is not as risky as it might sound, because it only wipes previously-deleted content. Normal, visible files will be unaffected. On the other hand, this very fact serves to highlight a separate issue: Eraser can’t help you clean up sensitive information that has not been deleted, but that may be extremely well-hidden. Files containing such data may be tucked away in obscure folders, for example, or stored with meaningless filenames. This is not a major issue for electronic documents, but can be very important for information that is collected automatically whenever you use your computer. Examples include:
Temporary data recorded by your browser while displaying WebPages, including text, images, cookies, account information, personal data used to complete online forms and the history of which websites you have visited. Temporary files saved by various applications in order to help you recover should your computer crash before you can save your work. These files might contain text, images, spreadsheet data and the names of other files, along with other potentially sensitive information. Files and links stored by Windows for the sake of convenience, such as shortcuts to applications you have used recently, obvious links to folders that you might prefer to keep hidden and, of course, the contents of your Recycle Bin should you forget to empty it. The Windows swap file. When your computer's memory is full, for example when you have been running several programs at the same time on an older computer, Windows will sometimes copy the data you are using into a single large file called the swap file. As a result, this file might contain almost anything, including WebPages, document content, passwords or encryption keys. Even when you shut down your computer, the swap file is not removed, so you must wipe it manually. In order to remove common temporary files from your computer, you can use a freeware tool called CCleaner, which was designed to clean up after software like Internet Explorer, Mozilla Firefox and Microsoft Office applications (all of which are known to expose potentially sensitive information), as well as cleaning Windows itself. CCleaner has the ability to delete files securely, which saves you from having to wipe unallocated drive space, using Eraser, after each time you run it.
Tips on using secure deletion tools effectively
You are now familiar with a few of the ways in which information might be exposed on your computer or storage device, even if you are diligent about erasing sensitive files. You also know what tools you can use to wipe that information permanently. There are a few simple steps that you should follow, especially if it is your first time using these tools, in order to ensure that your drive is cleaned safely and effectively:
Create an encrypted backup of your important files, as discussed before. Close down all unnecessary programs and disconnect from the Internet. Delete all unnecessary files, from all storage devices, and empty the Recycle Bin Wipe temporary files using CCleaner. Wipe the Windows swap file using Eraser. Wipe all of the free space on your computer and other storage devices using Eraser. You might need to let this procedure run overnight, as it can be quite slow.
You should then get into the habit of:
Periodically using CCleaner to wipe temporary files Wiping sensitive electronic documents using Eraser, instead of using the Recycle Bin or the Windows delete function Periodically using Eraser to wipe the Windows swap file Periodically using Eraser to wipe all unallocated space on your hard drives, USB memory sticks, and any other storage devices that may have had sensitive information deleted from them recently. This might include floppy disks, rewritable CDs, rewritable DVDs and removable flash memory cards from cameras, mobile phones or portable music players.
Tips on wiping the entire contents of a storage device
You might occasionally need to wipe a storage device completely. When you sell or give away an old computer, it is best to remove the hard drive and let the computer's new owner acquire one for herself. If this is not an option, however, you should at least wipe the drive thoroughly with Eraser before handing it over. And, even if you do keep the drive, you will probably want to wipe it anyway, regardless of whether you intend to reuse or discard it. Similarly, if you purchase a new hard drive, you should wipe your old one after copying your data and making a secure backup. If you are intending to throw away or recycle an old drive, you should also consider destroying it physically. (Many computer support professionals recommend a few strong blows with a hammer before discarding any data-storage device that once contained sensitive information.) In any of the situations described above, you will need to use Eraser to wipe an entire hard drive, which is impossible as long as the operating system is running on that particular drive. The easiest way to get around this issue is to remove the drive and put it into an external USB 'drive enclosure,' which you can then plug into any computer with Eraser installed on it. At that point, you can delete the full contents of the external drive and then use Eraser to wipe all of its unallocated space. Fortunately, this is not something you will have to do often, as it may take quite some time. Rather than trying to wipe data that have been stored on a rewritable CD or DVD, it is often better to destroy the disc itself. If necessary, you can create a new one containing any information you wish to keep. And, of course, this is the only way to 'erase' content from a nonrewritable disc. It is surprisingly difficult to destroy the contents of a CD or DVD completely. You may have heard stories about information being recovered from such discs even after they were cut into small pieces. While these stories are true, reconstructing information in this way takes a great deal of time and expertise. You will have to judge for yourself whether or not someone is likely to expend that level of resources in order to access your data. Typically, a sturdy pair of scissors (or a very sturdy paper shredder) will do the job nicely. If you want to take extra precautions, you can mix up the resulting pieces and dispose of them in various locations far from your home or office.
Eraser - Secure File Removal
Homepage www.heidi.ie/eraser Computer Requirements
All Windows Versions
Portable Eraser
Portable Eraser is used to permanently delete sensitive data. It can also wipe a digital storage device of all recoverable data.
Differences between Installed and Portable Versions of Eraser Given that portable tools are not installed on a local computer, their existence and use may remain undetected. However, keep in mind that your external device or USB memory stick, and portable tools are only as safe as the computer you are using, and may risk being exposed to adware, malware, spyware and viruses. Portable Eraser does not require the .Net Framework in order to run, and the extraction and installation time required is minimal. Aside from that, there are no other differences between Portable Eraser and the version designed to be installed on a local computer.
How to Download and Extract Portable Eraser To begin downloading and extracting Portable Eraser, perform the following steps: Step 1. Click http://portableapps.com/apps/utilities/eraser_portable to be directed to the appropriate download site.
Step 2. Click Step 3. Click to save the computer; then navigate to it.
to activate the Source Forge download page. installation file to your
Step 4. set your destination to removable disk and install the content there like below:
Step 5. Double click
to launch Portable Eraser. run Eraser as follows:
The Eraser main user interface
How to Configure Eraser Note: It is recommended that you overwrite the data at least three times. Tip: Each overwrite or pass takes time and therefore, the more passes you make, the longer the erasing process will take. This will be especially noticeable when erasing large files, or wiping free space. The number of passes can be set by accessing the Preferences: Erasing menu. Step 1. Select > Edit > Preferences > Erasing... as follows:
The Eraser [On-Demand] screen displaying the Edit menu options The Preferences: Erasing window appears as follows:
The Eraser Preferences: Erasing window The Preferences: Erasing screen describes how the files are to be overwritten. Description: This column lists the name of the overwrite procedure.
Passes: This column lists how many times the data will be overwritten. In this example, we will overwrite our data using the Pseudorandom Data method. By default, only one pass is made when using this option. However, for extra security we will increase the number of passes. Step 2. Select the # 4 Pseudorandom Data option as shown in Figure above. Step 3. Click to activate the Passes screen as follows:
The Eraser Passes screen Step 4. Set the number of passes to between three and seven (remember the time/security tradeoff). Step 5. Click to return to the Passes screen.
# 4 Pseudorandom Data should now resemble the following:
The Eraser Erase screen with pane showing item 4 selected Tip: Make sure the check boxes labeled Cluster Tip Area and Alternate Data Streams are checked as follows (they are checked by default):
The Eraser Cluster Tip Area and Alternate Data Streams check boxes in default mode
Cluster Tip Area: A computer hard disk is divided into small segments called 'clusters'. Usually, a file spans several clusters, and often a file will not completely fill the last cluster. The unused space on this last cluster is called the cluster tip area. This cluster tip area may contain sensitive information from the other file that was written over this cluster before and occupied more of the cluster. Information from a cluster tip may be readable by a data recovery specialist. So, check the Cluster Tip Area check box for greater security. Alternate Data Streams: When a file is stored on your computer, it may come in different parts. For example, this text contains both text and images. These would be stored on your computer in different locations or 'streams'. So, check the Alternate Data Streams check box to ensure that all data associated with the file is deleted. Step 6. Click .
You have now set the overwrite method for Eraser to wipe files. You should also set the same options for the Unused Disk Space feature that appears on the next tab in the Preferences: Erasing screen. However, you may set the number of passes to a reasonable figure -- taking into consideration that a free-space wipe will take around two hours per pass.
How to use Eraser in Windows Explorer It is common for people to use Eraser through the My Computer Windows Explorer programs, rather than through the Eraser program itself. Step 1. Open a folder containing a file you want to delete permanently. Step 2. Right-click on this file. Two new options appear on the pop-up menu, Erase and Eraser Secure Move as follows:
Erase and Eraser Secure Move options
We are going to use the Erase option to permanently delete this file. Step 3. Select the Erase item from the menu, as shown in Figure above. The Confirm Erasing pop up dialog box will appear as follows:
The Confirm Erasing pop up dialog box If the file displayed in the pop up dialog box is the one you want to delete permanently, perform the following step: Step 4. Click to permanently erase or wipe the file from your computer.
Warning: Any file deleted in this manner with be irretrievably and permanently deleted. Therefore, you must be completely sure that you really want to erase a particular file, or group of files. To securely move a file/s from one location to another (for example, from your computer to a USB memory stick): Step 5. Select You will need to answer the same warning prompt, as above, to continue.
How to Wipe Unused Disk Space Erasing unused disk space involves wiping all traces of previously existing files from the 'empty space' of your hard drive/portable storage device. This empty space usually contains files that were not deleted properly . Step 1. Select Start > Programs > Eraser > Eraser Tip: You can perform the wiping task on demand or you can schedule it to occur at a specified time. Important: This process could take between 2 and 5 hours to complete and will slow your computer down while it operates. It is a good idea to run or schedule the free space wipe when you are not using your computer (or have gone home/to bed for the night).
How to use the On-Demand Task To create an On-Demand task for wiping unused disk space, perform the following steps: Step 1. Click Step 2. Select File > New Task as follows:
Selecting a New Task in the File menu The Unused space on drive option should be selected. Step 3. Choose the drive you want to clear the free space on. (In this example, the Local Disk (C:) has been selected. This is usually the primary hard drive on most computers.)
The Eraser Task Properties screen Step 4. Click interface. to create, and then run the task which will appear in the Eraser user
Step 5. Right-click the task to activate the pop-up menu as follows:
The Eraser screen with Run selected
Step 6. Select Run to activate the Eraser pop up dialog box as follows:
The Eraser pop up dialog box Step 7. Click .
The Eraser progress status window displays the wiping process on the unused disk space as follows:
The Eraser window in the process of wiping unused disk space
How to Use the Scheduler Feature Since we may not always remember to do this kind of computer 'housekeeping', Eraser has an option that lets you schedule a wiping task so that it runs at an appointed time every day, or one day per week. Step 1. Click in the Eraser main screen.
Step 2. Select File > New Task as follows: Selecting a New Task in the File menu
Step 3. Set these options as outlined in section How to Use the on-Demand Tasks Option.
The Eraser Task Properties screen displaying the Schedule tab Step 4. Click the Schedule tab to activate its associated pane with two configurable settings:
The Eraser Schedule tab Step 5. Select day or event item that best suits your needs from the Every drop-down list.
Step 6. Enter the time that best suits your needs in the At timer, which can only be entered in a 24-hour format. Step 7. After you have set a time and day, click The scheduled task will appear as follows: .
The Eraser Scheduled task list Note: The computer must be switched on for the scheduled task to run.
How to Remove a Task After you have run either an on-demand task or a scheduled task, you may want to remove it from your task list.To remove an on-demand task, perform the following steps: Step 1. Click to display its corresponding task list as follows:
The Eraser task list
Step 2. Select the task you want to remove, as shown in Figure above. Step 3. Right-click to activate the pop-up menu and select the Delete item to remove the task from the task list. (Alternatively, you may click located beneath the Eraser menu bar.
The process for removing a Scheduled Task is almost identical. To remove a scheduled task, perform the following step: Step 1. Click , and then repeat steps 2 and 3, as described in this section.
How to Erase the Windows Recycle Bin Eraser also allows you to erase any traces of documents you may have deleted from the Windows Desktop Recycle Bin.To access this feature, perform the following steps: Step 1. Right click anywhere on the Recycle Bin icon to activate the Eraser pop-up menu as follows:
The Eraser pop-up menu for the Recycle Bin Step 2. Select the appropriate item from the pop-up menu to begin erasing your Recycle Bin.
File Shredder to securely delete data under Windows
For Windows there is a good open source tool called "File Shredder". This tool can be downloaded from http://www.fileshredder.org The installation is very straightforward, just download the application and install it by hitting the next button. After installation this application will automatically start. You can then start using it for shredding files. However the best part of the program is that you can use it from within windows itself by right clicking on a file. Click right on the file you want to shred, and choose File Shredder -> Secure delete files
A pop-up asks if you really want to shred this file
After confirming, there your file goes. Depending on the size of the file this can take a while
GNU Linux, Mac OS and other Microsoft Windows Compatible Programs: On the GNU/Linux, the secure-delete package can be used from the terminal: securely-delete to either securely delete files and folders, or wipe free space on the disk. Secure-delete can also be integrated with a graphical file manager: secure-delete option to nautilus file manager in Linux. ****************************************** Installation secure-delete for Linux Installation of secure-delete is easy. Since this tool is a command-line only tool, I will show you how to install it from the command line. Here are the steps. 1. Open up a terminal window. 2. Issue the command sudo apt-get install secure-delete. 3. Type your sudo password (that’s your user password, in case you weren’t aware) and hit Enter. 4. Allow the installation to complete. You now have secure-delete installed on your machine and ready to start trashing those files and folders. Deleting a file Let’s say you have a file in your home directory (~/) called secret_stuff.txt. To delete this with secure-delete you would use the srm command (secure remove). To do that you would issue the command like so:
srm ~/secret_stuff.txt That file is now VERY gone. Don’t expect the removal of the file to be as fast as it would with the rm command. Why does it take longer? When you issue the srm command on a file, securedelete does the following: 1. 2. 3. 4. 5. 1 Pass with 0xff. 5 Random passes. 27 Passes with special values defined by Peter Gutmann (a leading cryptographer). Rename the file to random value. Truncate the new file.
Between each pass the file is also opened by O_SYNC mode and then an fsync() call is made.
Deleting a folder Deleting a folder is as simple as deleting a file. Let’s say you have the folder ~/secret_stuff that needs to be deleted for good. To do this with srm you would use the -r (recursive) switch like so: srm -r ~/secret_stuff Depending upon the size and the amount of the directory contents, the deletion will take some time. Clearing free space If you have installed and re-installed OSes on your computer, you could very easily have residual files remaining in the free space of your current installation. You can ensure that space is free of any traces of files or folders with the command sfill. There are two things about this command you need to know: You have to have admin rights (so you have to use sudo) and you have to know the mount point of the free space. This command is very slow, so make sure you give it plenty of time to run. Let’s say you have a drive attached to your machine that has been used a number of times and is mounted to /media/external. To completely clean out the free space on this drive you would issue the command: sudo sfill /media/external After some time the free space on that particular drive would be completely free of any trace of directories or files. http://www.ubuntugeek.com/tools-to-delete-files-securely-in-ubuntu-linux.html
*********************************
Install the Nautilus Actions Configuration utility
First, install the nautilus-actions package, which provides a graphical utility for editing the Nautilus right-click menu. We’ll use this utility to add the secure delete option. You can install the nautilus-actions package by using the following command: Fedora Ubuntu
sudo yum install nautilus-actions sudo apt-get install nautilus-actions
Once installed, you can configure the new menu option. Configure the new menu option Now you should have an option in the Preferences menu called “Nautilus Actions Configuration.” This will allow you to specify the new option for securely deleting files from the file manager. Click the “define new action” button (or select it from the file menu). Specify the information as shown below (feel free to use whatever text you want as the label and tooltip; this is up to you!):
Next, click the “Command” tab. This is where you’ll specify what the new menu item will actually do when it’s clicked. As you see below, I am using the shred program as my securedelete method, which is located at /usr/bin/shred. For the parameters, I need to specify -u in order to have shred delete the file once it’s been overwritten.
Clicking the “legend” button shows that the option to pass a list of files to the command line is %M. So my full parameters string becomes “-u %M”. You should feel free to customize the command however you like, by reading the manager for the command you are using, and by referencing the legend to figure out which substitution strings to use. For example, you might want to use the “-z” option for shred, which will use a final pass of zeros, to “hide” that the file has been shredded, or the “-n” option to specify the number of passes to use. Finally, you’ll want to set the conditions under which the menu item appears. In the “Conditions” tab, I’ve selected for the secure delete option to appear only when files are selected, and to allow it to be used on multiple files at once. Here is how my Conditions tab looks:
With that, double-check that you’ve entered everything correctly, and click “Save” in the file menu. Test it out That’s all you need to do — the only thing left is to test that it works. Find some files you want to shred, or create a few dummy files (obviously don’t use this on data you need to keep!). you
can use a bash “for” loop to create a few test files, and then opened Nautilus to the directory where you put them.
Selecting them all and right-clicking, I see the secure deletion option. Clicking it and watching in “top” shows that it is working correctly. Those files are gone! You can use this for anything! The nautilus-actions utility can be used for more than just adding secure-deletion options to the file manager; you can use it to execute any command-line operation you want
Basic of using bash for loop
Basic Syntax The “for” loop is useful when you want to repeat an operation multiple times, for example, on multiple files, or for multiple inputs. The basic syntax of the “for loop” is as follows; you can type each line into your shell one line at a time: for x in $y do some_command done Let’s examine this a little more closely. On the first line, we the “for” statement, which says that, for every item in variable $y, which presumably is a list of items, make the variable x equal to that item in $y. The for loop will then execute all the commands between “do” and “done”, once for each item in $y. To see what this actually does, you can build a very simple for loop:
for x in 1 2 3 4 5 do echo “Hello, world, ${x} times” done The output of this will be simply, Hello, world, 1 times Hello, world, 2 times Hello, world, 3 times Hello, world, 4 times Hello, world, 5 times In reality, this is how it should appear in your terminal:
Not a very useful loop, but now you can see how the basics work.
A more useful loop Once you understand the fundamental structure of the “for” loop, it is easier to build a useful command. For example, let’s say that you want to rename a bunch of files in some predictable manner; perhaps, you want to move all the “.txt” files to “.txt.old”. It would take a very long time to do this with the GUI, and probably just about as long with the command line if you didn’t use a loop. But the for loop makes it trivial: for eachTxtFile in *.txt do mv ${eachTxtFile} ${eachTxtFile}.old done The above snippet will rename all files that are in the current directory, and end with .txt, to their current name, with “.old” appended. Now what would have taken a significant amount of tedious labor in the GUI is done in just a few seconds, because you’ve used a simple for loop. For loop ranges Sometimes you want to repeat a certain command several times, like in the above “hello world” example, but more times than you’d like to type out. Bash has a built-in function for this, which
allows you to specify a range to act on. For example, the above Hello World example can be simplified, using a range: for eachNumber in {1..5} do echo “Hello, world, ${x} times” done Or, perhaps you want to create a thousand files. This might take all day by hand, but automating it with a for loop can complete the task in just a second: for eachNumber in {1..1000} do touch $eachNumber done These are all very basic loops, but you can probably see how they can quickly become huge time-savers.
Another explanation of securely delete data under Ubuntu/Linux
Shred is installed in Ubuntu by default and can delete single files. Wipe is not installed by default but can easily be installed with using Ubuntu Software Center or if you understand the command line you can install it with apt-get install wipe. Wipe is a little more secure and has nicer options. It is possible make access to these program's easy by adding it as an extra menu option To add the securely wipe option, it's required to install these two programs wipe and nautilusactions If the two programs are installed follow the following steps. If they are not installed use the Ubuntu Software Center to install them or on the command line simply type apt-get install nautilus-actions wipe Open the "Nautilus Actions Configuration" from the System -> Preferences menu
We have to add a new action. To do this, start clicking on the "create new action button", the first option in the toolbar
Next is describing the new action. You can give the action every name you wish. Fill out this title in the "Context label" field. In this example we used "Delete file securely"
Click on the second tab ("Command"), here is how we specify the action we want. In the field "Path", type "wipe" In the field parameters type "-rf %M" Please be sure about the capitalization of all characters here, this is very important.
Next is specifying the conditions, click on the conditions tab and choose the option "Both" in the "Appears if selection contains..." box. With this option you can wipe both files and folders
securely. If done, click the save button (second item on the icon bottom toolbar) or use the menu File->Save
Now close the Nautilus Actions Configuration tool. Unfortunately, after this, you have to relogin into your system, so ether reboot or logout/login.
Now browse to the file you want to securely delete and right click:
Choose 'Delete File Securely'. The file will then be wiped 'quietly' - you do not get any feedback or notice that the process has started or stopped. However the process is underway. It takes some time to securely delete data and the bigger the file the longer it takes. When it is complete the icon for the file to be wiped will disappear. If you would like to add some feedback you can change the parameters field in Nautilius Actions Configuration tool to this: -rf %M | zenity --info --text "your wipe is underway please be patient. The icon of the file to be wiped will disappear shortly." The above line will tell you the process is underway but you will not know the file is deleted until the icon disappears.
Securely delete data under MacOSX
There are basically to build-in steps to make to securely delete your data on Mac OSX. 1. Erase the free-space on your hard-drive containing all the data of items which are deleted in an unsecure way. 2. Make sure that every file from then on is always securely deleted. We start with the first one: Erasing Free Space 1. Open Disk-Utility which resides in the Utilities folder inside the Applications folder. 2. Select your hard drive and click on 'Erase Free Space'.
3. Three options will appear, from top to bottom more secure, but also they take much more time to complete. Read the descriptions on each one of them to get an idea from what will happen if
you use them and then choose which one might suite your needs the best and click 'Erase free Space'. If time is no issue, then use the most secure method and enjoy your free time to get a good coffee while you Mac crunches away on this task. If the crooks are already knocking on your front-door you might want to use the fastest way.
Securely Erasing Files Now that your previously deleted data is once and for ever securely erased you should make sure that you don't create any new data that might be recovered at a later date. 1. To do this open the finder preferences under the Finder Menu.
2. Go to the advanced tab and tick 'Empty trash securely'. This will make sure that every time you empty your trash all the items in it will be securely deleted and are really gone!
Note: Deleting your files securely will take longer than just deleting them. If you have to erase big portions of unimportant data (say your movie and mp3 collection) you may want to uncheck this option before doing so.
CCleaner - Secure File Deletion and Work Session Wiping
CCleaner is an easy-to-use and efficient program, essential to protecting your digital privacy and security. By permanently deleting (or wiping) your browser history, cookies, other temporary files created during your work session, as well as free space on the disk, CCleaner limits the ways in which hostile or malicious parties can monitor your work habits and preferences or infect your system.
Homepage www.ccleaner.com Computer Requirements
All Windows Versions GNU Linux, Mac OS and other Microsoft Windows Compatible Programs Another excellent temporary file removal and shredder tool compatible with GNU Linux and Microsoft Windows is BleachBit: http://bleachbit.sourceforge.net . BleachBit lets you wipe temporary files in 70 of the most popular applications, operating system temporary files and free hard disk space. An open-source program with a portable version, BleachBit is available in 32 languages. Ubuntu Linux users can also refer to the Cleaning up all those unnecessary junk files… http://ubuntuforums.org/showthread.php?t=140920 guide to learn about cleaning your system. Mac OS users will appreciate free tools from Titanium’s Software, OnyX and Maintenance: http://www.titanium.free.fr to erase traces of your work session. To securely wipe your Trash, open the Finder menu and then select Finder > Secure Empty Trash.... To always securely wipe your Trash, select Finder > Preferences and then click the Advanced tab. Next, check the Empty Trash securely option. To wipe free space on the disk, run the Disk Utility system application, select the disk partition, choose Erase tab, and then click the Erase Free Space.. button.
Things you should know about this tool before you start The default settings on your computer system or an Internet browser automatically collect and create a data trail that a knowledgeable hostile or malicious party can follow - not unlike a hunter with its prey. Every time you use an Internet browser or word processor, or program, temporary data and files are generated and stored on your computer system. It could also generate lists of recently viewed documents or web pages. For example, whenever you type a web address into your Internet browser, a list of those addresses beginning with that/those letter(s) may be displayed as follows:
An Internet browser address bar displaying different URLs. Although browser histories may be convenient, they also let someone identify the web sites you have visited. Moreover, your recent activities may be exposed by temporary data collected from images that appear on those web sites, including email messages or information typed into Internet forms. To remove temporary data created every time you use a program, you would have to open each individual program directory, identify and then manually delete its temporary program files from there. CCleaner simply displays a list of programs and lets you choose the program(s) from which all temporary files should be deleted. Important: Although CCleaner only erases temporary files, and not the actual documents saved on your computer
Portable CCleaner
There are no other differences between Portable CCleaner and the version designed to be installed on a local computer. Step 1. Click http://www.piriform.com/ccleaner/download/portable to be directed to the appropriate download site. Step 2. Click to save the installation file to your computer
Step 3. Set your destination to removable disk and install the content there like below:
The CCleaner program extracted to the destination folder on a designated external hard drive Step 9. Double click to launch Portable CCleaner.
How to Configure CCleaner To configure CCleaner, perform the following steps: Step 1. Either click CCleaner console. or select Start > Programs > CCleaner to activate the Piriform
Step 2. Click
to activate the following screen:
The Options window displaying the default About pane Step 3. Click to activate the Settings pane. The Settings pane lets you choose the language you are most comfortable working in, and determine how CCleaner will delete temporary files and wipes drives. Note: The Secure Deletion section appears with the Normal file deletion option enabled. Step 4. Click the Secure file deletion (Slower) option to enable the drop-down list. Step 5. Expand drop-down list and select the DOD 5220.22 M item from the Secure file deletion (Slower) option to resemble the following screen:
The Settings pane displaying the Secure Deletion options
After you have set this option, CCleaner will overwrite the files and folders you have selected for deletion with random data, effectively wiping them from your hard disk. The passes in the Secure deletion drop-down list, refer to the number of times your data will be overwritten by random data. The greater the number of passes selected, the more times your document, file or folder will be overwritten with random data. This reduces the recoverability of that document, file or folder, but increases the length of time required by the wiping process.
How to Delete Temporary Files in CCleaner
How to Delete Temporary Files In this section, we will learn how to delete all the temporary files created by Microsoft Windows and most applications that you use on your computer. Step 1. Click or select Start > Programs > CCleaner to activate the CCleaner console.
Step 2. Click the following screen:
to activate
The CCleaner console displaying the Cleaner pane
The Cleaner window is divided into two panes, the left pane displaying the Windows and Application tabs and the right pane featuring an empty space to display information or results from a given cleaning operation. The Analyze and Run Cleaner buttons are located beneath that space.
The Windows and Applications tabs with all options checked Note: By using the following steps, you will delete temporary files for the items you have checked in both the Windows and Applications tabs. Given that different users have different programs installed on their computer, your own list of applications may vary somewhat from the example in Figure above.
Step 3. Scroll down the Windows and Applications tabs and check all the options in the Advanced section too. As you check some of the options, a warning confirmation dialog box appears, explaining what each option will affect:
An example of a Warning confirmation dialog box Note: Check all the options in the Windows and Applications tabs to enable a full and thorough cleaning of the temporary files. However, it is essential that you understand what kind of configurations and settings are being deleted. Warning: By checking the Wipe Free Space option, you will significantly extend the amount of time required for the cleaning process; as such, ensure you have at least an hour or more for this. Step 4. Click available for deletion. to generate and view a list of the different temporary files
Tip: Close all other programs before you begin the cleaning process. If you leave them open, CCleaner may not remove all the temporary files associated with those programs, and you may receive pop-up notices resembling figure below.
An example of a notice to close Firefox/Mozilla Step 5. Click to continue listing the files for deletion.
An example of a list of temporary files for deletion Note: CCleaner only deletes the temporary files generated whenever you use an application – and not the application itself. In Figure above for example, the Applications – Office 2003 program suite remains installed on the computer, but its temporary files have been deleted. However, to use CCleaner to uninstall a program, please refer to Advanced Options, FAQ and Review, section How to Uninstall Programs Using CCleaner. Step 6. Click following screen: to begin deleting these temporary files, and activate the
Confirmation dialog box
Step 7. Click to delete these temporary files as follows; after the deletion has been completed, the results displayed may resemble the following screen:
The file deletion results
You have now successfully deleted your temporary files from both the Windows and Applications tabs using CCleaner.
How to Clean the Windows Registry in CCleaner
Before You Begin CCleaner also lets you clean the Windows Registry, a database which stores configuration information, and hardware and software settings on your system. Every time you alter basic system configuration information, install software or perform other routine tasks, these changes are reflected and stored in the Windows Registry. Over time; however, the Windows Registry accumulates outdated configuration information and settings, including traces of obsolete programs. The CCleaner Registry option lets you scan and remove such information, improving the overall function and speed of your system, as well as protecting your digital privacy and security. Tip: A scan of the Windows Registry should be performed on a monthly basis.
How to Clean Your Windows Registry Using CCleaner
Step 1. Click
to activate the following screen:
The CCleaner user interface in Registry mode
The CCleaner Registry window is divided into a Registry Cleaner list, and a pane used to display information about any problems identified. Step 2. Check all the items in the Registry Cleaner list, and then click to begin scanning for registry-related problems to be fixed; after some time, your results may resemble the following:
The results pane displaying a list of problems to be fixed As a precautionary measure before you begin fixing the Windows Registry, you will be prompted to save a backup file of your registry. If a problem occurs after the Windows Registry has been cleaned, you may restore the Windows Registry to its original state using this backup file. Step 3. Click to activate the following confirmation dialog box as follows:
The confirmation dialog box Note: If you forget where you have stored your backup registry file, simply perform a search for a .reg file extension.
Step 4. Click
to create a backup of your registry, and activate the following screen:
The Save As location browser Step 5. Click following dialog box: after you have chosen a location for your backup file, to activate the
The Fix Issue/Fix All Selected Issues dialog box Advanced or expert level users will appreciate the ability to fix some problems and ignore others, depending on their requirements. Average users and beginners are recommended to simply fix all the selected issues.
Step 6. Click would like to. Step 7. Click
or
to view each problem, and then click
to fix only those you
to fix all the selected issues.
The Windows Registry has now been successfully cleaned. Tip: Repeat steps 3 to 6 until you no longer see any problems to be fixed.
How to Recover Your Registry Backup File If you suspect that cleaning the Windows Registry has caused a problem with the functioning of your system, the registry backup file you already created can be used to restore the original registry and reduce interference with your system. To restore the original registry, perform the following steps: Step 1. Select Start > Run to activate the Run confirmation dialog box and then type in regedit as follows:
The Run confirmation dialog box Step 2. Click to activate the following screen:
The Registry Editor Step 3. Select File > Import from the menu bar to activate the Import Registry File screen, and . then select Step 4. Click to activate the following confirmation dialog box:
Another Registry Editor dialog box confirming the registry backup file has been restored Step 5. Click to complete the restoration of the registry backup file.
Advanced Options, FAQ and Review
Advanced Options Two CCleaner features which could improve the overall efficiency of your computer system are the Uninstall and Startup features are described in the sections that follow. Also, you will learn how to permanently delete or wipe any free space on a specified drive.
How to Uninstall Programs Using CCleaner Important: Make sure the program to be deleted or uninstalled is not essential to the proper functioning of your computer system before you begin doing so. By deleting unused or unwanted previously installed software before running CCleaner, you may also remove their temporary files and folders. This may reduce the number of temporary files and folders to be deleted, as well as the length of time for the cleaning process. The CCleaner Uninstall feature is the equivalent of the Microsoft Windows Add or Remove Programs feature. The Uninstall feature lists the programs more clearly and quickly. To begin uninstalling obsolete programs, perform the following steps: Step 1. Either click CCleaner console. or select Start > Programs > CCleaner to activate the Piriform
Step 2. Click
and then click
to activate the following screen:
The Tools option displaying the Uninstall pane Step 3. Select a program from the Programs to Remove list, and then click uninstall the selected program. to
Tip: Advanced or experienced users will find the Rename Entry and Delete Entry features useful in keeping the existence of certain software private. Either feature ensures only you know about the existence of this program, keeping it safe from hostile or malicious parties which may use the Microsoft Windows Add/Remove Programs feature or CCleaner to view them. Step 4. Click to rename that program. Alternatively, click delete a program from that list, but without actually uninstalling it. How to Disable Auto-Start Programs in CCleaner An auto-start program is configured to automatically start itself whenever you turn your computer on. Auto-start programs may start making demands on finite system resources, and slow down your computer at start-up time. to
Step 2. Click
and then click
to activate the following screen:
The Tools option displaying the Startup pane Step 3. Select a program from those listed in the Startup pane and then click to disable the program so it does not automatically start running when you turn on your computer.
How to Wipe Free Disk Space Using CCleaner In the Windows operating system, deleting a file merely removes a reference to that file, but may not remove its actual data. Although the area of that drive will eventually be overwritten with new files over time, a knowledgeable individual could rebuild either all or sections of that file. However, you can prevent this from happening by wiping the free space on your hard disk. CCleaner also lets you wipe the Master File Table. The Master File Table (MFT) is an index of all file names, their locations, and other information. When Microsoft Windows deletes a file it only marks the index entry for that file as deleted for reasons of efficiency. The MFT entry for the file and the content of the file continue to reside on the hard disk. Note: Performing a hard disk and Master File Table wipe consumes a considerable amount of time, and the amount of time required depends on the number of passes set. Before you can begin wiping the empty spaces on your hard disk and Master File Table, certain options must be set in both the Options > Settings and Cleaner panes.
To set the drive you would like to wipe, perform the following steps: Step 1. Scroll down the list to check both the Secure Deletion and Secure file deletion (Slower) options, and then select if you have not already done so.
Step 2. Click
and then click
to activate the Settings pane.
Step 3. Check the Wipe Free Space drives and Wipe MFT Free Space options as follows:
The Settings panes with both Wipe options checked
Step 4. Click
to activate the Piriform CCleaner main console.
Note: The next step is optional if you have already enabled this section when performing a routine cleaning your temporary files. Tip: Remember to close all the other programs before you begin the wiping process. If you leave them open, CCleaner may not remove all the temporary files associated with those programs. Step 5. Scroll down the Windows tab to the Advanced section and then check the Wipe Free Space option to activate the following warning:
The Warning confirmation dialog box Step 6. Click and then click to activate the following screen:
The confirmation dialog box Step 7. Click Table. to begin wiping the empty spaces on your hard disk and Master File
On Microsoft Windows apart from Eraser described in this chapter one can also use CCleaner to securely delete files and folders from Recycle Bin. CCleaner can also wipe free space on the disk. Another recommended tool that can be used to securely delete files is Freeraser. On Microsoft Windows apart from Eraser described in this chapter one can also use CCleaner to securely delete files and folders from Recycle Bin. CCleaner can also wipe free space on the disk. Another recommended tool that can be used to securely delete files is Freeraser. http://www.freeraser.com We would also like to recommend the following multiplatform tool: DBAN - Darik's Boot And Nuke: http://www.dban.org . It is a package which you burn onto a CD and start your computer from. DBAN allows you securely delete the whole content of any hard disk that it detects, which makes it the ideal utility for bulk or emergency data destruction.
Using DBAN to wipe the contents of a hard disk
It is possible to use DBAN on a USB drive or CD. You will learn both methods here: Distribution Home Page: http://www.dban.org Download DBAN from http://downloads.sourceforge.net/project/dban/dban/dban-2.2.6/dban2.2.6_i586.iso?use_mirror=autodetect Or: https://sourceforge.net/projects/dban/files/dban/dban-2.2.6/dban-2.2.6_i586.iso/download To make a bootable CD of DBAN, burn the .iso file by a burning software for example: http://www.imgburn.com If you prefer to use USB version of DBAN follow these instruction: Minimum Flash Drive Capacity: 32MB (11MB free space) DBAN Live USB Flash Drive Creation Essentials
Windows PC to perform conversion dban-2.2.6_i586.iso 32MB+ USB flash drive (fat32 formatted) Universal USB-Installer (does the conversion) Download:http://www.pendrivelinux.com/downloads/Universal-USB-Installer/UniversalUSB-Installer-1.8.8.0.exe and run Universal USB Installer, select DBAN 2.2.6 from the drop down list and follow the onscreen instructions Once the installation to USB is complete, restart your PC and set your BIOS or Boot Menu to boot from the USB device, save your changes and reboot
Notes: The DBAN autonuke feature may also Nuke the Flash Drive (and as usual, any other drive it detects). To prevent DBAN's autonuke feature from wiping the thumb drive, "Remove your thumb drive after DBAN has loaded, but before it has started wiping drives."
Wiping procedure
To start, boot from a bootable CD. This may involve changing the BIOS options to make the computer boot from CD. Use the menus to select Hard Disk Tools, then Wiping Tools, then Darik's Boot and Nuke. Turn on the computer that you would like to clean. You must set the system BIOS to use the CD\DVD drive or USB drives ahead of the Hard disk to boot. Verify the computer is booting to the CDROM drive before the HD,then insert the DBAN CD. PC's vary in the exact requirements to enter the BIOS settings, but usually you press F1, F2 or F12 while the computer is booting.
Once DBAN has booted, you will be presented with the following screen:
DBAN Startup Menu Screenshot
Autonuke The easiest option is to type autonuke, and then press ENTER. This will wipe any fitted hard drives, using the default options. The progress of each hard drive will be displayed in the main, lower part of the screen. The time taken, and an estimate of the time remaining, is displayed in the Statistics box. The screenshot below shows DBAN wiping two hard drives:
When DBAN is finished, it will display a message similar to the one below:
Interactive Mode Interactive mode allows greater control. To start DBAN in interactive mode, just press ENTER at the DBAN start screen. When DBAN has started, you will be presented with the following screen:
At the above screen, click the letter “M” for method and select “RCMP TSSIT OPS-II” by pressing “ENTER.” This method is recommended for sensitive data, and is recommended by the Canadian Government for material up to and including Secret material. Now press the “Space” key. This will select your IDE drive that you would like to wipe clean. If you would like to choose a different drive to clean, then use your “Arrow” keys to select the drive and press the “Space” key to select the drive. Warning: All data will be lost including the operating system and all programs. This is not a reversible process! After selecting your drive, your screen should say 'wipe'-Since you just selected the disk to wipe clean, now it is time to start the cleaning process. At this time press the 'F10' key. This is the point of no return and will start the cleaning process. Both the 'DoD' and 'RCMP TSSIT OPS-II' process will take a while to finish. Please plan on allocating at least 12 hours for this process until succeeded.
Who is speaking?
We let the cops, experts in the field to devote their time while we have better things to do. Although it is so hard to explain into the words all details related to offline security. We know very well the operation of operating systems, and particularly that of Debian GNU / Linux. We have a strong foundation in cryptography, but are very far from being able to claim any expertise in this area. Although we have done this project to support digital privacy:
But
Depend on the political positions and the invasion to our privacy, we can shift from: Good to Evil
By Anna Farahmand & Michael Webber
Volume 1
May 2012
'Security is a not a product, but a process.' It's more than designing strong cryptography into a system; it's designing the entire system such that all security measures, including cryptography, work together. — Bruce Schneier
© 2012 Anna farahmand - Micheal Webber The copy write belongs to the authors. ---No legal action will be entered into regarding the copying printing or sharing of this document in its unaltered form so …...........please copy upload and share the wisdom of this document.................. – No profiting from sales of this of this document will be tolerated. – (Micheal Webber)
Find more from Anna Farahmand and Michael Webber by Google them or here: http://www.scribd.com/annafarahmand
Content
Preface Some basics on computers Machines to process data The material The motherboard Processor The RAM The hard drive Other devices The BIOS Electricity, magnetic fields and radio waves Software The operating system Applications Libraries The data storage The scores File systems File formats Virtual memory (swap) Marks on all floors In RAM In virtual memory Standby and hibernation The day before Hibernation Newspapers Automatic backups and other lists Metadata Malware, spyware and other cookies Malware Keyloggers or keystroke loggers Printing problems? A bit of Steganography Memory, more ... Some illusions of security ... Proprietary software, open source, free The metaphor of the cake Proprietary software: blind faith The advantage of having the recipe: free software The password of an account does not protect its data About the "delete" files 11 14 14 14 15 15 17 18 19 19 20 21 21 22 22 22 22 23 23 24 24 25 26 26 26 27 27 27 29 30 31 33 34 34 35 35 35 35 36 37 39 39
Deleting a file does not delete the content ... Beginning of a solution: rewrite several times over the data Some limits of the rewriting The discs 'smart' File systems "smart" What they do not know ... Many other times we "erase" how to leave no trace? Portable software: a false solution One way to protect themselves: cryptography Protect data from prying eyes How does cryptography work? Want a picture? For a hard drive... Summary and limitations Ensure the integrity of data The power of the chopper Check the integrity of software Verify a password Symmetrical, asymmetrical? Choose appropriate responses Risk Assessment Define a security policy A matter of compromise How? A few rules Simple Vs. complex White list, black list We're not robots Use-by date Use case Use case: a new beginning, never to pick up the pieces Context Assess the risks Define a security policy First step: just open the eyes to see Second step: the dresser drawer was not encrypted Third step: the law as a means of coercion Step Four: Networking Angle: a breach in the encryption system used Angle of attack: cold boot attack Angle: the eye and video surveillance Angle: the non-encrypted and BIOS Angle: malware Angle of attack: brute force Working on a sensitive document
39 40 40 41 42 43 43 43 43 45 45 46 48 49 50 51 52 53 54 55 55 55 57 57 58 58 59 59 61 61 61 62 62 63 64 64 64 65 66 66 67 67 68 68 69 69
Working on a sensitive document on a live system ... Working on a sensitive document on a Debian encrypted ... Working on a sensitive document on Windows ... Starting point: windows or a sieve of security holes Second step: Windows in a locked compartment (almost) tight Install Virtual Box Install Windows "clean" in Virtual Box Install the necessary software in the Windows "clean" Freeze "clean" Windows New project, new beginning When the project is completed Another new project? Third stage: possible attacks and measures Common limitations to these security policies Use case: archive a completed project Tools Use a terminal Terminal? Terminal administrator? Choose a passphrase Boot from a CD or USB stick Use a live system Discrete systems live Download a live system Verify the authenticity of the live system Install the system live on the selected media Boot from a live system Install an encrypted Limitations Use a USB key Check fingerprint of the installation media Prepare the Installation Media The actual installation Some tips to keep Some documentation on Debian and GNU / Linux Select, test and install software Find Software Find an application Install a Debian package How can I change Debian's repositories Erase data "for real" Delete files and their contents ... Add to Nautilus a command to delete files and their contents Delete a whole disk "for real" Clear all the contents of a disk Find the device path Launch the shred
73 74 76 76 76 77 77 78 78 79 81 81 81 82 83 85 86 90 93 93 99 99 100 101 101 103 103 104 106 106 106 110 114 115 115 116 116 121 122 126 129 130 133 133 133 134
Use the disc Delete the contents of a LUKS encrypted partition Make unrecoverable data already deleted Add a command for Nautilus to make unrecoverable the data already deleted Partition and encrypt a hard drive Prepare a hard Create an unencrypted partition Create an encrypted partition Use an encrypted hard drive Back up data File Manager and encrypted storage Making backups Restore a backup Ensure that backups are always readable using Already Dup Make a backup Restore a backup Ensure that backups are always readable Create a "user" account on a Debian system Remove a "user" account on a Debian system Share a secret Use the checksums Get the checksum of a file Check the integrity of a file Allow others to verify the integrity of a file Make a checksum in graphical mode Install and use a virtualized system Install Virtual Box Install a Windows virtualized Save an image of a clean virtual disk Delete virtual machine "for real" Create a new virtual machine from a clean image Send files to a virtualized system Bring out the files in a virtualized system Keep an updated system Maintain a live system Maintain an encrypted system The daily updates of an encrypted system Transition to a new stable release Security-focused operating system Feel the love of free and open source software Terminal-The Command Line Windows Command Prompt Linux Installing Ubuntu Linux Encrypted Ubuntu 8.04
135 135 138 140 143 145 147 147 148 149 150 150 150 150 151 152 153 153 153 155 158 161 161 162 162 162 165 165 167 169 170 171 174 175 177 177 177 177 178 185 189 190 207 222 222 229
Full installation of Ubuntu to a USB flash drive Moving WUBI to a USB Flash Drive How to make Ubuntu Live USB from CD Install Debian Live to a Flash Drive from Windows Ubuntu Privacy Remix: UPR Windows How to Install Windows XP How to Install Windows 7 How Setup Windows XP Mode in Windows 7 Xp mode without hardware virtualization Why security matters Human Security Risks evaluations Protection against physical intruder Record passwords KeePass-Secure Password Storage- install and use on different Os Device Security Disk Encryption Setting up LUKS encryption on USB drives eCryptfs TrueCrypt Steganography An example: SilentEye Protect your computer from malware and hackers Avast! - Anti-Virus Spyware-spybot Firewalls Comodo Firewall Information recovery Backup Software: Cobian Backup - Secure File Storage Recuva: Recovering from accidental file deletion Recover and Securely Overwrite Files Using Recuva How to destroy sensitive information Eraser - Secure File Removal File Shredder to securely delete data under Windows Install the Nautilus Actions Configuration utility Securely delete data under MacOSX CCleaner - Secure File Deletion and Work Session Wiping Using DBAN to wipe the contents of a hard disk Who is speaking?
269 273 276 278 284 287 287 295 308 326 340 342 343 343 347 347 373 373 374 379 381 416 433 435 436 448 452 453 464 466 483 495 499 504 516 519 528 531 550 554
Preface
The other side of the digital memory Nowadays, computers, Internet and mobile phones tend to take more and more space in our lives. The making digital often seems very practical: it's fast, it can talk to a lot of people very far away, you can have all your history in photos, we can easily write text... but it has no benefits for us except we follow digital security rules. Indeed, it is much easier to listen quietly conversations through mobile phones in a noisy street, or to find the information you want on a hard drive, rather than a shelf overflowing with papers. In addition, much of our personal information published somewhere, either by ourselves or by others, or because we are encouraged - because the technologies leave traces , or simply because you are not careful. Nothing to hide? "But do not be paranoid, I have nothing to hide," you might respond to the previous statement... Two examples, however, all animals tend to show the opposite: no one wants to see their secret codes or credit card account eBay fall into any hands and nobody likes to see his home address was published on the Internet in spite of himself... But beyond these stupid questions in defense of private property, privacy should be a challenge in itself. First, it is because of what is allowed or not allowed with a computer. Those arrested for digital activities did not please their government languishing in prison in every country in the world not only in China or Iran. Also, what is allowed today, how do you know what will happen tomorrow? Governments change, laws and situations as well. If we do not have to hide now, for example, regular attendance at a militant website, how to know what will happen if it is linked to a process of repression? The traces have been left on the computer ... and could be used as incriminating evidence. Last but not least, at the time companies control more and more paranoid, more and more determined to track down the subversion and see behind every citizen a potential terrorist and, hiding in itself becomes a political issue. Nevertheless, many people, work for governments as employers, advertisers, or the cops , have an interest in obtaining access to our data and the information because of global economy and politics.
All this may lead to think that we do not want to be controlled by a "Big Brother" whatsoever. It already exists or that it anticipates its emergence, the best is probably to ensure that it can’t be used against us by all wonderful tools that we offer and modern technology. Also, all have something to hide, even if only to clean their tracks! Understand in order to choose This section is an attempt to describe understandable terms in the digital world, a focus on some ideas to better understand what we are exposed in use of a particular tool. So, be able to sort through the all "solutions" more or less dangerous, and what they do not protect. In reading these pages, you may feel that nothing is really safe with a computer, well, that's true. And it is false. There are tools and appropriate uses. Often the questions are not so much "should be used or not these technologies?”But rather" when and how to use (or not)? " Take the time to understand Software are easy to use by our brains ... if we allow easy use of computers, they also made us take off on the ends of life assigned to them. With the acceleration of computers, our connections to the Internet are very fast. With the mobile phone and Wi-Fi, signal to get a telephone or to connect a network cable to the computer to communicate is already obsolete. Be patient, take the time to learn or think would become superfluous: we want everything right away, we want the solution. But this involves many decisions to assign. This guide is intended to propose alternative solutions that require taking the time to understand and apply. Apply its practices for the digital world. We urge you to build your raft around and do not forget to take this guide and send your comments to us. A "guide" This guide is an attempt to bring together what we learned during years of practice, error, reflection and discussion to share. It involves the technologies very quickly .To make it more digestible, we divided all we wanted to tell in several sections. The computer in the first section is offline so threats, desires and responses are different as well. The technology is changing rapidly. It is clear that it is always the case. During 2011-2012 we saw the publication of a serious study on the persistence of data protected on USB drives, SSDs and other flash memory. Conclusion: encryption and full overwritten appear to be the only strategies with minimum guarantees. New laws authorize or make mandatory the installation of software that can only be seen as malicious in terms of security.
This recalls, if necessary, the need to take seriously the continuing threats in our digital world. In terms of tools, in February 2011 we saw the release of new version of Debian, called "Squeeze" and In April of that year version 0.7 of the” Tails” live system based Squeeze released. It was therefore necessary to review the tools to operate on these new systems. The creation of encrypted disks is greatly simplified with these new versions: you can now make the bulk of the operation without the need for a terminal. Installing VirtualBox is also easier. Debian Squeeze contains software to make backups in a few clicks on the section has been expanded. And for those who have already installed a previous version of Debian (Lenny), a new tool explains how to upgrade to Debian Squeeze. With this revision, we hope this guide be a companion in crossing the digital jungle ... at least until the next one. Faced with the complexity of computer and digital, the amount of information to swallow in an attempt to gain some practical self-defense can seem overwhelming. It certainly is for those who seek to understand everything at the same time... This first volume will concentrate on the use of a computer "offline" - before any connection. But there are also more general valuable knowledge whether the computer is connected to a network or not.So we put aside until the second volume, threats specifically related to the use of the Internet and networks. Offline for this piece, like the others, we take the time to dwell on the basics, their implications in terms of security / confidentiality / privacy . After the analysis of use cases, we can look at some practical recipes. Here we want to use fuzzy concept: something that revolved around the possibility of deciding what is revealed, to whom it reveals, and what is kept secret, something that would also include some attention to foil attempts to penetrate the secrets. One last point before we jump into the water: the illusion of security is much worse than a clear conscience of a weakness. So take the time to read the first parts before we throw our keyboards ... or even to throw our computers out the window.
Anna Farahmand May2012
Some basics on computers
First things A computer is not a magician's hat, where you can store and rabbits out when needed, which would by pressing the right button to get a window on the other end of the world. A computer consists of a set of machines of varying complexity, connected by electrical connections, cables, and sometimes radio waves. All hardware stores, processes and replica signals to manipulate information that one can see a nice screen with lots of buttons where to click. With these key components, you will understand the basics of what makes them, the strengths and weaknesses of these devices, to which you entrust a lot of your data
Machines to process data Computers are machines invented to care information. They so precisely record, process, analyze and classify information, even in very large quantities. In the digital world, copying information costs only a few micro-watts, in other words not much: it is essential to have that in mind if we limit access to information. You just have to consider that information on a computer (and even more when it is on a network) to accept that this information can escape. This guide can help to limit the damage, but it should still take note of the reality.
The material Sum of components connected to each other, our computer is first an accumulation of data, we can touch, move, hack, break. The entire screen / keyboard / power (or CPU), or the laptop, is useful when you want to simply plug it to the right place. But to know what happens to our data, a more detailed examination is needed. We consider here the contents of a "classic “computer, sometimes called PC. But we will find most of these components with slight variations on other machines: Macs, mobile phones, "box" Internet connection, MP3 player, etc...
The motherboard
A computer is mostly composed of electronic components. The motherboard is a big circuit board that connects most of these elements. On the motherboard will connect at least one CPU, RAM, a storage system (hard drive), a component to start the computer (BIOS) and other cards and devices as required. We will soon make a small tour through all that to have a idea of how it will be useful later.
Processor
The processor (also called CPU, central processing unit) is the component that handles the processing of data. To represent the work of a processor, the most usual example on which to rely is the calculator. On a calculator you enter data (numbers) and operations to make it (addition, multiplication or otherwise) before examining the results, possibly to use it then as a basis for further calculations. A processor works exactly the same way. Using data (which can be a list of operation to perform), to run the chain. It is only that, but it does very quickly.
But if the processor is a simple calculator, how can we then perform processing of information that is not numbers, for example text, images, sound or moving the mouse? Simply by turning it into whatever number is not, using a previously defined code. For the text, it can be, for example A = 65 , B = 66 , etc.. Once this code set, you can scan your information. With the previous code, we can for example convert "GUIDE" in 71, 85, 73, 44, 69 . This series of numbers used to represent the letters that make our word. But the scanning process will always lose information. For this example, the passage loses the specificity of the handwriting; letters are equally hesitant to "information." When things pass through the sieve of the digital world, we always lose some pieces necessarily. Beyond the data, the operations that the processor must perform are coded as binary numbers. A program is a series of instructions, handled like any other data.
The chip to an Intel Pentium 60 MHz in its case
Inside the computer, all these numbers are themselves represented by means of electrical states: a lack of current, or current presence. So there are two possibilities, the famous 0 and 1 that can cross over the place. That's why we talk about bi-nary. And only with a bunch of son and several billion transistors (switches, not so different from those to turn on or turn off the light in a kitchen) that data processing is done. All processors do not work the same way. Some are designed to be more effective for certain types of calculation, the other to consume less energy, etc.. Moreover, all the processors do not have exactly the same instructions. There are large families, called architectures. This is important because a program designed to run on a given architecture does not usually work on another.
The RAM
The memory (RAM or Random Access Memory) is often presented in the form of strips, and plugs directly into the motherboard.
A bar of RAM
The RAM used to store all software and open documents. This is where the processor fetches the data to process and store the results of operations. This information must necessarily be present in a form directly usable to perform the calculations. Access to RAM is very fast: just the time is needed to connect the processor to the memory box to read (or write). When the RAM is not powered by electricity, its data become unreadable after a few minutes or hours, depending on the model.
The hard drive
A hard drive 3 ½ inches Since the RAM is erased due to power off, the computer needs another place to store data and programs between each running computer. It is also referred as persistent memory or read-only memory: a memory in which the written information remain even without power. The solution is generally a hard drive. It is often a metal shell in which there are multiple disks that rotate without stopping. These discs are tiny pieces of iron. Above of each disk are read heads. Using magnetic fields, the latter detect and alter the position of pieces of iron. This is the position of pieces of iron that can encode the information to be stored. This mechanism is much slower - about 50 times than access to the RAM. But, it's easier to put much more information. The information on a hard drive is of course materials, but also programs and all the data they use to work like temporary files, logs, backup files, configuration files, etc... The hard disk memory retains a semi-permanent and almost complete for all kinds of signs that speak of us, what we do, with whom and how, once you use a computer.
Other devices
With only one CPU, RAM and storage media, you get a computer already. Other devices can be a keyboard, mouse, monitor, network adapter (or wireless), DVD player, etc... Some devices require additional chips so that the processor can access it. These chips can be soldered directly to the circuit of the motherboard (this is typically the case for the keyboard) and then require the addition of a more circuit, delivered as a map. To reduce the number of specific chips (and therefore expensive and complicated to develop), systems access devices tend to become uniform. For example, the standard USB (Universal Serial Bus) is increasingly used to connect printers, keyboards, mice, additional hard drives, network adapters, or what is commonly called the "USB".
The BIOS
Award BIOS chip on a motherboard To start the computer, you must give the processor a first program, in order to load the programs to be executed next. This is usually the role of the BIOS (Basic Input / Output System, or base I / O system). This is tiny software contained in a memory chip on the motherboard. This memory is part of a third type: the flash memory. It is a memory that retains information when it is off, but we can’t replace the content in an operation called flashing. Also this type of memory found in the "USB" or "hard" so-called Solid State Disk (SSD). With running this first program on the computer it allows, among others, to choose where the operating system you want to use (which will be loaded from a hard drive, USB key, a CDROM or from the network).
Electricity, magnetic fields and radio waves
With regard to the confidentiality of information flowing in a computer, you must already take note of several things after this quick tour of what it comprises. First, most of the information flows in the form of electric currents. So nothing prevents a voltmeter to measure the current flowing, and so be able to reconstitute any data manipulated by the computer in one form or another. In addition, any current flowing tends to emit a magnetic field. These magnetic fields can radiate a few meters, see 1 . It is therefore possible that it provides the means to reconstruct the contents of a screen or what has been typed on a keyboard, and even behind a wall from the street or adjoining apartment: thus, researchers were able to record the keystrokes typed on keyboards from their electromagnetic emissions, at a distance of up to 20 meters 2 . The same type of operation is possible from the observation of small perturbations generated by the computer on the grid where it is connected. However, it is why the attacker is connected on the same grid. Finally, some devices (keyboards, mouse, headphones, etc) that are Functioning wireless. They then communicate with the computer via radio waves that anyone can pick around and eventually decode shamelessly. In short, to summarize, even if a computer is not connected to a network, regardless of the programs that work, it is still possible for people well equipped to carry out a "listening" to what is going inside the computer.
1. Berke Durak was able in 1995 to capture the electromagnetic waves emitted by most of the components of his computer with a simple walkman radio capable of receiving. http://lambda-diode.com/electronics/tempest 2. Sylvain Pasini and Martin Vuagnoux have made scary videos to illustrate their Compromising Electromagnetic Emanations of paper Wired and Wireless Keyboards published in 2009. http://lasecwww.epfl.ch/keyboard
Software
In addition to the amount of physical elements that make a computer, we must also consider the less tangible elements: software. At the time of the first computers, whenever it had run different treatments, we had to physically intervene to change the layout of cables and components. It is far today: the operations to be performed for the treatment of data have become like the others. Data is called "programs" that are loaded, modified, manipulated by other programs. The programs are generally written to try to do one thing and do it well, especially to keep this understandable by humans who design them. It is then the interaction of tens of thousands of programs that will enable them to perform complex tasks for which computers are commonly used today. when you click on a button, it is launching a chain of events, an impressive amount of calculations, which lead to electrical impulses coming to the end to change a physical object (such as we want to burn a CD, a display that changes its LEDs to display a new page, or a hard drive that enables or disables micro-switches to create the sequence binary data that will be a file).
The operating system
The purpose of an operating system is primarily to allow the software to share access to the hardware components of the computer. Its role is to allow different software to communicate with each other. An operating system is also usually comes with software, at least enough to start other programs. The most fundamental is the operating system kernel that is responsible for coordinating the use of equipment by the programs. For each hardware component of the computer that you want to use; the kernel activates a program called "pilot" (or driver). There are drivers for input devices (such as keyboard and mouse), output (screen, printers, etc..) Storage (CD-ROM, USB, etc.).. The kernel also manages the implementation of programs, giving them bits of memory and by distributing the computation time of the processor between the different programs that want to make it work. Beyond the core, the operating systems used today, such as Windows, Mac OS X or GNU / Linux (Debian, Ubuntu, Fedora, for example) also include many utilities as well as graphical desktop environment which can use the computer by simply clicking on buttons.
The operating system is usually stored on the hard disk. However, it is also quite possible to use an operating system stored on a USB drive or burned onto a CD-ROM. In the latter case, we speak of live system (no changes can be made on the CD).
Applications
The Software Called "applications" can actually do what you want to ask the computer. An example is Mozilla Firefox web browser, OpenOffice.org for office or GIMP or Adobe Photoshop for image processing. Each operating system defines a method for very specific applications can access the hardware, data, network, or other resources. The applications that you wish to use must be designed for the operating system of the computer.
Libraries
There are libraries for graphical display (ensuring consistency of what is displayed on the screen) to read or write file formats, to connect some network services, etc... If you're not a programmer, you barely need to touch libraries. However, it may be interesting to know their existence, if only because a problem (like a programming error) in a library can affect any software that uses it.
The data storage
We have seen a hard drive (or USB) was used to keep data between two sections of a computer. But, just to navigate the data are arranged in a certain way: a cabinet in which it would simply piled sheets of paper is not really a form of most effective storage.
The scores
Like in a cabinet you can put several shelves; you can "cut" a hard drive into several partitions. Each shelf may have a different height, a different classification, depending on whether you want to put books or files, alphabetically or by order of reading. Similarly, a hard disk, each partition can be different in sizes and contain a different type of material: a file system.
File systems
A file system is used primarily to be able to find information in our huge pile of data, such as the contents of a cookbook can directly go to the right page to read the recipe for the evening feast. It may be important to note that deleting a file does that removing a row in the table of contents. Going through all the pages, you can always find our recipe One can imagine thousands of different formats to store data, and there are so many different file systems. It comes to formatting when creating a file system on a media. Given that the operating system that gives programs access to data, a file system is often closely linked to an operating system. For example: NTFS, FAT32 are those usually used by the Windows operating systems, type ext ( ext3 , ext4 ) is often used in GNU / Linux types HFS, HFS + and HFSX are employed by Mac OS X. If the software is adequate, it is nevertheless possible to read a file system that is "foreign" to the system being used. Windows is unable to read and an ext3 partition, unless you install the appropriate software. One consequence of this can exist on a given computer storage spaces invisible to the user because they are not recognized by the operating system (or not accessible to the user), but are in fact present.
File formats
The handled data are generally grouped as files. A file content, has also a name, a location (the folder where it is located), size, and other details as the file system used. But within each file, the data themselves are organized differently depending on their nature and the software used to manipulate them. We talk about file format to differentiate them. In general, it is at the end of a file name, sometimes called extension, to indicate the file format. Examples: for music, we use the MP3 or Ogg, a text document to OpenOffice. Org will be OpenDocument Text (ODT) for images, there will be a choice of JPEG, PNG, format of Adobe Photoshop (PSD), etc.. It may be interesting to differentiate between open formats, details of which are public and proprietary formats, often designed to be handled by specific software.
Proprietary formats have sometimes been observed under the microscope to be opened by other programs, but their understanding is often imperfect and subject to change from one version to another application. This is typically the case with the Microsoft Word format, often referred to .doc .
Virtual memory (swap)
Normally, all data that the processor needs to access, so all programs and open documents, should be in RAM. But to open lots of programs and documents, modern operating systems cheat: they change, when necessary, pieces of RAM with hard drive space dedicated for this purpose. This is known as "virtual memory" or a "swap space". The operating system is a small kitchen and the processor is always working on RAM data which really wants to access. The swap is thus an example of storage space which we do not necessarily think, saved on the hard disk, either as a large contiguous file (Microsoft Windows) or in a separate partition (with Linux). We will return in the next section on the problems posed by these questions of format and storage space in terms of confidentiality.
Marks on all floors
Normal operation of a computer leaves many traces of what is done above. Sometimes they are necessary for its operation. At other times, this information is collected to allow software to be "more practical".
In RAM
We have seen that the information first is stored on the computer’s RAM. As long as the computer is turned electric, it contains all the information the system needs. It retains many traces necessarily: keystrokes (including passwords), open files, various events that marked the arousal phase of the computer. By taking control of a computer that is on, it is not very difficult to make it spit out, all the information in RAM, for example to a USB drive or to another computer over the network. And take control of a computer can be as simple as plugging an iPod 1 . Once recovered, the amount of information contained in the RAM on the computer and those who use it can then be exploited... Moreover, if these data become unreadable when turned off, it takes time, however, which may be enough for a malicious person has time to recover what is there. This is called a "cold boot attack": the idea is to copy the contents of the RAM before it had time to fade, so use it later. It is even technically possible to wear at very low temperatures the fresh memory of an off computer - in which case its content can remain for several hours or even days 2 . This attack, however, must be carried out soon after power off. In addition, when using a few large programs (such as a huge image retouching with Adobe Photoshop or GIMP) before turning off the computer, which has left traces in memory above are likely to be overwrite. More importantly, there is software specifically designed to overwrite the contents of the RAM with random data.
1. 0wned by year iPod PacSec/core04 presented at the conference by Maximillian Dornseif. Hacking Computers Over USB on Schneier on Security. http://www.schneier.com/blog/archives/2006/06/hacking_compute.html http://md.hudora.de/presentations 2. Least We Remember: Cold Boot Attacks on Encryption Keys presented to the 17th USENIX Security Symposium (Sec '08), J. Alex Halderman, Seth D. Schoen, Nadia Heninger, William Clarkson, William Paul, Joseph A. Calandrino, Ariel J. Feldman, Jacob Appelbaum, and Edward W. Felten. http://citp.princeton.edu/memory
In virtual memory
As explained earlier, the operating system uses, in some cases, part of the hard drive to help memory. It happens especially if the computer is heavily used, for example when working on large images, but also in many other cases, is unpredictable. The most disturbing consequence of this system, however, is convenient that the computer will write information found in RAM to the hard drive.... potentially sensitive information, therefore, will remain legible after turning off the computer. With a computer configured as a standard, it is illusory to believe that a document read from a USB stick, even with open portable software, never leave a trace on the hard disk. To avoid letting anyone access this data, it is possible to use an operating system configured to encrypt virtual memory.
Standby and hibernation
Most operating systems allow for some years, to a computer "on hold". It is mainly used with laptops but it also applies to desktop computers. There are two main families of "pause" the day before and hibernation.
The day before (pause)
The day before (also called English suspend ram or suspend) is to put the maximum components of the computer while keeping enough power to turn it back quickly. At a minimum, the RAM will continue to be fed to keep all the data on which they worked - that is to say, including passwords and encryption keys.
Hibernation
The hibernation, known in English as suspend to disk, is to save the entire memory on the hard drive and then completely turning off the computer. In its next start, the operating system will detect hibernation, re-copy the backup to the RAM and start working from there. On GNU / Linux systems, the memory copy is usually in the swap . On other systems, it can be in one big file, often hidden. Since it is the content of the RAM is written to the hard disk, it means that all programs and open documents, passwords, encryption keys and others may be found by anyone accessing the hard drive, as long as nothing has been rewritten on top. This risk is limited by the encryption of the hard drive: the passphrase will be required to access the RAM backup.
Newspapers
Operating systems have a strong tendency to write in their journals a detailed history of what they do. These also called logs are useful to the operating system to work, and used to correct configuration problems or bugs. However, their existence can sometimes be problematic. The existing cases are numerous, but the following examples should suffice to give an idea of this risk:
GNU / Linux, the system keeps the date, time and name of the user who logs each time a computer is turned on; always under GNU / Linux, the make and model of each removable media (external hard drive, USB key ...) are usually kept plugged in; Mac OS X, the date of printing and how many pages are in the newspapers; Windows, the event monitor records the name of the software, the date and time of installing or uninstalling an application.
Automatic backups and other lists
In addition to these papers, it is possible that other traces of files, even deleted, still on the computer. Even if the files and their contents were well removed, part of the operating system or another program can keep track deliberately.
Here are some examples:
Windows, Microsoft Office can keep the reference of a file name already removed from the menu of the "recent documents", and sometimes even keep temporary files with the contents of the file in question; GNU / Linux, a log file may contain the name of a file previously deleted. And OpenOffice.org can keep as many traces of a deleted file as Microsoft Office. In practice, there are dozens of programs running well; When using a printer, the operating system often copies the file on hold in the "queue". The contents of this file once the file is empty, has not disappeared from the hard drive so far; Windows, when you connect a removable drive (USB key, external hard drive, CD or DVD), the system often begins to explore its contents in order to offer software tailored to the reading: This exploration allows automatic memory list all files on the medium used, even if none of its files is consulted.
It is difficult to find an adequate solution to this problem. A file, even fully removed, will probably continue to exist on the computer for a while in a different form. A search of the raw data of the disk would show whether copies of the data exists or not ... unless they are only referenced or stored in a different form, in compressed form, for example. In fact, only the overwriting of the entire disk and installing a new operating system can be assured that the traces of a file have been removed. And in another perspective, the use of a live system, including the development team pays special attention to this issue; ensure that these tracks will not be left other than the RAM.
Metadata
Around the information contained in a file, there is information about the content. These "data about data" commonly called "metadata." Part of the metadata is stored by the file system: file name, date and time of creation and modification, and often much more. But many file formats also store metadata inside the file. They may be known to anyone who has access to the file. The metadata stored depend on the formats and software used. Most audio files can save the song title and artist. Word processors or PDFs record an author's name, date and time of creation, and even the history of recent changes... The prize goes probably to image formats like TIFF or JPEG photo files those created by a digital camera or mobile phone containing a standard called EXIF metadata. It may contain the date, time, and sometimes the geographical coordinates of the shooting. And the make, model and serial number of the apparatus used, plus a miniature version of the image. And all this information tends to remain after passing through a photo editing software. The case of the miniature is particularly interesting: many photos available on the Internet still contain an entire cropped image ... and faces have been "blurred". 1 For most file formats, however, there is software to review and possibly remove metadata.
1. Maximillian Dornseif and Steven J. Murdoch, Hidden Data in Internet Published Documents presented at 21C3 . http://md.hudora.de/presentations
Malware, spyware and other cookies
Beyond that traces the operation of any operating system allows at least the time when the computer is running, you can also find in our computers a lot of cookies. Be installed without our knowledge (for example to divert logs to other purposes) or consistently present in the software will be installed. These cookies can participate in various monitoring techniques, the "fight" against "piracy" of proprietary software, targeted at the FILING of an individual, through the collection of data for (spam) or other scams. The scope of these devices increases significantly when the computer is connected to the Internet. Their installation is much easier if we do anything special to protect and data is collected remotely. However, people who collect this information are unevenly dangerous: it depends on the case, their motives and their means. Internet sites in search of target consumers can link them to multinational corporation like Microsoft, the police, or the National Security Agency U.S. ... all structures often compete with each other. To break into our computers, they have no access to the same mat: for example, industrial espionage is an important reason for monitoring more or less legal one , and do not believe that Microsoft provides all Windows tricks to not- authorized persons . However, most security services now have the means to implement a comprehensive IT monitoring legally, based on several "cookies" presented subsequently, through the Law of Orientation and Programming for Performance of Homeland Security (known LOPPSI 2). This text includes the legal effect to unpublished, as part of an investigation into offenses of crime or organized crime, install cookies to record and transmit what is displayed on the screen or the which entered from the keyboard of a computer, without necessarily having physical access to the machine, or by entering the home of the person being monitored to install the necessary tools 2 . 1. To get an idea of the problems related to industrial espionage, read the Wikipedia article on the subject. https://en.wikipedia.org/wiki/Industrial_espionage 2. For more details, we recommend reading the two articles published on PCINpact: LOPPSI: the police will be allowed to install Trojans and Trojan horses of the police will be installed remotely, and possibly the statute in question. http://translate.google.com/translate?hl=en&rurl=translate.google.com&sl=fr&tl=en&u=http://w ww.pcinpact.com/actu/news/51077-loppsi-chevaux-troie-police-distance.htm http://translate.googleusercontent.com/translate_c?hl=en&rurl=translate.google.com&sl=fr&tl=e n&u=http://www.legifrance.gouv.fr/affichCode.do%3FcidTexte%3DLEGITEXT000006071154 %26idSectionTA%3DLEGISCTA000023712495%26dateTOexte%3D20110428&usg=ALkJrhi Qs4VInFFHVKJwi21zOlp-KRA0yQ
Malware
Malware 1 is software that was developed in order to harm: information gathering, hosting illegal, relay spam and so on. Some examples are Computer viruses, worms, Trojan horses, spyware, rootkits (software to take control of a computer), and keyloggers . Some programs may belong to several of these categories simultaneously. To install on a computer, some malicious software exploiting vulnerabilities in the operating system two or applications. They are based on errors of design or programming to divert the course of the program to their advantage. Unfortunately, such "security holes" were found in many software, and new ones are constantly found, both by people who seek to correct them or by others who seek to exploit them. Another common way is to encourage the person using the computer to launch the malware by hiding in seemingly innocuous software. The attacker then not has to find serious vulnerabilities in popular software. It is particularly difficult to ensure that computers shared by many people or computers that are located in public places, such as a library or Internet cafe, have not been corrupted. In addition, most “serious” malware leave no immediately visible signs of their presence, and can even be very difficult to detect. In 2006, Joanna Rutkowska presented at the conference Black Hat malware called "Blue Pill". This demonstration showed that it was possible to write a rootkit using virtualization technology to fool the operating system and thus make very difficult to identify the presence of malware, once it loaded. This software can steal passwords, read documents stored on the computer (even encrypted documents if they have been deciphered at a time), wipe devices anonymity on the Internet, make catches of desktop screen and hide themselves from other programs. They can sometimes use the microphone, webcam and other computer peripherals. There is even a black market where one can buy such programs, customized for different purposes. However, it is much more common for these programs are working to obtain credit card numbers, passwords, eBay account or online banks, to send spam or participate in an attack by saturating server applications, rather to spy on specific individuals or organizations. Infection initiated by the cops is still possible, even if it requires the implementation of costly resources and is generally linked to a particular investigation. To give an example from the United States, the FBI wrote a program called CIPAV for Computer and Internet Protocol Address Verifier. That latter has been used to identify a fifteenyear-olds who emailed threats of attack against a high school in Washington 3 . More recently, the HADOPI law requires that users "secure" their connection, on pain of being responsible for illegal use which would be made. For this, the authority of law enforcement had
the good sense to provide Internet users intentionally install spyware that record a lot of data on the use of their connection, as well as to identify machines that have used it 4 . Nobody knows how many computers are infected with malware, but some believe that is the case for 40 to 90% of Windows installations. It is therefore likely to be on the first Windows you see. So far, using a minority operating system (such as Mac OS X or GNU / Linux) significantly reduces the risk of infection because they are less involved, the development of specific malware being economically less profitable. We can already mention some ways to reduce the risk:
install (or use) any software of unknown origin: do not trust the first came website 5 ; take seriously the warnings of recent operating systems that attempt to notify users when using insecure software, or indicate when an update is necessary for safety; Finally, limit the possibility of installing new software: by limiting the use of "administrator" account and the number of people with access rights.
1. All this part is greatly inspired by the passage devoted to the question in the Surveillance Self-Defense Guide for the Electronic Frontier Foundation. https://ssd.eff.org/tech/malware 2. According to the Internet Storm Center, an installation of Microsoft Windows on which the security updates were not made is compromised in less than 4 minutes if connected directly to the Internet. http://isc.sans.edu/survivaltime.html 3. Source: Wired, July 2007, FBI's Secret Spyware Tracks Down Teen Who Made Bomb Threats http://www.wired.com/politics/law/news/2007/07/fbi_spyware 4. See software specifications : http://translate.googleusercontent.com/translate_c?hl=en&rurl=translate.google.com&sl= fr&tl=en&u=http://hadopi.fr/download/sites/default/files/page/pdf/Consultation_sur_les %2520specifications_fonctionnelles_des_moyens_de_securisation.pdf&usg=ALkJrhipm ZHbqJqc5UK0sat748zm-E9cfQ 5. This advice applies equally to people using GNU / Linux. In December 2009, the site gnome-look.org issued a malware presented as a screen saver. It was downloaded as Debian package among other savers and wallpapers. http://lwn.net/Articles/367874
Keyloggers or keystroke loggers
The keystroke loggers (keyloggers) which can be "material" or "software", their function is to stealthily record everything typed on a computer keyboard in order to transmit data to the agency or the person who installed one . Their ability to record key by touch what is typed on a keyboard, bypassing any encryption device, allows for direct access to the phrases, passwords and other sensitive data entered when there is a keystroke logger on a keyboard. The hardware keyloggers are devices connected to the keyboard or the computer. They may look like adapters in expansion cards inside the computer (PCI or mini-PCI) and even fit inside the keyboard 2 . They are hard to spot if you do not look specifically... For a wireless keyboard, there is not even need to retrieve the keylogger key inputs: just pick up the waves emitted by the keyboard to communicate with the receiver and to break the encryption used, which is quite low in most cases 3 . At any distance, it is always possible to record and decode the electromagnetic waves emitted by the keyboards with a wire , including those incorporated in a laptop ... Software keyloggers are much more prevalent, because they can be installed remotely (via a network, through malicious software, or other), and generally do not require physical access to the machine for the recovery of data collected (e.g. sending can be done periodically by email). Most of these programs also record the name of the current application, the date and time at which it was executed and keystrokes associated with this application. In the U.S., the FBI used for many years keyloggers software 4 . The only way to detect hardware keyloggers is to become familiar with these devices and regular visual inspection of the machine, inside and outside. For keyloggers software, the tracks are the same as for other malware.
1. Source: Keystroke Loggers & Backdoors, http://security.resist.ca/keylog.shtml 2. To get an idea, many models are freely available for between 40 to $ 100. http://www.google.com/products?q=keyloggers 3. Source: ZDNet Australia, December 2007, Microsoft wireless keyboard hacked from 50 http://www.zdnet.com.au/news/security/soa/Microsoft-wireless-keyboardmeters . hacked-from-50-metres/0,130061744,339284328,00.htm 4. In 2000, the use of a keylogger has allowed the FBI to obtain the passphrase used by a nesting of the Philadelphia Mafia to encrypt documents. http://www.theregister.co.uk/2000/12/06/mafia_trial_to_test_fbi
Printing problems?
It was believed to have toured the surprises that we reserve our computers ... but even the printers began to have their little secrets.
A bit of Steganography
First thing to know: Many high-end printers sign their work. This signature Steganography one based on very slight details of printing, often invisible to the naked eye, and inserted in each document. They identify with certainty the make, model, and in some case the serial number of the machine that was used to print a document. It says "for sure" because that's why these details are there: in order to recover the machine from its work. All printers are not equipped with this system, known as watermarking, but this is the case for many current models 2 . In addition, other types of evidence related to the wear of the machine are left on the documents and with all printers. Because with age, the print heads are shifted, slight errors occur, the parts wear out, and all that is in as a signature unique to the printer. Like ballistics identifies firearm from a bullet, it is possible to use these flaws to identify a printer from a page that has been released. To protect against them , it is interesting to know the details of printing can’t withstand by repeated copying: copy the printed page, and then photocopy of the photocopy obtained, adequate to remove such signatures. By cons ... we surely leave other, photocopiers defects, and sometimes Steganography signatures similar to those printers. In short we turn around, and the problem becomes special to choose which tracks you want to leave...
1. To learn more about steganography, we recommend reading the Wikipedia article devoted to him . https://en.wikipedia.org/wiki/Steganography 2. The Electronic Frontier Foundation is trying to maintain a list of manufacturers and models of printers prying . https://www.eff.org/issues/printers
Memory, more...
Some printers are sufficiently "advanced" to be closer to a real computer as an ink pad. They can pose problems to the next level, since they come with a memory: it, like that of the PC, keeps track of documents that have been printed as long as the machine is turned on ... or until another document covers them. Most laser printers have a memory that can hold a dozen pages. Newer models or those with integrated scanners can, in turn, contain thousands of pages of text... Worse still, some models, often used for large prints as in the copy centers, sometimes have hard drives internal, which the user has no access, and keep track of the document too - and this time, even after power off.
Some illusions of security...
Good. We begin to have toured the traces that we can leave involuntarily, and information that someone can get from us. It remains to slay a few ideas.
Proprietary software, open source, free
We have seen that software could do a lot of things you would not want it to do. Therefore, it is essential to reduce this problem as much as possible. From this point of view, free software is worthy of a much greater confidence that the software called “Proprietary ": we'll see why.
The metaphor of the cake
To understand the difference between these two types of software, often used the metaphor of the cake. To make a cake, you need a recipe: This is a list of instructions to follow, ingredients to use and a method of processing required. Similarly, the recipe software is called "source code". It is written in a language to be understood by human. This recipe is then converted into a code understood by the processor, much like baking a cake and then gives us the opportunity to eat. Proprietary software are available as "ready to eat" as an industrial cake without a recipe. It is therefore very difficult to ensure its ingredients: feasible, but the process is long and complicated. Moreover, read a series of millions of addition, subtraction, reading and writing in memory to reconstruct the purpose and operation is not the thing you want to do on a computer.
Free software, however, deliver the recipe for anyone who wants to understand or modify the operation of the program. It is easier to know what feeds our processor, and therefore what will take care of our data.
Proprietary software: blind faith
Proprietary Software is a bit like a "box" tight: we can see that the software does what is asked, has a nice graphical interface, etc.. Except you can’t really know in detail how it makes! We do not know if it is confined to what is asked, or makes other things more. To find out, we should be able to study its operation, which is difficult to do without the source code ... it leaves us to blindly trust it. Windows and Mac OS X, the first, huge boxes are hermetically sealed on which boxes are installed other equally tight (Microsoft Office ... the anti-virus) that are perhaps much more than that 'asked. In particular, balancing the information that this software could glean about us or provide access to the inside of our computer with backdoors1 provided the software for those who can hack into our computers key ... in fact, since we cannot know how writing the operating system, you can imagine everything. Therefore, let the confidentiality and integrity of the data on programs that can’t be given confidence, is the purest illusion of security with eyes closed. And install other programs claiming on their packaging to ensure the security for us, while their operation is not transparent, cannot solve this problem.
1. About "backdoors" see the Wikipedia article. http://en.wikipedia.org/wiki/Backdoor_(computing)
The advantage of having the recipe: free software
The more confidence we can put in a free system like GNU / Linux is mainly due to the fact of having the "recipe" that can make it. Keep in mind that there is still no magic: free software does not to do “protection spell" on our computers. However, GNU / Linux provides more opportunities to make a little more on the use of computers, including fine enough to configure the system. It involves too often relatively specialized know-how, but at least possible.
In addition, the mode of production of free software is not compatible with the introduction of backdoors: it is a collective mode of production, rather open and transparent, in which people quite varied, so it is not easy 'put discreetly gifts to the attention of bad people. It should however be wary of the software described as open source. These also give access to their bowels, but development patterns more closed, more opaque. Modification and redistribution of this software is prohibited for the worst and best but made formally authorized in practice very difficult. Given that only the team behind the software will be able to participate in development, we can consider that, in practice, no one will read in detail the source code ... and so that no one really check their operation.
This is the case, for example, TrueCrypt encryption software whose source code is available, but its development is closed and its license restricts the modification and redistribution. As far as we are concerned, the fact that software is open source should rather be seen as a selling point than as a sign of confidence.
Except ... the distinction between free software and open source is increasingly blurred: IBM Employees and company write large parts of the most important free software, and it does not always look closely at what they write. For example, here are the statistics of employers people who develop the Linux kernel (which is free), expressed in number of lines of source code change over a short period of time 1 :
Organization Percentage (None) 18.6% Novell 16.9% Red Hat 9.9% Broadcom 5.6% Intel 5.2% (Unknown) 5.1% Google 2.7% IBM 2.0% Nokia 1.6% Microsoft 1.3% And so on. So ... it is not impossible that a person who writes a piece of software in a corner, and that the "open source community" trust, was able to slip bits of malicious code. If using only free software delivered by a GNU / Linux distribution non-commercial, it is unlikely that this happens, but it is a possibility. Is then trust the people working on the distribution to study the operation of programs that are integrated? However, it is important to remember that this trust is valid only if it does not install anything on their system. For example, on Debian official packages of the distribution are "signed", which is used to verify their origin. But if you install packages or extensions for Firefox from the Internet without checking, you are exposed to the risks mentioned about malware. Finally, and not make us more illusions: Free or not, there is no software that can, by itself, ensure the privacy of our data to do so, there are only practical associated with the use of certain software. Chosen Software should have elements to allow us to give them some confidence.
1. Source:, Linux Weekly News, November 24, 2009, Who wrote 6.2.32 . http://lwn.net/Articles/363456/
The password of an account does not protect its data
All modern operating systems (Windows, Mac OS X, GNU / Linux) offer the possibility of having different users on one computer. We must know that the passwords that protect these users sometimes do not guarantee the confidentiality of all data. While it may be convenient to have your own space, with its own settings (bookmarks, wallpaper ...), but a person who would have access to all data on the computer , he would have no trouble to do: just plug the hard drive on another computer or start it on another operating system to access all data written to disk. Also, if using separate accounts and passwords can have some benefits (such as the ability to lock the screen when you move away a few minutes), it is necessary to keep in mind that it really does not protect the data.
About the "delete" files
We have already mentioned that the contents of a file become inaccessible or invisible had not so far gone. We will now detail why.
Deleting a file does not delete the content...
... And it can be very easy to find. Indeed, when "delete" a file - for example by placing it in the Trash and then emptying it - we only tell the operating system that the contents of this file does not interest us more. It then deletes its entry in the index of existing files. It was then time to reuse the space that took the data to record something else. But it may take weeks, months or years before the space is actually used for new files, and the old data actually disappear. In the meantime, if you look at what is written directly on the hard disk, we find the file contents. It's a fairly simple manipulation, automated by many programs (that can "recover" or "restore" the data).
Beginning of a solution: rewrite several times over the data
Once the space of a hard disk has been overwritten, it becomes difficult to find what was there before. But this is not impossible: when the computer rewrites 1 above 0 , this gives more 0,95 and when rewritten 1 over 1 , instead it gives 1,05 1 ... it can read on a notebook which was written on a page torn out by the depression created on the blank page located below. However it becomes very difficult or impossible to recover when overwrite many times, and in different ways. The best way, therefore, inaccessible to the contents of these files 'deleted', is to use software that will make sure to rewrite several times, ending with incomprehensible gibberish.
1. Source: Secure Deletion of Data from Magnetic and Solid-State Memory by Peter Gutmann, presented at the 6th USENIX Security Symposium in 1996. http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html
Some limits of the overwriting
While it is possible to rewrite several times at a given location of a hard drive to make inaccessible data in where it contained, it does not necessarily guarantee their complete disappearance of the disc...
The 'smart' discs
Modern hard disks reorganize their "smart" content part of the disk is reserved to replace areas that become defective. These replacement operations are difficult to detect, and can never be really sure that the place on which we overwrite thirty times is the one where the file was originally written... For USB drives, if you even sure that most cases is overwritten in a different place. Like flash memory, used by USB and SSD (Solid State Disks) stops working after a certain number of writes one , they contain chips loaded automatically reorganize the content to distribute information to maximum locations. Taking into account these mechanisms, it becomes difficult to ensure that the data that you want to destroy are completely disappeared.
However, opening a hard drive to examine the entrails takes time and considerable material and human resources ... investment that will not necessarily be accessible to everyone, all the time.
For flash memory chips to enter a USB hard drive or SSD, even if it is not immediate, the operation is much simpler: just a soldering iron, and connection to a device to directly read the memory chips. These are for about 1500 dollars 2 .
1. The low-end models will not work properly after they were written a hundred thousand times, and five million for the best, according to Wikipedia . https://secure.wikimedia.org/wikipedia/fr/wiki/Solid_State_Drive 2. The Salvation Flash Data Doctor or the PC-3000 Flash SSD Edition are both sold as professional tools to recover data from damaged flash devices. http://www.sd-flash.com/&usg=ALkJrhgU6M9J-Umt_Za_6OuQ9Sd1HVdcNA , http://www.pc-3000flash.com/&usg=ALkJrhg61tqi7YJ7nS8OfvAey-FyVq4Ksg
File systems "smart"
Another problem is the file system "smart". File systems developed in recent years, such as NTFS or ext3 that are "logged", they keep track of successive amendments made to the files in a “journal ". After a sudden extinction of the computer, this allows the system to simply take the last operations to be done, rather than having to browse the entire disk to correct inconsistencies. By cons, this can add, again, traces of the files you would like to see disappear. The file system is currently used most often in GNU / Linux, ext3, can work with several modes. The most commonly used in the paper does the names of the files and other metadata, not content. Other techniques, less common on a personal computer, can also be a problem: file systems with redundant writing and continuing to write even if an error occurs, such as RAID file systems, CHKDSK of systems that make snapshots file systems that cache in temporary folders, as clients (NFS file system over the network) file systems compressed one. Finally, it is important to remember that the file, even fully removed, may have also left their mark...
1. Source: man page for shred (1). http://manpages.debian.net/cgibin/man.cgi?query=shred&locale=fr
What they do not know...
For CD-RW or DVD ± RW (rewritable), it appears that no serious study has been conducted about the effectiveness of rewriting to make the data unrecoverable. A conservative assumption is to methodically destroy the media of this type that could contain data to remove.
Many other times we "erase"
It should be noted that just do not delete files by putting them in the trash. For example, when using the option "Clear Private Data" Firefox browser, it does nothing more than to delete the files. While the data have become inaccessible for Firefox, they are always accessible by looking directly at the hard drive. Finally, it is useful to emphasize here that reformatting a disk does not erase all the content that was there. As well as deleting files, it only makes the space of the contents above available .but the data still physically on the disk. Like destroying a library catalog, does not necessarily eliminate the present book on the shelves... One can always find files after reformatting, as easily as if they were simply "deleted”...
How to leave no trace?
To address the problem fundamentally, there is no simple method. The least difficult at the moment is to use the computer after you have started with a live system configured to use only RAM. So you cannot write anything on the hard disk or on the swap, and do keep the information (as long as the computer is on) in the RAM.
Portable software: a false solution
So-called "portable software" are software programs that are not installed on a given operating system, but that can boot from a USB stick or external hard drive - and therefore, carrying around to use of any computer. It has become very easy to download on the Internet such applications. Such "portable packs" have been posted are Firefox with Tor and Thunderbird with Enigmail. However, unlike the live systems, they use the operating system installed on the computer where they are used (in most cases, they are intended for Windows). The idea is the software you need, at hand, customized for your use. But this office carry with you everywhere," for example, is not necessarily the best way to preserve the confidentiality of its data.
Let us say right away: these programs do not protect most people who use "non-portable" software .Worse, the speeches promoting them to create an illusion of safety with huge nonsense like "you keep all your data on your key and no one can see the sites you visit, or read your mail." 1 It is not true unfortunately.
Main problems
These solutions "turnkey" therefore pose few problems rather unfortunate... It’s traces remains on the hard disk If the software was made "portable" correctly, it should not deliberately leave traces on the hard disk of the computer on which it is used. But in fact, the software has not absolute control. It largely depends on the operating system on which it is used, which may need to write the "virtual memory" on the hard drive , or record various traces of what it does in its journals and other "recent documents" . All that will then remain on the hard disk. There is no reason to trust an unknown system We saw earlier that many systems did absolutely not what you believe. However, since the software will use the portable version on the computer where it is launched, it will suffer from all the cookies and other malware that may be present... We do not know who compiled them, and how Changes to the software to make portable are rarely checked, even though they are generally not made by the authors of the software itself. Therefore, you can suspect that software, even more than their non-portable versions contain security vulnerabilities, whether accidentally or intentionally introduced. We discuss further this issue to have the choice of software that installs or downloads.
1. This excerpt comes from the early versions of the introductory text of FramaKey , a collection of portable software made by Framasoft , a French site for the promotion of free software. The new presentation of the FramaKey it says now "the web browser and mail client will protect your privacy and the host, leaving minimal traces" ... without elaborating on the nature of these traces. http://framakey.org/En/Index http://forum.framasoft.org/viewtopic.php?t=8359 , http://www.framasoft.net
One way to protect themselves: cryptography
Cryptography is the branch of mathematics that deals specifically with protecting messages. Until 1999, the use of cryptographic techniques was forbidden to the public. It became legal and other services enable online merchants to get paid without the customers to have bitten their credit card number. Cryptanalysis is the area consisting of "breaking" cryptographic techniques, for example to try to find a message that had been protected one. When you want to protect messages, there are three aspects:
Confidentiality: to prevent prying eyes; Authenticity: ensuring the source of the message; Integrity: ensuring that the message has not changed.
We may want three things at once, but it can also mean just one or the other. The issuer of a confidential message may wish to deny being the author (and therefore the one can’t authenticate). You can also imagine wanting to certify the origin (authentication) and the integrity of an official statement to be released publicly (far from being confidential). In what follows, we will talk about messages, but the cryptographic techniques that apply to any number, thus any data, once digitized. Note; cryptography does not try to hide messages, but to protect them. To hide messages, it is necessary to use Steganography techniques (like those used by the printers mentioned earlier), we will not discuss here.
1. For a good overview of different methods, called "attacks", commonly used in cryptanalysis, one can refer to the Wikipedia page. https://secure.wikimedia.org/wikipedia/en/wiki/Cryptanalyse
Protect data from prying eyes
As the kids have understood using codes to exchange messages or communicating their military orders, track the most serious data can be understood by those "in secret". Encrypting a file or storage media used to make it unreadable to anyone who does not have the access code (usually a passphrase). It will certainly be possible to access content, but the data looks like a series of random numbers, and will be unreadable. Often they called encrypt and decrypt.
How does cryptography work?
Basically, there are only three big ideas to understand how to encrypt messages 1 . The first idea: the confusion. It should obscure the relationship between the original message and the encrypted message. A very simple example is the "figure of Caesar": With a Caesar Cipher, the cipher alphabet wraps around the plain alphabet. For example, if there is a +1 shift, A=B, B=C, C=D, and so on to Z=A. Once you have figured out one or two of the letters in a Caesar cipher, the rest of the encryption will fall out easily.
Plaintext: ASSAULT >>>>>>>>>>>>>>>>>> cipher text: DVVDXOW “A + 3 letters= D “ Except with the figure of Caesar, it is easy to analyze the frequency of letters and find the words. So another big idea is broadcast. This will explode the message to make it more difficult to recognize. An example of this technique is the transpose column: e.g; “Google my secure idea”
│g││o││o││g││l││e│ │m││y││s││e││c││u│ ⇒ gmr oye osi ged lce eua │r││e││I││d││e││a│ Diffusion in 3 points
In these two small examples, we could have decided to shift 6 characters instead of 3, or to break the columns using two lines instead of 3. We call this piece that can change the encryption key an algorithm. the second master plan to encrypt messages is one-time pad. In cryptography, the one-time pad (OTP) is a type of encryption which has been proven to be impossible to crack if used correctly. Each bit or character from the plaintext is encrypted by a modular addition with a bit or character from a secret random key (or pad) of the same length as the plaintext, resulting in a ciphertext. If the key is truly random, as large as or greater than the plaintext, never reused in whole or part, and kept secret, the ciphertext will be impossible to decrypt or break without knowing the key. Suppose Alice wishes to send the message "HELLO" to Bob. Assume two pads of paper containing identical random sequences of letters were somehow previously produced and securely issued to both. Alice chooses the appropriate unused page from the pad. The way to do this is normally arranged for in advance, as for instance 'use the 12th sheet on 1 May', or 'use the
next available sheet for the next message'. The material on the selected sheet is the key for this message. Each letter from the pad will be combined in a predetermined way with one letter of the message. It is common, but not required, to assign each letter a numerical value: e.g. "A" is 0, "B" is 1, and so on. In this example, the technique is to combine the key and the message using modular addition. The numerical values of corresponding message and key letters are added together, modulo 26. If key material begins with "XMCKL" and the message is "HELLO", then the coding would be done as follows:
H 7 (H) + 23 (X) = 30 = 4 (E) E E 4 (E) 12 (M) 16 16 (Q) Q L 11 (L) 2 (C) 13 13 (N) N L 11 (L) 10 (K) 21 21 (V) V O message 14 (O) message 11 (L) key 25 message + key 25 (Z) message + key (mod 26) Z → ciphertext
If a number is larger than 25, then the remainder after subtraction of 26 is taken in modular arithmetic fashion. This simply means that if your computations "go past" Z, you start again at A. The ciphertext to be sent to Bob is thus "EQNVZ". Bob uses the matching key page and the same process, but in reverse, to obtain the plaintext. Here the key is subtracted from the ciphertext, again using modular arithmetic:
E 4 (E) - 23 (X) = -19 = 7 (H) H Q 16 (Q) 12 (M) 4 4 (E) E N 13 (N) 2 (C) 11 11 (L) L V 21 (V) 10 (K) 11 11 (L) L Z ciphertext 25 (Z) ciphertext 11 (L) key 14 ciphertext — key 14 (O) ciphertext — key (mod 26) O → message
Similar to the above, if a number is negative then 26 is added to make the number positive. Thus Bob recovers Alice's plaintext, the message "HELLO". Both Alice and Bob destroy the key sheet immediately after use, thus preventing reuse and an attack against the cipher. The KGB often issued its agents one-time pads printed on tiny sheets of "flash paper"—paper chemically converted to nitrocellulose, which burns almost instantly and leaves no ash The method can be implemented now as a software program, using data files as input (plaintext), output (ciphertext) and key material (the required random sequence). The XOR operation is often used to combine the plaintext and the key elements, and is especially attractive on computers since it is usually a native machine instruction and is therefore very fast. However, ensuring that the key material is actually random is used only once, never becomes known to the opposition, and is completely destroyed after use is hard to do. The auxiliary parts of a software one-time pad implementation present real challenges: secure handling/transmission of plaintext, truly random keys, and one-time-only use of the key.
Related problems Despite Shannon's proof of its security, the one-time pad has serious drawbacks in practice: it requires perfectly random one-time pads, which is a non-trivial software requirement secure generation and exchange of the one-time pad material, which must be at least as long as the message. (The security of the one-time pad is only as secure as the security of the one-time pad key-exchange). careful treatment to make sure that it continues to remain secret from any adversary, and is disposed of correctly preventing any reuse in whole or part — hence "one time". difficulties in completely erasing computer media. Which brings us to the third big idea: the secret lies only in the key. After many attempts, we realized it was a bad idea to assume that no one could understand the encryption algorithm. Sooner or later, someone will eventually find out ... by force if necessary. Today, the algorithm can be detailed on Wikipedia long, and the bottom up, allowing anyone to verify it. that is to say that the only way to decrypt a text will have the key that was used with it.
1. The following passage is a very partial adaptation of the comic Jeff Moser on the AES algorithm . http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html 2. http://en.wikipedia.org/wiki/XOR 3. Quantum cryptography and VA theorem Kotel'nikov's one-time key and sampling:
h p://www.ufn.ru/ru/ar cles/2006/7/k/
4. http://www.schneier.com/crypto-gram-0210.html#7
Want a picture?
Specifically, to ensure the confidentiality of our data, we use two operations: * Encrypt: ┃ plaintext algorithm ┆ ┆ + + key ┃ ┃ → ┆ ┆ ciphertext ┃ (secret) ┃ ┆ (public) ┆ ┃ (secret) ┃ ┆ (public) ┆ * Decipher: ┆ ┆ + ciphertext ┆ ┆ + algorithm key ┃ ┃ → ┃ ┃ plaintext ┆ (public) ┆ ┆ (public) ┆ ┃ (secret) ┃ ┃ (secret) ┃
For an example of practical use, consider the following message: The spaghetti is in the closet. After the encrypted message using the software GnuPG with AES256 algorithm, and as passphrase "this is a secret," we get: -----BEGIN PGP MESSAGE----jA0ECQMCRM0lmTSIONRg0lkBWGQI76cQOocEvdBhX6BM2AU6aYSPYymSqj8ihFXu wV1GVraWuwEt4XnLc3F+OxT3EaXINMHdH9oydA92WDkaqPEnjsWQs/oSCeZ3WXoB 9mf9y6jzqozEHw== =T6eN -----END PGP MESSAGE----Here is a look that takes text after encryption: content has become perfectly undrinkable. Data "in the clear," readable by everyone, have been transformed into another format, incomprehensible that does not have the key. For decryption, it suffices to use GnuPG again, with our ciphertext, this time. The latter we will ask the passphrase, and if this is correct, we will finally obtain the information that we needed to prepare lunch.
For a hard drive...
If you want to put cryptography on a storage medium (hard disk, USB stick, etc, only the operating system is responsible for carrying out "on the fly" operations of encryption and decryption. Thus, whenever data must be read from the hard drive, they will be decrypted to the passage so the software to access them is needed. Conversely, whenever a software request to write data, they will be encrypted before landing on the hard disk. For these operations, it is necessary that the encryption key keep in memory as long as the media will need to be used. In addition, the encryption key can’t be changed. Once it was used to encrypt data written to disk, it becomes essential to be able to read it again. To change the key, it should therefore be read and then rewrite the entire disk data... To avoid this painful operation, most of the systems used to encrypt storage media then use a trick: the encryption key is actually a lot, totally random, which is itself encrypted with a sentence Password 1 . The encrypted version of the encryption key is usually written on the storage medium at the beginning of the disc, "top" of the encrypted data.
With this system, change the access code is simple, as it will be enough to replace just this header with a new one.
1. LUKS system, used under GNU / Linux, can even use multiple versions of the encrypted encryption key. Each of these versions can be encrypted with a different passphrase, which allows multiple people to access the same data without having to hold the same secret.
Summary and limitations
Cryptography makes it possible to adequately protect its data, by encrypting all or part of your hard drive like any other storage medium (USB, CD, etc...), or its communications Also, modern computers are powerful enough for us to make an encryption routine, rather than reserve it for special circumstances or particularly sensitive information (if not, it immediately identifies these as important, so that it is better to dissolve in the mass). We can set up a passphrase to encrypt an entire hard disk, and /or give some people an encrypted part with their own passphrase. It is also possible to encrypt a particular file individually, or email, or attachment, with a different passphrase again. However, although it is a powerful and essential to information security, encryption has its limits - especially when not used properly. As explained before, when accessing encrypted data, it is necessary to keep two things in mind. First, once the data is decrypted, the latter are at least in RAM. Second, as data must be encrypted or decrypted, RAM also contains the encryption key. Anyone who has the encryption key can read everything that has been encrypted, and also be used to encrypt the data itself. We must be careful to:
The operating system and software have access to data and the encryption key as much as us, so it depends on the trust we put them Anyone who gets physical access to the computer, access to the contents of the RAM. When an encrypted disk is enabled, it contains, in short, the data on which we worked for the lighting of the computer (even if it is encrypted on the disk). But in all above it contains, as stated, the encryption key, which can be copied. So it is better to get used to, turn off the computer, and disable (unmount, eject) the encrypted disks when not in use.
In some cases it may be necessary to provide hardware solutions to power off quickly and easily 1 , so the encrypted disks again become inaccessible without the pass phrase unless you do a cold boot attack . It is also possible that a keylogger has been installed on the computer, and it stores the passphrase.
Moreover, a certain limit which makes it possible “legal" attack in many countries .for example ,In France, anyone is supposed to give the password to the authorities when requested, as explained in Article 434-15-2 of the Penal Code 2 : “Is punished by three years imprisonment and a fine of 45,000 euros to the fact, for anyone with knowledge of the secret agreement decryption of an encryption may have been used to prepare, facilitate or commit a crime or a crime to refuse such agreement to the judicial authorities …………………>>>>>>>>>>>>>>…... ………………………………………………………… …………………………………………>>>>>>>>>>>>>>>>>………………………………… , the penalty is increased to five years of imprisonment and a 75,000 euro fine.” Please note there: when requested. That is to say that the law is vague enough to allow requiring any person holding encrypted data. It may possibly be asked the passphrase of a carrier. Note that person, to our knowledge, has so far never been convicted of that. Finally, it may be wise to remember that the math used in cryptographic algorithms sometimes have faults. And a lot more often, the software implementing them have weaknesses. Some of these problems can be transformed in a simple matter of "double click”...
1. For this reason, it is fashionable to not leave the battery plugged into a laptop when not in use. It is then sufficient to remove the power cable to turn it off. 2. The legal term is "encryption". A search on the word “Légifrance” give an exhaustive list of legislation for this area.
Ensure the integrity of data
We saw some tracks to ensure the confidentiality of our data. However, it may be as important to ensure their integrity, that is to say, to check they have not changed (accidentally or maliciously). May also wish to ensure that the source of our data, confirm its authenticity. Specifically, after reading these pages, you can understand how it is critical to ensure that the software you want to install on your computers would not have changed the way to see its hidden malware.
The power of the chopper
Most of the techniques to ensure the integrity and authenticity are based on mathematical tools that cryptography has dubbed "hash functions." In recent work like choppers, can reduce anything into very small pieces. And if our grinder works well for use in cryptography, we know that:
with small pieces, impossible to reconstruct the original object without trying all the objects of the earth the same object, when passed through a grinder, always give the same pieces; Two different objects must provide various pieces.
When these properties are met, we just have to compare pieces from two different objects to see if they were the same. The small pieces that come out of our chopper commonly called a checksum or fingerprint. It is usually written in a form that looks like: f9f5a68a721e3d10baca4d9751bb27f0ac35c7ba Since our chopper works with data of any size and any shape, compare fingerprints can allow us to more easily compare images, CDs, software, etc... Our chopper is not magic either. One can imagine all the same although reducing anything in small cubes of equal size, one can end up with the same small cubes from two different objects. This is called a collision 1 . This pile is fortunately mathematical dangerous than when it is possible to cause ... what has happened for several hash functions after several years of research.
1. http://en.wikipedia.org/wiki/MD5
Check the integrity of software
An example: Alice 1 wrote a program and distributes it on CD, which can be found in the clubs of users of GNU / Linux. Bob wants to use the Alice program, but said he would have been very easy for a malicious administration of a CD to replace Alice by malware. CD Alice ⇻ 94d93910609f65475a189d178ca6a45f 22b50c95416affb1d8feb125dc3069d0 Bob can then compare it with that it generates from the CD that he has obtained: He can’t get a CD directly from Alice, who lives in another city. By cons, he met Alice for some time, and knows his voice on the Phone. So he asked and Alice gives the checksum of the CD:
CD Bob ⇻ 94d93910609f65475a189d178ca6a45f 22b50c95416affb1d8feb125dc3069d0
As the numbers are the same, Bob is happy and is sure; he uses the same CD as that provided by Alice. Calculate the checksums doesn’t not take much longer than reading the full CD ... or a few minutes at most. Now, let's get into the skin of Eve, which was paid to take over Bob's computer without his knowledge. For this, she wants to create a CD that looks like Alice, but contains malicious software. Unfortunately for her, the hash function only goes in one direction. She must start with the original CD to get Alice. Then she changes the CD to introduce malicious software. This first version closely resembles the original. This might fool more than one person who would not care, but she knows that Bob will check the checksum of the CD which will install the new version. As Alice uses the SHA256 hash function, which has no known defects, it remains to Eve to try a large number of data variation of the CD, in the hopes of obtaining a collision, is the same checksum as Alice. Unfortunately for her, and fortunately for Bob, even with many powerful computers, the chances of Eve in a reasonable time (for example a few years) are extremely low. So, just get a fingerprint or checksum by trusted intermediaries to verify the integrity of data. The challenge is then to obtain the fingerprints by means of confidence to be able to check their authenticity...
1. The names used in this example are the names traditionally used in cryptographic scenarios. Alice and Bob are trying to communicate while escaping the surveillance of Eve. The latter name comes from the consonants in English with Eavesdropping
Verify a password
Another example of using hash functions for verifying the authenticity of a request for access. If computer access is protected by a password, such as logging in GNU / Linux one it requires that the computer can verify if the password is correct. But passwords are not stored on the computer because it would be too easy to read. But how does the computer sure the password typed is correct? When you choose a password on a computer, the system, in fact records, through a hash function, an imprint of the password to verify access, in the same way the password that was entered. And if the fingerprints are the same, it considers that the password was correct. It is therefore possible to verify that the password matches, without keeping the password itself!
1. Remember that these passwords are not used to protect data
The password of an account does not protect its data
All modern operating systems (Windows, Mac OS X, GNU / Linux) offer the possibility of having different users on one computer. We must know that the passwords that protect these users sometimes do not guarantee the confidentiality of all data. While it may be convenient to have your own space, with its own settings (bookmarks, wallpaper ...), but a person who would have access to all data on the computer there are no trouble doing: just plug the hard drive on another computer or start it on another operating system to access all data written to disk. Also, if using separate accounts and passwords can have some benefits (such as the ability to lock the screen when you move away a few minutes), it is necessary to keep in mind that it really does not protect the data.
Symmetrical, asymmetrical?
Encryption techniques mentioned so far are based on a single secret key, which allows both to perform encryption and decryption. In this case we speak of symmetric encryption. This is in contrast with the asymmetric encryption that does not use the same key to encrypt and decrypt. Also called "public key encryption", that is mainly used for communication "online" One of the most interesting properties of asymmetric cryptography is the possibility of digital signatures. Like its paper, a digital signature to affix a mark of recognition on the data. These digital signatures using asymmetric cryptography that is the easiest way to verify the origin of software. 1
1. can refer to the particular site http://www.cryptage.org/ and its bibliography
Choose appropriate responses
The panic has now taken hold of us. Everything we do on a computer betrays us, day after day. Moreover when we believe, wrongly, to be "safe." This part is explaining some ideas, just as important as they are general; we provide an overview of a methodology summary for anyone to answer the question: how to decide on a set of practices and adequate tools to our situation? We then describe some typical situations, which we call use cases to illustrate our point.
Risk Assessment
When we asked what measures put in place to protect data and digital communications, it becomes quickly realize that by the material, we advance a little in the dark. First, because most of the solutions that could be put in place also have their disadvantages: sometimes they are very difficult to deploy, maintain or use, sometimes there is a choice between different techniques, none of which completely meets "specifications" that one has set; sometimes they are too new to be sure they actually work, etc..
What does it protect?
As part of this text, we want to protect generally into the broad category of information: for example, the content of electronic messages, data files (photos, leaflets, address book) or very existence of a correspondence between such and such a person. The word "protect" covers different needs:
Privacy: hide information from unwanted eyes; integrity: store information in good condition, and prevent them from being changed without our permission. Accessibility: ensuring that information remains accessible to people who need them.
It is therefore to define, for each set of information to protect, the need for confidentiality, integrity and accessibility. As these will generally fall into conflict, we realize now that it will, eventually, set priorities and find compromises among themselves in terms of security.
Against whom do we want to protect information?
Quickly, the question of the capacities of people who would post what we want to protect .it is so hard to know what the best people can actually do and what means or what budgets they receive. Following the news, and various other things, we can realize that this varies greatly depending on who you are dealing with. Between the corner policeman and U.S. National Security Agency (NSA), there is a gap on the possibilities of action, means and techniques used. For example, the encryption is one of the best ways to prevent a person who lights, stealing a computer or seizure under legal access to all data residing there. But the laws in many countries have foreseen this: in the course of an investigation, a person must provide the encryption key to allow investigators access to data, or he may pay fairly heavy penalties. The law allows investigators with limited technical means to act against this type of protection, even if in reality we know of no case where this law was applied. At the same time, organizations have more resources, such as the NSA or the DGSE, and nothing is certain about their options. What did they advance in the field of cryptography cracking? Are they aware of flaws in some ways, they would not be disclosed, and that would allow them to read the data? On these issues, there is obviously no way to be sure that how do these entities act, but at the same time, their scope is limited, and there are few cases where we may be faced with them. It is also an important factor to consider: cost. Indeed, it means in place, modern technologies are complex, and their cost is high, it means they will be used only in specific cases and just as important to the people involved. For example, there is little chance of a computer under intense tests in costly expertise for a case of shoplifting.
Therefore, before seeking a solution, the question is who might attempt to gain access to our sensitive information, to discern whether it is necessary to look for complicated solutions or not. A completely secure computer is in any case impossible, as well as in this story, but rather to put obstacles in the way of those who might spy what you want to protect. The more we think how great these people, the more and strong poles must be used. Assess the risks, so it's primarily question: what data you want to protect, and who may be interested in these data. From here you can have a vision of what means they have (or at least, as far as possible, try to learn) and therefore define an appropriate security policy.
Define a security policy
A chain is only the strength of its weakest link. There is no point to install three huge locks on a security door located next to a dilapidated window frail. Similarly, encrypted USB key does not mean too much if the data stored therein is used on a computer that will retain various traces clearly on his hard drive. These examples teach us something, such "solutions" targeted are rubbish as they are not part of a set of practices articulated consistently. Moreover, the information sought to be protected are mostly related to practices outside the scope of digital tools. So it must be comprehensively assess risk and consider appropriate responses. Overall, but located: a given situation is a singular set of issues, risks, know-how ... and therefore opportunities. There is no miracle solution to suit everyone, and solve all the problems of a magic wand. The only feasible way is to learn enough to be able to imagine and implement a security policy appropriate to its circumstances.
A matter of compromise
You can always better protect its data and digital communications. There is no limit to the possibilities of attack and surveillance, or to devices that can be used to protect themselves. However, each extra protection you want to set up a corresponding effort in terms of learning, time, not only an initial effort to get started, to install the protection, but also very often a complex of Use extra time spent typing passphrases, perform repetitive and tedious procedures to focus attention on technique rather than the use that would be the computer. In each situation, there is a suitable compatibility between ease of use and the desired level of protection. Sometimes it is simply no compromise: it is sometimes concluded that the efforts would be needed to protect against a credible risk would be too painful, and it is better to take the risk ... or simply not use of digital tools to store some data or to talk about certain things. There are other ways, with proven efficacy for a long time: some manuscripts of the Bible have survived for centuries, buried in jars stored in caves...
How?
To answer the question: what set of practices, tools adequately protect me against the risks previously evaluated? For example you can do your current practices, and put yourself in the shoes of the enemy - as sickening as it is - you ask the following questions: 1. Faced with such a security policy, what are the angles of attack the most practicable? 2. What are the means to implement to do this? 3. Do you think these methods can be used by opponents? If you answer "yes" to the third question, take the time to learn about solutions that would protect against these attacks, and then imagine the changes caused by these practical solutions and security policy that result. If it sounds feasible, put yourself in the shoes of the enemy, and ask yourself again the matters set out above. Repeat this process of reflection, research and imagination to find a feasible way, a tenable compromise. In case of doubt, it is always possible to ask a trustworthy person and more skilled in the art to get into the skin of the opponent will be pleased to see that you made yourself the bulk of reflection, which will encourage definitely help you on the issues that remain beyond your reach.
A few rules
Before looking more closely at the case study and practical security policies that could be put in place, there are some principles, some large families of choice...
Simple Vs complex
Security, a simple solution should always be preferred to a complex solution. First, because a complex solution offers more "attack surface", that is to say more places can reveal security problems ... which will surely happen. Second, because a solution is more complex, it takes knowledge to imagine, implement, maintain ... but also to examine, evaluate its relevance and its problems. What is that, in general, a more complex solution, the less it will have undergone sharp eyes - and outside - to establish its validity. Finally, quite simply, a complex solution, which does not entirely in the mental space of the people who have developed, is more likely to generate security problems resulting from complex interactions of individual cases or difficult to detect. For example, instead of spending hours to set up systems to protect a particularly sensitive computer against intruders from the network, it may even possible to remove the network card physically.
White list, black list
The current reflex, when we learn a threat, we try to prevent it. For example, after discovering that such software leaves traces of our activities in such case, this site would be cleaned regularly. Up to discover that the same software also left its mark in another file, and so on. The principle of the blacklist: a list of folders that store temporary files, software that send reports, etc... And this list is completed over the discoveries and surprises, on this basis, we trying to do our best to guard each of these threats. In other words, a blacklist operates on the basis of trust-but-in-some-cases. The principle of the white list is reversed, as that is the suspicion-but-in-some-cases. It prohibits, except what is explicitly allowed. It prohibits the registration of files on the hard disk, except in one place, at a particular time. Software are prohibited from accessing the network, except certain software well chosen.
Those are the basics.
Any security policy based on the principle of the blacklist is a big problem: such a list is never complete, because it only considers the problems that have already been identified. It is an endless task, hopeless, to maintain a black list, so we can do it ourselves or we delegates to people with computer sharp skills, and something is better to be forgotten.
The problem is that despite their defects, tools based on a blacklist approach abound (as we shall see), as opposed to those based on the method white list. Implement the white listing approach therefore requires that an initial effort, it can be important, is soon rewarded: learning to use a live system that does not write anything on the hard drive without being asked, it takes considerable time, but once done it is better than long sessions of hard drive cleaning, that always inefficient because based on the principle of black list. Another illustration is provided by antivirus software, designed to prevent the execution of malicious programs. Because they operate on the principle of the blacklist, their databases must be constantly updated, always it is late. An answer to this problem, with the white list approach, is to prevent the execution of any program that has not been previously recorded, or limit the policy options for each program, these techniques, known as Mandatory Access Control, also need to maintain lists, but it is in this case white lists, and a symptom of an outdated list will be the malfunction of software, rather than hacking into the computer. Also, it is much more interesting to have the means, where possible, to rely on white lists the largest possible, in order to do lots of cool things with computers, with some confidence and build, when the white list is not adequate, solid on blacklists of known provenance, keeping in mind the intrinsic problem with the blacklists method is that will eventually complete, but sharing our discoveries.
1. The terms "white list" and "black list" can evoke a racist dimension, whether the terms themselves, or their ranking. However, it seemed unwise not to use the terms established and currently used by all programs, manuals and other technical documentation.
We're not robots
Some practices can be very demanding ... devilishly effective until we make a mistake. So as we end up necessarily make one, it is better to anticipate rather than pay the piper. For example, a USB flash drive intended for use only on computers using a free system, and we really careful not to leave, may still end up being forgotten on a table ... and be connected to Windows by a person who has confused with another. But if it was formatted from the beginning with a file system compatible with Windows, it should limit the damage... In short, we are not robots. It is better to give solid material safeguards, to impose itself as an endless vigilance - it also provides peace of mind.
Use-by date
Once you defined security policy, do not forget to review it from time to time! The world of computer security is evolving very quickly, and a solution considered reasonably safe today may well be easily challenged next year. We shouldn’t forget to think in our security policies it is important to monitor the software life which depends on: their problems, with an impact on safety, their updates , sometimes with good or bad surprises ... All this takes a little time, and as foreseen from the start.
Use case
It is enough of theories, now we illustrate these concepts with some use cases: from situations, we will indicate the method used to define an appropriate security policy. Many of the technical solutions will be explained in the following, to which we refer as needed. Concepts in this section go on the assumption that all the computers involved are never connected to networks, and especially the Internet.
Use case: a new beginning
(How to clean a computer after years of reckless practices)
Context
Consider a computer used without special precautions for several years. This machine may pose one or more of the following: 1. Hard drive keeps track of past events; 2. The operating system is proprietary software (eg Windows), and full of malware. In addition, troublesome files are stored in a perfectly transparent. Indeed, this computer is used for a variety of popular activities, some of which, dare we admit, are perfectly legal, such as:
listen to music and watch movies made over the Internet; help undocumented immigrants to prepare their cases for the prefecture; draw a nice greeting card for Grandma; manufacture of false documents menus greatly simplifying administrative procedures (inflate payroll, when you are tired of being denied rentals, apartment based apartment ') maintain accounting family; produce text, music or videos of "terrorists" - more precisely threatening, according to the European definition of terrorism a "cause [...] massive destruction [...] an infrastructure [...] may [...] to produce economic losses considerable, "" in order to [...] unduly compelling public authorities [...] to do or abstain from doing any act "for example, employees of your Telecom, in a struggle threaten to put out of harm's billing system, and thus enable users to make free phone calls.
1. Framework Decision 2002/475/JHA of the Council of the European Union on the fight against terrorism, June 13, 2002. http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32002F0475:FR:NOT
Assess the risks
What does it protect? Now we were talking of risk assessment:
Confidentiality: prevent an unwanted eye falls too easily on the information stored in the computer; Integrity: prevent such information from being modified without our knowledge; Accessibility: ensuring that information remains accessible when you need it.
Here, accessibility and confidentiality are paramount. Against whom do we want to be protected? This is important: according to the answer given to it, the policy can vary. The legal consequences This computer may be seized during a search. For example, your son has generously donated a gram of shit to a friend broke, which, after being caught, the police informed of the origin of the thing ... as a result of what your son is considered criminal trafficker drugs. Hence they search. In such cases, the computer is very likely to be examined by the police, jeopardizing the goal of confidentiality. The range of means likely to be implemented will be the policeman, turning on the computer and clicking everywhere. The legal expert will examine much more closely the hard drive; however it is unlikely that extra resources used by legal expert that usually is in the hands of special services and military centers. Burglary This computer could be stolen during a burglary. Unlike the police, the thieves may not have much to do with your little secrets ... and do not denounce. Worst of all is that they recover your data. However, it is unlikely to implement major ways to find them on the hard disk of the computer.
Define a security policy
Ask yourself now, by putting you in the shoes of the opponent, the issues outlined in our methodology.
First step: just open the eyes to see
1. It is practicable to connect the hard drive on another computer, examine its contents, and find all your little secrets. 2. Means necessary: a different computer will be used to find the bulk of your secrets, a court expert, can also find files you thought you deleted; Nostradamus deduce the date of exercise of your seedlings. 3. Credibility of the attack: high. We must therefore adapt your practice. Against such attacks, encrypt the hard drive is the obvious answer: install and use a numerical system is now relatively simple. So the steps to do would: 1. Launch a live system to do the following in a relatively safe: o temporarily save the files that need to survive from the spring cleaning; on an external drive or an encrypted USB drive o eject / unmount and disconnect the external storage o Delete "for real" the entire internal hard drive of your computer. 2. Install a free operating system, especially the installation program to encrypt the hard disk, with virtual memory (swap) included. 3. Copy data previously saved to the new system. 4. Establish what is needed to delete files in a "secure" way. 5. Clear the files that are on the backup media temporarily, which may eventually reuse. And then from time to time, be sure that deleted data without special procedures are not recoverable in the future. It will also ensure regular updating of the system to fill the "security holes" that could be used by malicious software. This route seemed feasible.
Second step: the dresser drawer was not encrypted
1. The equivalent of the files sought to be protected behind perhaps in the next room, in the third dresser drawer, on paper or on a memory stick. 2. Necessary means: search, burglary, or other cold call. 3. Credibility of the attack: high, it is precise
4. Against this kind of situations we are trying to protect here. Again, there is a security policy must be thought as a whole. Without a minimum of reasons in practice, there is no point to bother to type passphrases long as a day without bread. It is time to sort the papers in the drawers, and clean up any USB key, CD, DVD with data we now calculate: 1. 2. 3. 4. save to support the encrypted data to be retained for USB sticks and external hard drives: delete content for real for CD and DVD: destroy and dispose the waste Decide what to do on previously saved data: the copy on the hard disk or newly encrypted archive.
Third step: the law as a means of coercion
1. The police have the right to require you to give access to encrypted information, as explained in the chapter on cryptography. 2. Means necessary: sufficient persistence in the investigation to enforce this law. 3. Credibility of the attack is still depending on the police to find incriminating evidence on the computer. Within the strict framework of the investigation by the gram of shit, it's unlikely but not impossible. If the police comes to demand access to encrypted data, will arise in practice, this question do information in the computer incur more risk than the refusal to give the passphrase? It depends how we feel. Give in this situation, do not talk about encrypting whole point of hard drive: he can at least find out what was revealed. That said, it may be appropriate to organize them to live under such a delicate situation: the new goal could be to have an enough "clean" hard so that it is not the disaster if we give it to the law, or if the cryptographic system used is broken. As a first step, it is often possible to compromise on access to files on completed projects which we will not need often, we treat this in the case of use of the archive, and it is good to study after this one. Then, the question of compartmentalization arises, in fact, it is possible to increase overall security, again, the security level of all activities carried out ... it would be too painful to use. It is therefore necessary to specify the respective requirements in terms of confidentiality for these various activities. And from there, to sort out and decide which, more "sensitive" than others, should receive preferential treatment.
Step Four: Networking
All concepts in this section are valid for a computer offline. Other angles of attack are conceivable, if connected to a network. In the next section of this guide book we explain the study in details.
And beyond these problems, several angles of attack are still possible against such a security policy.
Angle: a breach in the encryption system used
As already explained in these pages, any security system is eventually broken. If the encryption algorithm is broken, it will make the headlines, everyone will know and it will be possible to react. But if its implementation in the Linux kernel is broken, it will not go in release distribution. It is better that only experts in computer security be informed. For example, a way to stay current is to subscribe to security announcements of Debian website 1 . The emails received in this way are in English, but they give the address of the page where you can find their other translation. That said, even if the encryption system used is "broken", it is still necessary that the opponents know it ... policeman will know nothing but a legal expert, though. Moreover, in the radius science fiction, remember that it is difficult to know what advances have military and government agencies - like NSA.
1. The mailing list is named Debian-security-announce. http://lists.debian.org/debiansecurity-announce
Angle of attack: cold boot attack
1. Angle: the cold boot attack is described in the chapter on traces. 2. Means necessary: physical access to the computer while it is on or off recently, for example during a search. 3. Credibility of the attack depends to our knowledge; this attack has never been used, at least publicly, by the authorities. So its credibility is very low. It may seem unnecessary to protect against this attack in the situation described here, but it is better to take, now, good habits, rather than have surprises in recent years. What habits? Here are some that make more difficult the attack:
turn off the computer when not in use; be possible to cut the power quickly and easily: switch easily accessible power strip, remove the battery from laptop when it is plugged in (... then you just have to unplug the power cord to turn off the machine); Make access to the compartment containing the RAM of your computer longer and more difficult, for example by gluing / welding.
Angle: the eye and video surveillance
Data confidentiality based on the fact that the passphrase is kept secret. If it is typed in front of a video surveillance camera, an adversary with access to the camera or its potential recordings can discover this secret, then enter the computer and access the data. A watchful eye in a bar could see the passphrase as it is typed. Such an attack requires monitoring who uses this computer, until one of them types the passphrase in the wrong place. It may take time and it is expensive. In the situation described here, such an attack is pure science fiction at present, few organizations able to implement means, apart from various special services: anti-terrorism, espionage... To guard against such an attack, you should:
choose a long passphrase , making it impossible to recall "on the fly" by a human observer; Check around, looking for potential eye (human or electronic) side, before you type the passphrase.
Angle: the non-encrypted and BIOS
As explained a "cipher" is not entirely: the small program that asks us to start the encryption pass phrase from the rest of the data is stored unencrypted on the part of the hard drive called boot. An attacker with access to the computer can easily, within minutes, modify the software, install a keylogger, which will retain the passphrase to pick it up later, or simply send it through the network. If this attack is mounted in advance, the adversary can decrypt the hard drive when he will hear the computer during a search for example. The means to this attack are: there is no need to be Superman to get access for a few minutes, the room where the computer resides. The only protection against this attack is feasible to store the startup programs, including this little non-encrypted file ( /boot ) 1,2 on external media like a USB key, which will be permanently stored in a safer place as the computer. It is the integrity of the data, not confidentiality, which is then protected. This practice requires a lot of skill and discipline; we do not develop in this guide. In next section, we show how to have complete installation of operating system in your USB key. Such practices is useful when once obtained physical access to the computer, if /boot is not available and therefore not modifiable. It is possible to perform the same type of attack on the BIOS of the machine. This is slightly more difficult, because it depends on the model of computer used, but it's possible. We know no way to protect them.
1. http://www.bootdisk.com/bootdisk.htm 2. https://help.ubuntu.com/8.04/installation-guide/i386/boot-usb-files.html
Angle: malware
We learned in a previous chapter that the software installed on a computer without our knowledge can steal data. In this case, such software is able to transmit the encryption key from the hard drive to an opponent ... then he will get through this key, access to encrypted data, when he has physical access to the computer. Install malicious software on the Debian system discussed here requires the skills of the highest level of the attacks discussed above, but also more prepared. Such an attack is therefore, again,
science fiction, at least in regard to the situation at hand. In other situations, it should sometimes be extremely careful about the source data and software that is injected into the computer, especially when connected to the Internet... The recipe for installing software provides some useful leads on how to properly install new software.
Angle of attack: brute force
Attack to a cryptographic system by "brute force" is the simplest, dumbest and slowest ways. But is usual when you cannot implement another kind of attack... For hard drive encrypted in step 1, it takes considerable time (many years) and/or a lot of money and specialized skills ... at least if the passphrase is strong. Even if an organization is ready to use many resources to access your data, they rather to set up one cheaper and equally effective, listed above of the attacks.
Working on a sensitive document
Context
After a fresh start of the computer used to carry out this project that was equipped with an encrypted system, then you need to work on a particular project, the more "sensitive", such as:
a leaflet must be written; a poster should be drawn; a book must be design then exported to PDF; leakage of information must be organized to reveal the awful practices of an employer; A film must be edited and burned to DVD.
In all these cases, the challenges are much the same. Since it would be too difficult to increase the overall, again, the security of the computer, it was decided that this particular project should receive preferential treatment.
Conventions vocabulary
Subsequently, we will name:
Working files: all files needed to carry out the work: images or footage used as bases, documents saved by the software used, etc..; The work: the final result (leaflet, poster, etc.).
In short, the raw material and finished product.
Assess the risks
We now try to define the risks that expose the practices described in this use case. What does it protect?
Confidentiality: ensuring that no unwanted eye finds the work too easy and / or work files; Integrity: ensure that these documents may be changed without our knowledge; Accessibility: to ensure that these documents remain accessible when needed.
Here, accessibility and confidentiality are paramount. Accessibility is important, because the main objective is still to achieve the work. And term of confidentiality, it all depends on the publicity of the work. Restricted to work If the content of the work is not completely public or completely secret, we hide both the work and work files. Publicly disseminated work If the work is intended to be published, the issue of confidentiality is reduced to that of anonymity. Working files better go under the carpet: in fact, discovered information on a computer reveals that its owners have done the work ... with potentially unpleasant consequences this may have.
But that's not all: if the work, or intermediate versions are stored on this computer (PDF, etc...), Date of creation is most likely stored in the file system and the metadata. The fact that this date is prior to the publication of the work can easily bring adversaries to draw conclusions about its annoying genealogy. Against whom do we want to protect them? All possibilities described in this guide: the computer used to perform the work can be stolen, more or less accidentally, by any cops or robbers.
Addicted to Windows?
The first question that arises is: which operating system to use? It depends, of course, the software used for this project: If you are running GNU / Linux, continue reading this chapter to study the options available to us. If you work only on Windows (unfortunately), there are still feasible paths that can limit the damage. Come to see what this road looks like, ignoring the following paragraphs, which are dedicated to GNU / Linux.
An overview of available tools
Problems to the initial situation are the same as “a new beginning.” But before putting on the table your potential security policies, we are launching a quick overview of available tools and methods. Blacklist vs. white list We have already seen an encrypted Debian system; it retains fewer traces of our activities on the hard disk. The problem with this approach is that it is a type of "black list", and we have explained the limitations in these pages: regardless of the time, regardless of expertise we put on work, even with an especially understanding of the bowels of the operating system, we always forget one little option hidden, there will always be unwanted traces which we had not thought of. Instead, some live systems operate on the principle of "white list" as we do not explicitly request, no trace is left on the hard disk.
Consider only the standard "confidentiality"; the live system is better than installation version. Live system problems A live system has its value, but also is a source of inconvenience. For example, if our favorite software not given in the live system, which is indispensable to the project must:
Authors of the live system could add the desired software; install the software in the live system at the beginning of each work session; Build a custom version of the live system, integrating the software, which is not (yet) an easy operation to the time of writing.
... And it happens that none of these solutions is feasible without risking a nervous breakdown. However, the other hypothesis is not easy: to limit the traces of an encrypted Debian system – it means that extend the blacklist of undesirable marks - is an infinite task, which in addition requires a good understanding of the operating system, and the results still largely unsatisfactory. Therefore, most experienced people who participated in the writing this project now advise the use of live systems suitable for working on sensitive documents ... as far as possible.
Some tips to decide
Let us now try to dispel the confusion that has been created by this overview. It is not always easy to decide between these two options. If required software for the project is installed on your favorite live system, then the answer is simple: use it as much as possible. This is the safest and, in this case, less difficult to implement. In this case, we will discuss a security policy based on it. Otherwise ... it gets complicated. We gave three tracks there is little to use still a live system that is missing software: ask the authors of this system to fill the lack; install the missing software each time you use the live system, or make a customized version of the live system. Although they require effort, these tracks deserve to be tried and that’s why we list them. If any of these works, the question is answered, it is sufficient to establish a security policy based on the use of a live system. If the hypothesis of the live system seems at this stage, hopelessly impractical, we will have to make our decision, like it or not, to do without live system ... and limit the damage as much as possible and this case should be taken carefully and consider a security policy based on Debian encrypted .
Note that it is possible to install a Debian in Virtual Box, but this is for experienced users.
Working on a sensitive document with a live system...
After presenting the context in the beginning of the use cases, we have decided to use a live system, and now it is time to explore its limits.
The live system
All systems are not particularly live for the practices. It is therefore important to choose a specifically system designed to (try to) leave no trace on the hard disk of the computer which it is used. The tool on how to use a live system provides a method to select, download and install a live system "discreetly".
The USB key
All sensitive documents will be stored on a removable storage medium such as a USB drive. Most operating systems keep track, like the serial of the USB drives that are connected. So it is best to bring a new USB key that will never be connected to something other than a live system. This USB drive must be encrypted. The encryption operation must therefore also be done from the chosen live system. For this, we must start the live system previously installed, and then follow the steps needed to complete the encryption of USB.
Limitations
Some limitations common are to this method and that based on an encrypted Debian that is discussed below.
Working on a sensitive document on a Debian encrypted...
After presenting the context in the beginning of this guide, and we decided, despite all the problems it poses, not to use a live system, we are now trying to find a way to limit the damage somewhat.
Step one: where one starts
After a fresh start, the computer used to conduct this project was equipped with an encrypted system. Consider also the second step (the dresser drawer was not encrypted). All of steps mentioned above remain under construction, which detailed the main possible attacks in this situation. We are now trying to deal with some of them.
Second step: the drawers full of holes, but still drawers
The third stage of the new departure suggested to have a hard enough "clean" so that it is not a disaster if we give it to the law, or if the cryptographic system used is broken ... and that's what we trying to do. As a first draft, here is a possible method: 1. Before starting work on this particular project, create a new user, which will be dedicated on the Debian system. 2. The whole session on this project must take place by logging on the system, as the dedicated user. 3. Any working file associated with this project will be stored on removable media and encrypted (USB key, external hard drive). 4. At the end of the project, will be cleaned: o archive files that are worthwhile, already stored on external media encrypted, but other aspects are taken into account: So it is still necessary to refer to use cases o Delete "for real" external media encrypted; o Delete the system user dedicated to the project; o Delete "for real" files belonging to that user on the system's hard drive; o Delete "for real" free space on the hard drive. Most of the more obvious traces of this project are separated from the rest of the system:
work files are stored encrypted on external media, which can be conveniently "put away" when not in use;
Configuration files of the dedicated user, and the history of his operations, are stored in his personal file.
These two locations are properly cleaned when the project is completed, if the disaster (if your system is in the law hand and they discovered a problem in the cryptographic system) comes after the fact, residual traces on the hard disk will be less obvious and less likely that if we had done it in the ordinary way. To establish such a working method look at use cases include:
create a user ; encrypt a USB drive ; archive a completed project ; Delete a user ; Delete "for real”.
Step Three: holes, our drawers?
Now consider the holes that weaken the drawers of the previous step. If the disaster occurs during the project If the disaster occurs during the project, the hard drive of the computer certainly does not contain explicitly, work files, but it contains all the tracks. Without evidence, it is probably sufficient for anyone 1 to build a firm belief about the nature of the work. If the disaster happens later Even if the disaster happens after the project ends, and after cleaning recommended here, it would be wrong to feel immune, because as the beginning of this guide explains, the major disadvantage of the method described here is that it is based on the principle of black list, a principle widely criticized in these pages ... and there will always undesirable marks, which we did not think, on the hard disk of the computer used, in addition to those we know well now : newspapers, RAM and "virtual" automatic backups. ... And even more complicated than that Some limitations common to this method that based on a live system are discussed below.
1. The baker of the village, the journalist of Le Figaro, even a judge.
Working on a sensitive document on Windows...
After presenting the context in the beginning of this guide and we decided using Windows, despite all the problems it poses, we are now trying to find a way to limit somewhat the case.
Starting point: windows or a sieve of security holes
Start a computer as the classic from a hard disk where Windows is installed. We will not dwell on this; the first part of this work has extensively described the many problems it poses. Windows is a sieve, in short, full of security holes. One can imagine sticking a few patches on the sieve. A hard disk is hidden and can be dismantled. But there are times when it is used, sometimes days or weeks. This patch is based on two assumptions:
We're lucky. It is sufficient that the accident (search, burglary, etc...) Occurs at the wrong time. Our discipline is quite strict. Indeed, if we forget or we do not take the time to go "store" the hard drive when no longer needed, and the accident occurs, that time is lost, end of the game.
In addition, tools exist to encrypt data on Windows. Anyway the fact remains that those tools must rely on the features offered by the black box that is Windows. We can not therefore be wary, and in any case, Windows will have access to our data clearly, and no one knows what it can do. To conclude this short tour in the court of doubtful miracles, adding that; the only "solution" in this case would be a black list approach, including the crass inefficiency has been explained previously.
Second step: Windows in a locked compartment (almost) tight
A serious solution would be to run Windows in a sealed compartment, and open it when needed knowingly, through a door to allow it to communicate with the outside so strictly limited. In other words, implement this solution based on a logic type of white list: nothing could enter or exit from Windows; we allow exceptions on a case by case reflecting on their impact.
Virtualization one can implement such systems. This is a set of techniques that allow hardware and software to run multiple operating systems, separately from each other (almost) on a single computer as if they were working on separate physical machines. It is relatively easy these days to run Windows inside a GNU / Linux, by cutting all network access at the same time - especially in the insulation of the Internet. Caution: It is advised to read this entire chapter before rushing on practices; description of the hypothesis is quite long, and its limitations are discussed at the end of this chapter. It would be a shame to spend four hours to follow these recipes, before realizing that any other solution would, in fact, more appropriate. Begin by summarizing the proposed hypothesis. The idea is to run Windows in a sealed compartment inside an encrypted Debian system like that has been mentioned before. What will be the hard drive for Windows; it is actually a large file, stored next to all our other files on the hard drive of our encrypted Debian system. This file, which really has nothing in particular, called a virtual disk image, sometimes abbreviated as a disk image. The fact is that this pseudo-disk is a file, which more accurately describes the proposed procedure.
1. For more information, see: Wikipedia on the subject. https://secure.wikimedia.org/wikipedia/en/wiki/Virtualisation
Install Virtual Box
We describe how to install Virtual Box software, which will be used to run Windows in a sealed compartment.
Install "clean" Windows in Virtual Box
Prepare an own virtual disk image: this guide "explains how to install Windows in Virtual Box by cutting off all network access from the start. From that time, we call Windows system invited by the encrypted Debian system, which in turn is the host.
Install the necessary software in the "clean" Windows
Now in the "clean" Windows you need necessary software 1 for the works: it will avoid it again at the beginning of each new project ... and it will prevent to use a "dirty" Windows image for a new project. Since the guest Windows is not allowed out of the box to get the files itself, it is necessary to send from the "outside" the necessary software installation files. Such an operation will also be useful later, to send all kinds of files. For now, as we are preparing an image of 'clean' Windows as the basis for each new project, do not hurry up at all, and let to send only what is needed to install the software you want. Create, on the host system, a folder named Windows Software, and then copy only the files needed to install the software you want. Then share this folder with the guest Windows, without making the division permanent recipe “send files to the virtualized system, " that explains how to do it practically. And regarding to the installation of the software within the guest Windows: a person who is addicted to Windows enough to read these pages is, undoubtedly, more competent than those who write these lines. Caution: Once that's done, it is imperative to do nothing else in this virtualized Windows.
1. If it is necessary to hide who produces films, having video editing software can be compromised because it would be difficult to deny the activity if necessary.
Freeze "clean" Windows
Now Freeze the disk image that has been prepared, it means: We save it in a corner. Thereafter, it will no longer serve as a starting point.
New project, new beginning
A new project requiring the use of starting Windows, here's what happens: 1. Clean the disk image is cloned to give rise to a new disk image, identical in all respects, is thawing; 2. the new disk image, after thawing, can now be started as a watertight compartment, it will be used exclusively for the new project, and is now a dirty image; 3. In this new dirty image, a new Windows user is created, the name given to it must be different each time of a new project and that user will be used exclusively for this new project. This is because the software tends to write the name of the current user in the metadata files that are recorded, and it is better to avoid making possible untoward overlap. The technical information for creating a new virtual machine from a clean image is explained in details. Now that we have a watertight compartment, see how to open doors selectively, as needed.
How to send files to the imprisonment Windows?
Since the guest Windows is not allowed out of the box to get the files itself, it may be necessary to send it from the "outside", for example:
Raw material ( images or text from other sources); Software required for new project, and not in the thawed virtual image.
We have already seen how, but it was a very special case: the installation of new Windows software in a "clean" guest. Share files with a "dirty" Windows requires more thought and care, we will now study it. The approach is slightly different, depending on the medium, to import files (CD, DVD, USB folder on the encrypted hard disk system), but the precautions for use are the same:
Windows should only have access to the files you want to import. This is not about to give it access to a folder that contains, pell-mell files for projects that should not be cut between them. That means starting with a separation phase and storage. When Windows needs to read (copy) the files in a folder, it is given only read access to that folder. You give the right to write to Windows here or there, it will leave the least annoying trace.
Note that, when deciding to share a folder on the host system with a guest Windows, Virtual Box proposes to make the permanent division. It avoids re-handling whenever it is necessary to send a file to the guest Windows, but it involves the risk of drop files in that folder without thinking that they can be read by Windows and its minions. Therefore, to avoid mix brushes, we recommend:
create a folder to import the project; name this folder as explicitly as possible, for example: readable file by Windows; Never share other folders with the guest Windows.
The section “send files to the virtualized system" explains how to do it practically.
How to get files from the imprisonment Windows?
The guest Windows is not allowed, by default, leaving traces outside its sealed compartment. But almost inevitably comes when it is necessary to make out the files, and then we need to allow, explicitly for example:
To take the box to copy, or at the printer, exporting a PDF file; To send project on DVD, or the freshly made film.
When you need to get a CD or DVD not encrypted, and the host machine is equipped with a burner, just "lend" this device, temporarily to the guest Windows to burn on this system. There is no requirement to recover the files to a non-encrypted, it is possible to export them to an empty folder, dedicated to this use, and store on an encrypted volume that can be:
an encrypted USB key, which activates on Debian by typing the same passphrase; The hard drive of Debian which is encrypted by the host office.
This dedicated folder will be shared via Virtual Box with the guest Windows. Emphasize the words empty and dedicated: Windows can read and edit this folder content, and it would be wrong to allow it to play back when we only need to export a file. To avoid mix brushes and limit contagion, we recommend:
create an export file per project; name this folder as explicitly as possible, for example: Directory where Windows can write; Never share other folders with the guest Windows, apart from the import folder that is necessary as mentioned in the previous paragraph.
Sections “recover files from a virtualized system "and" encrypt a USB "explain how to do it practically.
When the project is completed
When this project is completed, it is necessary to clean, but all above: 1. The resulting work is exported to the appropriate media (paper, VHS, etc..), with the help of the preceding paragraph that explains how to get files from the guest Windows; 2. If necessary Work files are archived. Then it comes the time of spring cleaning, eliminating as much as possible traces of the completed project from the host system:
The image of dirty disc is removed and delete the Virtual Box "for real"; Imported file is deleted "for real"; The export folder is deleted "for real" ... after checking for last time, that everything must be kept has been archived elsewhere.
Sections “erase disk images "and" delete files "explain how to perform these operations.
Another new project?
If a new project you want to do and it requires also using Windows, do not reuse the same dirty Windows. Begin it on new disk image and new windows.
Third stage: possible attacks and measures
The hypothesis described above is based on the use of the Debian as host, in the first stage. All attacks on the encrypted Debian are applicable to this solution. It is now time to study the corresponding cases, especially from the second stage. Back again? But it is good. If, despite these concerns, the assumption that we have just described seems to be an acceptable compromise, it is now necessary to learn about the limitations shared by all alternatives considered in this case to use. Suppose that one of the attacks described from the third stage “seems credible. If successful, the contents of the encrypted hard disk of the host system would be readable clearly by the attacker. Yet our work files contained in the virtual disk image used by our guest ... Windows is a ambiguous file on the hard disk of the host system. These work files, and any trace recorded by the software used in Windows, and then become readable by the attacker. We will consider two tracks to limit the damage. One is to type "black list", the other is a "white list".
Store the virtual disk image out of the hard disk Of the host system
One idea is to store virtual disk image used by the Windows guest out of the hard drive of the host system. For example, on an external encrypted hard drive. So even if the disk is decrypted on the host system, our work files remain inaccessible ... as long as the external hard drive that contains them, properly "stored." This approach is to type "black list" with all the problems it poses. Work files and Windows are certainly taken from the host system's hard drive, but do not forget one thing: these data will be used by software run by the host system, namely: VirtualBox. In next we explain that still various traces remain, on the internal hard drive of the computer used. To follow this track:
Learn about the limitations shared by all alternatives considered in this case to use; Refer to the recipe used to encrypt an external hard drive.
Use a live system as host
The counterpart of this approach "blacklist" is a solution of type "white list", combining the use of a live system, and storing virtual disk image on an encrypted external hard drive. To follow this track:
learn about the limitations shared by all alternatives considered in this case to use; Refer to the recipe used to encrypt an external hard drive, and one that explains how to use a live system.
Common limitations to these security policies
Any security policy studied here is vulnerable to a number of attacks. It is based on an encrypted Debian system, a live system, or the spell of the infamous Windows. Steps 4 and 5 of the new start are exploring some of the imaginable attacks, in science fiction; it is depending on the time, place, actors and circumstances. Now is the time to read them again with open eyes.
Moreover, the " issues "addressed in the first section, are relatively general, so it may be appropriate to reconsider the actual situation precisely, for example in particular cases of electricity, magnetic fields and radio waves , and the effects of different cookies .
Use case: archive a completed project
Context
A significant project is near to complete, for example, a book was printed and a film was edited, compressed and burned to DVD. In general, there will be no longer necessary to access permanent work files (high-resolution imagery, uncompressed footage). In fact, it may be useful to be able to find them later, e.g. for a repeat, an updated version... Suppose that a system is particularly susceptible to attack that is frequently used as extracting information from the computer that rarely used in daily use. Moreover, it is easier to deny any links to files when they are stored on a USB stick.
Is it really necessary?
The first question to ask before archiving such files is: is it really necessary to keep them? It is sometimes the best solution.
Assess the risks
What does it protect? When we were talking of risk assessment, we should consider these cases:
Confidentiality: prevent an unwanted eye falls too easily on the archived information; Integrity: prevent such information from being modified without our knowledge; Accessibility: ensuring that information remains accessible when you need it.
Here, accessibility is secondary for privacy: the whole idea of archiving: making data access more difficult for everyone to give them a better confidentiality.
Against whom do we want to protect them? The risks considered in our “new beginning "apply here as well: a burglary, a search; that is not directly related to protecting information you want here. Add to these risks, the possibility that the book, film or any other product is related to Commissioner, Minister, CEO or equivalent. It happens. Assume that:
That authority has heard evidence to suspect him who committed the masterpiece; This authority is able to mandate a cohort of heavy armed men, in the morning on the homes of suspects.
Such an inappropriate intrusion will lead to a minimum, the seizure of any computer equipment that can be discovered. This material will then be given by the intruder to other henchman authorities, who practice a kind of autopsy to uncover the data on this material.
Method
The simplest method at present is: 1. Create a USB key or external hard drive encrypted ; 2. Copy the archived files to this device; 3. Delete and overwrite the contents of working files. After these steps, the key or hard drive can be stored in a place other than the computer used commonly. One might consider using CD or DVD, for their low cost, but at present it is more difficult to quantify correctly the data on these media.
What is a pass phrase?
Since the files will be stored in encrypted form, it is necessary to choose a passphrase. However, since the purpose is archiving, the passphrase is not often used. And a pass phrase often used is likely to be forgotten ... making it impossible to access the data. Faced with this problem, we can consider some ideas. Write the passphrase somewhere The difficulty is, we should store this document in order to find it ... but not for others to locate and identify it as a passphrase.
Use the same passphrase for its system daily The passphrase of daily system, if it is encrypted, is a phrase that saved regularly, which is likely to remember. For cons:
If one is forced to reveal the common passphrase, access to the archive is also possible; It is necessary to have very strong confidence in the computers which you will access the archives. Otherwise, one can get "bitten" without his knowledge, the passphrase; can then be used to read not only archived information, but also all data stored on the computer.
Share the secret to many It is possible to share a divided secret to many. This requires several people to gather to gain access to archived content: it can make it difficult for both desired and undesirable access.
A hard drive? A key? Several key?
Depending on the choices made above, including the passphrase, one wonders what media to use. Knowing that technically, now the easiest way is to have a single passphrase support. An external hard drive can hold more data than a USB key, and is therefore sometimes necessary: to archive a video project, for example. Store several projects on the same support allows you to simplify the task, but it becomes difficult to separate the projects according to the desired levels of confidentiality. Moreover, by doing so, people can access the archives of a project also have access to others, which is not necessarily desirable. Furthermore, if the passphrase is a shared secret having a support that can be transmitted, is much easier access to people who share the secret.
Tools
In this third part, we will explain how to apply in practice some of the tracks mentioned above. This part is a technical appendix to the previous: once understood the issues related to privacy in the digital world, once selected the appropriate responses, remains the question of "How?” which this Annex provides some answers.
Effective Use of methods
The tools and recipes that follow are very partial solutions, which are not part of a set of practices articulated consistently. Dip into the toolkit without having previously studied the part about choosing an appropriate response and set a security policy, is a wrong way to solve a particular problem.
You can’t please everyone
Assume, for most recipes in this guide, we use GNU / Linux with the GNOME desktop have been written and tested under Debian GNU / Linux 6.0 (codename Squeeze). However, these revenues are generally prepared with other Debian based distributions, such that Ubuntu: http://www.ubuntu.com/ or gNewSense: http://www.gnewsense.org/Main/HomePage . If one does not use GNU / Linux, may refer to use a new start or use a live system.
The correct interpretation of tools
In a number of tools, procedures are presented step by step, and explain, whenever possible, the meaning of the proposed actions to perform.
Use a terminal
Often, we use a personal computer by clicking on menus and icons. However, there is another way to "talk" by typing bits of text that are called "commands". We call this way of interacting with a computer "terminal", "shell" or "command line". This guide seeks whenever possible to avoid the use of this tool, which is quite confusing when you are not used to. However, its use has sometimes been necessary.
What is a terminal?
A detailed explanation on the use of command lines is not the purpose of this guide, and the Internet is full of tutorials and courses one . However, it seems necessary to ask some basics on how to use it.
So we'll just start by opening a terminal: a standard GNOME desktop, simply click Applications → Accessories → Terminal. A window appears that says: LOGIN @NAME_ OF_ THE_ MACHINE: ~ $ At the end is a square, called "slider", which is where to enter the command text. Specifically, with the login name roger and a machine named debian, there will be like this: roger@debian:~$ █ It is from this state, called the "command prompt", which can directly type the commands you want to run on the computer. The net effect of these commands is often the same as that which can be obtained by clicking the right place in a graphical interface. For example, if in the terminal you just opened, we type gedit as an input, the result is opening a text editor. We could have done exactly the same thing by clicking Applications → Accessories → Text Editor gedit. By cons, we can’t enter a new order in our terminal as they will not leave the text editor. In this guide, the t the terminal is mainly used to perform actions that are not offered by graphical user interface (GUI) for now.
On orders
Orders are orders as we give to the computer through the terminal. These "command lines" have their own language, with their words, letters, and their syntax. Some remarks on the subject are therefore useful.
Syntax An example, taken from a tool that will be presented later: sfill -l -v /home ^^^^^ ^^ ^^ ^^^^^ program option option argument In this command line, you can see, in order:
Command is called sfill. The command is usually an installed program on the system;
Two options, -l and -v that modify program behavior sfill. These may be optional depending on the program (and beginning with a dash or two for them to be distinguished); An argument /home, which states that on which the command will work. There may be several, or none, depending on the order.
Each of these elements must be separated from the others by one (or more) space (s). So there is a space between the command and the first option, between the first option and the next, between the last option and the first argument, between the first and subsequent arguments, etc. To know the available commands, their options and arguments, no mystery: each order normally has a manual page. To access, simply go to System → Help and then in man pages. But these may be difficult to understand in appearance of technical, and are usually available in English.
Inserting the path of a file When using a terminal, it is often necessary to specify folders and files. It is talk of "path" because it usually describes which folder and subfolder is a file. To separate a file in it, use the character / (pronounced "slash"). As an example, here is the document path recipe.txt which is located in the Documents folder of the account's alligator: /home/alligator/Documents/recipe.txt Like many commands expect the file names as arguments, it becomes tedious to type their full path names by hand. There is one simple way to insert a path: when you catch the mouse icon to a file, and it is moved to release the terminal, the path is written where the cursor is. However, this works with real files or folders and will not work, for example, for files in the trash, the folder icon on the desktop or USB keys.
Execution Once we have entered an order, we ask the computer to the "run" by pressing the Enter key.
End or interruption of the order The execution of the command takes more or less time. When completed, the terminal always returns to the state it was before it issues the command, the "command prompt"
roger@debian:~$ █ We then say that the terminal "makes by hand.” If you want to interrupt the execution of an order before it is finished, you can press the Ctrl key and while keeping this button press the C key. Then the order is stopped immediately, just like when you close the window of a program.
Typography Most of the symbols used to enter commands are full of common symbols. When a command uses the symbol " - " it is only the" dash "that can be obtained by typing. Other symbols are rarely used outside the terminal, but are available with standard keyboards. They are even shown on the keyboard, and accessed using the right Alt key, denoted AltGr. Here, based on a standard PC keyboard French, the correspondence of a few buttons with the symbols they write and their names (although some will actually be used in this guide):
Keys AltGr + 2 AltGr + 3 AltGr + 4 AltGr + 5 AltGr + 6 AltGr + 8 AltGr + 0 AltGr +) AltGr + =
Result ~ # { [ | \ @ ] }
Symbol name tilde sharp brace left bracket pipe backslash at sign right bracket right brace
Names to replace Sometimes we will name something that has been found for later use. For example, suppose that the identifier is LOGIN. We're working under the identifier: daisy. When you write "type LOGIN replacing LOGIN ID by its own account ", it will actually hit daisy. If you type LOGIN, it will not work...
Terminal? Terminal administrator?
In the menu Applications → Accessories there are two inputs to obtain a terminal: Terminal and Terminal administrator. The first allows a terminal works only with usual command. It therefore cannot be used to perform special operations such as creating an encrypted partition. The symbol at the end of the "command prompt" will be one dollar ( $ ). The second command provides a terminal with administrative rights. This is also called a root shell that will have access to the entire system, without restriction ... with the risks involved. The symbol at the end of the "command prompt" is a hash ( # ).
Another warning
Moreover, orders must be typed accurately. Forget space, omit an option, the wrong symbol, be inaccurate in an argument changes the direction of the order. And as the computer does exactly what is asked, if we change the order, it will do exactly nothing...
Exercise
We will create an empty file named "test", which will then remove. In a terminal, enter the command: Touch test And press Enter so the computer executes it. The command: touch gave the order to create an empty file; the argument test gives the name of this file. No options are used.
One can then verify the file was created by running ls (which means "list"): ls Once the order is initiated, the computer responds with a list. On the one used for testing, we have: Desktop test Desktop is the name of the file that already existed, and test is the file name that you just created. Another computer could have responded with many other files in addition to Desktop and test. That meets the command ls is just another way to see what can be obtained elsewhere. By clicking on the desktop, the icon of the personal file, it may be noted in the file browser the appearance of a new icon representing the file test that you just created... We will now delete this file. The command line to do is a general syntax: rm [options] DELETE_ A_ FILE_ NAME We will use the option -v. To insert the file name to be deleted, we will use the trick given above to specify the path of the file. We will therefore:
type rm -v in our terminal, type a space to separate the option -v of the sequence, In the Personal Folder window, we will take with the mouse the icon of the test and place in the terminal.
Similar to windows that we use: “del name of the file” (by drag and drop in command prompt called CMD) At the end of this operation, we should get something like: rm -v '/home/LOGIN/test' We can then press the Enter key and see that the computer responds: « /home/LOGIN/test » deleted This indicates that it has deleted the requested file. You can still check his absence by launching a new ls : ls
you should note the absence of test in the list. On the same computer as earlier, this gives: Desktop And the icon should also have disappeared in the file browser. Apparently it was removed ... although, as explained in the first part, the content still exists on disk. As it was an empty file named "test", we can say that this is no big deal.
Watch out for signs!
Most shells automatically log the command line that was typed in a "history". It is convenient to find the latest order that we could use, but it also leaves a trace on the disk of our business. The standard shell in Debian is called bash. To temporarily disable the recording of history in the terminal that is used, simply do: unset HISTFILE Furthermore, the commands are stored in the cookie .bash_history (found in the personal file). We therefore might want to clean from time to time.
To read more
This first experience could be the beginning of a long passion. To maintain it, nothing better than taking the time to read “Starting console " and using the terminal in Linux from related websites.
1. http://ubuntu-en.org
Choose a passphrase
A passphrase is a secret that is used to protect encrypted data. This is used to encrypt a hard drive, documents... When we speak of a password, we consider a pass phrase must consist of at least 10 words. A good passphrase is a passphrase which one can remember, and must be impossible to guess. A simple technique to find a good passphrase difficult to guess, yet easy to remember is to use song lyrics: 1. We often do not sing aloud. 2. Avoiding the chorus, find a verse that you like. 3. Consider this verse and transform it somewhat. For example, we can put the punctuation, replace the words by writing SMS, etc.. Whenever we need to type the passphrase, we sing our own song (mentally). It is best to avoid accented characters or other symbols are not directly available on a U.S. keyboard. This can avoid problems with missing buttons, and especially bad character encoding. For example: There's a dark secret in me don’t leave me locked in your heart We can transform it like this: There is a DARK secret in me: do not leave me locked in Ur heart! I am sure you can find numerous methods to use complex passphrase.
Boot from a CD or USB stick
We'll see how to start a PC to external media, such as a Debian installation CD or a live system on a USB key. This is played early in the boot of the computer in the BIOS. We have seen that it selects the device (hard drive, USB drive, CD-ROM, etc.), Where you want to use the system.
Try simply
Put the CD in the drive, or connect the key, and then (re) start the computer. Sometimes it works alone. If it is working, reading more is useless!
Trying to choose the boot device
Of the recent BIOS, it is often possible to choose a boot device on an individual basis. (Re) start the computer by looking carefully at the very first messages that appear on the screen. Search for messages in English that look like:
Press [KEY] to select temporary boot device [KEY] = Boot menu [KEY] to enter MultiBoot Selection Menu
These messages say to use the key to select a boot device. This key is often F12 or F10. On the Mac, there is an equivalent of this option: immediately after turning on the computer, you must press and hold the alt key (sometimes labeled option). After a while, you should normally appear the Boot Manager. Let back to our PC. Often, the BIOS is going too fast, you do not have much time to read the message, understand it and press the key. Never mind, once identified the correct key, reboot the machine and press the question (do not press and hold, but press and release several times) when turning on the computer.
With a little luck, a message like this appears: +----------------------------------+ | Boot Menu | +----------------------------------+ | | | 1: USB HDD | | 4: IDE HDD0: BDS GH87766319819 | | 8: Legacy Floppy Drives | | | | <Enter Setup> | If it works, you win. Choosing the right entry in this menu, moving with the arrow keys ↑ and ↓, then press Enter. For example, to boot from a USB flash drive, choose USB HDD. The computer should boot from the selected device. More is useless!
Change the BIOS settings
If selecting a temporary boot device does not work, we have to get into the BIOS to manually select the boot order. To spice up the thing, the BIOS are almost all different, so it is impossible to give a recipe that works consistently one. Enter the BIOS Again, (re) start the computer by looking closely at the first messages that appear on the screen. Search for messages that look like:
Press [KEY] to enter setup Setup: [KEY] [KEY] = Setup Enter BIOS by pressing [KEY] Press [KEY] to enter BIOS setup Press [KEY] to access BIOS Press [KEY] to access system configuration For setup hit [KEY]
These messages say to use the key [KEY] to enter the BIOS. This key is often Delete or F2, sometimes F1, F10, F12, Esc, Tab (↹) or something else. The following table summarizes the access keys in BIOS for some common manufacturers of computers 2 .
manufacturer model Keys observed Acer Recent models F2, delete Acer Old models Ctrl+Alt+Esc, F1 AST, ARI Ctrl+Alt+Esc, Ctrl+Alt+delete Compaq Recent models F10 Compaq Old models F1, F2, del CompUSA del Cybermax Esc Dell Recent models F2 Dell Old desktops Ctrl+Alt+Enter, del Dell Old laptops Fn+Esc, Fn+F1 eMachines Tab (↹), del, F2 Fujitsu F2
manufacturer model Keys observed Gateway F1, F2 HP F1, F2, Esc HP tablet PC F10, F12 IBM Recent models F1 IBM Old models F2 IBM/Lenovo Recent models F1, F2 IBM/Lenovo Old models Ctrl+Alt+F3, Ctrl+Alt+Ins, Fn+F1 Intel Tangent del Micron F1, F2, del NEC F2 Packard Bell F1, F2, del Shuttle F1, del Sony F1, F2, F3 Tiger del Toshiba F1, Esc Toshiba Equium F12
Often, the BIOS is going too fast, and we did not have time to read the message, understand it and press. Never mind, once identified the correct key, reboot the machine by pressing the button in question (do not press and hold, but the press and release it several times). Sometimes you need to reboot and try again... If an image is displayed instead of the message we hoped, it may be that the BIOS is configured to display a logo rather than messages. Try pressing Esc or Tab (↹) to see the messages. If the computer starts too quickly to allow time to read the messages it displays, it is sometimes possible to press the Pause button (usually top right of the keyboard) to freeze the screen. Press again any key can "unfreeze" the screen.
Change the boot sequence Once in the BIOS, the screen is often blue or black, and full menus. In general, an area at the bottom or right of the screen explains how to navigate between the options, how to change tabs ... It is often in English. The keys to use for moving are usually described as, for example ←↑↓→: Move. These are the arrow keys ↓ and ↑ and / or ← and →. Sometimes the Tab key (↹) is useful too. BIOS screen
The idea is to dig into it until you find something that contains boot, for example:
First Boot Device Boot Order Boot Management Boot Sequence
If no, try something like Advanced BIOS Features.
Once found the correct input, and then find how it is changing. For example: Enter: Select or +/: Value . The goal is then to put the CD or USB first, according to which you want to start. Sometimes you have to enter a submenu. For example if there is a menu Boot order and it is written in support Enter: Select, press Enter to reach the menu. Other times, the options are changed directly. For example, if an option as First boot device and is written using +/-: Value, press the + key or - until the correct value, such as IDE CDROM, is selected. Sometimes it is rather to use the Page Down key or Page up key. Other times, they are like keys F5 and F6. At other times, these keys are used to up and down the device in a list corresponding to the boot order. How to choose new configuration Once we managed to select the right support for starting, we must ask ourselves if we want to leave it forever or not. If you want to leave, it may be useful to place the hard drive second in the boot sequence. Thus, if the first support is absent, the computer will boot to the hard drive. If you do not put the hard drive in the boot, the computer will not start over, even in the absence CD or USB drive. However, the fact of leaving the computer boot from external media can have unfortunate consequences: it becomes a little easier for a hacker to start using this support, for example to carry out an attack. One can certainly set up the BIOS password to access the computer, which must be entered before any startup. But it is useless to count on it to protect anything: this protection can mostly be circumvented easily. Save and Exit Once the new configuration is established, it remains to save and exit. Again, read the help screen, such as F10: Save . Sometimes you have to support one or more times so hit Esc to get the right menu. A message will appear asking if you are sure you want to save and exit. For example: +-------------------------------------+ | Setup Confirmation | +-------------------------------------+ | | Save configuration and exit now | | | | <Yes> <No> | | | +-------------------------------------+ We really want to save, so we select yes and press Enter.
1. Protocols illustrated for some BIOS are available on http://www.hiren.info/pages/biosboot-cdrom 2. Sources: http://pcsupport.about.com/od/fixtheproblem/a/biosaccess_pc.htm and http://michaelstevenstech.com/bios_manufacturer.htm
Use a live system
A live system is GNU / Linux system that works without being installed on the hard disk of the computer. Warning, this does not mean that there will be no traces on the hard disk, for example, many live systems use the swap space present on the hard drive if they detect it. In addition, they sometimes use them to automatically detect partitions.
Discrete live systems
By cons, some systems are designed specifically for live to leave no trace on the hard disk of the computer on which they are used, unless it is not specifically asked to do so. There is then (if the people behind the live system have not deceived) nothing written on the hard disk. Everything will be done from the live system will only be written in memory , which fades more or less alone for real when we turned off the computer, at least after a while. Use of such live systems is one of the best ways to use a computer without a trace. We see here how to get a live system, and how to start it. The usual way to use a live system is to burn a CD. This is called a Live CD. However, it is also possible to use a live system that does not record anything on the computer from a USB stick. However, it is possible to write data to a USB key that it is not possible on a CD, there are fewer guarantees for the people who wrote the live system and have made mistakes. It also becomes easier for attackers to change your live system, for example, saving your passwords and your keystrokes.
Download a live system
Tails is available for download on the web page: http://tails.boum.org/download/index.en.html https://tails.boum.org/download/index.fr.html It can be downloaded either directly with a web browser (via HTTP), or using BitTorrent. BitTorrent is a protocol for file sharing "Peer-to-peer” and therefore allows all the computers that perform the download to participate in the distribution files. This requires the use of dedicated software for download. Where possible, this method has the advantage of ensuring availability of some files in case a problem happens on large servers with direct download. If you choose to download the image directly with their web browser, you can go directly to verify its authenticity.
Download torrent
To download publications in peer-to-peer, you must first download a small file, called a torrent. This file contains information that will be required to download software to find the source files that are to be obtained. On the download page for Tails, we can see that is mentioned a number of BitTorrent. They correspond to the latest recommended version of Tails. It may be useful to understand how these files are named:
the architecture for which it works, such as i386 and PowerPC ; Version, for example 0.7.
There are also several extensions for the same file names:
The files .torrent corresponds to the torrent that can download the live system. The files .asc contain cryptographic signature .torrent .
So we will download the file .torrent to our architecture - select i386 which is more popular.
Download the image of the live system
On a standard Debian, simply double-click the file .torrent downloaded, and the software will start downloading. A window showing the files that are downloaded will open, after checking the destination folder, simply click Add to start the download. If the BitTorrent client does not open by itself, we will open it by hand:
Debian or Ubuntu; the menu Applications → Internet open the Transmission BitTorrent client. If not there, it is necessary, first, install the package transmission-gtk ; Mac OS X; it is also possible to install Transmission ; http://www.transmissionbt.com/download Windows; you can install the free client Vuze. http://www.vuze.com
Verify the authenticity of the live system
The downloaded image of the live system is signed with GnuPG, which uses asymmetric encryption. The download page for Tails gives an outline to perform the operation.
Install the live system on the selected media
According to a version that was downloaded to CD or USB drive, how to install it on the medium in question is different.
Burn a CD
The downloaded file is an "ISO image", that is a file format that most CD burning software recognize as "raw CD image." In general, if you insert a blank or rewritable disc in the drive, and right-click the downloaded file and choose Burn a disc; burning software will do writing the image on the CD. On Windows, if you do not already have software capable of burning ISO images, free software InfraRecorder (www.infrarecorder.org) will do the job.
Perform a raw copy to USB
The downloaded ISO image is a bit special, and can also be used to start the live system from a USB stick. Now the problem will be to make a copy of the raw image into the USB which is not quite the same as a classic print, such as copy / paste. Now bring a blank USB key one .
The path of the USB
For further operations, it is necessary to determine the name that the system assigns to the USB drive. To do this, we will start the Disk Utility from the menu Applications → System Tools. Once it opened, you can plug the USB drive. An entry is in the list on the left. After selecting, the disc information appears on the right side of the window. Next to the tag device, you can read the path of the USB drive. It should look like /dev/sdx . From the perspective of the computer, this is the path of the USB key, we will write later in place of the device. We must also ask the system no longer deal with what it contains. Always in the right part, we will then select in turn each of the drawn volumes. Each time, we will click on Unmount the volume if this button is available. Rather than closing the Disk Utility, it is better to minimize its window. We will still need it. Start copying raw We will now open a Terminal, while keeping a mouse click on the icon of the downloaded ISO image. We will start by typing the command: cat Then add a space and we will indicate the source of the copy. To do this, we must, with the mouse, grab the icon of the ISO file and drop it into the terminal which appears like: cat '/home/lea/Desktop/tails-i386-0.7.iso' It's still not finished, because we must now specify the destination of the copy, by adding at the end of our command: > THE_ DEVICE
Once done, the full command should look like: cat '/home/lea/Desktop/tails-i386-0.7.iso' > /dev/sdx The copy starts as soon as we press Enter, and then only shows a simple square to the next line. After patience, you can close the terminal. Then remains to reopen the window of the Disk Utility and click on Disconnect safely to ensure that the copied data on your USB stick have arrived at their destination. We can then close the Disk Utility.
1. Data at the beginning of the key will be lost.
Boot from a live system
When copying or burning is complete, you can restart the computer with the support of the live system, and verify that the copy is working ... we have configured the BIOS to boot from the right support.
Install an encrypted system
We have seen that any computer - except with some live systems - leaves everywhere traces of open files, performed work, Internet connections, etc... We also saw that system encryption is a way to expose a little, data stored on the computer and the traces it leaves behind. It is possible to install a GNU / Linux Debian as 1 , an encrypted part of the hard drive. At startup, the computer will ask for a passphrase to releases the encryption disk, which provides access to data, and allows the system startup. Without passphrase, anyone who wants to view the contents of the disc will face to undecipherable data.
1. To encrypt the hard drive during installation of Ubuntu, it is necessary to use the CD named alternate install: http://www.ubuntu.com/download/ubuntu/alternative-download http://www.ubuntu.com/download/ubuntu/download
Limitations
Warning: This simple encrypted installation does not solve all the problems of confidentiality. It protects the data under certain conditions.
Limits of an encrypted system
We highly recommend reading the following prerequisites:
encryption and limitations Studying in detail the practical limitations of such a system and possible attacks against it.
Otherwise, the installation of an encrypted system can provide a false sense of security, the source of many problems.
Limits of a new facility
When installing a new system and starting from scratch, there is no simple way to verify that the installation CD is reliable and does not contain malware. Sometimes it will eventually realize and perhaps it is too late...
Limitations in the management of equipment
Use a free operating system like Debian has a disadvantage: the manufacturers of equipment have generally little attention. Sometimes it is not so easy or completely impossible to use a computer or one of its devices with Debian. The situation has improved in recent years: the operation of the equipment tends to homogenize, and especially the spread of free systems will help manufacturers to improve directly or indirectly, their equipment operation one. However, before replacing an operating system, it can be a good idea to ensure that the necessary hardware works well with a live system. Tails, for example, is based on Debian. The hardware that works with one should work with other without difficulty.
1. For some materials, problems may come from defects in the functioning of integrated firmware. These problems can be corrected by updates provided by manufacturers. This can be a good idea to make update the BIOS, the Embedded Controller or other components prior to installation. Unfortunately, these procedures differ too much from
one material to another to be detailed in this book, but can usually be found on the manufacturer's website ...
An installation media
For installing the system, the simplest is to use a CD, DVD or USB stick. However, Debian has several variants, and it is therefore necessary to first choose the best method suited to your situation.
The installation CD
The fastest way is to use an installation CD. The CD contains only the first pieces of the system. It then downloads software to install from the Internet. This requires that the computer you want to install Debian is connected to the Internet, preferably via a network cable (not Wi-Fi, which rarely works inside the installer). Files (also called "images") containing a copy of the installation CD are on the site of the Debian Project 1 . You should download the one whose name ends with amd64-i386-netinst.iso , this image will work on all home computers manufactured after 2006 2 .
The DVD with the graphical environment
You can also download a DVD containing all the basic system with the usual graphical environment. This requires access to a DVD or a USB drive of sufficient size. There are several installations DVD, depending on the processor architecture. On the site of Debian, the architectures are called amd64 3 and i386 4 . Most new computers (PC and Mac) run faster with the architecture amd64. This is at least the case for computers containing Athlon64, Athlon X2, Turion 64, Phenom, Core 2, i3, i5, i7. For older PC, use i386 . The computers which capable to operate in amd64 are also capable to operate in i386, so it is preferred architecture in doubt. Only the first DVD is needed to complete the installation. The file name to download should look like: debian-6.0.1a-amd64-DVD-1.iso .
Use a USB key
The Debian installation system can transfer the contents of the installation CD, or the DVD, to a USB flash drive dedicated to this. Then we can install Debian on a computer without a CD or DVD. Transfer the DVD requires a USB key with a capacity of more than 5 GB and installation CD by the network requires a USB key with a capacity of 512 MB. Please note that this operation requires using whole capacity of the USB.
1. The images of multi-architecture network installation: http://cdimage.debian.org/debiancd/current/multi-arch/iso-cd/ 2. For the "old" Macs (iBook G4, for example), it is necessary to use the image whose name ends with powerpc-netinst.iso which can be found on http://cdimage.debian.org/debiancd/current/powerpc/iso-cd/ . Note: It is not possible to transfer that image on a USB key. 3. The installation DVD for architecture amd64 : http://cdimage.debian.org/debiancd/current/amd64/iso-dvd/ 4. The installation DVD for architecture i386 : http://cdimage.debian.org/debiancd/current/i386/iso-dvd/
Check fingerprint of the installation media
It is good to check the fingerprint of the downloaded image and verifying the authenticity of the downloaded installer. In addition, if the software has not been verified but use to check the print, , it may be corrupted.
where you downloaded the image from the installation media, download files SHA1SUMS and SHA1SUMS.sign ; If we only have a live system , it is possible to put the downloaded image on a USB drive, then check the fingerprint from the live system; check the GnuPG signature of the print, available in the file SHA1SUMS.sign ; Finally, check that the fingerprint of the downloaded file is the one expected.
Prepare the Installation Media
Once the image of the installation media is chosen and downloaded, we still have to transfer it to a CD, DVD or USB stick.
Burn installation CD or DVD
The downloaded file is an "ISO image", a file format that most CD burning software recognizes it as "raw CD image." In general, if you insert a blank disc in the drive, we do a right click on the file and we choose Burn a disc. Burning software transform the image to the blank disc - at least, it works with Tails, and more generally on Debian or Ubuntu. On Windows, if you have not already installed software capable of burning ISO images, free software InfraRecorder (http://infrarecorder.org ) will do the job.
Create a USB installation
To create a USB installation, you must do the following from a system based on Linux as Debian or Tails. Bring a blank USB key. The present data at the beginning of the key will be lost. Identify the location of the USB For further operations, it is necessary to determine the name that the system assigns to the USB drive. To do this, we will start the Disk Utility from the menu Applications → System Tools. Once it is open, you can plug the USB drive. An entry should appear in the list on the left. After selected, you can read the disc name in the right, under the title Hard, next to the tag device. It should look like /dev/sdx : thus the computer has identified the storage medium that can just connect. That's what we will write later in some commands, instead of the_device. We must ask the system not to deal longer with what it contains. So on the right side; we select each of the volumes drawn. Each time you click on the Remove button if this volume is available, then click lock the encrypted devices for each encrypted partition. Instead of closing the Disk Utility now, it is better to minimize its window, we will still need it. Start copying raw We will now open a Terminal, while keeping a mouse click on the icon of downloaded ISO image. We will start by typing the command: cat
Then add a space. We will indicate the source of the copy. To do this, we must, with the mouse, grab the icon of the ISO file and drop it into the terminal. After releasing the button, it should appear look like: cat '/home/domi/Desktop/debian-6.0.1a-amd64-i386-netinst.iso' It's still not finished, because we must now specify the destination of the copy, by adding at the end of our command: > The _device Once done, the full command should look like something this: cat '/home/domi/Desktop/debian-6.0.1a-amd64-i386-netinst.iso' > /dev/sdx The copy starts as soon as we press enter. After it, you can close the terminal. Then the window reappears from the Disk Utility and you click on Disconnect safely to prevent any damage to the newly copied data on your USB stick.
Put the "firmware" on a USB stick
Some devices may require the computer to function; the system provides them with a "firmware" The firmware is a program that has the feature to run on computer chips and not on the computer processor. An example is a program that controls the movement of mechanical parts of a hard drive or operation of a radio Wi-Fi card. Most of the firmware are delivered directly with the hardware. Unfortunately, most of the firmware are not free. So we have to put all non-free firmware required to operate the computer to the installer: for example the one for Wi-Fi cards. Even if it is highly unlikely, it is conceivable that the microcode owner of a Wi-Fi card is spying on us without our knowledge. Get additional firmware Much of the non-free firmware is still distributed by the Debian Project. They come in an archive named firmware.tar.gz that can be downloaded on the page: http://cdimage.debian.org/cdimage/unofficial/non-free/firmware/squeeze/current/
Use a USB key in addition to a CD or DVD If you use a CD or DVD to complete the installation, it is necessary to copy additional firmware on a USB key. It is possible to use a USB drive that already contains data, but the key should not be encrypted. To do this, create a new directory in the key that you named firmware Archive Manager) the contents of the archive that you just downloaded.
1
, and extract (with
Simply (with a GNU / Linux) double-click the file firmware.tar.gz you just downloaded. Archive Manager opens: click on the Extract button in the top menu and then select the folder location as firmware of the USB key. We can then remove the key. Use a single USB If you are installing from a USB stick, it is possible to copy the firmware on the same key. For this, we must first open the Disk Utility from the menu Applications → System Tools. Then:
plug the USB into the computer; select the USB drive from the list on the left; In the right side, click on the area indicated as free volumes under the title; click on the Create a partition; choose FAT as the type and firmware as the name; Click on the Create button.
We can now close the Disk Utility; use the Archive Manager to extract the contents of the archive downloaded previously on the space of the USB firmware, and then remove it.
1. The directory name should really be firmware, otherwise it will not work.
The actual installation
Install the Debian from the installation media (CD, DVD or USB key). From there, the actual installation can begin: plan ahead of time and some crossword puzzles, because the computer can work longer without special supervision. Check, in the case of a network CD installation, the connecting cable of the computer should be connected to the network. The Debian installer has its own documentation 1 . If you are in doubt from reading the steps described below, it may be worthwhile to check it out. Moreover, for most choices it asks us to do, the installation program will automatically offer us an answer that could work in most cases...
Launching the installer
So we start from the installation media (CD, DVD or USB stick). The first menu named Install boot menu appears. In case we chose a multi-architecture CD, some options will be present in duplicate, marked as "64-bit." The option selected automatically by the installer will be installed or install 64-bit. For second case, the installation program has detected that the processor is compatible with the architecture amd64, which provides some advantages in terms of safety. It is more convenient to use the mouse during installation, and choose Graphical install, and rather 64-bit graphical install, if 64-bit install was selected on its own. This choice is made by moving the keys ↓ and ↑. Once selected the correct line, you must press the Enter key to start the program after installation.
Choose the language and keyboard layout
After a little patience, a menu named Select a language appears: the installer offers to choose a language for the rest of the installation. Always move with the arrows, select English and press Enter. A menu asks the country to fine-tune the adaptation of the system. Choosing a location, and press Enter. In choosing the keyboard layout, the default English should be if you have an English keyboard. The installer then loads the files it needs.
Network hardware and firmware
After a loading time, the Debian installer will detect the network adapters in the computer. A number of network cards require that the system provides them a firmware to operate. If we have already prepared a USB drive installation plus the firmware, a screen asking us to accept a SOFTWARE LICENSE AGREEMENT, or something similar. After reading it, can be answered yes to continue. In most other cases, we will see a message indicating a list of missing firmware, and asking to insert a removable media. If we took care to prepare the USB stick containing the firmware added, it can connect and answer yes. If the message appears again, means that the key does not contain the necessary files 2 . It is beyond the scope of this book to indicate how to get all the firmware that may be helpful. Finally, do not hesitate to answer No ... in most cases; the installation will be continued without further incident.
Network configuration and name of the machine
The installer takes a little time to configure the network, and then requests the hostname. Choose a pet name for the computer. this name will then be visible from the network, and may also be part of the files created or modified with the system that is being installed. The installer asks for the Domain. Without going into details, it is better to leave this field empty (it is so clear that the program can eventually be pre-filled).
Choice Debian Server
If this question does not appear at this time, do not worry, it's because that the installer is not the one used by the network. In this case, it will arrive a little later during the installation.
The installer asks to choose the country of the mirror of the Debian archive. It then asked the mirror of the Debian archive to use. The default can be for example ftp.debian.org or ftp.fr.debian.org . The installer asks if you need an HTTP proxy. It is left empty. Then the installer downloads the files it needs to continue.
Create users and choose passwords
The installer now asks us to choose the password for the superuser. This is the password that will be needed to achieve the administration of the computer. It is possible to spare one additional password, and allow the first account created on the system has the right to administrative operations 3 . To do this, simply do not enter a password for the superuser: simply leave the box blank. However, this choice must be carefully assessed: often it is simpler to use this method, especially because there is not an additional password to remember. However, in its default configuration, it can allow any program launched in this account. Without this, we will ask for confirmation in advance, to perform operations with administrator privileges, for fifteen minutes after entering the password.
It is then necessary to confirm the password for the superuser account. In Full name of the new user, choose the name associated with the first account created on the system. This name is often recorded in the documents created or modified, so it may be worthwhile to choose a new nickname. In ID for the user account, choose a username (login) for the account. It is pre-filled, but can be changed. The installer warns, in case you want to change it, it must begin with a lowercase letter and be followed by any number of numbers and lowercase letters. The installer asks a password for the user who has the right to administer the computer, if you decided not to enter a password "root" above.
Partition disks
Then CD starts the partitioning tool. It detects the partitions, and will propose to change them.
In Partition disks, choose guided partitioning. In the partitioning menu, choose Guided - use entire disk with encrypted LVM. Choose Hard disk to partition on which to install Debian GNU / Linux. If you want to remove the currently installed system, it is generally the first record of the list. The installer then suggests different partitioning schemes. Here, there are several possibilities: o All in one partition still works; o If you have a large disk (not less than 20 GB), you can choose this to store the directory /home, which will contain your personal data in a separate partition.
The installer warns as it will apply the current pattern of partitioning, which will be irreversible. Since we did well to preserve and what we wanted to keep, answer yes to write changes to disks and configure LVM? The installer will then replace the old contents of the disk with random data. It's very long - several hours on a large disk - and it therefore leaves time for other things! The installer asks an encryption Passphrase. Choose a good passphrase and type it. Confirm the passphrase by typing it again. The installer displays a list of all partitions it will create. You can trust him and Finish partitioning and write changes. The installer warns that it will destroy all data on disk. The whole disc has already been filled with random data, so if it contained important data have already been erased. Reply yes to “Must apply the changes to the disks?” The installer creates the partitions, which can take a little while.
Installing the base system
The installer will now install a GNU / Linux minimal.
Select Software
Then it asks “Would you like to participate in the study on the use of statistical packages? “ You can safely answer “yes” to disclose much more information: since the software will Anyway downloaded from the Debian servers, they may already know what packages are used if they wanted. The installer asked what software to install. Its proposal agrees in general: Desktop environment and Standard system utilities, plus Laptop appropriate. Then, to reach the submit button, use the Tab key (↹). The installer then installs the rest of Debian GNU / Linux. It is long; there is time to go and do something else.
Install the GRUB boot loader
The installer offers to set up the boot program, which allows booting Linux on some of the hard drive called "boot sector". Answer yes and wait. When finished, the installer asks to leave the installation CD, and restart the computer. Eject CD or DVD and choose Continue.
Restart the system
The computer then boots the new system. At one point, it asks the passphrase on a black screen: " Enter passphrase: “. Type it without worry and press Enter at the end 4 , although nothing appears. After starting a number of programs, a screen appears with the name of the machine and the user account name entered previously. You have to select it, and then enter the password for. This is an encrypted Debian system ready for use. For who had never used to walk in it can be a good idea to become familiar. At the top of the screen, the Applications menu provides access to many software already installed. The help pages that contain many tips and tricks are accessible through the System menu → Help.
1. The installation manual is available in many versions to choose from on http://www.debian.org/releases/squeeze/installmanual.html or for French user here: http://www.debian.org/releases/squeeze/installmanual.fr.html . It is written for PC 32-bit or PC 64-bit depending on the version of the installer, you will use. 2. For example, the file names starting with b43 firmware are for a type of Wi-Fi card, which are not directly distributed by Debian. To run them, it will attempt to install one of the functional system packages: firmware-b43-installer, firmware-b43-lpphy-installer or firmware-b43legacy-installer. 3. This is called sudo, as in the terminal, it will be possible, adding sudo to the beginning of the line, execute a command as "superuser." 4. If you are not very comfortable with typing, often in the early days we make a mistake in the passphrase, and it is more probable that no character is displayed. Do not worry about the repeated errors, and insist to successfully enter the phrase without fail ... After some time, typing errors will be rare.
Some tips to keep
It can now be useful to learn back up data and delete "for real”. It is also important to learn to keep your system up to date and it is important to install patches when they become available.
Some documentation on Debian and GNU / Linux
Here are some references and documentation on Debian GNU / Linux:
The reference guide official Debian ; http://www.debian.org/doc/manuals/debianreference/index.en.html The home page of the official documentation for using Debian ; http://www.debian.org/doc/user-manuals The Formation Debian GNU / Linux: an excellent self-study about Debian in French. http://formation-debian.via.ecp.fr
You can find much documentation on the use of GNU / Linux. Although they are often very useful but sometimes have uneven quality. In particular, many of them stop working when part of the system will be changed, or will be very concerned with the privacy you would expect from your system. It is therefore necessary to think critically and try to understand before applying. Here are some references to wikis and forums:
The official Debian wiki; http://wiki.debian.org and http://www.debian-fr.org/ ANDESE: a wiki and forum in French on Debian. http://www.andesi.org
Select, test and install software
This section offers some recipes about the management of its software:
How to find a Debian package? When trying to achieve new tasks with a computer, it is often necessary to install new software; Which selection criteria? Sometimes you choose a program to perform a certain task, and then it is common to feel lost in multiple solutions available. How to install a Debian package? Once we know which package contains the software we want to use, it is time to install it properly; How to modify the Debian repositories? Debian package containing types of programs named deposits. If the deposits that come with Debian contain virtually all the software you might need, it is sometimes useful to add new repositories.
Find Software
Sometimes you already know the name of the software you want to install - because we were advised, it has been found on the Internet and we want to know if it is in Debian. Other times, you know only the task, you want to do. In all cases, the database software available in Debian, certainly answers our questions. Here are some tips to find what you looking for:
find an application applies to search a program that could be opened in the Applications menu, otherwise ... Find a Debian package can be applied in all cases. It gives more choice, where it is still easy to get lost. For example, when we find the German dictionary for OpenOffice.org, or codec, drivers, etc...
Find an application
Open through the menu System → Administration archive. Then there are two techniques to search an application: o Enter keywords or the name of the application in the search box at the top right. The search results appear below. Descriptions of less common applications are rarely translated into non-English languages. o Browse the categories and subcategories by clicking on the icons that represent them. In the application list, after clicking on an application, you can press more to see its detailed description, and often a screenshot. Just click on Install, to install it. It is likely that the computer asks us the password administration before proceeding. You can also check the changes will be made.
Find any Debian package
In the System menu, go to the Administration submenu, and open the Synaptic Package Manager. Since the package manager can change the software installed on the computer, and then to choose which programs we trust, we are reassured that we request our password to open. In the package manager, let's reload the list of available packages by clicking the Reload icon. The package manager then downloads the latest information on available packages from a Debian server. Then there are two techniques to search a package:
Click the Search icon in the toolbar. There, Info and verify the name is selected in Search. Then type a set of keywords in the search box (for example " German dictionary openoffice") and click on Search; o Select a category from the left column. The search results or the packages will appear in the list at the top right. By clicking on the name of a package, its description appears in the lower right. Now, it remains to install the corresponding package.
o
Criteria selection
It is sometimes necessary to choose a program to perform a certain task, and then it is common to feel lost in the multiple of solutions available. Here are some criteria to make a proper decision. The advantage of using open source software over proprietary software has already been explained. The following steps will therefore only use the free software available.
Installation mode
It is usually best to install software provided by the GNU / Linux distribution (e.g. Debian). There are two main reasons for this. First, a practical issue: the distribution provides the tools to install and maintain, more or less automated, a software package: it alerts us when a security vulnerability affects any software that is used. But when you install software that is not provided by distribution, you must remember to update, recognize security vulnerabilities that are discovered, manage dependencies between software. It takes effort, time, and skills. On the other hand, a matter of security policy: when GNU / Linux distribution is chosen, it was implicitly decided to give some confidence to a group of people. Install software that is not provided by distribution means a similar decision about a new set of people, a new process. Such a decision not taken easily: when deciding to install software not belonging to Linux distribution, we expand the set of processes and people who are given the confidence, and therefore it increases the risks.
Maturity of distribution
The novelty, washes whiter than white is often a trap. Better, if possible, to choose a program that has reached a certain maturity: in the software actively developed and used for at least a few years, chances to discover problems and fix them are the biggest... including security vulnerabilities. To see this, look at the history of each software on their website or in the file named Change log (or similar), usually delivered with the software.
Production process and “community”
The label free software is essentially a legal requirement, which should never be enough to inspire confidence. Certainly, the fact that software is under a free license opens up the possibility of sustainable development inspires confidence. But the people developing the software may well intentionally or unintentionally, discourage cooperation and work in isolation. What do we care when the program is legally free, and in fact, no one will never read the source code? It is therefore necessary to quickly review the process of software production in the running, with the help of the following questions, which will allow us to gauge the extra dynamism of the process:
Who develops? A person, persons, an entire team? Is there the number of people who contribute to the source code by increasing or decreasing? Is development active? It is about responsive, long-term monitoring of resistance. Software development is an endurance race, not a sprint.
What about collective communication tools that underlie the development (lists and chat rooms, for example):
Is there easy access to the discussions leading the development of the software? Do these discussions bring many people together? Do these people take it to its development, or they only use it?
What atmosphere prevails? Dead calm, dead silence, joyous cacophony, serious chilling, open arms, implied hostility, tender complicity, etc..? Will there the volume of discussion in recent months / years, by decreasing or increasing? More than the gross volume, it is important the proportion of messages getting answered: software mature, stable and well documented will not necessarily lead to discussions, but if nobody is there to answer questions from neophytes, it can be a bad sign. Can we leave our suggestions for improvement? If so, are they considered? Are the answers still given by a small number of people, or are there any practical wider supports?
Popularity
Popularity is a difficult criterion in software. The fact that the vast majority of desktop computers currently run under Windows does not suggest that Windows is the best operating system available. However, if this software is not used by many people, it is doubtful of its long-term if the development team had to stop working on this software, what would become of it? What will take over? It can therefore be, as a rule, it is necessary to choose a software used by a sufficiently large number of people, but not necessarily the most widely used software. In order to measure the popularity of software, it is possible, on the one hand, using the same criteria as those described above regarding the dynamics of "community" formed around it. On the other hand, Debian publishes the results of its popularity contest 1 , which compares not only the number of people who have installed a particular software, but even more importantly, the evolution in time of their popularity.
Increased security
Here again is a standard double-edged. We can start with a look at safety monitoring 2 proposed by Debian. In seeking software by name, you can have the list of security issues that were discovered and sometimes resolved. If this software has a perfect safety record blank, it may mean either that any one cares, or that the software is written in an extremely rigorous. If security flaws were discovered in the software, there are several implications, sometimes contradictory. 1. These vulnerabilities were discovered and corrected: So they no longer exist;
So someone was concerned to find them, and someone else to fix them: it can be assumed that attention is given to this question. 2. These flaws have existed: Software may be written without safety is a particular concern; Other faults may exist, undiscovered or worse, not yet published.
To refine our intuition with respect to this software, it may be appropriate to consider the criterion "time": for example, it is not dramatic as some flaws were discovered in the early software development, if none has been discovered in recent years. we can then put that on account of the mistakes of youth. Conversely, if new vulnerabilities are discovered regularly, for years, and until very recently, it is quite possible that the software still has many security problems ... totally unknown or unpublished. To illustrate this, it is possible to compare the historical flaws of Claws Mail: http://www.clawsmail.org and the Thunderbird: http://www.mozilla.org/projects/thunderbird.
Development team
Who wrote this software? If one was able to answer this question, various indices can help us determine the confidence that can be given to the development team. For example:
The same people have also written another program, we already use intensively, our impressions of the other software are very relevant in the context of this study. Members of the development team have addresses that end up @debian.org , and therefore have the right to modify the software provided by Debian GNU / Linux, if we use this distribution, we are already giving, in fact, some trust these people. Members of the development team have addresses that end up @google.com , indicating that Google's payroll if there is no doubt as to their technical skills, one wonders how their work is guided by their employer, it is worthy of no confidence in its intentions regarding your personal data.
1. http://popcon.debian.org/ 2. The Debian security team maintains information for each packet seen on the security tracker. http://security-tracker.debian.org/tracker
Install a Debian package Open the package manager
Once we know which package contains the software we want to use, we install it. For this, we will use the Synaptic Package Manager that can be opened from the menu System → Administration. Since the package manager can change the software installed on the computer, and then to choose which programs you trust, you are reassured with request a password to open.
Reload the list of available packages
At the package manager, let's reload the list of available packages by clicking the Reload icon. The package manager then downloads the latest information on available packages from the Debian servers.
Search the package to install
Then you will find the package you want installed. You click on the Search icon in the toolbar. There, if you know the package name, it is written in the Search box, and select Name in the drop down box labeled Search.
Select the package to install
Then it comes the phase of actual installation package found above. There are different ways to do so, depending on whether one wishes to use the version available in official repositories for distribution, or a package from another repository, for example for a newer version. To install the default version Normally, the desired package is now somewhere in the list of packages. Once found the corresponding line, right-click on it, and we choose Mark for Installation. If this package depends on other packages, the package manager opens a window where it asks whether to Allow make other changes? In general, the proposals are relevant and can accept by clicking Add to the selection. To install a particular version Sometimes you want to install a particular version of a package that is available. For example, if we added specific deposits. Instead of choosing Select to install, you must select the package you need with a left click, then choose from the menu package, force version ... The rest does not change.
Apply Changes
It is possible to repeat the last two steps to install multiple packages simultaneously. Once we have prepared this installation, it only remains to launch it by clicking Apply in the toolbar. The package manager opens a window where list everything it will do. Have a look to check it was right, and then click on Apply. The package manager then downloads the packages from the Internet, edited, and then installs them. Sometimes the manager says that some packages could not be verified: this information should not be taken lightly. In this case, it is better to cancel the download, click on Reload in the main menu and start over package selection. If the indication appears again, this may be the result of an attack, a technical failure or configuration concerns. It is better to refrain from installing new packages before identifying the problem. Finally, if all went well, the package manager window displays as what changes have been implemented and we can click on Close. Then it is a good idea to close the package manager to prevent it falling into other hands.
How can I change Debian's repositories?
Debian package containing the programs are called (Debian's repositories) or deposits. maybe the deposits that come with Debian contain virtually all the software you might need, but it is sometimes useful to install new deposits, as backports.debian.org which contains some more recent than those included in the stable distribution of Debian, or debian-multimedia.org containing codecs and multimedia software non-free, or prohibited in some countries, such as patent issues. Attention: add a new Debian repository on a computer has to decide to trust people who care for them. If backports.debian.org deposits are held by members of Debian, it is not the case for many other deposits. The decision to trust them should not be taken lightly: if the deposit in question contains malware, it would be possible to install on the computer without even realizing it.
Authenticity of the deposit content
The Debian repositories are signed with GnuPG keys. This is to ensure that their content was not altered by malice or simple technical problem. This section discusses how to quickly find and check a GnuPG key. This asymmetric encryption is a technique beyond of our purposes to explain in detail. Suffice it here to give a protocol to verify a key from an impression or "fingerprint". This simplified protocol has limitations: in particular, it checks the key from an impression (a kind of checksum). The confidence that we will give only the key is the fingerprint or check this impression from what is written in this guide, it means to trust the source from which it was obtained... Again, everything should be optimized between usability and security. For prints with confidence, it is best to check them one-on-one. Unfortunately, this is usually not possible in practice when it comes to the Debian repositories. This is not a reason not to check at all. As part of the first section of this guide which does not address issues related to the use of networks. Section two will address them further; the best we have found to use:
Fingerprints in this guide, which were verified on the Internet from many different connections require to trust the source; If possible, fingerprints can be found on other computers on which the deposits in question have been previously installed if it can be accessed.
This protocol is very far from certain. It is, however, a good way to install malicious software. Some fingerprints verified by us Two prints of deposits among the most used are reproduced below:
Deposit Date Footprint 1D7F C53F 80F8 52C1 88F4 ED0B 07DC 563D 1F41 B907
debian-multimedia.org October 1999 deb.torproject.org
September 2009 A3C4 F0F9 79CA A22C DBA8 F512 EE8C BC9E 886D DD89
Compare these fingerprints with those on other computers If we can have access to computers on which the deposits that you want to use have already been installed, we can cross the tracks in this guide with those present on these computers.
To do this on various computers, open a Terminal from the menu manager Applications → Accessories. Then type: apt-key finger Then press Enter. This gives a list of deposits key, each in the following form: Pub 2048R/886DDD89 2009-09-04 [expire: 2014-09-03] Fingerprint key = A3C4 F0F9 79CA A22C DBA8 F512 EE8C BC9E 886D DD89 uid deb.torproject.org archive signing key Sub 2048R/219EC810 2009-09-04 [expire: 2012-09-03] This is the third line of each entry gives the name of the repository. It is in this list to find the name of the deposit that we want. In the example above, we have: uid deb.torproject.org archive signing key It is therefore deb.torproject.org key. The matching fingerprint is on the line just above: Fingerprint key = A3C4 F0F9 79CA A22C DBA8 F512 EE8C BC9E 886D DD89 Then write down the footprint for future comparisons. Retrieve the key of a deposit from the Internet We must first open System → Preferences → Passwords and Encryption Keys.
from the menu Distant select Search remote key; In Search of the key container, type part of name of the desired key or identifier, such as "torproject.org" or "1F41B907" (for debian-multimedia), then click Search; A window containing remote keys [...] appears. Here we have for example "deb.torproject.org archive signing key" to identifying 886DDD89 ; Click on this key, and then click the Import button. We can then close the window with the list of keys found at a distance.
To ensure that the key you just received is the one expected, it is now checking its mark:
Once the key is imported, go to the other tab key in the main window. Select the key to check, in our example "deb.torproject.org archive signing key." Right Click with mouse and in context menu that appears, choose Properties. Go to the Details tab. Footprint in there is the checksum of the key. To ensure we have the right key Check that the fingerprint matches with that found before.
If this is the case, you can export the key to a file before adding it to the software that will use it to check the contents of the deposits. To do this, close the window with the properties, to once again right-click the key, this time choose Export ... and save, for example on his desk, accepting the default name. We can close Passwords and encryption keys.
Add a new deposit
From the menu System → Administration, open update sources. Since this software lets you choose which programs you trust, you are reassured to request password to open. Configure the location of the deposit Go to the tab Third party software and click on the Add button. Enter the address of the deposit in the box to add the APT Line dialog box. For example, to add the backports (newer programs that are included in the stable Debian) must be entered: deb http://backports.debian.org/debian-backports squeeze-backports main If you want to also install non-free software, you can add contrib , non-free and main. Instead of the previous line, we could enter: deb http://backports.debian.org/debian-backports squeeze-backports main contrib non-free Once done, simply click on Add source update. We must have a file that contains the key that is signed the list of packages to add the deposit, and checking the key. Download from a website and trust it blindly is not a good idea. Add a new key with confidence The deposit containing the backports has become an official Debian repository with the release of the version of Debian Squeeze. The key to trust is the same as for the rest of the official packages. If you wish to use the deposit deb.torproject.org, provided by the Tor Project, it is necessary to add the key to confidence. After following the procedure of exporting the key, we proceed as follows:
Go to the Authentication tab and click on Import Key File ... Select the file where you saved previously downloaded the key - deb.torproject.org signing key.asc archive (for example on the desktop above) and click OK. We can then delete the file.
Update the packages available It is now possible to close the Sources of updates. The software then reloads the package lists. Accept by clicking Refresh. Install package with the deposit keys Once the key added, we have access to the repository. It usually provides a package containing the keys of this deposit, and allowing them to easily update. It is often called from the deposit name, followed by the word keyring. For example, for debian-multimedia.org, it's debianmultimedia-keyring . We must therefore take the time to install this package, if available 1 .
1. Deb.torproject.org officials have not set up packet keyring .
Erase data "for real"
We saw that when deleting a file, its content is not really deleted. However, there are programs that can delete files and their contents, or at least trying to do with the limitations explained earlier.
A little theory
For most of the recipes coming, we will use the software contained in the Debian package secure-delete. Guttmann method One standard way to recover data that has been overwritten on a hard drive is to capture and process the analog signal obtained from the drive's read/write head prior to this analog signal being digitized. This analog signal will be close to an ideal digital signal, but the differences will reveal important information. By calculating the ideal digital signal and then subtracting it from the actual analog signal, it is possible to amplify the signal remaining after subtraction and use it to determine what had previously been written on the disk.
For example: Analog signal: +11.1 -8.9 +9.1 -11.1 +10.9 Ideal Digital signal: +10.0 -10.0 +10.0 -10.0 +10.0 Difference: +1.1 +1.1 -0.9 -1.1 +0.9 Previous signal: +11 +11 -9 -11 +9 -9.1 -10.0 +0.9 +9
This can then be done again to see the previous data written: Recovered signal: +11 +11 -9 -11 +9 +9 Ideal Digital signal: +10.0 +10.0 -10.0 -10.0 +10.0 +10.0 Difference: +1 +1 +1 -1 -1 -1 Previous signal: +10 +10 -10 -10 +10 +10 However, even when overwriting the disk repeatedly with random data it is theoretically possible to recover the previous signal. The permittivity of a medium changes with the frequency of the magnetic field. This means that a lower frequency field will penetrate deeper into the magnetic material on the drive than a high frequency one. So a low frequency signal will, in theory still be detectable even after it has been overwritten hundreds of times by a high frequency signal. Documentation 1 of the package says: The deletion process works as follows: 1. How to crash (in safe mode) replaces the contents of the file 38 times. After each run, the disk cache is emptied; 2. the file is truncated, so that an attacker does not know which disk blocks belong to the record; 3. the file is renamed, so that an attacker can’t draw any conclusions about the content of the deleted file from its name; 4. Finally, the file is deleted. [...] The protocol described above is based on a publication of Peter Gutmann published in 1996 2 . Adopted compromise The 38 overwrites above comes from the study by Peter Gutmann. But it focuses on technology drives that no longer exist today. He has since added at the end of his article, a paragraph entitled Epilogue that tells us, in essence, a hard disk 3; simply overwrite the data several times with random data. But apart from the nature and number of overwrites; the process described above is quite topical. In addition, the NIST (National Institute of Standards and Technology, a U.S. government agency among others in this country used the security protocol,) has published a recent study 4 of the NSA, which explained that in modern hard disks, the data are so glued to each other that it becomes impossible to carry out tests to find the magnetic traces of deleted data, in fact, the data density of hard drives continues to grow, to increase their storage capacity.
Therefore, we content ourselves with a few random passages in the recipes that follow, specifying how to implement the original method of Gutmann. This will again make the right compromises, in each case, between speed and the desired level of protection, depending on the size of data to be overwritten, the age of the hard drive, and confidence that 'is given to NIST. For USB and other flash memory For USB (or other flash memory), a study in 2011 problematic.
5
showed that the situation was really
This study shows that can’t be guaranteed to have overwritten the entire contents of a given file, regardless of the number of overwrites. While this makes the data inaccessible by simply plugging the key, they are always accessible to anyone who looked directly into the flash memory chips. The only method that worked consistently was overwritten several times the entire USB drive. In most cases, two passages were enough, but on some models, twenty rewrites were necessary before the data are deleted for real. Based on these observations, the answer appears to be preventive by systematically encrypt USB drives, making operation very difficult to extract information directly from the flash memory chips. And after the event whole crashing, despite its limitations, still protect it against attacks. Other limitations of erase "secure" It can still remain on the file information to be found, especially if you use a file system like ext3, ext4, ReiserFS, XFS, JFS, NTFS, a writing system, compression or backup disk (e.g. RAID) or via a network.
On other systems
We have seen that it is illusory, if one uses a proprietary operating system, to seek a real intimacy. Although there are software supposed to delete files with their content on Windows and Mac OS X, so it's much harder to trust them.
Let's go
It can erase:
Individual files ; Any device ; File already deleted.
1. File README.gz installed on a Debian /usr/share/doc/secure-delete. 2. Peter Gutmann, Secure Deletion of Data from Magnetic and Solid-State Memory, Department of Computer Science, University of Auckland, 1996. http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html 3. Using technology PRML, appeared in 1990. https://secure.wikimedia.org/wikipedia/en/wiki/PRML , http://en.wikipedia.org/wiki/Partial_Response_Maximum_Likelihood , http://www.storagereview.com/guide/histFirsts.html 4. Special Publication 800-88: Guidelines for Media Sanitization. http://csrc.nist.gov/publications/nistpubs/800-88/NISTSP800-88_rev1.pdf 5. Reliably Erasing Data From Flash-Based Solid State Drives by Michael Wei, Laura M. Grupp, Frederick E. Spada and Steven Swanson. http://www.usenix.org/events/fast11/tech/full_papers/Wei.pdf
Delete files and their contents...
Here is the procedure for getting rid of files, taking care to deface what they contained. Attention! After overwriting the contents of files on a USB stick (or other storage device using flash memory) it is likely that data is still written in an inaccessible region of the key!
Install the necessary software
If the package secure-delete is not yet installed, install it.
Delete files and their contents from the file browser
You can configure the file browser of the GNOME desktop in order to delete files with their contents.
Command line
If you are comfortable with the use of terminal, deleting files and their contents with srm is simple. Just run the command:
srm -r -l -v file_name Note: The options -r , -l and -v proposed for use here as part of the command srm , have the following meanings:
The option -r indicates that the target will be deleted recursively, including subfolders The option -l indicates that srm wants overwrites the file contents twice, including once with random data. If you prefer using the original method of Gutmann (longer, and perhaps safer), do not use this option. The option -v indicates that you want to use the verbose mode when running the command: for example, indicates the terminal after the actions it performs. This allows following the progress of the order: a new star will appear after each overwrite the file.
On this subject, take a look at the section on command line (use a terminal)
Add a command to Nautilus to delete files and their contents
To use the srm from the GNOME graphical desktop, you will add a very small program (a script) in the GNOME file browser (called Nautilus).
Install the necessary software
If the package secure-delete is not yet installed, install it.
Download or write the script
In order to add this little program, there are two options: download if you have Internet access or copy it from this document. First option: download the script
Download the script on the desktop. Verify its checksum... Here are the SHA256 checksum: 20a3782bd00f269be825b84a61886e33d1b66169900d4b425cd2ecf2a5294f27
Second option: write the script When you can’t download the script, you must write it yourself by following these instructions:
Open the gedit text editor that is in the Applications menu, then Accessories. Write on the blank page that appeared:
#!/bin/bash if zenity --question \ -- text "Do you want to delete $ {*} overwriting its contents?" \ -- title "Delete overwriting data"; then srm -r -l "$@" && \ zenity --info --text "${*} has been deleted." \ - title "Deleted by overwriting the data" || zenity -- error \ -- text "An error occurred during the deletion of $ {*}." \ -- title "Deleted by overwriting the data" fi
French users can use the script below or use the file attached: #!/bin/bash if zenity --question \ --text "Voulez-vous vraiment supprimer ${*} en écrasant son contenu ?" \ --title "Supprimer en écrasant les données"; then srm -r -l "$@" && \ zenity --info --text "${*} a bien été supprimé." \ --title "Supprimer en écrasant les données" || zenity --error \ --text "Une erreur est survenue durant l'effacement de ${*}." \ --title "Supprimer en écrasant les données" fi
Save the file by clicking Save. With name: Deleted_ by_ overwriting_ the_ data and store on the desktop. Exit the text editor gedit.
Copy the script where the file browser looks for
Select the file Deleted_ by_ overwriting_ the_ data on the desktop. Right Click by the mouse. In the context menu that appears, click Cut. Open the File Browser that is in the menu Applications → System Tools. In the menu Go → Location ..., then type ~/.gnome2/nautilus-scripts/ and press Enter. Paste the file by clicking on the Edit menu click Paste.
Make the script executable
Select the file Deleted_ by_ overwriting_ the_ data on the desktop. Right Clicking the mouse button. In the context menu that appears, click Properties. In the box that appears dialoque, go to the Permissions tab, check Allow executing file as program. Close the box by clicking Close.
Check
In the context menu of the File Browser, a submenu Scripts containing the command “Deleted_ by_ overwriting_ the_ data” should appear
Use the script
Select files and folders to be deleted. Right clicking the mouse button. In the context menu that appears, click Scripts, then Deleted_ by_ overwriting_ the_ data.
Delete whole disk "for real"
Before discarding a hard drive, to recycle or to reinstall a clean system, or giving it to the people who want to recover the data contained therein, the best solution to prevent such attack is still to replace data with gibberish. Before using this recipe, you have to think twice and save the data carefully. If properly applied, it indeed makes the data very difficult to recover, even with analyzing the disc in a laboratory. We will see first how to erase the entire contents of a disk and how to make the contents of an encrypted partition inaccessible quickly.
Clear all the contents of a disk
To delete an entire volume (or disk partition), we will use the shred so it overwrites all the data three times with random data. This command, in addition to the files deletion, overwrites deleted space so that it becomes almost impossible to find what was in it before. To overwrite the contents of a disc, it is not necessary to use it ... if it contains the operating system normally used, so you have to put the hard drive in another computer or use a live system. Shred is a standard tool; any live system should do the trick. The command is very simple. It only requires knowing the location of the device (its path) you want to delete, and then be patient because the process takes several hours.
Find the device path
You must learn to identify without error the path used by the operating system to select the storage media you want to delete. If you want to delete an internal drive, it starts by disconnecting all external drives, USB drives, memory cards or other storage devices connected to the computer. On the one hand, it will avoid deleting by mistake, and also, this will make the search of internal drive easier. Of course, you should not do this if you just want to make the contents of an external drive inaccessible.
Open Disk Utility
A simple method to use the Disk Utility is starting it by the menu Applications → System Tools.
Find the device path
The list on the left shows the list of drives known to the system. You can click on one of them to see more information appear on the right. The icons, the specified size and disks name should identify the one you seek. If this is not enough, you can take a look at the partitioning scheme, looking at the picture that appears on the right:
to erase the disc contained a not encrypted GNU / Linux, there must be at least two partitions, one with a swap file system, ext3 in general; to erase the disc contained an encrypted GNU / Linux, there must be at least two partitions, one with an ext2 file system, the other usually encrypted or unknown; To erase the disc contains a Windows system, there must be rated one or more partitions NTFS or FAT32.
In addition, the device corresponding to the internal drive is usually the first on the list. Once the disc is found and selected, we can read the hard path in the right, under the title Hard, next to the tag device. The device path begins with /dev/ followed by three letters, the first two being sd or hd, for example, /dev/sdx. Write the path somewhere, you will write it instead of the_device. Warning: this path is not necessarily always the same. It is better to start this short procedure after restarting the computer, connect or disconnect a USB key or hard drive. This will avoid unpleasant surprises ... like losing the contents of another hard drive.
Launch the shred
Open Root Terminal from the menu Applications → Accessories. Enter the_device path specified above: Shred -n 3 -v the_device If you prefer using the original method of Gutmann (longer, and perhaps safer), replace -n 3 by -n 25 in the command line.
Once the command issued and verified, press Enter. The command shred will then write to the terminal what it does by adding the command to shred; the option -v that is, "verbose": shred: /dev/sdb: pass 1/3 (random)... shred: /dev/sdb: pass 2/3 (random)... shred: /dev/sdb: pass 3/3 (random)... At the end of the procedure, the terminal displays a new command prompt. We can then close the terminal.
Use the disc
Please note that this method not only deletes data from a full volume, but at the end of the operation, the disc has neither partition table or file system will be deleted. For reuse, it is necessary to create at least one new partition and its file system, with the Disk Utility, for example.
Delete the contents of an encrypted partition LUKS
Some encryption software have the ability to destroy the encryption key, making the encrypted content incomprehensible for a complete disc. The key contains of information and can be destroyed almost instantly; this method is much faster alternative to overwriting data for several times. This option is only feasible if the hard drive has been encrypted. If confidential data on the disk is not already encrypted, it is necessary to erase the entire disk, as explained above, before reuse or dispose safely. It is extremely fast to make the content inaccessible in a LUKS partition, the standard storage Keyes format of encrypted disks on GNU / Linux. Warning: On a USB (or other storage device using flash memory), this method does not guarantee that the data overwritten are really inaccessible. It is therefore much safer to overwrite the key for several times.
Identify the desired partition
As in the previous case, if you want to delete an internal drive, you start it by disconnecting all external drives, USB drives, memory cards or other storage devices connected to the computer. On the one hand, it will avoid deleting by mistake; on the other hand, this will make the search of internal drive easier. Of course, you should not do this if you just want to make the contents of an external drive inaccessible. Open Disk Utility A simple method to use the Disk Utility is starting it by the menu Applications → System Tools. Search the disc The list on the left shows the list of drives known to the system. You can click on one of them to see more information appear on the right. The icons, the specified size and disks name should identify the one we seek. The first device that the Disk Utility displays this list is usually the internal hard drive. Search the partition path When a disk is selected in the left list, more information about it appears in the right side of the window. We focus in particular the pattern of volumes, or partitions. Normally, encrypted partitions are given in the volumes as indicated with numbers ... but it is not always the case: the Disk Utility may also indicate that the partition type is unknown, and sometimes indicate a more common type (ext3, NTFS). Once the encrypted partition to be erased marked on the diagram, click on it. Its path will appear in the diagram on the right, next to the device label. From this path we will call the_ encrypted_ device. It must be something like /dev/sdx9.
Open a terminal administrator From the menu Applications → Accessories, open a Terminal administrator. Check the first location and retrieve the size of the LUKS header
In the terminal, the command cryptsetup luksDump gives full information on LUKS header, and the size on disk (into sectors 512 byte). Enter then, replacing the_encrypted_device by the path recognized above: cryptsetup luksDump the_encrypted_device if the device path was wrong, the terminal returns either no response, either: Device the_encrypted_device is not a valid LUKS device. If we got it right, it should rather be told something like: LUKS header information for /dev/sdx2 Version: 1 Cipher name: aes Cipher mode: cbcessiv:sha256 Hash spec: sha1 Payload offset: 2056 MK bits: 256 MK digest: a4 79 85 49 1f 3f 71 e5 1e c6 07 14 88 0c 02 27 59 80 25 58 MK salt: b7 b1 2a 5d 6d c5 b5 d2 06 55 a3 85 5d 07 af 9b c9 03 46 c6 e6 2f 29 1a 9d b7 58 05 44 cc 68 f9 MK iterations: 10 UUID: d73cbb8a-058f469e-935a-7f71debd8193 Key Slot 0: ENABLED Iterations: 170901 Salt: ec 1e 63 b7 13 fb 20 21 18 5d 86 44 42 d0 f2 af 52 a4 74 54 22 3f d8 0b ad 69 8c 46 f2 d3 79 4d Key material offset:8 AF stripes: 4000 We will need the size of the header (in sectors), written on the line Payload offset. It will be used later by the name of OFFSET.
Overwrite the LUKS header with random data
As in the previous recipe, we will use the shred to overwrite the data, but this time it will overwrite only the LUKS header (this header contains the key to decrypt the rest of the data). This will go a lot faster. In the terminal manager, type carefully to replace OFFSET and the_encrypted_device by the values we found: shred -n 3 -s $((OFFSET * 512)) -v the_encrypted_device Then press Enter. Note: the option -s is used here as part of this command to specify the size of space that must be securely erased. Once the terminal returns, the figures should be unreadable. To be sure, it is possible to find a LUKS header that was not well cleared by typing it again: cryptsetup luksDump the_encrypted_device If the header has been deleted, the terminal returns either no response, either:
Device the_encrypted_device is not a valid LUKS device. Finally it is possible or even advisable, to erase whole partition.
Make unrecoverable the data already deleted
When files have been deleted without special precautions, the data are still on the disk. The command sfill that is provided by the package secure-delete overwrite the remaining data on the free space on a hard drive. It is interesting to run it as root, so reserved parts of the disk for it (called "reserved blocks") are also deleted. Warning: like other ways to delete a file "for real", it does not work with some file systems that do not give sfill all free space. On this subject see the first part. Do not trust this method to a USB key, and prefer overwriting more than once all the data it contains.
Install the necessary software
If the package secure-delete is not yet installed, install it.
Making unrecoverable the data already removed from the file browser
You can configure the file browser of the GNOME desktop in order to make it unrecoverable for the data already deleted.
Command line
Warning: the method described below does not work properly on FAT32 file systems. To check the filesystem of a partition, you can right-click the disk icon on the desktop. Then on the Properties window at the end of the General tab, you can read the file system type. If the computer says vfat or fat, then sfill not overwrite free space if it is less than 4 GB! In this case, it is better to use the method based on the file browser, which has the advantage to operate correctly on a FAT32 file system. Open a terminal administrator Open a terminal by clicking on the Applications menu, then Accessories and finally Terminal administrator. Identify the location and start cleaning with sfill Prior to launching the command, you will need to tell sfill the folder paths already deleted on the partition and you want to make it more difficult to recover. So choose any folder on this partition: be called DOSSIER. In the terminal, then type: sfill -l -v DOSSIER And validate the command by pressing the Enter key. The option -l asks sfill to overwrite the space twice. If you prefer using the original method of Gutmann (longer, and perhaps safer), you must remove this option from the command line. An example For example: you want to overwrite the free space of the partition on which it contains personal file. For this, we must find login - the one before you type the password when connecting to the session. It appears in the beginning of the title bar of the file browser when you open its personnel file. We call it LOGIN. Then type in the terminal manager and replacing it with LOGIN above: sfill -l -v '/home/LOGIN' For the user lucia , it would: sfill -l -v '/home/lucia' Then wait a long time (many hours), especially if you have a large disk.
A possible compromise If after trying sfill , we see that it is really too slow to use, it is interesting to know that you can give the option -l again to sfill , to clear a less secure but faster: thus, instead of two overwrites, sfill will do that - with random data. This is less secure than the previous method, but it's better than not starting sfill at all. To do this, you have to start sfill as follows: sfill -l -l -v DOSSIER
Add a command to Nautilus to make unrecoverable the data already deleted
To perform the process described above from the GNOME file browser, you can add a little additional program (a script). This program has the advantage of overwriting of the contents of the space by creating multiple files. Thus this mechanism allows operating correctly on a FAT32 file system.
Install the required packages
It is necessary to add the package secure-delete, if it is not already done.
Download or write the script
In order to add this little program, two options: download if you have Internet access or copy it (by re-reading several times). First option: download the script
Download the script on the desktop from here: Verify its checksum. Here are the SHA256 checksum: c907691c03d12ad2eadc2ca9758615580d663695b503f6579bef6afa111ccff9
Second option: write the script When you can’t download the script, you must write it yourself:
Open the text editor gedit from the menu Applications → Accessories.
Write on the blank page:
#!/bin/sh test -z "$PWD" && exit 1 mkdir -p "$PWD/overwrite" trap "rm -rf $PWD/overwrite" EXIT { (echo 0 MAX=4000000 FREE="$(df -P "$PWD" | awk '/\// { print $4 }')" if [ "$FREE" -gt "$MAX" ]; then for n in $(seq 0 $((90 / ($FREE / $MAX))) 90); do echo "$n" FILE="$PWD/ overwrite /$FREE.$n.$$" echo "# overwrite of $FILE" dd if=/dev/zero of="$FILE" seek="$MAX" bs=1k count=1 shred -n 3 "$FILE" done echo 90 fi echo "# overwrite the remaining free space" RESULT=$(gksu --description "sfill" "sh -c ' sfill -l -l \"$PWD/overwrite\" && sfill -l -l \"$PWD/overwrite\" && sfill -l -l \"$PWD/overwrite\" || echo ERROR") test "$RESULT" = "ERROR" && exit 1 rm -rf "$PWD/overwrite" echo 100 echo "# Overwrite the free space successfully completed" ) || { echo "# An error has occurred." zenity -- error \ -- Text "An error has occurred during overwrite of the space." \ -- Title "Overwrite of free space" } ; } | Zenity --progress --title "Overwrite of free space"
French user can use following script:
#!/bin/sh test -z "$PWD" && exit 1 mkdir -p "$PWD/ECRASEMENT" trap "rm -rf $PWD/ECRASEMENT" EXIT { (echo 0 MAX=4000000 FREE="$(df -P "$PWD" | awk '/\// { print $4 }')" if [ "$FREE" -gt "$MAX" ]; then for n in $(seq 0 $((90 / ($FREE / $MAX))) 90); do echo "$n" FILE="$PWD/ECRASEMENT/$FREE.$n.$$" echo "# É crasement de $FILE" dd if=/dev/zero of="$FILE" seek="$MAX" bs=1k count=1 shred -n 3 "$FILE" done echo 90 fi echo "# É crasement de l'espace libre restant" RESULT=$(gksu --description "sfill" "sh -c ' sfill -l -l \"$PWD/ECRASEMENT\" && sfill -l -l \"$PWD/ECRASEMENT\" && sfill -l -l \"$PWD/ECRASEMENT\" || echo ERROR") test "$RESULT" = "ERROR" && exit 1 rm -rf "$PWD/ECRASEMENT" echo 100 echo "# É crasement de l'espace libre terminé avec succès" ) || { echo "# Une erreur est survenue." zenity --error \ --text "Une erreur est survenue pendant l'écrasement de l'espace libre." \ --title "É crasement de l'espace libre" } ; } | zenity --progress --title "É crasement de l'espace libre" Save the file using File → Save. The name “Overwrite the free space on this partition” and store on the desktop Exit the text editor.
Copy the script where the file browser looks for
Select the file “Overwrite the free space on this partition” on the desktop.
Right click the mouse button. In the context menu that appears, click Cut. Open the File Browser from the menu Applications → System Tools. Go to the menu→ Location…, enter ~/ .gnome2/nautilus-scripts / and press Enter. Paste the file from the menu Edit → Paste.
Make the script executable
Select the file “Overwrite the free space on this partition”. Right click the mouse button. In the context menu that appears, select Properties. In the dialog box that appears, go to the Permissions tab, check Allow executing file as program. Close the box by clicking Close.
Check
In the context menu of the File Browser, a submenu Scripts containing the command “Overwrite the free space on this partition” Should appear.
Use the script
Open a folder that is in the partition whose space will be overwritten. This can be, for example, a USB stick or an external drive that is not being used. Click on the bottom of the window (without selecting a file or folder) with the right click the mouse. In the context menu that appears, click Scripts, then “Overwrite the free space on this partition.”
Partition and encrypt a hard drive
We'll see how to encrypt a disk to put the data. This is not the same as to install an encrypted GNU / Linux. This may be an external hard drive, a USB key or only a portion of a hard drive or USB key. You can divide a hard drive or USB key into several independent pieces, called partitions. Below, the term hard drive refers to an external hard drive such as a USB key, unless otherwise indicated. Once a disk encrypted, its data are only available when you have entered a passphrase to decrypt it. Once the passphrase entered, the system has access to data on the hard drive. So do not write the passphrase anywhere, except on computers and systems with enough confidence.
It is also assumed that, except with a live system, traces of the presence of the hard disk will be kept by the computer. If you want to have a place on the hard disk where the data there are not confidential, but they can be accessed on computers untrustworthy, it is possible to cut the hard drive into two partitions:
An unencrypted partition, where contains non-confidential data, such as music, that can be used from any computer without typing the passphrase; An encrypted partition with confidential data, which opens only on computers that are trusted.
Encrypt a hard drive with LUKS and dm-crypt
We will explain how to encrypt a disk with the standard methods for GNU / Linux, called dmcrypt and LUKS. This system is now well integrated with the desktop environments, and most operations are possible without the need of special tools.
Other software that we recommend
There are other encryption software such as FileVault 1 , which is built into Mac OS X - but it is a proprietary software - or TrueCrypt - but there is less reason to trust it as standard encryption for GNU / Linux because it's not really free software 2 . In addition, when you use a software, even free, on your operating system, you implicitly trust it because it has always access to decrypted data.
In practice
If the hard disk has been used, it may be necessary to first erase its data for real. If the hard drive does not have free space, format it. Then, if you only want to encrypt one part of the hard drive, you must create a partition. As a result; it remains only to the initiate to contain encrypted data. And finally ready to be used.
1. The latest independent analysis of FileVault has done in 2006. In addition to being sensitive to the same attacks than other system, FileVault has some weaknesses that should be noted: by this encrypt system for a directory, traces will be written clearly on the rest of the hard disk ;The encryption passphrase is the same password for the session, generally low, registering a "master password" opens a new field of attack, the encryption key will be written to the hard drive if Use secure virtual memory was not chosen, or if a computer battery being empty temporally. However, keep in mind that this provides a limited level of protection, especially using FileVault on a computer with Mac OS X: http://crypto.nsa.org/vilefault/23C3-VileFault.pdf 2. TrueCrypt is released under a particular license, the "TrueCrypt Collective License" Development is not open, and only the sources of the latest version is available, making it difficult to verify the changes. In addition, the software is not considered by many free GNU / Linux distributions, including Debian, and does not mean the definition of open source. http://www.opensource.org/docs/osd
Prepare a hard
Below, when we talk about hard drive, it applies to an external hard drive as a USB drive unless it is specified otherwise. The procedure is explained here involves erasing all data located on disk 1. If you already have the un-partitioned space on its hard, we can directly proceed to the encryption.
Install the required packages
To encrypt your hard drive, you need to have installed the packages secure-delete, dosfstools and cryptsetup .
Format the hard drive with Disk Utility
Go to Applications → System Tools → Disk Utility. A window opens. The left side lists the disks known to the system. The right side can perform actions. Select the device On the left, in the disk devices section, there is the drive list. If the computer used contains an encrypted volume, there are encrypted volumes in our system. The icons, the specified size and disks name should identify the one you seek. Once the disc is found, select it from the list. Remove the volumes If the volume is mounted, unmount the volume button will be accessible from the menu on the right, under the Volumes tab. Click this button to remove the volume. If the disc contains multiple volumes, unmount all, one by one. Reformat the hard Attention: format a hard disk will delete all files in it. In the right menu, under the Disk tab, click Format Disk, then select as schematic Master Boot Record. The disk utility asks if you really want to format the device. It's time to check that you have chosen the right device before doing something stupid. If the choice is true, confirm by clicking on Format.
1. You could also use the software GParted. It is more difficult to use than the Disk Utility, but has the advantage of resize an existing partition while keeping the files in it.
Create an unencrypted partition
We will open the encrypted partition containing our confidential data only on computers that are trusted. It is time to create an unencrypted partition where the data is not confidential and can be used from any computer without having to type the passphrase. If you wish to encrypt the entire hard disk, you can skip to the next step. With the Disk Utility select the hard drive with the right click on the area of the diagram of free volumes. Then click Create Partition. Place the cursor to size for the not encrypted partition. The free space will serve for the encrypted partition. In the section Type, select FAT. You can also choose a name for the partition. Once done, click Create.
Create an encrypted partition
On the diagram of volumes, click on Open. In below, click on Create Partition: A window opens. In the Type section, choose FAT. Enter a name for the partition (with no spaces or special characters, otherwise it may not work well) and check the Encrypt the corresponding device. Validate by clicking Create. A window opens, which asks the passphrase. We must choose a good, and type in the two boxes, then confirm by clicking Create.
Fill the partition with random data
Finally, we will fill the empty space on the hard drive with random data. This allows hiding the place where our own data will be, and complicates the process of those who would try to decipher them. On the diagram of Volumes, click on the FAT partition below encrypted, then left under the scheme, click on Install the volume. Right below the diagram, identify the label mount point and write the mount point mounted next to, for example /media/secret . We will call this value” mount point”. This is the place that programs can access the decrypted content of the hard drive. Then open a Terminal Root (administrator) and type in - the mount point found instead of “mount point”:
sfill -l -l -v mount_ point ... Then press the Enter key. The process takes a few minutes to several hours depending on the hard drive size and speed (e.g. 2 hours for a 4 GB USB key). Once the command prompt appears again, you can close the Terminal administrator.
Disconnect the hard drive properly
Now back to the Disk Utility, click on Remove the volume. Wait a bit, then at the schematic of volumes, click on the encrypted volume above the FAT volume. Then click on Lock the volume in the diagram on the right (if there is an error message, it is not very serious), and then click Disconnect safely above on the right diagram. Then physically disconnect the external drive of the computer. We can now close the Disk Utility. Encrypted hard drive is now usable.
Use an encrypted hard drive
To enable the system to access data located on an encrypted disk, it is fortunately necessary to give the passphrase. A more or less simple operation in different environments...
With Debian (or other GNU / Linux)
On a GNU / Linux desktop environment configured to automatically mount external media, when connecting an external disk containing encrypted data, a window appears to ask for the passphrase. If this is not the case, it will appear when you ask the system to mount the partition, for example from the Computer. To close the encrypted partition, simply remove the hard drive as it usually does.
With other systems
You can access the encrypted partition on the hard drive with FreeOTFE 1 on Windows. For Mac OS X, nothing is available at the time. However, when we give the passphrase to a machine that uses proprietary software, there is no reason to trust. So the best thing is to put the data you want to access them on computers you don’t trust it, on a second partition, unencrypted hard drive, as explained above.
1. Available on the site FreeOFTE. http://www.freeotfe.org
Back up data
Making backups is a relatively simple in principle: make a copy of the files you would not want to lose to another storage medium than that in which the data is located. Of course, if our working data on hard disks or USB drives are encrypted, it is necessary that such copies being encrypted, too. Two other points to be considered for setting up a good backup policy:
define a method to perform regular backups, Test it, if backups are always readable from time to time.
The second option should really not to be neglected. Losing the original data is often difficult. Then the backups cannot restore what was lost. In the same vein, it seems also a good idea not to store the backups in the same location as the original data. Otherwise, you will have both risks: data lost and the data destroyed simultaneously...
File Manager and encrypted storage
Making backup is all about rigor and discipline. In simple cases, we don’t need the software specially designed to perform backups and we simply copy the content with the file manager.
Making backups
Encrypting our backups will be provided by encrypting external storage device (USB flash drive or hard disk). To make copies regularly and without much time to spend, it is recommended:
to have somewhere a list of files and folders to back up; To make a small days or weeks calendar with boxes that you tick after the backups being made. A good practice is to create a folder with the backup date to copy the data. This allows you to keep multiple backups if desired, and to remove any previous backups so easily.
Restore a backup
In case of original data lost, restoring is as easy as backing up: by copying in the other direction.
Ensure that backups are always readable
If we had performed our backups to external storage, you must first connect it to the computer. The obvious method to ensure that backups are always readable is probably simulating a restore. But doing it has a problem ... Size: you must have enough free space available to copy all the data saved to a temporary folder that is then removed. Here's another way, perhaps less easy to do, but does not have this constraint. It requires using a Terminal. We will start by typing the command (without input): find
Add a space and then you must specify the folder containing the backups, by dragging the folder icon with the mouse and dropping on the terminal. After releasing the button, which appears it should look like: find '/media/external/backups' And finally must enter at the end of the command: find '/media/external/backups'-type f-print0 | xargs -0 cat> / dev /null Reading will start as soon as you pressed Enter. The following line should remain blank until the end of the operation. After a while and return of the $ command prompt, you can close the terminal. If error messages appeared in the meantime, such as "Error I / O" or "Input / output error", this indicates that the backup is corrupt. In general, it is then necessary to get rid of media (CD or DVD, USB key or hard drive), take another one and make a new backup. Note: These two methods share the fault of not checking the data integrity. Establish a mechanism to do this is difficult without using more complex backup software.
Using already Dup
It may also prefer to use specialized software in making backups. One of them, called "Already Dup", has the advantages of easy to use and perform encrypted backups. These backups are "incremental", it means that the previous backups are not copied again, and it is possible to access files as they were at each backups. What makes it so simple can also be a limitation: it can handle only one configuration at a time. We can’t save different files on different media at different frequencies. It is especially ideal for safeguarding the essential content of the personnel file, but not much more. As it does not come with the default environment in order to use, it is necessary to install the Debian package deja-dup. Note: in the current version of Debian Squeeze, you should use already Dup from a "user" account with administrative rights on the machine.
Make a backup
Already Dup is opened via Applications → System Tools → Backup Tool Already Dup. The interface is very simple: we see two huge buttons, one to restore the other to Save. Clicking on the first save, the software starts a wizard to configure the backup: 1. You must first choose the location of the backup. In most cases we will choose Other ... from the dropdown list to specify a folder on an external storage device. We must also ensure that the box Encrypt backups is checked one before clicking the Next button. 2. Already Dup then asked to list the files to include in the backup. Leave the personal file is sufficient for most needs. 3. It also requests the list of folders to exclude from the backup. You can add for example music files and videos to not save. Once the files are chosen, you click next again. 4. A screen gives us a summary of the backup that you just configured. If everything is correct, click on Save will start the backup. 5. If you have already chosen to make encrypted backups, you must enter a passphrase. Because of Small defect in the software, it does not ask for confirmation, so it is crucial not to make mistakes. You can check Show password to see what was typed. 6. Hopefully, the backup starts ... now you have to wait. 7. Once the backup completed successfully, we propose Dup Already to renew the backup automatically at regular intervals. Just check Save automatically on a regular schedule and indicate the frequency in the list below. 8. Now we can close Dup. You can change all settings before restarting Already Dup and opening the Preferences window that is accessible from the Edit menu. When the backup schedule is enabled and the specified time since the previous backup has expired, Dup already displays a message on the desktop to say that you will make the next backup when the external media is connected again to the computer. As soon as after this message, a window will open automatically prompted to enter the passphrase needed to update the backup.
1. If the external media is encrypted, you can optionally decide not to encrypt the saved files. This is a passphrase less to invent and remember. However, you lose the ability to access compartmentalize, if the external drive would be used on other things that backups.
Restore a backup
Already Dup is opened via Applications → System Tools → Backup Tool Already Dup. The restore operation starts by simply clicking on the Restore button. If this is the first time you use already Dup (e.g. to restore the personnel file after the loss of a hard disk), it asks for the folder where the backups were performed. Otherwise, it uses the file already configured. If backups are encrypted, the software then asks the passphrase used. After a short delay, Already Dup asks us to choose, including the date, the backup to restore. Next step: we must specify the folder where the files will be written from the backup. You can either restore to the original location (which may replace the files with the version that was in the backup), or specify another folder. Finally, a final summary and screen for confirmation appears. After you click Restore, a window opens, if necessary, to request the password for the administrator. This is necessary to restore the file permissions as they were. Once the password provided, writing files from the backup will start in earnest.
Ensure that backups are always readable
The operation of Already Dup provides the previous backups are readable. However this does not guarantee... Unfortunately, the best method currently available with already Dup to ensure that we can restore its backups is ... to restore to a temporary folder that you will delete later. This is far from practical, as it requires access to an encrypted hard drive large enough. However, we can ensure that files containing backups are readable using the same methods as those described above.
Create a "user" account on a Debian system
The purpose of this recipe is to create a new "user" account, and to isolate some others.
Create new account
Open System → Administration → Users and Groups. Click Add. The system asks for the administration password. In the dialog box that opens, fill in the (login), the new account name, and OK. Warning: this name will remain in many traces: so you shouldn’t choose a name too suggestive. We must also choose a new password for the user, Confirm, and Validate. We will now choose the right, the new user allowed to do. Click on Advanced, then the Privileges tab users, including Access automatically check for external storage devices, Connect to wireless networks or Ethernet Use CD-ROM and use of audio devices. Now click OK and close the settings users.
Login with the new account
Open Applications → System Tools → New Connection. Select or enter the account name (login) and enter the password already chosen.
Making new files unreadable to other accounts
For this, we will edit a configuration file in text editor. Open Applications → Accessories → Text Editor gedit. Then choose File → Open ... In the dialog box to open files, right-click on the folder list. In the context menu, select Show hidden files. Then select the file, Profile and the Open. In this file find the line: #umask 022 And replace (think removing the #) by: umask 077 Close the file when saving the changes.
Prohibit the reading of the personal file to other accounts
In the menu bar, click File → personal file. In the window that opens, right-click on the bottom of the window (between file icons) and select Properties from the context menu. Then go to the Permissions tab. In the section for the Group (the second), choose File Access: None. Do the same in the Other. Then click the Apply permissions to the files included and Close. Lock Log The changes only take effect at the opening of a session. Prior to working effectively, we must close the session with System → Log off and open a new one immediately.
Remove a "user" account on a Debian system
This recipe is to remove a "user" account on the computer and delete a number of its tracks.
Close any sessions of the day
If a session is opened with the account to delete, log it off. This usually does not leave all its programs. So we will do it by hand: from the menu Applications → Accessories, open a Terminal administrator. Then type, replacing LOGIN instead of the login account to be deleted: killall -u LOGIN Keep the terminal open, we will need it again.
Delete Files from Personal Account
It performs a "normal" deletion (without deleting content), because we will overwrite the space just after. In the terminal type, replacing LOGIN by the name of the account to delete, then press Enter: find / -user LOGIN -delete It's a bit long ... and you can ignore the warning messages stating "No file or file type."
Delete Account
For a session with the right to administer, open System → Administration → Users and Groups. Select the account to delete and click Delete, and then provide the password required. A dialog box asks if you want to delete the personal file of the user account. After confirming the deletion of the correct account, select Delete Files (even if you just did in the previous step, it costs nothing). Keep the window open after the account deleted.
Delete Group Account
Also in the User Settings, click Manage Groups. Look for the group account name to be deleted (if no, that is good that it has been automatically deleted by a previous step: in this case, proceed to the next step), and select Remove. After verification, confirm to run if there is confirmation notice. It is then possible to close the dialog boxes.
Remove indexed traces
On GNU / Linux, there is a program that indexes file names and allows easy retrieval: locate. It must update its database file name to tell it to forget the files you just deleted. To do this, we must start in our Terminal administrator: updatedb
Overwrite the traces of deleted files
We want to erase all traces of deleted files from various locations where the account had the opportunity to leave:
/home : the folder of personal files; /tmp and /var/tmp : temporary files; /var : file an application data; /var/log: file system logs.
However, if these files are on the same partition, it does not make overwrite of the free space several times: it would be useless ... and very long.
Install the necessary software If the package secure-delete is not installed yet, do so.
Run crash Warning: on a SSD (memory-based flash), this does not guarantee that data is actually inaccessible. On this subject see the first part. The following command clears enough. Go to the previously opened terminal and type: df -P /home /tmp /var /var/log /var/tmp \ | tail -n +2 | awk '{ print $6 }' | sort -u \ | xargs --max-args=1 sfill -l -v Then wait, especially if you have a large disk. When finished, it is possible to close the terminal.
Remained Traces
Once this is done, the data should be deleted. But in fact, the traces of the presence of an account on a GNU / Linux are quite numerous and quite unpredictable and depend on programs that have been installed or used. Such a program could have been expected to save itself, as a few files which will be written to the location of the folder (which contains the account name), or write to the metadata of its file format unreadable to a Human login that created the documents. Find all traces of the work is a comprehensive long-term or even insurmountable task, and in a case like this we see the limits of the strategy from the blacklist. Nevertheless, the different cleaning previously done should have cleared much of these tracks, and if there is time and the need to address this research, there are a few tools that can help. For a list of all files and folders whose name contains "Anna" (login account to delete), you can type the following command: find / -mount -name '*Anna*' And for all files that contain the word "Anna" and found in /var or any of these subdirectories, use: rgrep -i /var Anna
However, it should expect a certain number of false positives for the last command. In most cases, it is imperative to remove all traces of the existence of an account; reinstallation of an encrypted system will be the simplest and fastest solution.
Share a secret
Sometimes you want to share a divided secret, without access to the entire secret for every person. It is good; several cryptographic techniques have been invented for it. They allow, but with slightly different mathematical calculations, cut a secret into pieces that can be reconstituted again one.
Share a passphrase
The most convenient is to share a secret passphrase of encrypted media. This step should ideally be made from a live system as not to leave traces of secrecy that we will share. Install the required package To realize the secret sharing, we will use the program ssss-split. For using, it is necessary to install the Debian package ssss. The tools in the package ssss are using the command line. All operations must be performed in a terminal, without the authority of administrator. Generate a random phrase In this case, no one should be able to remember or guess the pass phrase to be used for encryption. So we will generate a completely random passphrase by typing: head -c 32 /dev/random | base64 The computer will answer something like: 7rZwOOu+8v1stea98OuyU1efwNzHaKX9CuZ/TK0bRWY= Select this line using the mouse and copy it to the clipboard (via the menu Edit → Copy).
Divide the secret Before cutting the secret, you must decide in how many pieces it will be cut, and how many pieces are needed to reconstruct it. Then, in the terminal, use ssss-split as follows: ssss-split -t number_of_needed_pieces -n total_number_of_pieces The message WARNING: couldn't get memory lock can be safely ignored if you use a live well. When asked the secret, you can paste the clipboard using the menu Edit → Paste. Then press the Enter key to confirm the order. Each person sharing the secret must keep one of the lines displayed next. in their entirety, also taking note well the first digit followed by the dash. Here's an example of random key generated previously to share between 6 people and will require to gather only 3 of them to find the passphrase:
$ ssss-split -t 3 -n 6 Generating shares using a (3,6) scheme with dynamic security level. Enter the secret, at most 128 ASCII characters: Using a 352 bit security level. 1-b8d576a1a8091760b18f125e12bb6f2b1f2dd9d93f7072ec69b129b27bb8e97536ea85c7f6dcee7b43 99ea49 2-af83f0af05fc207e3b466caef30ec4d39c060800371feab93594350b7699a8db9594bfc71ed9cd2bf3 14b738 3-4718cb58873dab22d24e526931b061a6ac331613d8fe79b2172213fa767caa57d29a6243ec0e6cf77b 6cbb64 4-143a1efcde7f4f5658415a150fcac6da04f697ebfeb9427b59dca57b50ec755510b0e57ccc594e6b1a 1eeb04 5-fca1250b5cbec40ab14964d2cd7463af34c389f81158d1707b6a838a500977d957be38f83e8eefb792 66e74a 6-ebf7a305f14bf3143b801a222cc1c857b7e8582119374925274f9f335d283677f4c002f8d68bcce722 ebba1f
Create an encrypted media You can then create the encrypted media. When the passphrase indicated, you can copy the contents of the clipboard, as before, or transcribe by the eyes.
Reconstitute the passphrase
To reconstruct the passphrase, it is necessary to have at least as many pieces as the minimum number agreed at the cutting. This step should ideally be made from a live system as not to trace the shared secret. Install the required packages As before, you will need to have installed the package ssss and open a terminal. Recombine the secret To recombine the secret, use the program ssss-combine . It is necessary to indicate the number of pieces we have at our setting: ssss-combine -t NUMBER_ OF_ PIECES_ AVAILABLE The program then asks us to enter the pieces at our setting. We must hit Enter after each one. If all goes well, the program will then display the complete passphrase. For the previous example, this gives:
$ ssss-combine -t 3 Enter 3 shares separated by newlines: Share [1/3]: 4-143a1efcde7f4f5658415a150fcac6da04f697ebfeb9427b59dca57b50ec755510b0e5 7ccc594e6b1a1eeb04 Share [2/3]: 2-af83f0af05fc207e3b466caef30ec4d39c060800371feab93594350b7699a8db9594bf c71ed9cd2bf314b738 Share [3/3]: 6-ebf7a305f14bf3143b801a222cc1c857b7e8582119374925274f9f335d283677f4c002 f8d68bcce722ebba1f Resulting secret: 7rZwOOu+8v1stea98OuyU1efwNzHaKX9CuZ/TK0bRWY=
Attention, if one of the pieces has been typed wrong, the error that appears is not necessarily very clear:
$ ssss-combine -t 3 Enter 3 shares separated by newlines: Share [1/3]: 4-143a1efcde7f4f5658415a150fcac6da04f697ebfeb9427b59dca57b50ec755510b0e5 7ccc594e6b1a1eeb04 Share [2/3]: 2-af83f0af05fc207e3b466caef30ec4d39c060800371feab93594350b7699a8db9594bf c71ed9cd2bf31ab738 Share [3/3]: 6-ebf7a305f14bf3143b801a222cc1c857b7e8582119374925274f9f335d283677f4c002 f8d68bcce722ebba1f Resulting secret: ......L.fm.....6 _....v..w.a....[....zS..... WARNING: binary data detected, use -x mode instead.
Open encrypted media Once the pass phrase obtained, we can use copy / paste support to unlock the encrypted, then transcribe or by having the eyes.
1. For more details, see the Wikipedia article on the shared secrets. https://secure.wikimedia.org/wikipedia/en/wiki/Secret_r%C3%A9parti
Use the checksum
In the first part, we described the checksum, the "numbers" that verify the integrity of a file (or any other data). The principle is that it is almost impossible to have the same checksum for two different files. If Alice says to Bob in a letter that the program can download from her site has SHA256 checksum: 171a0233a4112858db23621dd5ffa31d269cbdb4e75bc206ada58ddab444651f And the received file has the same checksum, he is almost certain that no one falsified the program on the way, and he can run the program without too much fear. There are several algorithms for checksums. Among them:
MD5 is safer today and should be avoided; SHA1 is widely used, but is being broken. So we Should ignore it; SHA224, SHA256, SHA384 and SHA512 are still safe for now. We will use SHA256, but the same methods work with other algorithms.
Get the checksum of a file
To verify the integrity of a file, calculate the checksum. It is both possible to configure Nautilus, the file browser of the GNOME desktop to do check summing. On the other hand, if you are comfortable with the use of a terminal , you can get the SHA256 by running the command:
sha256sum file_name To get the SHA1, it will: sha1sum file_name And the same way is used for MD5 (md5sum) or other SHA (sha224sum, sha384sum for example).
Check the integrity of a file
We must get the checksum of the original file in a safe way. For example, if you have downloaded the file, you may have received the checksum in a letter, or phone. With one of the above, get the checksum of the file. Be careful to use the same algorithm as that used by its correspondent. If you are using SHA1 instead of SHA256, there will of course not the same checksum. If the correspondent is proposing several checksums, prefer the algorithm hardest to break. Check if the two checksums are the same - it's a bit tedious, but it's often easier to paste them one below the other in a text file.
Allow others to verify the integrity of a file
Among all above method to get the checksum of the copy of the file, prefer the algorithm harder to break. Send this checksum to your friend in a secure method, other than the way by which we send the file. For example, if the file is sent by email, you can send the checksum in a letter, or phone the best being of course in person.
Make a checksum in graphical mode
To make a checksum from the GNOME graphical desktop, you should add a very small program (a script) to the GNOME file browser (called Nautilus).
Download or write the script
In order to add this little program, two options: download if you have Internet access or copy it (by re-reading several times). First option: download the script Download the script from document on the desktop. Second option: write the script
Open the gedit text editor in the Applications menu, then Accessories. Write on the blank page that appeared:
#!/bin/bash ALGO=$(zenity --list --title="Calculate a checksum" \ --text="choose the type of checksum" \ --width=400 --height=300 --radiolist \ --column="" --column="Algorithm" \ False MD5 \ False SHA1 \ False SHA224 \ True SHA256 \ False SHA384 \ False SHA512) || exit COMMAND="$(echo "${ALGO}" | tr A-Z a-z)sum" RESULT=$(${COMMAND} "$@" | sed -e 's, \+,\n,' | tee >(zenity --progress --auto-kill --auto-close --pulsate)) echo "$RESULT" | zenity --list --title="${ALGO}" \ --text="checksums ${ALGO} selected files" \ --editable --width=800 --height=300 \ --column="${ALGO}" --column="file" \ --separator="$(printf '\n')"
Save the file by clicking the File menu Save. Rename it to calculating a checksum and store it on the desktop. Exit the text editor.
French user can use following script: #!/bin/bash ALGO=$(zenity --list --title="Calculer une somme de contrôle" \ --text="Choisir le type de somme de contrôle" \ --width=400 --height=300 --radiolist \ --column="" --column="Algorithme" \ False MD5 \ False SHA1 \ False SHA224 \ True SHA256 \ False SHA384 \ False SHA512) || exit COMMAND="$(echo "${ALGO}" | tr A-Z a-z)sum" RESULT=$(${COMMAND} "$@" | sed -e 's, \+,\n,' | tee >(zenity --progress --auto-kill --auto-close --pulsate)) echo "$RESULT" | zenity --list --title="${ALGO}" \ --text="Sommes de contrôle ${ALGO} des fichiers sélectionnés" \ --editable --width=800 --height=300 \ --column="${ALGO}" --column="Fichier" \ --separator="$(printf '\n')"
Copy the script where the Nautilus seeks
Go to the desktop, select the file Calculate_ a_ checksum. Right click the mouse button. In the context menu that appears, click Cut. Open the File Browser, in the menu Applications → System Tools. From the menu Go to click on location ... and then type ~/.gnome2/nautilus-scripts/ and press Enter. Paste the file by clicking on the menu Edit click Paste.
Make the script executable
Select the file Calculate_ a_ checksum. Right click the mouse button. In the context menu that appears, click Properties. In the dialog box that appears, go to the Permissions tab. Check Allow executing the file as a program. Close the box by clicking Close.
Verify
In the context menu of the File Browser, a submenu Scripts containing the command “Calculate_ a_ checksum” should appears.
Use the script
Select files that checksum should be calculated. Right click the mouse button. In the context menu that appears, click Scripts, then Calculate_ a_ checksum. Choose the desired algorithm and confirm. Checksums of the selected files are displayed.
Install and use a virtualized system
This collection of recipes is about the use of a virtual operating system within a GNU / Linux. They are used for working on a sensitive document on Windows.
Install Virtual Box Principle
The objective of this recipe is to install Virtual Box, the software that allows you to run an operating system (called guest) inside another (called the host): this is called virtualization. This technology, along with a security policy using it, is described further in the section; how to work on a sensitive document on Windows.
Install Virtual Box
The next step is to install packages virtualbox-ose-qt and virtualbox-ose-dkms .
Check the installation
Launch Virtual Box from the menu Applications → System Tools → VirtualBox OSE. A window will open and we welcome in VirtualBox. Let's finish it, because we still have some preparations to make before we use this software.
Add a link to the virtual disk file
We will need later to access the VirtualBox folder where places the virtual disk file. However, it is a bit tedious to find. So we will create once and a link for all to this file. Open the personal folder from the menu → personal file. The folder that stores its VirtualBox disk images is hidden. We must therefore show hidden files from the menu View → Show Hidden Files. Find the folder .Virtualbox and open it by double-click. Inside this folder, virtual disks are stored in the file HardDisks .if it does not exist, we must start to create it: Right click → Create a folder, and type HardDisks, paying attention to uppercase and lowercase, as the folder name. When we get there eventually, add a link to this file. Right click the mouse button and choose Link from the context menu that appears. Link to HardDisk icon appears. Select it, and then rename from the menu Edit → Rename ... name it a little clearer, for example virtual disks of VirtualBox. Then move the link to the personnel file (accessible from the Shortcuts menu). We can then re-hide hidden files by deselecting View → Show hidden files and then close files.
Create a folder to save images
As explained earlier, we will later want to save images of specific systems. Now create a folder for this, for example by adding the Personal Folder (accessible from the Shortcuts menu) folder Virtual Disks.
Install a Windows virtualized
First and foremost is to bring a CD to install the appropriate version of Windows, and insert it into the CD / DVD drive. If a window displaying the contents of the CD automatically, close it or ignore it.
Prepare the installation on VirtualBox
From the desktop, go to Applications → System Tools → VirtualBox OSE. The program starts. Click New and follow the wizard:
Choose a name for the virtual machine. Choose the type of system from the corresponding Windows versions available. Indicate the size of RAM dedicated to the virtual machine. For Windows, 512 Mb is the minimum recommended. Create a virtual hard disk to hold the virtual operating system: o check hard drive boot and create a new hard drive; o a window opens, click Next; o choose Image size variable (the disk image will extend as needed, until it reaches to a maximum specified size); o in location, name the disk image file (you can also choose a location by clicking the small folder to the right of this line, but it's good to leave the suggested location); o Choose the size of virtual image: to have all Windows features, it must be consistent! 20 GB is good if you have enough space but for small hard drive, try less ... o Click next and finish: the software created and a virtual hard disk selected. Click on finish.
In the main VirtualBox window, the list now contains our new virtual machine. It remains to install the operating system... But first, we'll click on the Configuration: This menu will then configure it. For now we'll just say two things:
1. We must cut off access to the network (for security reasons already mentioned): o go to the Network category; o Uncheck Enable the network card in all the tabs where it is already checked by default (usually in one: the first). 2. It should boot the system from the Windows installation CD / DVD: o go to the Storage submenu; o Storage in tree, select the line with a CD icon, entitled Empty; o Then, in attributes, line CD / DVD; select the host player [...], which corresponds to your CD / DVD. Click OK to save the settings.
Launch the virtual machine
If it’s not already done, launch it and put the Windows installation CD in the drive of the computer. With our new selected virtual machine, you can now click on the Start icon. The virtual machine starts ... it's time to use of virtual machine. When launched, the virtual machine is running in a window that allows you to manage its use:
top left: a menu bar containing Machine, Devices, Help; Bottom right: icons indicating how the virtual machine uses the equipment. You can for example check that all network connections are disabled by passing the mouse over it.
In the first click window, the software says it will capture the mouse; a first key pressed, it explains that capture the keyboard. We must consider what it says; it allows leaving the virtual machine! Finally, all this is explained by the software. So we have to install the Virtual Windows.
Install Windows
The virtual machine boots from the CD / DVD and started the installation. It will not fit into the details of the process. However, we can specify:
When you format the partition, it is better to choose quick Format with NTFS. Do not put personal information when the name and organization are required. Most of the time putting a simple dot (".") allows the boxes, to continue the installation. When configuring the network, an error message may be displayed. It's a good sign we have disabled the network of the virtual machine.
Start the guest system
Once the installation is completed, return to the main window of VirtualBox. Select the virtual machine you just installed and click the Setup icon. In the left list, select Storage. In Storage tree, select the line with a CD icon and drop-down list CD / DVD select items. Close the window configuration. Then, start the virtual machine by clicking Start.
Install software for guest system
In the window that welcomes Windows, open the Device menu, which proposes to install Guest Additions.... If it has not been done before, VirtualBox will offer to download the ISO image that contains them. A progress bar at the bottom left indicates that the download is in progress, and then VirtualBox asks if you want to put this disk image and mount in the virtual drive. Click Insert. A new CD-ROM is now added to the Windows environment. If the installer does not start automatically, you have to start VBoxWindowsAdditions found on this new CD. It remains then to accept the defaults to install the "Guest Additions". A new icon on the transparent cube then appears at the bottom right of the Windows desktop. It means that the "additions" have been installed. Turn off virtual Windows. The installation of the virtual Windows is now completed.
Save an image of a clean virtual disk
As indicated in the method of working on sensitive documents on Windows, you may need to save (or freeze) the disk image of a virtual machine.
Turn off the virtual machine
If the clean virtual machine, to be saved, is in use, you must first turn off (e.g. via the menu Machine ... → switch off → Send the signal extinction of VirtualBox).
Open the folder virtual disk of VirtualBox
In the Personal Folder, open the shortcut virtual disk of VirtualBox created earlier.
Back up
Select the virtual disk whose name matches that of the virtual machine, such as Windows 2000.vdi. From the Edit menu choose Copy. Go to the backup folder of clean images. If we followed the advice given above, this is the case of clean Virtual Disks of personal file of the account used. From the Edit menu choose Paste to obtain a copy of the file. Select the copy, and rename from the menu Edit → Rename.... Enter a new name, such as clean backup of Windows 2000.vdi .
Delete the virtual machine
If we are not going to use this clean machine, now it is the time to follow the recipe on the deletion of a virtual machine.
Delete virtual machine "for real"
This recipe is designed to cleanly remove a virtual machine.
Delete the virtual machine of VirtualBox
Open the main VirtualBox window, accessible from the menu Applications → System Tools. Select the virtual machine to be deleted. In the Machine menu choose Delete, and then confirm the deletion.
Delete the virtual hard disk and its contents
Open the folder virtual disk of VirtualBox. Use the tool to delete files with their contents to delete the virtual disk of virtual machine.
Prevent the virtual disk of VirtualBox exists longer
On the File menu of VirtualBox, open the Media Manager ... then in the Hard Disk tab, select the row for the deleted file (preceded by a yellow sign somewhat alarmist), and click the Remove button. The Virtual Media Manager and the VirtualBox window can now be closed.
Create a new virtual machine from a clean image
We explained previously how to create a clean virtual disk image to use for a new project, as recommended method for working on sensitive documents on Windows.
Choice of name
We will choose a name for the new virtual machine and the files that correspond to it. These files are located on the host system, the name almost inevitably leave traces on it, even after the virtual machine removed. Therefore we should choose the name carefully.
Copy the virtual disk image
We can’t simply copy the frozen file because VirtualBox would warn that there are two identical virtual disks. However, there is a command to copy a virtual disk, but it is only accessible from the command line. Let's begin by opening a terminal (Applications → Accessories → Terminal). Then, copy the image from previously section with the command: VBoxManage clonehd backup new_disk We will see how to build the command line, because you have to replace backup path to the backup of virtual disk, and new_disk by the path of new disk. Warning: if you want to type the file name by hand, be aware that the paths are relative to the file VirtualBox - if it does not change the options, it is .VirtualBox. To correct this, we can put such absolute paths.
The easiest way to do is to start by typing: VBoxManage clonehd Add a space and then with the mouse, grab the icon of the virtual disk (in the clean Virtual Disks folder) and drop over the terminal. To add the new disk, the operation is repeated with the folder icon virtual disks of VirtualBox created earlier. The display should now look like:
VBoxManage clonehd '/home/LOGIN/clean virtual disk/clean backup of Windows XP.vdi' '/home/LOGIN/virtual disk of VirtualBox'
A space was added automatically with the insertion of the path. We will delete it, and then add the name of the new disk, for example by writing /Project1.vdi.
Finally, it should look like:
VBoxManage clonehd '/home/LOGIN/clean virtual disk/Windows XP.vdi' '/home/LOGIN/virual disk of VirtualBox'/Project1.vdi
After all these steps, the command line is complete, and you can start running by pressing the Enter key.
Create a new virtual machine
Debian in the office, go to Applications → System Tools → VirtualBox OSE. The program starts. Click New and follow the wizard:
Choose a name for the virtual machine; Choose the type of Windows from the corresponding system proposed; Choose the size of RAM dedicated to the virtual machine, depending on the size needed for the project: if you want to use a big program like Photoshop, it must provide as much as possible (at least 512 MB) . you should know that VirtualBox will refuse attributed more than half of the total memory for the virtual machine; Choose HDD boot and use an existing hard drive. Click on the icon to the right of the window to open the Virtual Media Manager. Click on the Add button and select the image previously explained, and then click choose; Click Next and Finish.
We must now configure the first virtual machine. Click the Setup button, taking care to select from the last list.
We must disable access to the network (for security reasons already mentioned):
Go to the Network section; Uncheck the Enable network card in all the tabs where it is already checked by default (usually in one: the first).
Click OK to save the settings.
Create a "user" account for the new project As explained earlier, we want to work on a "user" account for each different project. Here's how to do it with Windows XP - it should not be too different to other versions. Start the new virtual machine by clicking Start. Once in the virtualized Windows, open Start → Control Panel and select User Accounts and create a new account. Then choose a name for the new account, keep in mind that this name will probably be stored in documents created. Then choose to create an Administrator account on the computer 1 and click Create Account. Then close the session from the Start menu. Care should be taken not to use this project to the newly created account.
1. Since we use a virtual disk for each specific project and we have no access to the network, this is not a big risk and we will make life easier.
Send files to a virtualized system
Since the Windows guest is not allowed out of the box to get the files itself, it may be necessary to send them from the "outside". Let us see how.
From a CD or DVD
This is necessary if you want to install additional software on Virtual Windows
Insert the CD to play in the drive, wait a few seconds, then take control with the host system (Ctrl + ↖ or Home) and in the open Window that shows windows, click on Device drives; CD / DVD and select the host [...]. Windows should then detect the CD inserted. If it is not detected, we can go to look for it in Start Menu → My Computer. If it does not work the first time, repeat the operation.
It can load software from the CD drive of the computer: it will be permanently installed on the virtual hard disk.
From a folder
It is possible to make a file readable by Windows host system. But make sure that it is not any folder... Create a folder reserved for this purpose in the host system Minimize the window welcome in the guest system. Then choose where you want to put the file exchange. For example: in the personal file right click and create a folder and give it a descriptive name (for example "file readable by Windows,"). Indicate the file location to the virtual machine manager Go to the VirtualBox window that is launched in which the Windows virtual machine and open the menu Devices → Shared Folders ... Add a folder by clicking the icon with a "+" at the top right. A box opens:
On folder path , click Other ... to locate the folder to share; On the file name, the name of the file will be inside the virtual machine is displayed, such as "sharing." You can change it, but the name should be short, and should not contain spaces; Check the box Read Only. Thus, the virtual system can only read the contents of the folder, but nothing to write; If and only if, the sharing of this folder must be permanent, select permanent Configuration, otherwise sharing will be activated only for this session.
Warning: before validation, you must be sure that you want to leave Windows to read the entire content of the file that has been asked to share. If it's good, click OK and close the window.
Tell Windows where to connect to find the shared folder
From the menu Start, open My Computer. In the menu Tools, click Map Network Drive. Windows offers a drive name (e.g. Z :) and asks for the file: Click Browse (right) VirtualBox Shared Folders → \\Vboxsvr → directory_name, then OK. You can choose if you want this whether available only for the duration of the session, or each new session.
Attention: after learning how to use this sharing system, you might be tempted to set it up to give direct access to devices plugged into the host system: it is the worst idea we can have, which alone would destroy the whole security policy.
Bring out the files in a virtualized system
The Windows guest is not allowed, by default, leaving traces outside its sealed compartment. But almost inevitably happens when it is necessary to bring files out. Let us see how.
By burning a CD or DVD
First of all, remove the CD or DVD that may be in the readers and it does not provide access to the virtual machine. If the virtual machine is on, turn it off. Then go to the VirtualBox main window and select from the left list which the virtual machine data are to be burned. Then click the Setup icon. In the Setup dialog box, select Storage in the left list, and in storage tree section, click on the line that starts with a CD icon. In CD / DVD drive; choose the host and select Direct Mode. Confirm by clicking Ok. It is then possible to restart the virtual machine, and write data from the inside.
An empty folder
You can allow Windows to write to a folder on the host system. But make sure that it is not any folder... Attention: by learning to use the system sharing, you might be tempted to set it up to give direct access to devices plugged into the host system: it is the worst idea we can have, which alone would destroy the whole security policy. Create a folder reserved for this purpose in the host system
Minimize the window welcoming the guest system. Choose where you want to put this folder exchange. For example, in the Personal folder, right click and create a folder and give it a descriptive name such as "folder where Windows can write."
Tell the virtual machine manager where the file is located
If the virtual machine is off, start it. Go to the VirtualBox window that is launched there the Windows virtual machine and open the menu Devices → Shared Folders ... Add a folder by clicking the icon with a "+" at the top left. A dialog box opens: o On folder path click Other ... to locate the folder to share; o On the file name, the name of the file will be inside the virtual machine appears. Choose a short name without spaces, such as "output"; o If you want to export a folder permanently (not for this session only) check the configuration permanent; o Do Not check the Read Only.
Warning: before committing, you must be sure that the file in question is empty. Windows will indeed not only to write but also read. If it's good, click OK and close the window with OK. Tell Windows where to connect to find the shared folder
From the menu Start, open My Computer. On the menu Tools, click Map Network Drive. Windows offers a drive name (e.g. Z: ) and asks for the file: Click Browse (right) VirtualBox Shared Folders → \\→ Vboxsvr directory_name, then OK. You can choose if you want this whether only available for the duration of the session, or each new session.
Keep an updated system
As explained before, the malware sneak into your computers, through "security holes". Corrections for these errors in programming (or design) are regularly made available as they are identified. Once these fixes are available, it is particularly important to replace the old versions of software. Indeed, the problems corrected, which could have previously been identified only by a few specialists are then publicly known and referenced ... thus easier to exploit.
Maintain a live system
A live system is an indivisible collection of software, run from a CD or a USB key, the only practical solution to use the latest versions of these programs is to make sure we use the latest version of live system. At startup, the system displays a window of live Tails to warn us when a new version that fixes security vulnerabilities is available. When that happens, we must destroy the CD of the old version and burn new version. For a CD rewritable (RW) or a USB key, it is sufficient to overwrite the old version with the new.
Maintain an encrypted system
Once installed, an encrypted system must be kept update; so we can continue to trust it. The following sections relate to Debian, but the concepts apply broadly to almost all other systems. The Debian Project publishes approximately every two years, a stable release. This represents an enormous effort to coordinate the compatibility of different versions of software, perform extensive testing and ensure that there is no major flaw.
The daily updates of an encrypted system
The interesting thing of a stable release of Debian is that, the software packages are not modified in depth and the improvements will be added, fixes bug related to security or preventing of normally use a program.
These new versions can be installed in general “with eyes closed", they should not disturb the little habits that we have taken. When the Desktop environment installed, the system will automatically check the availability of new versions in the configured repositories, when connected to the Internet 1. When this happens, a window and an icon will appear in the notification area to offer making the updates. After clicking on the icon, the system asks us to enter administration password. Once done, a window opens with the list of packages that can be updated. They all are selected normally. Just click on the button Install updates to start the procedure.
1. We can also perform these small updates (albeit a little less each day) on a computer that should not have any access to the network. The Debian Project frequently releases new minor versions (or point releases in English) that are advertised on the website of the project. The project then proposes DVD containing all the updated packages, this DVD for example be called debian-update-6.0.1a-amd64-DVD-1.iso . By adding this DVD to updated sources, it is then possible to use the Update Manager without the computer is connected to the network.
Transition to a new stable release
When a new stable version of Debian was released, the project shall maintain updated the previous stable release for a period of one year. It is therefore necessary to use this time to take the system update to this new version. It is a process more difficult than daily updates - not necessarily in the same way.
Move from Lenny to Squeeze
The detailed procedure here is for updating version of Debian called Lenny or 5.0, released in April 2009 to new version 6.0 or Squeeze, released in February 2011. Here we will document a procedure for easy upgrade that has been tested on Debian Lenny with a GNOME desktop environment and software only from the official repositories of Debian. You need to have an Internet connection or an installation DVD to update.
Warning: this simplified procedure is less likely to operate when the system was hacked by adding sources of unofficial updates. If so, go to the official release notes of the Debian project: http://www.debian.org/releases/squeeze/i386/release-notes/index.html , including some upgrades from Debian 5.0 (Lenny) and Part Issues to be aware for Squeeze .
Update the Debian Lenny In all above, it is necessary to have an updated Debian Lenny. Otherwise, the upgrade is likely to fail. If these updates were not made daily, it's time to catch up. Make sure you have enough free space on the hard disk Before avoid any unpleasant surprise, you must be at least 4 GB of free space on the hard disk to contain the system. We can check this by opening My Computer from the menu shortcuts. This is followed by rightclicking on the icon of the file system to achieve the Properties. In the window that opens, the information that we seek are at the bottom right of the graph, before the label free. Disable other Debian repositories The update is tested with the official packages from Debian Lenny. So we will disable all other Debian repositories, including deposits backports and volatile. To do this, open the Sources of updates from the menu System → Administration. Since you will choose which programs to trust, you must enter the administration password. In the Third-party software tab, uncheck all the repositories listed, and then click Close. At the time, if the software asks to reload the package information available, to confirm click on Reload. Update the Debian repositories used Start by changing the deposits configured to use those dedicated to the new version. It is not yet possible to do this operation through the GUI, it is necessary to open a Terminal administrator and type the following command: gedit /etc/apt/sources.list The text editor opens. In the menu, select Search → Replace. In the window that opens, search for “lenny "and replace it with" squeeze.” Then click the button Replace All, then Close the search window.
If an installation or update has been done before using a CD or DVD, it is a good idea to look for lines that begin with " deb cdrom: 'to remove them. You can then exit the editor to save the changes. You have amended the list of repositories, so you now download the list of packages that are available before you can install, for this, type the command: apt-get update Keep the Terminal open; we will need it in later.
Add the installation DVD to the list of Debian repositories If the computer is not connected to the Internet, or if the connection is slow, you can ask the system to use an installation DVD as a repository of Debian packages. To do this, return to the Administrator Terminal and type the following command: apt-cdrom add You must then insert the DVD and press Enter. Keep the terminal open, it should soon be reused. Disable the screen saver During the update, the screensaver may crash and make the screen locked. It is therefore prudent to disable it for the time of update. To do this, open screen saver from the menu System → Preferences. In the window that opens, uncheck Enable the screen saver when the computer is idle. Start updating The update is done in several steps that you will do with a Terminal administrator. Our first command tells the package manager, on the one hand, we prefer that we pose the least possible questions concerning the details of the update, and secondly, that these questions should be asked in a GUI: export DEBIAN_PRIORITY=critical DEBIAN_FRONTEND=gnome The second command performs the first part of the update: apt-get upgrade
Fast enough, the terminal displays would you like to continue [y/n]? After confirming by pressing Enter, you should see a first series of windows asking us how to handle some changes. When you are not trying the choice of Debian, click Next each time is sufficient. After a moment, a number of packages have been updated, and the terminal should return to the command prompt. The third command forces the system update. This ensures that the update will be in your local language already selected otherwise it is in English: apt-get install locales After confirming to continue press Enter, a window opens asking in English "Services to restart ...." Click on Forward. Some changes in the system later, the terminal invites us once again to put the orders. The fourth command will complete the upgrade of the system: apt-get dist-upgrade Let confirmation with Enter, and go. You can see a new set of windows. Unless you want to select other choices than those recommended by Debian, click on next (or forward). A little later in the process, the system will ask us if we move to a startup sequence based on dependencies? Again, it should work just by clicking Next. At this stage of the update, maybe the GNOME desktop displays various error messages, such as "The NetworkManager applet could not find some required resources. It can’t continue. "Or" An error occurred while loading or saving configuration information frontend. Some of your configuration settings may not work correctly... “It doent particularly matter, since it is being reinstall many system components. These problems should be resolved on their own once the process is complete. It is also a message that the "boot loader configuration of this system was not recognized.”The problems highlighted by the warning systems do not affect the encrypted system; you can simply click Next and ignore it. When the prompt reappears, you can enter a fifth and final order to make free disk space: apt-get clean We can now breathe. The biggest is done. However, it remains a few minor adjustments...
New management sudo Prior to adapt our environment to the new administration account management, we must first fix a bug that has remained in Debian. To do this, in the Terminal administrator we run the command below: rm –f /etc/dbus-1/system.d/system-tools-backends.conf The rest to do is the system configuration for "sudo", the password to perform administrative tasks is the same as that required to open the session. For the rest, it is necessary to know the name of the current account (login). If in doubt, you can read it on the desktop, under the icon "personal file ...” Then type the command should look like: sudo adduser LOGIN(username) Or in french adduser LOGIN sudo For the username "Anna", it would be: sudo adduser Anna Or in French adduser Anna sudo Once done, we will also do: EDITOR=gedit visudo In the window that appears, you must reach the last line which should look like: Anna ALL=(ALL) ALL And we will replace the user name (here Anna) by %sudo . This should give: %sudo ALL=(ALL) ALL Once this is done, you can close the window and saving your changes.
First reboot Now it is the time to reboot the system. It is Necessary among other things, to find a functional network for further operations. To do this, click System → Turn off ... and then Restart. Install the new manager login screen The new version of the program that manages sessions (we request a login and password at startup) will not install automatically when it is updated; because its configuration is not compatible with the old version. However, for a laptop or desktop, this should not be a problem. It is therefore necessary to install the package gdm3 . This may requires re-configuration later. The installation will require other packages to uninstall. This is usual to replace the old version. When a window appears that asks us to choose a window manager of default session, simply click Next. Reactivate the screen saver Open Screen Saver from the menu System → Preferences. In the window that pops up, recheck Enable the screen saver when the computer is idle. Reactivate the Debian repositories additional If the use of deposits backports or squeeze-updates (formerly volatile) is required, it is now possible to reactivate. Update the boot program (GRUB) This update is to configure the new version of the startup program called GRUB. To do this, open a Root Terminal, then type: export DEBIAN_FRONTEND=gnome After this first order, we will be able to run the update itself via the command: upgrade-from-grub-legacy
The system then asks us questions to be answered:
For the Linux command line, enter the space entry. For the Devices where to install GRUB, you must check the box that corresponds to the hard disk where is installed the system. In the vast majority of cases this should be the first in the list, named /dev/sda . To be sure, you can check the size of the hard drive in brackets corresponds to what is known about the computer. When in doubt, you can find the hard drive path using the method described previously.
Once the window has closed, you can return the terminal to execute the command proposed to us: rm -f /boot/grub/menu.lst* Ensure that the new system is working properly Finally, restart the computer again and log into the new version of Debian. It may help to ensure that the actions and common commands are functional. It may be necessary to diagnose and solve problems where it is appropriate. It is certainly better to do when making contact with the new system in order to leave for two years with a functional system. The most common problems are often described various documentation on Debian GNU / Linux. Remember also that there are official release notes for the Debian project.
Security-focused operating system
We already have explained what the operating system is and it is discussed in detail how to use and install the Debian in the most secure mode. The operating systems are different in size from only 16 KB (BareMetal: http://www.returninfinity.com/baremetal.html ) to some GB (usual OS). Although all of the operating systems are faced with security bug fixes in their lifetime; however, they do all strive to consistently approach all generic security flaws inherent in their design with new ideas in an attempt to create a secure computing environment. A Trusted operating system provides sufficient support for multilevel security and evidence of correctness to meet a particular set of government requirements. Here are the lists of most secure operating system: 1-BSD: BSD is a family of UNIX variants. There are several BSD variants, with only one being heavily focused on security. http://www.bsd.org/
2-OPENBSD: OpenBSD is an open source BSD operating system that is known to be concerned heavily with security. The project has completed rigorous manual reviews of the code and addressed issues most systems have not. OpenBSD also supplies an executable space protection scheme known as W^X (memory is writable xor executable), as well as a ProPolice compiled executable base. Also, since OpenBSD is exported with cryptography, we are able to take cryptographic approaches towards fixing security problems. http://www.openbsd.org
3-TrustedBSD:TrustedBSD is a sub-project of FreeBSD designed to add trusted operating system extensions, targeting the Common Criteria for Information Technology Security Evaluation (see also Orange Book). Its main focuses are working on access control lists, event auditing, extended attributes, mandatory access controls, and fine-grained capabilities. Since access control lists are known to be confronted with the confused deputy problem, capabilities are a different way to avoid this issue. As part of the TrustedBSD project, there is also a port of the NSA's FLASK/TE implementation to run on FreeBSD. Many of these trusted extensions have been integrated into the main FreeBSD branch starting at 5.x. http://www.trustedbsd.org 4-LINUX: Linux itself is inherently security-focused; however, many distributions and projects attempt to make Linux more secure. Among them, the most popular is Ubuntu. http://www.ubuntu.com http://en.wikipedia.org/wiki/Linux
5-Annvix: Annvix is a free, secure, Linux-based operating system. The Annvix project aims to provide a secure, stable, and fast Linux distribution specifically tailored to servers that provide reliable services such as Email, Web, DNS, FTP, File sharing, and more.Annvix was originally forked from Mandriva to provide a security-focused server distribution that employs ProPolice protection, hardened configuration, and a small footprint... There were plans to include full support for the RSBAC Mandatory access control system. However, Annvix is dormant, with the last version being released December 30, 2007 and it has not been in development since March, 2008 http://linsec.ca/Annvix:Home
6-EnGarde Secure Linux: EnGarde Secure Linux is a secure platform designed for servers. It has boasted a browser-based tool for MAC using SELinux since 2003. Additionally, it can be accompanied with Web, DNS, and Email enterprise applications, specifically focusing on security without any unnecessary software. The community platform of EnGarde Secure Linux is the bleeding-edge version freely available for download. Because there is no X Window System and EnGarde is configured via a graphical interface, it is recommended to configure the operating system using a second computer. The interface, accessible through a web browser, is one of the remarkable features of EnGarde Secure Linux. It was one of the very first Linux server platforms designed solely for security. http://www.engardelinux.org
7-Fedora: Fedora is a free, Red Hat sponsored community developed Linux distribution. It is one of those mainstream Linux distributions, with a concentrated effort to improve system security, as a consequence it boasts a fully integrated SELinux MAC and fine-grained executable memory permission system (Exec Shield) and all binaries compiled with GCC's standard stacksmashing protection, as well as focusing on getting security updates into the system in a timely manner. http://fedoraproject.org/en
8-Hardened Gentoo: Hardened Gentoo is a subproject of the Gentoo Linux project. Hardened Gentoo offers a ProPolice protected and Position Independent Executable base using exactly the same package tree as Gentoo. Executable space protection in Hardened Gentoo is handled by PaX. The Hardened Gentoo project is an extremely modular project, and also provides subprojects to integrate other intrusion-detection and Mandatory access control systems into Gentoo. All of these can be optionally installed in any combination, with or without PaX and a ProPolice base. http://www.gentoo.org
9-Hardened Linux: Hardened Linux is a small distribution for firewalls, intrusion detection systems, VPN-gateways and authentication jobs that is still under heavy development. It includes GRSecurity, PaX and GCC stack smashing protection. http://hardenedlinux.sourceforge.net/
10-Immunix: Immunix is a commercial distribution of Linux focused heavily on security. They supply many systems of their own making, including StackGuard; cryptographic signing of executables; race condition patches; and format string exploit guarding code. Immunix traditionally releases older versions of their distribution free for non-commercial use. Note that the Immunix distribution itself is licensed under two licenses: The Immunix commercial and non-commercial licenses. Many tools within are GPL, however; as is the kernel. http://distrowatch.com/table.php?distribution=immunix 11-Openwall Project: Solar Designer's Openwall Project (Owl) was the first distribution to have a non-executable userspace stack, /tmp race condition protection and access control restrictions to /procdata, by way of a kernel patch. It also features a per-user tmp directory via the pam_mktemp PAM module, and supports Blowfish password encryption.
12-Red Hat Enterprise Linux: Red Hat Enterprise Linux - offers the same security benefits as Fedora with the additional support of back-porting security fixes to the released versions of the packages (particularly the kernel) so the sys-admin does not have to perform a significant (and risky) upgrade to get a security fix. http://en.wikipedia.org/wiki/Red_Hat_Enterprise_Linux http://www.redhat.com/products/enterprise-linux
13-Ubuntu (humanity towards others): Like Fedora and Red Hat Enterprise Linux, Ubuntu provides security fixes for stable releases. It also has AppArmor installed by default and supports SELinux. Ubuntu locks the root account by default. But use user password for root tasks. Ubuntu and Kubuntu can be booted and run from a USB Flash drive (as long as the BIOS supports booting from USB), with the option of saving settings to the flashdrive. This allows a portable installation that can be run on any PC which is capable of booting from a USB drive.[49] In newer versions of Ubuntu, the USB creator program is available to install Ubuntu on a USB drive (with or without a LiveCD disc). https://launchpad.net/usb-creator http://www.ubuntu.com
14-Solaris: Solaris is a UNIX variant created by Sun Microsystems. Solaris itself is not inherently security-focused. Majority of Solaris source code has been released via the
OpenSolaris project, mostly under the Common Development and Distribution License. Enhancements to OpenSolaris, both securities related and others are backported to the official Solaris when Sun certifies their quality. http://en.wikipedia.org/wiki/Solaris_(operating_system) ; http://www.oracle.com/us/products/servers-storage/solaris/overview
15-Trusted Solaris: Trusted Solaris is a security-focused version of the Solaris UNIX operating system. Aimed primarily at the government computing sector, Trusted Solaris adds detailed auditing of all tasks, pluggable authentication, mandatory access control, additional physical authentication devices, and fine-grained access control
16- Security-Enhanced Linux: SELinux: is a secure, stable and full-featured OS for professional enterprise servers. Secure-Slinux is based on the Linux kernel and GNU glibc as well as GRSecurity and PAX. NSA Security-enhanced Linux is a set of patches to the Linux kernel and some utilities to incorporate a strong, flexible mandatory access control (MAC) architecture into the major subsystems of the kernel. It provides an enhanced mechanism to enforce the separation of information based on confidentiality and integrity requirements, which allows threats of tampering and bypassing of application security mechanisms to be addressed and enables the confinement of damage that can be caused by malicious or flawed applications. http://en.wikipedia.org/wiki/Security-Enhanced_Linux http://wiki.debian.org/SELinux, http://selinuxproject.org/page/SEAndroid; http://www.secure-slinux.org/ 16-Object-Capability systems: These operating systems are all engineered around a different paradigm of security, object-capabilities: http://en.wikipedia.org/wiki/Object-capability_model , where instead of having the system deciding if an access request should be granted (usually through one or several access control lists), the bundling of authority and designation makes it impossible to request anything not legitimate. KeyKOS: http://en.wikipedia.org/wiki/KeyKOS EROS: http://en.wikipedia.org/wiki/EROS_(microkernel) CapROS: http://en.wikipedia.org/wiki/CapROS seL4: http://en.wikipedia.org/wiki/L4_microkernel_family
In spite of all information presented here there are people who insist to use non-secure operating system such as windows. Or you may change your digital security policy to secure your communication with Ubuntu: Now it is a question; how to install and use them? So before we start talking about the communication security, that is good idea to learn, how to use Terminal and installing most popular operating systems: windows and Ubuntu
Feel the love of free and open source software
Why should you use GNU/Linux over Windows or Mac OS? There are a number of reasons, one of the biggest is that the large quantities of viruses, Trojans, back-door programs, security bugs, targeted government hacking, and other exploits over the years make them very difficult to trust, especially because you are not given the opportunity to look under the hood to see if what is going on is ok. The software is proprietary and closed source that means you trust your private information to a corporation whose sole focus is profit, not the security of your personal information and whose methods you are unable to audit for yourself. OS X suffers from similar issues that windows does. While it is based on UNIX (of which Linux is a “clone”), a large portion of the operating system is not open source and thus not available for third party review. Its increasing popularity has been resulting in increasing viruses and exploits (though still far fewer than windows) and its corporate culture of authoritarianism is reflected in the structure of the operating system. OS X also includes the built-in “feature” to remotely activate the webcam which, as a feature regardless of the OS it’s on, has been shown to be used for other purposes. GNU/Linux, however, is composed primarily (and can be made exclusively) of software whose source can be obtained and audited by essentially anyone, it has been built by a community of people for years. Its history is filled with few viruses and user-level exploits. Linux is also an easy to use operating system that supports a wealth of older hardware that makes this level of security accessible to the average individual.
Terminal
The Command Line
Before continuing with the rest of the book it is good to review “how the command line works”. If you are not familiar with the command line and you have made your decision to use safe Os: GNU/Linux, the following is intended to get you up to date in the basics quickly .
The basics
Although interactions on a computer happen so fast you don't think about it, each click or keystroke is a command to the computer, which it reacts to. Using the command line is the same thing, but more deliberate. You type a command and press the Return or Enter key. For instance, in my terminal I type: date And the computer replies with: Fri Feb 25 14:28:09 CET 2011
The command line can do much better The date command, as seen so far, compares poorly with the alternative of glancing at a calendar or clock. The main problem is not the unappetizing appearance of the output, mentioned already, but the inability to do anything of value with the output. For instance, if I'm looking at the date in order to insert it into a document I'm writing or update an event on my online calendar, I have to do some retyping. The command line can do much better than this. After you learn basic commands and some useful ways to save yourself time, you'll find out more in this book about feeding the output of commands into other commands, automating activities, and saving commands for later use. What do we mean by a command? in the context of this book, a command has a very specific meaning. It's a file on your computer that can be executed, or in some cases; an action that is built into the shell program. Except for the built-in commands, the computer runs each command by finding the file that bears its name and executing that file. We'll give you more details as they become useful.
Ways to enter commands To follow along on this book, you need to open a command-line interpreter or command-line interface (called a shell or terminal in GNU/Linux) on your computer. Pre-graphical computer screens presented people with this interpreter as soon as they logged in. Nowadays almost everybody except professional system administrators uses a graphical interface, although the pregraphical one is still easier and quicker to use for many purposes. So we'll show you how to pull up a shell.
Finding a terminal You can get a terminal interface from the desktop, but it may be easier to leave the desktop and use the original text-only terminal. To do that, use the < ctrl + alt + F1 > key combination. You get a nearly blank screen with an invitation to log in. Give it your username and password. You can go to other terminals with < alt + F2 > and so on, and set up sessions with different (or the same) users for whatever tasks you want to do. At any time, switch from one to another by using the < alt + F# > keystroke for the one you want. One of these, probably F7 or F8, will get you back to the desktop. In text terminals you can use the mouse (assuming your system has gpm running) to select a word, line or range of lines. You can then paste that text somewhere else in that or any other terminal. GNU/Linux distributions come with different graphical user interfaces (GUI) offering different aesthetics and semantic metaphors. Those running on top of the operating system are known as desktop environments. GNOME, KDE and Xfce are among the most widely used. Virtually every desktop environment provides a program that mimics the old text-only terminals that computers used to offer as interfaces. On your desktop, try looking through the menus of applications for a program called Terminal. Often it's on a menu named something such as Accessories, which is not really appropriate because once you read this book you'll be spending a lot of time in the terminal every day. In GNOME you select Applications > Accessories > Terminal.
In KDE, select K Menu -> System -> Terminal. In Xfce, select Xfce Menu -> System -> Terminal. Wherever it's located, you can almost certainly find a terminal program. When you run the terminal program, it just shows a blank window; there's not much in the way of help. You're expected to know what to do and we'll show you. The following figure shows the Terminal window opened on the desktop in GNOME.
Running an individual command Many graphical interfaces also provide a small dialog box called something like "Run command". It presents a small text area where you can type in a command and press the Return or Enter key.
To invoke this dialog box, try typing the < alt + F2 > key combination, or searching through the menus of applications. You can use this box as a shortcut to quickly start up a terminal program, as long as you know the name of a terminal program installed on your computer. If you are working on an unfamiliar computer and don't know the name of the default terminal program, try typing xterm to start up a no-frills terminal program (no fancy menus allowing choice of color themes or fonts). If you desperately need these fancy menus,
in GNOME the default terminal program should be gnome-terminal in KDE it should be konsole in Xfce try Terminal or version specific terminal names, for example in Xfce 4 you should find xfce4-terminal.
Terminal startup
When you start up a terminal, you see a little message indicating that the terminal is ready to accept your command. This message is called a prompt, and it may be as simple as: $ After you type your command and press the Return or Enter key, the terminal displays the command's output (if there is any) followed by another prompt. So my earlier interaction would be shown in the book like this: $ date Thu Mar 12 17:15:09 EDT 2009 $
You have to know how to interpret examples like the preceding one. All you type here is date. Then press the Return key. The word date in the example is printed in bold to indicate that it's something you type. The rest is output on the terminal. The Parts of a Command The first word you type on a line is the command you wish to run. In the "Getting Started" section we saw a call to the date command, which returned the current date and time.
Arguments Another command we could use is echo, which displays the specified information back to the user. This isn't very useful if we don't actually specify information to display. Fortunately, we can add more information to a command to modify its behavior; this information consists of arguments. Luckily, the echo command doesn't argue back; it just repeats what we ask it: $ echo foo foo In this case, the argument was foo, but there is no need to limit the number of arguments to one. Every word of the text entered, excluding the first word, will be considered an additional argument passed to the command. If we wanted echo to respond with multiple words, such as foo bar, we could give it multiple arguments: $ echo foo bar foo bar Arguments are normally separated by "white space" (blanks and tabs -- things that show up white on paper). It doesn't matter how many spaces you type, so long as there is at least one. For instance, if you type: $ echo foo foo bar bar
With a lot of spaces between the two arguments, the "extra" spaces are ignored, and the output shows the two arguments separated by a single space. To tell the command line that the spaces are part of a single argument, you have to delimit in some way that argument. You can do it by quoting the entire content of the argument inside double-quote (") characters: $ echo "foo foo bar bar"
As we'll see later, there is more than a way to quote text, and those ways may (or may not) differ in the result, depending on the content of the quoted text. Options Revisiting the date command, suppose you actually wanted the UTC date/time information displayed. For this, date provides the --utc option. Notice the two initial hyphens. These indicate arguments that a command checks when it starts and that control its behavior. The date command checks specially for the --utc option and says, "OK, I know you're asking for UTC time". This is different from arguments we invented, as when we issued echo with the arguments foo bar. Other than the dashes preceding the word, --utc is entered just like an argument: $ date --utc Tue Mar 24 18:12:44 UTC 2009 Usually, you can shorten these options to a shorter value such as date -u (the shorter version often has only one hyphen). Short options are quicker to type (use them when you are typing at the shell), whereas long options are easier to read (use them in scripts). Now let's say we wanted to look at yesterday's date instead of today's date. For this we would want to specify the --date argument (or shortly -d), which takes an argument of its own. The argument for an option is simply the word following that option. In this case, the command would be date --date yesterday. Since options are just arguments, you can combine options together to create more sophisticated behavior. For instance, to combine the previous two options and get yesterday's date in UTC you would type: $ date --date yesterday -u Mon Mar 23 18:16:58 UTC 2009 As you see, there are options that expect to be followed by an argument (-d, --date) and others that don't take any one (-u, --utc). Passing a little bit more complex argument to the --date option allows you to obtain some interesting information, for example whether this year is a leap year (in which the last day of February is 29). You need to know what day immediately precedes the 1st of March: $ date --date "1march yesterday" -u Sat Feb 28 00:00:00 UTC 2009 The question you posed to date is: if today were the 1st of March of the current year, what date would it be yesterday? So no, 2009 is not a leap year. It may be useful to get the weekday of a given date, say the 2009 New Year's Eve:
$ date -d 31dec +%A Thursday Which is the same as: $ date --date 31december2009 +%A Thursday In this case we passed to date the option -d (--date) followed by the New Year's Eve date, and then a special argument (that is specific to the date command). â ﭘCommands may once in a while have strange esoteric arguments... The date command can accept a format argument starting with a plus (+). The format %A asks to print the weekday name of the given date (while %a would have asked to print the abbreviated weekday: try it!). For now don't worry about these hermetic details: we'll see how to obtain help from the command line in learning command details. Let's only nibble a more savory morsel that combines the echo and date commands: $ echo "This New Year's Eve falls on a $( date -d 31dec +%A )" This New Year's Eve falls on a Thursday
Repeating and editing commands Use the Up-arrow key to retrieve a command you issued before. You can move up and down using arrow keys to get earlier and later commands. The Left-arrow and Right-arrow keys let you move around inside a single command. Combined with the Backspace key, these let you change parts of the command and turn it into a new one. Each time you press the Enter key, you submit the modified command to the terminal and it runs exactly as if you had typed it from scratch. Moving Around Anyone who has used a graphical interface has moved between folders. A typical view of folders appears where someone has opened a home directory, then a folder named "my-stuff" under that, and a folder named "music" under that. When you use the command line, folders are called directories. That's just an older term used commonly in computing to refer to collections of things. (Try making an icon that suggests "directory"). Anything you do in a folder on the desktop is reflected in the directory when you're on the command line, and vice versa. The desktop and the command line provide different ways of viewing a directory/folder, and each has advantages and disadvantages. Files contain your information--whether pictures, text, music, spreadsheet data, or something else--while the directories are containers for files. Directories can also store other directories. You'll be much more comfortable with the command line once you can move around directories, view them, create and remove them, and so on.
Directories are organized, in turn, into filesystems. Your hard disk has one type of filesystem, a CD-ROM or DVD has another, a USB mass storage device has yet another, and so on. That's why a CD-ROM, DVD, or USB device shows up as something special on the desktop when you insert it. Luckily, you don't have to worry much about the differences because both the desktop and the terminal can hide the differences. But sometimes in this book we'll talk about the information a filesystem has about your files. The "first" directory is called the root and is represented by the name / (just a forward slash). You can think of all the directories and files on the system as a tree that grows upside-down from this root (Figure below):
Root Directory
Absolute and relative paths Every file and directory in the system has an "address" called its absolute path or sometimes just its path. It describes the route you have to follow starting from the root that would take you to that particular file or directory.
For example, suppose you like the vim editor that we'll introduce in a later chapter, and are told you can start it by running the command /usr/bin/vim. This point underlines what we said in an earlier chapter: commands are just executable files. So the vim editor is a file with the path /usr/bin/vim, and if you run that command /usr/bin/vim you will execute the editor. As you can see from these examples, the slash / is also used as a separator between directories.
Can you find /usr/bin/vim in Figure above? The pathname can be interpreted as follows: 1. Start at the root (/) directory. 2. Move from / down to a directory named usr. 2. Move from usr down to a directory named bin. 2. vim is located in that directory. Note that you can't tell whether something is a file or a directory just by looking at its path. When you work with the command line you will be always working "in" a directory. You can find the path of this directory using the command pwd (print working directory), like this: $ pwd /home/ben You can see that pwd prints an absolute path. If you want to switch your working directory you can use the command cd (change directory) followed by an argument which points to the target directory: $ cd / You just changed your working directory to the root of the filesystem! If you want to return to the previous directory, you can enter the command: $ cd /home/ben As an alternative, you can "work your way" back to /home/ben using relative paths. They are called that because they are specified "in relation" to your current working directory. If you go back to the root directory, you could enter the following commands: $ cd / $ cd home $ cd ben
$ pwd /home/ben The first command changes your current working directory to the root. The second changes to home, relative to /, making your current working directory /home. The third command changes it to ben, relative to /home, landing you in /home/ben. Good to be back home Every user in the system has a directory assigned to him or her, called the home directory. No matter what your current working directory is, you can quickly return to your home directory like this: $ cd That is, enter the cd command without any arguments. All your files and preferences are stored in your home directory (or its subdirectories). Every user of your system with a login account gets her own home directory. Home directories are usually named the same as users' login names, and are usually found in /home, although a few systems have them in /usr/home. When you start your terminal, it will place you in your home directory. There's a special shortcut to refer to your home directory, namely the symbol ~ (usually called a tilde, and found near the very left top of most keyboards). You can use it as part of more complex path expressions, and it will always refer to your home directory. For example, ~/Desktop refers to the directory called Desktop that usually exists within your home directory.
The . and .. directories The entries . and .. are special and they exist in every directory, even the root directory itself (/). The first one is a shorthand for "this directory" while the latter is a shorthand for "the parent directory of this directory." You can use them as a relative path, and you can try and see what happens when you do this: $ pwd /usr/bin $ cd . $ pwd /usr/bin If vim is in /usr/bin, at this point you could run it by typing the relative path: $ ./vim
Continuing from the previous example, you can do this: $ cd .. $ pwd /usr Since they are actual entries in the filesystem, you can use them as part of more complex paths, for example: $ cd /usr/bin $ pwd /usr/bin $ cd ../lib $ pwd /usr/lib $ cd ../.. $ pwd / $ cd home $ pwd /home $ cd ../usr/bin $ pwd /usr/bin The parent directory of the root directory, /.., is root itself.Try moving around your computer on the command line and you will soon get used to it!
Basic commands
By now you have some basic knowledge about directories and files and you can interact with the command line interface. We can learn some of the commands you'll be using many times each day. ls The first thing you likely need to know before you can start creating and making changes to files is what's already there? With a graphical interface you'd do this by opening a folder and inspecting its contents. From the command line you use the program ls instead to list a folder's contents. $ ls
Desktop Documents Music Photos By default, ls will use a very compact output format. Many terminals show the files and subdirectories in different colors that represent different file types. Regular files don't have special coloring applied to their names. Some file types, like JPEG or PNG images, or tar and ZIP files, are usually colored differently, and the same is true for programs that you can run and for directories. Try ls for yourself and compare the icons and emblems your graphical file manager uses with the colors that ls applies on the command line. If the output isn't colored, you can call ls with the option --color: $ ls --color
man, info & apropos You can learn about options and arguments using another program called man (man is short for manual) like this: $ man ls Here, man is being asked to bring up the manual page for ls. You can use the arrow keys to scroll up and down in the screen that appears and you can close it using the q key (for quit). An alternative to obtain a comprehensive user documentation for a given program is to invoke info instead of man: $ info ls This is particularly effective to learn how to use complex GNU programs. You can also browse the info documentation inside the editor Emacs, which greatly improves its readability. But you should be ready to take your first step into the larger world of Emacs. You may do so by invoking:
$ emacs -f info-standalone that should display the Info main menu inside Emacs (if this does not work, try invoking emacs without arguments and then type Alt + x info, i.e. by depressing the Alt key, then pressing the x key, then releasing both keys and finally typing info followed by the Return or Enter key). If you type then m ls, the interactive Info documentation for ls will be loaded inside Emacs. In the standalone mode, the q key will quit the documentation, as usual with man and info.
Ok, now you know how to learn about using programs yourself. If you don't know what something is or how to use it, the first place to look is its manual and information pages. If you don't know the name of what you want to do, the apropos command can help. Let's say you want to rename files but you don't know what command does that. Try apropos with some word that is related to what you want, like this: $ apropos rename ... mv (1) - move (rename) files prename (1) - renames multiple files rename (2) - change the name or location of a file ... Here, apropos searches the manual pages that man knows about and prints commands it thinks are related to renaming. On your computer this command might (and probably will) display more information but it's very likely to include the entries shown. Note how the program names include a number besides them. That number is called their section, and most programs that you can use from the command line will be in section 1. You can pass apropos an option to display results from section 1 manuals only, like this: $ apropos -s 1 rename ... mv (1) - move (rename) files prename (1) - renames multiple files ... At this stage, the section number isn't terribly important. Just know that section 1 manual pages are the ones that apply to programs you use on the command line. To see a list of the other sections, look up the manual page for man using man man.
mv Looking at the results from apropos, that mv program looks interesting. You can use it like this: $ mv oldname newname Depending on your system configuration, you may not be warned when renaming a file will overwrite an existing file whose name happens to be newname. So, as a safe-guard, always use `i' option when issuing mv like this: $ mv -i oldname newname
Just as the description provided by apropos suggests, this program moves files. If the last argument happens to be an existing directory, mv will move the file to that directory instead of renaming it. Because of this, you can provide mv more than two arguments: $ mv one_file another_file a_third_file ~/stuff If ~/stuff exists, then mv will move the files there. If it doesn't exist, it will produce an error message, like this: $ mv one_file another_file a_third_file stuff mv: target 'stuff' is not a directory
mkdir How do you create a directory, anyway? Use the mkdir command: $ mkdir ~/stuff And how do you remove it? With the rmdir command: $ rmdir ~/stuff If you wish to create a subdirectory (say the directory bar) inside another directory (say the directory foo) but you are not sure whether this one exists or not, you can ensure to create the subdirectory and (if needed) its parent directory without raising errors by typing: $ mkdir -p ~/foo/bar This will work even for nested sub-sub-...-directories. If the directory you wish to remove is not empty, rmdir will produce an error message and will not remove it. If you want to remove a directory that contains files, you have to empty it first. To see how this is done, we will need to create a directory and put some files in it first. These files we can remove safely later. Let's start by creating a directory called practice in your home and change the current working directory there: $ mkdir ~/practice $ cd ~/practice
cp, rm & rmdir Now let's copy some files there using the program cp. We are going to use some files that are very likely to exist on your computer, so the following commands should work for you: $ cp /etc/fstab /etc/hosts /etc/issue /etc/motd . $ ls fstab hosts issue motd Don't forget the dot at the end of the line! Remember it means "this directory" and being the last argument passed to cp after a list of files, it represents the directory in which to copy them. If that list is very long, you'd better learn using globbing (expanding file name patterns containing wildcard characters into sets of existing file names) or some other tricky ways to avoid wasting your time in typing file names. One trick can help when dealing with the copy of an entire directory content. Passing to cp the option -R you can recursively copy all the files and subdirectories from a given directory to the destination: $ cp -R . ~/foo $ ls ~/foo bar fstab hosts issue motd $ cp -R . ~/foo/bar $ ls -R ~/ ~/foo: bar fstab hosts issue motd ~/foo/bar: fstab hosts issue motd In this case the current directory has no subdirectories so only files were copied. As you can see, the option -R can be passed even to ls to list recursively the content of a given directory and of its subdirectories. Now, if you go back to your home and try to remove the directory called practice, rmdir will produce an error message: $ cd .. $ rmdir practice rmdir: failed to remove 'practice': Directory not empty You can use the program rm to remove the files first, like this: $ rm practice/fstab practice/hosts practice/issue practice/motd And now you can try removing the directory again:
$ rmdir practice And now it works, without showing any output. But what happens if your directories have directories inside that also have files, you could be there for weeks making sure each folder is empty! The rm command solves this problem through the amazing option -R, which as usual stands for "recursive". In the following example, the command fails because foo is not a plain file: $ rm ~/foo/ rm: cannot remove `~/foo/`: Is a directory So maybe you try rmdir, but that fails because foo has something else under it: $ rmdir ~/foo rmdir: ~/foo: Directory not empty So you use rm -R, which succeeds and does not produce a message. $ rm -R ~/foo/ So when you have a big directory, you don't have to go and empty every subdirectory. But be warned that -R is a very powerful argument and you may lose data you wanted to keep!
cat & less You don't need an editor to view the contents of a file. What you need is just to display it. The cat program fits the bill here: $ cat myspeech.txt Friends, Romans, Countrymen! Lend me your ears! Here, cat just opens the file myspeech.txt and prints the entire file to your screen, as fast as it can. However if the file is really long, the contents will go by very quickly, and when cat is done, all you will see are the last few lines of the file. To just view the contents of a long file (or any text file) you can use the less program: $ less myspeech.txt Just as with using man, use the arrow keys to navigate, and press q to quit.
The Superuser (Root)
Some parts of the computer system are thought to require special protection (because they do). If somebody can change the basic cat or less command, for instance, they could cause you to corrupt your own files. So certain commands can be run and certain files can be accessed only by a user logged in with special privileges called superuser or root privileges. In the days when computer systems cost hundreds of thousands of dollars and were shared by hundreds of people, root was assigned to an actual person (or a small group) who constituted a kind of priesthood. Nowadays every owner of a PC can execute superuser commands (this is not always true on mobile devices, though). There is still a user account on each GNU/Linux system called root. This allows the system to make this user the owner of sensitive system files. The root user, incidentally, has nothing to do with the root directory (the / directory) in the filesystem. Superuser commands are powerful and must be used carefully, but their use is quite common. For instance, whenever a desktop user installs software, he or she must become superuser for a few minutes.
The sudo Command On many modern systems, whenever you want to enter a superuser command, you just precede it with sudo: $ sudo rm -r /junk_directory You are then prompted for your password, so nobody walking up casually to your system could execute a dangerous command. The system keeps your password around for a while, so you can enter further superuser commands without the bother of re-entering the password. Systems also provide a su command that logs you in as superuser and gives you a new shell prompt. Not all systems allow users to use it, though, because you can get carried away, start doing everyday work as superuser --and suddenly realize you've trashed your system through a typo. It is much safer to do your home system administration using sudo. If other people share your system and you want to give someone superuser privileges, for this you need to know a little more about System Administration.
Windows Command Prompt CMD
CMD is a tool that works similar to the terminal but in windows. There are a couple of things you can do in order to make the most of the command line from Windows.
Using the command line To launch the command line console (the black console box thingy), perform the following steps Open the Start menu and Click the Run... option
Then Type cmd /d or only cmd into the text box and hit enter to launch the command console
Here are some important command prompt's commands
1. Ipconfig: This is the top most command for seeing the ip address, subnet mask and default gateway also
includes display and flush DNS cache, re-register the system name in DNS.. This will most useful tool for viewing and troubleshooting TCP/IP problem.
To view ip ,subnet mask address : ipconfig To view all TCP/IP information, use: ipconfig /all To view the local DNS cache, use: ipconfig /displaydns To delete the contents in the local DNS cache, use: ipconfig /flushdns
2.systeminfo Have a need to display operating system configuration information for a local or remote machine, including service pack levels? Then systeminfo is the tool to use. When I need to connect to a system that I am not familiar with, this is the first tool I run. The output of this command gives me all the info I need including: host name, OS type, version, product ID, install date, boot time and hardware info (processor and memory). Also knowing what hot fixes are installed can be a big help when troubleshooting problems. This tool can be used to connect to a machine remotely using the following syntax: SYSTEMINFO /S system /U user
3. Hidden text There is a feature in windows to create hidden notepad file to save your usual password. But this way is not useful for important password. To use this simply go: RUN>type CMD>type notepad (file name).text:hidden For example go to CMD and type: notepad anna.txt:hidden Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. then press enter
C:\Documents and Settings\ASRock>notepad anna.text:hidden An empty notepad file will open and ask you to save>click yes. Type what you want there and save changes and close. To reveal your hidden file repeat above command and see file again.
4.net command Although this tool is more known as a command, the net command is really like a power drill with different bits and is used to update, fix, or view the network or network settings. It is mostly used for viewing (only services that are started), stopping and starting services:
o o o
net stop server net start server net start (display running services)
And for connecting (mapping) and disconnecting with shared network drives:
o o
net use m: \\myserver\sharename net use m: \\myserver\sharename /delete
Other commands used with net command are, accounts (manage user accounts), net print (manage print jobs), and net share (manage shares). Below are all the options that can be used with the net command. [ ACCOUNTS | COMPUTER | CONFIG | CONTINUE | FILE | GROUP | HELP |HELPMSG | LOCALGROUP | PAUSE | PRINT | SESSION | SHARE | START |STATISTICS | STOP | TIME | USE | USER | VIEW ]
5. Hidden files in each other Here I show you a simple unique method to hide a bundle of files to another one. An example is hiding some software and text in a jpg file. In practice you can use this method to hide files in other format such as pdf, png,.doc( word file) and so on. In order to accomplish this task, you will need to have either WinZip or WinRAR installed on your computer. In following example you are learning how to hide portable Joundo (JonDoSetup.paf), FreeGate and secrect notepad text in one jpg file! To do this; copy the picture and other files to the one of your main drive such as C or D.It is better to move them into a folder with name “test”
-rename your picture as 1 -select your files, you need to hide, then right click>add to archive and rename it as 2
-open cmd and type d: and then press enter to run your command on drive D( if your files are in drive D)
In the example above the files are in C drive. So the command should be as follow in windows xp:
Note: After every command you should press enter. Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. C:\Documents and Settings\ASRock>cd\ C:\>cd test C:\test>copy 1.jpg 2.rar 1file<s> copied C:\test>copy / In example above; files over 50 MB were hidden in one small jpg file. Output jpg file is then ready to send to picture uploading websites or even can be embedded to pdf file. Note: Pdf file doesn’t allow you to run .exe or rar file in usual manner, except you changed their security policy from registry. With embedding above picture, you can do that easily. 6. Tasklist and taskkill If you work with Task Manager (ctrl+alt+del), you can easily understand this. Task list is list of task which is running on windows currently. If you open any application,it will be added to task. To List the Tasks type in cmd as : tasklist This will show the list of task which are running as shown in the picture /b 1.jpg + 2.rar 1.jpg
To stop the Process or task ,there is two methods : Using Image Name: We can kill the task using its Image Name as follows:
tasklist /im notepad.exe
Using Process Id: we can stop the process using its process id as follows : tasklist /pid 1852
7. Type type is used to read the text document in command prompt. You can read multiple text in continuously type filename.txt
8.netstat Need to know who (or what) is making a connection to your computer? Then netstat is the tool you want to run. The output provides valuable information of all connections and listening ports, including the executable used in the connections. In additon to the above info, you can view Ethernet statistics, and resolve connecting host IP Addresses to a fully qualified domain name. Note: Some useful applications for the average PC user are considered, including checking for malware connections.
Syntax and switches The command syntax is netstat [-a] [-b] [-e] [-f] [-n] [-o] [-p proto] [-r] [-s] [-t] [-v] [interval] A brief description of the switches is given in Table below. Some switches are only in certain Windows versions, as noted in the table..Note that switches for Netstat use the dash symbol "-" rather than the slash "/".
Switches for Netstat command Switch -a Description Displays all connections and listening ports Displays the executable involved in creating each connection or listening port. (Added in XP SP2.) Displays Ethernet statistics Displays Fully Qualified Domain Names for foreign addresses. (In Windows Vista/7 only) Displays addresses and port numbers in numerical form Displays the owning process ID associated with each connection Shows connections for the protocol specified by proto; proto may be any of: TCP, UDP, TCPv6, or UDPv6. Displays the routing table Displays per-protocol statistics Displays the current connection offload state, (Windows Vista/7) When used in conjunction with -b, will display sequence of components involved in creating the connection or listening port for all executables. (Windows XP SP2, SP3) An integer used to display results multiple times with specified number of seconds between displays. Continues until stopped by command ctrl+c. Default setting is to display once,
-b
-e
-f
-n -o
-p proto
-r -s -t
-v
[interval]
Applications of Netstat Netstat is one of a number of command-line tools available to check the functioning of a network. It provides a way to check if various aspects of TCP/IP are working and what connections are present. In Windows XP SP2, a new switch "-B" was added that allows the actual executable file that has opened a connection to be displayed. This newer capability provides a chance to catch malware that may be phoning home or using your computer in unwanted ways on the Internet. There are various ways that a system administrator might use the assortment of switches but I will give two examples that might be useful to home PC users. Checking TCP/IP connections TCP and UDP connections and their IP and port addresses can be seen by entering a command combining two switches: netstat -an An example of the output that is obtained is shown in below.
Example output for command "netstat -an" The information that is displayed includes the protocol, the local address, the remote (foreign) address, and the connection state. Note that the various IP addresses include port information as well. An explanation of the different connection states is given in Table here:
Description of various connection states State Description Indicates that the server has received an ACK signal from the client and the connection is closed Indicates that the server has received the first FIN signal from the client and the connection is in the process of being closed Indicates that the server received the SYN signal from the client and the session is established Indicates that the connection is still active but not currently being used Indicates that the client just received acknowledgment of the first FIN signal from the server Indicates that the server is in the process of sending its own FIN signal Indicates that the server is ready to accept a connection
CLOSED
CLOSE_WAIT
ESTABLISHED
FIN_WAIT_1
FIN_WAIT_2
LAST_ACK LISTENING
SYN_RECEIVED Indicates that the server just received a SYN signal from the client SYN_SEND Indicates that this particular connection is open and active Indicates that the client recognizes the connection as still active but not currently being used
TIME_WAIT
Checking for malware by looking at which programs initiate connections To find out which programs are making connections with the outside world, we can use the command netstat -b (Note that for Windows Vista/7, this particular switch requires that the command prompt have elevated privileges.) Actually, it is better to check over a period of time and we can add a number that sets the command to run at fixed intervals. Also, it is best to create
a written record of the connections that are made over some period of time. The command can then be written netstat -b 5 >> C:\connections.txt Note that as written, this command will run with five-second intervals until stopped by entering "Ctrl+c", which is a general command to exit. (Some reports say that this can be fairly CPU intensive so it may cause a slower, single-core machine to run sluggishly. It was not noticeable on my dual-core machine.) A simple example of the type of output is shown in Figure below. Note that the Process ID (PID) is given when using Windows XP. In Windows Vista/7, the switch "o' has to be added to display PIDs. This command can be combined with other tools such as Task Manager to analyze what executable files and processes are active and are trying to make Internet connections.
Sample output for command "netstat -b" in Windows XP
Windows XP batch program to check connections and terminate automatically The previous example of using "netstat -b" to check connections at intervals has the disadvantage that it requires manual termination. It is also possible to use a batch file that runs a specified number of times with a given time interval and then terminates automatically. In Windows XP we can make use of a command from the Windows 2003 Server Tools called "Sleep". A possible batch file is:
@echo off echo Checking connections for /L %%X in (1,1,100) do (netstat -b >> C:\connections.txt)&&(sleep 5)
Copy and paste above command in a notepad and then save it as for example sleep.bat to make corresponding batch file. This particular example does 100 iterations of the netstat command at 30 second intervals and writes the results to a file C:\connections.txt. By using different combinations of the switches in firstTable, the type of output can be varied.
Batch program to check connections in Windows Vista and Windows 7 Windows Vista and Windows 7 do not require installing the "Sleep" file. A command " timeout" has been added to these operating systems that serves a similar purpose. A possible batch file for Windows Vista/7 is: @echo off echo Checking connections for /L %%X in (1,1,100) do (netstat -b >> "%USERPROFILE%\connections.txt")&& ((timeout /t 5 /nobreak)>nul) Copy and paste above code in a notepad file and then save it as for example timeout.bat. This batch file has to be run with administrator privileges.
9 - nslookup With the Internet, DNS (Domain Name Service) is the key for allowing us to use friendly names when surfing the web instead of needing to remember IP Addresses. But when there are problems, nslookup can be a valuable tool for testing and troubleshooting DNS servers. Nslookup can be run in two modes: interactive and noninteractive. Noninteractive mode is useful when only a single piece of data needs to be returned. For example, to resolve google.com:
To use the interactive mode, just type nslookup at the prompt. To see all available options, type help while in interactive mode.
Don't let the help results intimidate you. Nslookup is easy to use. Some of the options I use when troubleshooting are: set ds (displays detailed debugging information of behind the scenes communication when resolving a host or IP Address). set domain (sets the default domain to use when resolving, so you don't need to type the fully qualified name each time). set type (sets the query record type that will be returned, such as A, MX, NS) server NAME (allows you to point nslookup to use other DNS servers than what is configured on your computer) To exit out of interactive mode, type exit .
10- Ping and tracert - These tools can be helpful with connectivity to other systems. Ping will test whether a particular host is reachable across an IP network, while tracert (traceroute) is used to determine the route taken by packets across an IP network. To ping a system just type at the prompt: ping www.google.com. By default, ping will send three ICMP request to the host and listen for ICMP “echo response” replies. Ping also includes switches to control the number of echo requests to send (-n ), and to resolve IP addresses to hostname (-a ). To use tracert, type at the prompt: tracert www.google.com. You can force tracert to not resolve address to hostnames by using the -d switch, or set the desired timeout (milliseconds) for each reply using -w switch.
11 - gpresult - Used mostly in environments that implement group poicies, gpresults (Group Policy Results) verifies all policy settings in effect for a specific user or computer. The command is simple to use, just enter gpresults at the prompt. It can also be used to connect to computers remotely using the /S and /U switches.
12 - netsh - Without a doubt the most powerful command line tool available in Windows. Netsh is like the swiss army knife for configuring and monitoring Windows computers from the command prompt. It capabilities include:
Configure interfaces Configure routing protocols Configure filters Configure routes Configure remote access behavior for Windows-based remote access routers that are running the Routing and Remote Access Server (RRAS) Service Display the configuration of a currently running router on any computer
Some examples of what you can do with netsh:
Enable or disable Windows firewall:
netsh firewall set opmode disable netsh firewall set opmode disable
Enable or disable ICMP Echo Request (for pinging) in Windows firewall: netsh firewall set icmpsetting 8 enable netsh firewall set icmpsetting 8 disable
onfigure your NIC to automatically obtain an IP address from a DHCP server:
netsh interface ip set address "Local Area Connection" dhcp (For the above command, if your NIC is named something else, use netsh interface ip show config and replace the name at Local Area Connection). As you can see netsh can do alot. Instead of re-inventing the wheel, check out the following Microsoft article for more info on netsh.
Note: For further information about CMD and Terminal, please refer to the following link: 1. http://ss64.com 2. http://linux.about.com/od/commands/Linux_Commands_and_Shell_Commands.htm
Linux
To ensure a secure communications platform, it’s recommended to install Linux. Follow Installing Ubuntu Linux to create a secure communications platform or for additional information.
Installing Ubuntu Linux Introduction
Now you walk through installing Ubuntu 10.04, aka “Lucid Lynx”, the April 2010 Long Term Support (LTS) release with encrypted home directories.
What is Linux?
Linux typically refers to the collection of software that runs on top of the Linux Kernel. While in colloquial use, “Linux” often refers to a compiled selection of software packaged to run together as an operating system, the name Linux specifically refers to the kernel, which is the interface between the hardware and all the other software that runs on a computer. For the sake of brevity, Linux is a mature, secure operating system that includes a wide collection of powerful software that is usually both free as in beer (cost) and free as in speech (freedom). It offers powerful free tools that enable one to computer and communicate securely and privately.
What is Ubuntu Linux?
Ubuntu Linux is a Linux Distribution that is based on the Debian Linux distribution, with corporate support from Canonical and a 6 month release cycle. It is a distribution whose design is focused around ease of use and setup, stability, accessible security, a very wide array of prepackaged software, and has one of the largest adoption rates of any Linux distribution. The main Ubuntu release runs the GNOME Desktop Environment, but also has different flavors that run different desktop environments, such as Kubuntu, which runs the KDE Software Compilation, or Xubuntu, which runs the Xfce Desktop Environment. This guide recommends the Ubuntu 32bit 10.03 Lucid Lynx release of Ubuntu for ease of use and features.
How to install Ubuntu Linux
Here we recommend the use of the 32bit version of Ubuntu.
Download and prepare for installation – The link below also contains information on how to prepare the Ubuntu image you download for installation on your computer from whatever operating system you’re using.: http://www.ubuntu.com/download/ubuntu/download
Once you’ve prepared your install medium and booted your computer into Ubuntu, try it out first to make sure everything is working with your hardware. Ubuntu supports a wide variety of hardware, but lots of cutting edge hardware and certain classes of hardware (wireless cards, video cards, and sound cards usually pose the most problems) are currently unsupported or not fully supported. This is because the drivers for the hardware are usually written by volunteers who lack the documentation to the hardware. Also, make sure that you have backup copies of all the files you need before making any modifications to your hard drive (you have to complete all the installation steps in Ubuntu and click “Install” before it modifies your hard drive). Try Ubuntu on your computer first to make sure all your hardware is compatible.
After testing Ubuntu go ahead and reboot and start the install Select your timezone. In Step 3, select the keymap used by your keyboard. If uncertain that the current selection is correct, try typing in the input box. In Step 4 of the Ubuntu installer, you choose whether or not you want to install Ubuntu by itself on your computer, or side-by-side with another operating system (Windows or OS X, probably). This guide recommends installing Ubuntu by itself (if nothing else there are just fewer places for you to keep sensitive information and thus a lower probability of keeping it somewhere that’s easier to compromise), however if you really need a different operating system for some reason, it’s better to have a secured Linux
install with an encrypted home directory and using it for secure communication than attempting to secure windows or OS X. You shouldn’t need to use the “Advanced” options.
Step 5 includes the creation of a username, password, and enabling encrypted home directories. The ubuntu installer indicates the relative strength of a password (“strong” in the case of this screenshot); strong should be the minimum. Weak passwords severely compromise all other security measures. Unless you have a specific reason to use your real name (especially your full name), it’s recommended to use an unrelated alias for yourself in order to give as little personal information as necessary. Click the “Require my password to log in and to decrypt my home folder”
The ubuntu installer seems to skip step 6 every time I’ve used it. Review the installation details and install Ubuntu. This step should take about 10-30 minutes depending on the speed of your computer (maybe more for older machines), after which it will ask you to remove the boot installation media and reboot the computer into your new Ubuntu install!
There is a script and instructions attached to this document can guide you through installing common software that isn’t installed in Ubuntu by default, usually for space reasons or because of legal uncertainties in some countries (like restricted codecs–patent licenses), and making various customizations that people often want upon a new install of ubuntu. The script adds extra repositories: Ubuntu restricted, extras,Medibuntu Getdeb, Dropbox, and install from repository softwares like The GIMP, Pidgin, WINE, Chromium browser, Gnome Do, Guake, VLC media player, Mplayer, SMplayer, Thunderbird, Dropbox, Codecs and more. This script is actually available just for only Ubuntu 10.04 lucid Lynx. Features: - Zenity for a GUI - Adds extra repositories: Ubuntu restricted, extras, Medibuntu, Getdeb, Dropbox (only if you select to install Dropbox)
- Installs from repositories: The GIMP, Pidgin, WINE, Chromium browser, Gnome Do, Guake, VLC media player, Mplayer, SMplayer, Thunderbird, Dropbox, Codecs (multimedia, java, flash), additional archives support, DVD support and fonts, Ubuntu Tweak, Deluge Torrent, CompizConfig Settings Manager, Development tools (from build-essential to Subversion, GIT and so on). - Downloads and installs the following: Google Chrome browser (will download the build for 32 or 64 bit, depending on your Ubuntu version), official smiley themes for Pidgin (for all the protocols), the latest Flash Player for 64bit via Adobe’s website, Skype (32 or 64bit, depending on your Ubuntu version). - Tweaks: o Move window buttons to the right (Karmic style) Change Update Manager behavior to the one in Jaunty o Remove mounted drive icons from desktop o Disable the GDM login sound o Enable the icons in menus and buttons o Disable the GDM login user list o Remove the Ubuntu-docs package (frees up 252MB) o Change Gnome Calendar first day of the week from Sunday to Monday o Downloads, installs and configure sharp fonts o Fix ‘apt-get update’ delay for Google repository o Automatically mount NTFS drives on startup - Automatically accepts the JAVA license so you don’t have to - The Medibuntu server is currently down which made me develop a new feature: the script now tests the main Medibuntu server and 2 other mirrors and adds whichever of these 3 is working. - Lots of checks to make sure you run the script properly: will check if the script is ran as root, if Synaptic, apt-get, dpkg or Software Center is running and will ask you to close it before running the script, checks the internet connection to make sure you can actually install the packages, etc.
Help link: https://launchpad.net/ubuntustart ; http://www.webupd8.org
Download and Install Ubuntu Start script from the document Installation: Because this script need Zenity installed to work properly, first install it: sudo apt-get install zenity - Now download Ubuntu start from the link above and cd the directory where you downloaded the script, in my case cd /home/zinovsky/Downloads/ubuntu-10.04-start/ - Now make the script executable using this commad: chmod +x ubuntu-10.04-script Now run the script : sudo ./ubuntu-10.04-script You will got this screen as step one, choose what you want to do then click ok
After you will got a screen with step2, just check in the software you want to install and click OK
Encrypted Ubuntu 8.04
Data encryption is one of the best methods to protect your sensitive files; here you learn how to install a fully encrypted Ubuntu OS on your computer. The whole process is completely safe and it is recommended to be used by anyone out there who wants to protect his/her sensitive data. 1-First you need to download Ubuntu 8.04 CD (iso file) from one of links below: http://releases.ubuntu.com/8.04 (recommended) http://linux.softpedia.com/get/System/Operating-Systems/Linux-Distributions/Ubuntu-HardyHeron-32974.shtml (not recommended) 2-iso image needs to be burnt into a blank install cd with your favorite CD/DVD burning application, reboot your computer and boot from this newly created CD. Select your preferred language for the installation process...
Then, the Ubuntu boot menu will appear, select the first option 'Install Ubuntu' and hit Enter...
Choose your native language and region...
On the following screen, choose 'Yes' if you want to let the installer auto-detect your keyboard layout or choose 'No' to select a default layout from the next screen(s) (e.g. for a US English keyboard, select 'No', hit Enter, then on the second screen select 'U.S. English', hit Enter and on the third screen select 'U.S. English' again and hit Enter to continue)...
It will then detect some of your hardware components and configure the network with DHCP...
Enter a desired hostname when asked...
Configure the time zone...
Disk partitioning will start. Select the third option: Guided - use entire disk and set up encrypted LVM...
Choose the hard disk where Ubuntu will be installed...
Note: Please provide an MASTER (not SLAVE) empty hard drive for this installation, because all the data will be erased after you confirm the changes and in order to prevent the overwriting of the MBR (boot sector) in case you have another operating system
installed. Confirm the changes...
You'll be asked to enter a passphrase (a strong password; the longer, the better)...
Confirm the passphrase...
Note: Please write down the passphrase in case it's too long and you can't remember it! Now, the partitioning tool will format the hard drive and create the default partitioning scheme. Confirm the changes...
The hard drive partitioning process will start:
And the base system will be installed...
Create a user and set up a password for it...
You will be asked to enter a proxy for the package manager. If you use a proxy, please enter it now. If not, just hit Enter on this screen...
The rest of the software will be installed now...
Then the GRUB boot loader will be automatically configured and installed...
Set the system clock to UTC...
The installation is complete now, hit 'Continue' to eject the CD and reboot the system...
When the system starts, you will be asked to input the passphrase that you've setup during the system's installation...
The system will continue to boot...
That's it folks, your whole Ubuntu 8.04 is now fully encrypted!
But what to do if you want to use partitioning manually:
Please use a "heavy" passphrase, possibly spread some @£${[]}£$#¤%& or other signs between, it is possible make double words like this: "haPpy$horse jUmping£fences" (without the double quotes) - DO NOT use words from dictionaries - possibly use some childrens funny words phrase - use your phantasy - the longer passphrase is safer. Please keep the passphrase in a safe place, far away - do not ever tell anybody.
You can now use ubuntu in a normal way, and will not feel much difference from using an unencrypted ubuntu, except when making a backup. Here are packages, which is important to be installed (below is a quick way to install them). Open a terminal, and select one line at a time with the left mouse cursor - then paste the line into the terminal with the middle mouse wheel - enter: sudo apt-get install alien amarok amsn apt-doc apt-howto-en audacious audacity sudo apt-get install auto-apt avidemux ayttm camorama camstream checkinstall sudo apt-get install cheese codeine cryptkeeper debian-policy dpkg-dev sudo apt-get install effectv encfs etherape fdupes festival festvox-kallpc8k sudo apt-get install ffmpeg ffmpeg2theora filelight findimagedupes firestarter sudo apt-get install flashplugin-nonfree geany gimageview gocr gparted gqview sudo apt-get install graphicsmagick grokking-the-gimp gspca-source gstreamer0.10-fluendo-mp3 sudo apt-get install gxine htop idanish imagemagick inkscape istanbul k3b kde kdirstat sudo apt-get install kino koffice kompozer krename kvm lame-extras liblame-dev sudo apt-get install linux-source-2.6.24 lkl lynx mencoder menu menu-xdg mjpegtools sudo apt-get install mp3splt mp3wrap mplayer ocrad ogle openssh-server outguess sudo apt-get install pinfo pterm putty pwgen pysdm qemu recoll recordmydesktop sane sudo apt-get install sane-utils scrot secure-delete smartmontools soundconverter sox
sudo apt-get install squashfs-tools ssh stegdetect subversion sun-java6-jre sysv-rc-conf sudo apt-get install tor transcode ubuntu-restricted-extras usbmount vcdimager vlc wipe sudo apt-get install xawtv xine-ui xmms2 yakuake sudo apt-get install qc-usb-utils qc-usb-source motv gqcam luvcview streamer dspam sudo apt-get install pyvnc2swf xvidcap wink wengophone esound gwenview kipi-plugins sudo apt-get install bzr bazaar-doc sudo apt-get install virtualbox-ose virtualbox-ose-guest-modules-generic sudo apt-get install virtualbox-ose-modules-2.6.24-16-generic sudo apt-get install virtualbox-ose virtualbox-ose-guest-modules-2.6.24-16-generic sudo apt-get install virtualbox-ose-modules-2.6.24-17-generic sudo apt-get install virtualbox-ose-guest-modules-2.6.24-17-generic Comments: Modern hard disks have sufficient space, so sometimes it is better to install too many -than to few packages.
Warning: when you are logged in and using your encrypted Ubuntu, everybody can see what you are doing - so you have to log out and switch your computer off, in order to make your hard disk encrypted - also note, that you have to let the computer stay switched off for at least 10 minutes, in order to empty the RAM (random access memory) completely – it is possible to copy your ram in 10 minutes period, with specialized software, before cooling the ram completely. You could still have an encrypted directory on this encrypted hard disk, using e.g. encfs - and encrypt single files, using e.g. GNUpg .
How to make a lvm snapshot (on a 80 GB hard disk): Open a terminal, and run the following commands: sudo lvcreate -L25G -s -n snapshot /dev/vg01/sysroot (Creates a logical volume (LG) by the name snapshot - could be any name you choose - and copies all folders -and files from the sysroot logical volume (your Ubuntu 8.04), which existed just on the time of pressing the "Enter" button). sudo mkdir -p /mnt/snap (Creates a directory by the name /mnt/snap to be used for mounting the snapshot volume). sudo mount /dev/vg01/snapshot /mnt/snap (Mounts the "snapshot" logical volume onto /mnt/snap)
ls -l /mnt/snap (Lists all the folders existing in the "snapshot" logical volume - an exact copy of the directories in "sysroot" logical volume, which is your ubuntu 8.04 system) sudo tar -pczf snapshot.tar.gz /mnt/snap (Creates a tar archive file of the whole contents of the "snapshot" logical volume by the name "snapshot.tar.gz" - you could use another name - the size of the "snapshot.tar.gz" file might be aproximately 3.8 GB at this stage). Please note that a Linux system consists of only files (ONLY). You could encrypt this "snapshot.tar.gz" file using gpg (gnupg-agent package) - into "snapshot tar.gz.gpg" - and then copy this encrypted file onto an external harddisk - you will need to have gnupg-agent active with your secret -and public keys - (gnupg-agent is installed by default in ubuntu 8.04). If you created the gpg keys using the e-mail address "[email protected]" you could encrypt the file using following command: gpg -r [email protected] -e snapshot.tar.gz (would create an encryptet file by the name "snapshot.tar.gz.gpg"). You could then copy the "snapshot.tar.gz.gpg" onto an external harddrive, and keep it there as an encrypted backup file. If you later might need it, you just copy it back from the external harddisk into the /home/yourusername directory and decrypt it with the following command: gpg -o snapshot.tar.gz -d snapshot.tar.gz.gpg (will recreate the "snapshot.tar.gz" file) In order to empty the snapshot logical volume run: sudo rm -R /mnt/snap/* To restore the "snapshot.tar.gz" file into the snapshot logical volume run the following two commands: cd /home/yourusername (change directory, so you are standing in /home/yourusername directory - "snapshot.tar.gz" should be placed here).
sudo tar -pxzf snapshot.tar.gz -C / (restores the contents of "snapshot.tar.gz" file into the "snapshot" logical volume which is mounted on the /mnt/snap directory). You can now copy the contents of the "snapshot" logical volume back into the "sysroot" directory: sudo cp /mnt/snap/* / (This will copy the whole contents of the "snapshot" logical volume onto the "sysroot" directory). You could also open the Konqueror File Manager and drag and drop with the left mouse cursor: sudo konqueror (Opens Konqueror as sudo). In order to always have /mnt/snap mounted, add the following line in the /etc/fstab file: /dev/vg01/snap /mnt/snap ext3 relatime 0 0
You can open the /etc/fstab file using the kate editor with the following command: sudo kate /etc/fstab (Please remember to save the file after you have added the new line) Here follow som further lvm commands: sudo lvdisplay (Displays your logical volumes). sudo vgdisplay (Displays your volume group). sudo pvdisplay (Displays your physical volumes). sudo lvremove -f /dev/vg01/snapshot (Removes the "snapshot" logical volume).
Full installation of Ubuntu to a USB flash drive
This is a full installation of Ubuntu and will act just like an installation to an internal hard drive. All changes are saved in real time and the system can be fully updated and edited. We use” moving Wubi to flash drive” for practical installation on USB. Wubi is an officially supported Ubuntu installer for Windows users. It can install and uninstall Ubuntu in the same way as any other Windows application. It's simple and safe. Download Wubi from here: For last version of Ubuntu: http://ie.releases.ubuntu.com//oneiric/wubi.exe , http://www.ubuntu.com/download/ubuntu/windows-installer For Ubuntu 10.04: http://mirror.anl.gov/pub/ubuntu-iso/CDs/10.04/ http://mirror.anl.gov/pub/ubuntu-iso/CDs/10.04/wubi.exe Or please refer to http://mirror.anl.gov/pub/ubuntu-iso/CDs/ to obtain Wubi and Ubuntu image files from version 8.04 to 11.10
You have to open it to run the installer. You will find the detailed instructions below. If you need further help, the various support options are listed at the bottom of this page. If you are using Internet Explorer, you'll be asked whether you want to run or save the file. Choose 'Run' to launch the installer.
Most other browsers, like Firefox, will only ask you to save the file. Click 'Save' and then double-click the downloaded file to launch the installer.
Install If a security message like this appears, click 'Continue' to proceed with the installation. To install Ubuntu, all you need to do is choose your username and password. Please note that you have to enter your password twice to make sure you typed it correctly.
After choosing your password, click 'Install'. The files will be downloaded and installed automatically.
Wait until Ubuntu is downloaded and installed. Please note that the whole process can take a while – the downloaded file size is 700MB
When the installation is complete, you will be prompted to restart your computer. Click 'Finish' to restart.
After your computer restarts, choose 'Ubuntu' from the boot menu.
To uninstall Ubuntu, go to Add/Remove applet from the Control Panel and select to remove.
Click the Uninstall button
That’s all to it. Your Windows system to return back to where it was before installing Ubuntu
Moving WUBI to a USB Flash Drive
What is really neat about Ubuntu's WUBI installer is that it utilizes a disk image to house the entire operating system, making it very portable already. You basically just need a bootloader to go with it to make it run from USB. Moreover, since the filesystem on your USB is NTFS, you can still use the device to store files in Windows. Prerequisites for the following WUBI to USB tutorial
WUBI pre-installed on Windows HP USB Disk Storage Format Tool 2.2.3 USB flash drive or external hard drive (capacity must be greater than the local Ubuntu folder)-Ubuntu and WUBI are products of Canonical Ltd-The USB Format Tool is a product of Hirens
How to Move WUBI to a USB Flash Drive 1. Download: http://freesoftwarefinder.com/downloads/HPUSBDisk.exe the HP USB Format tool, and format your USB Flash Drive using the NTFS file system 2. Copy the following folders and files from your C: drive to the root of your USB device ubuntu wubildr wubildr.mbr 1. Download: http://download.gna.org/grubutil/grubinst-1.1-bin-w32-2008-01-01.zip and extract grubinst then run grubinst_gui.exe (right click – run as administrator in Vista/Win7) 2. From the Grub4DOS Installer: (1) Select your USB Disk from the drop down (2) Click Refresh Part List (3) Select Whole disk [MBR] from the drop down (4) Type wubildr for the Boot File
(5) Click Install
3. Reboot your PC with your BIOS set to Boot from the USB Device 4. Highlight the first entry in the Grub2 Menu and Press E to edit
5. Do the following while in edit mode:
(1) Delete all lines before line linux /boot/vmlinuz-2.6.31… (2) Change root=/dev/sda2 to root=/dev/sdb1
(3) Press Ctrl+X to boot
6. Your WUBI install should now be booting from your USB device 7. Once booted, open a terminal and type update-grub 8. Reboot and try out your USB WUBI Install Notes: update-grub automagically configures the new grub.conf file based on what it has detected from the running environment. * Once you have verified that your portable WUBI boots, you can uninstall the local WUBI install from your PC. Just make sure to remove the USB device before uninstalling. Additionally, to gain about 691MB of space, you can delete the "install" and "winboot" folders and the "uninstall-wubi.exe" file from the "ubuntu" folder on your USB device. Troubleshooting Tips: If Grub can’t find your USB Wubi install, you can try a different root=/dev/sdx# during step 7 above: Example, if your computer contains no other SATA devices:
root=/dev/sda1
Example, if your computer contains two other SATA devices:
root=/dev/sdc1
How to make Ubuntu Live USB from CD
Ubuntu USB Flash Drive creation via CD essentials
Working CD Drive and an Ubuntu Live CD 1GB or larger USB flash drive (I recommend a 4GB if using persistence)
Persistent Feature: Yes Installing Ubuntu to a Flash Drive via Startup Disk Creator: Note: Back up ALL data from your Flash Drive before proceeding! 1. Insert your Ubuntu CD and restart your computer, booting from the Live CD 2. Insert a 1GB or larger USB flash drive 3. Navigate to System > Administration > Startup Disk Creator: 4. Next, (1) Select your Flash Drive from Disk to use (2) Choose to Erase Disk (Make sure you have backed up any important data first)
5. Now, (1) Select the partition related to your Flash Drive, (2) For Persistence, select the option Stored in reserved extra space and adjust the slider to desired capacity (4) Click the Make Startup Disk button: 6. A bar appears to indicate the progress of the install. Once the installation is complete, remove the CD, restart your computer and set your Boot Menu or System BIOS to boot from your USB device. You should now be booting from your Ubuntu Startup Disk
Install Debian Live to a Flash Drive from Windows
Here is the process of installing Debian Live to a USB Flash Drive from Windows. Debian Live is a continuing project headed by Daniel Baumann, that offers (usb-hdd) Debian Images and ISO's of the Debian Live operating system with the Gnome, KDE, lxde or Xfce desktops. In addition, for those running from a Linux environment, a custom Debian Live ISO or USB Image can easily be created using the Live-Helper scripts Note: This Debian Live installation method will format and create a 704MB fat partition on your Flash Drive. In Windows, your drive will appear to be only 704MB, because Windows does not detect the rest of the space which will be utilized for the ext2 persistent feature.
Debian Live 5.0 Desktop Debian and Debian Logos: Trademarks of Software in the Public Interest, Inc.: http://www.spiinc.org/ Win32Disk Imager: win32-image-writer: https://launchpad.net/win32-image-writer/ Distribution Home Page: debian-live.alioth.debian.org: http://debian-live.alioth.debian.org/ Minimum Flash Drive Capacity: 1GB Persistent Feature: Yes
Installing Debian Live to USB using Windows Warning: The contents on your Flash Drive will be wiped out. Backup anything you want to save before proceeding. 1. Insert a 2GB or larger Flash Drive (for Debian Live with Persistence) 2. Download a Debain-Live Gnome, Xfce, KDE or lxde img (and save it to your desktop) http://cdimage.debian.org/cdimage/release/current-live/i386/usb-hdd 3. Download the Win32 DiskImager (and extract it's content to a folder on your desktop) http://launchpad.net/win32-image-writer/0.2/0.2/+download/win32diskimager-RELEASE-0.2r23-win32.zip 4. Navigate to where you extracted the contents of the Win32DiskImager and run Win32DiskImager.exe Note: you may notice a window saying: An error occurred when attempting to get the device information. Error 8: - simply click OK to continue
5. (1) Browse to and select your Debian-Live .img file (2) Select your USB Device (3) Click
Write to write the image to the device 6. A progress bar will indicate the progress of the write. Once it has finished, simply reboot your PC and set your BIOS or Boot Menu to boot from the USB Device
If all goes well, you should now be booting from your own Portable USB Debian Live Flash Drive. How to make the Debian Live install Persistent: The following information was suggested by Leong Yu Siang. After you’re up and running from your Debian Live created Flash Drive, do the following: 1. Navigate to System > Administration > Partition Editor
2. (1) Select your USB device from the drop down in the upper right corner (2) Right Click the Unallocated Space and select New
3. (1) Set the Filesystem to Ext2 (2) type live-rw for the label (3) Click Add
4. Once the process has finished, reboot your Debian Live system 5. At the splash boot screen, hit the Tab key 6. Add the word persistent to the string and then hit Enter If all goes well, you should now be booting into your Debian Live with persistence. In order to save and restore any changes you make, you need to perform steps 5 and 6 during each boot. Another option is to replace the live.cfg file in the syslinux directory on your Flash Drive with this (right click save as) live.cfg file which will add a default persistent boot option to the boot menu.If you would like to return your Flash Drive to its previous state, you can use http://www.ipauly.com/bootice/bootice_0.9.rar and Choose USB-FDD Mode and FAT32 format.
Downloading and installing Live-Helper: 1. Open a terminal and type sudo gedit /etc/apt/sources.list Add deb http://live.debian.net/debian/ etch main to the list and save the file. 2. Back at the terminal, type sudo apt-get update 3. Type sudo apt-get install debian-unofficial-archive-keyring 4. Type sudo apt-get install live-helper Configuring the settings for your Debian based Live CD: 1. Login as root and open a terminal (must be done as root user) 2. From the terminal, type lh_config Now we can edit the configuration files that have been created in (root's Home) debianlive/config/ directory
Open debian-live/config/chroot, Set the interactive parameter LIVE_INTERACTIVE="enabled" (this allows you to chroot to the filesystem and make changes before it is compressed) You should also set the live package to install. For example: LIVE_PACKAGES_LISTS="gnome" (will install the gnome desktop) Save changes and close the chroot file
Note: To create a USB Image instead of an ISO, open debian-live/config/binary and change the image type parameter from iso to usb-hdd LIVE_BINARY_IMAGES="usb-hdd" Building the Debian based Live Linux ISO or IMG: Now that we have made a couple of basic configuration changes we can proceed with the build process. 1. Back at the terminal type cd debian-live (moves us to debian-live, where our live distro is going to be built) 2. Type lh_build (starts the build process based on our live configuration settings) During the build process, live-helper will create a directory named chroot containing the Linux filesystem that will later be compressed. Once live-helper has finished installing the core components, it will start an interactive shell (change root directory to chroot) pausing the build and allow you to install additional packages and make changes or adjustments before it compresses the filesystem and builds the final Live Linux ISO.
3. At the terminal, when the script responds with the following: Pausing build: starting interactive shell…
Make your changes, if any and then type exit to allow live-helper to continue.
Burn the ISO and test your new creation: Once live-helper has finished, you'll find your completed ISO in the debian-live directory. 1. Burn the ISO to a CD or DVD 2. Test your new creation by rebooting from the CD/DVD. Or to Copy the IMG to the USB device: 1. From the terminal type fdisk -l and locate your USB device. Example: dev/sdX (where X represents your USB device) 2. Type dd if=binary.img of=/dev/sdX 3. Reboot your PC, booting from the USB device Note: With your CD/DVD or USB build, you can save your changes back to a USB device via the persistent feature. Simply create a partition on the device labeled casper-rw and type live persistent at boot to enable saving and restoring of settings/changes. Example: mkfs.ext2 -L casper-rw /dev/sdx2
Ubuntu Privacy Remix: UPR
Ubuntu Privacy Remix creates such a working environment on any PC with the following measures:
The system resides on a non-writable CD, i.e. it is in the original state after every reboot and cannot be modified afterwards. Spyware and other mailicious software cannot be installed permanently. All alterable user data reside on encrypted removable media like USB flash drives.
The system kernel is modified so that it ignores any network hardware. UPR therefore is an isolated system which can not be attacked via LAN/WLAN/Bleutooth/Infrared etc. UPR mounts removable media and TrueCrypt volumes with the 'noexec' option. This prevents executing malicious programs that were imported accidentally into the UPR-System via removable media. Therewith it is secured, that the running UPR-System can not be infected this way.
The system is based on free software which can be verified in source code. The system completely ignores any local hard disks. Neither can they be used by malicious software to save sensitive data outside the encrypted removable media - unencrypted and unnoticed for later attacks - , nor could this happen accidentally by the users inattention. Malicious software can also not be loaded from already compromised hard disks into UPR.
To ease working with a non-modifiable system, UPR introduces "extended TrueCryptVolumes", which can store program configuration like GnuPG settings, OpenOffice dictionaries etc. permanently and securely within an encrypted volume. These settings are automatically made available after opening such an "extended TrueCrypt-Volume". This method is only an optional alternative to using standard TrueCrypt volumes NOTE: Ubuntu Privacy Remix is NOT for anonymous internet surfing since its modified kernel ensures that no network hardware.
• No hard drive installation • Read-only filesystem • No Internet connection • TrueCrypt encryption software: you will learn more about it later • Extended TC-Volumes • GNOME 2.22 desktop environment Ubuntu Privacy Remix is based on the Ubuntu 8.04 LTS (Hardy Heron), it is dubbed Hardened Heron and includes some of the best cryptographic applications available today: GnuPG and TrueCrypt.
For more information about” how to use” and its “features” please refer to: https://www.privacy-cd.org/en/tutorials https://www.privacy-cd.org/en/features-mainmenu-35 Download: https://www.privacy-cd.org/index.php?option=com_content&view=article&id=66&Itemid=89
Windows
It is not recommended to use Windows as a secure communication platform. While Windows can be locked down to provide a more secure environment than is provided by default, the tendencies in Windows lean towards very lax security. There is also a multitude of pre-built exploits for windows that make it easier for attackers to compromise. Here are some bullet points against using windows for secure communications:
widespread distribution of malware/Trojans/viruses that could log key strokes, bypassing encryption schemes and/or logging other information targeted hacking and malware installation is actively used by governmental agencies with Windows being most susceptible Usually uses an unencrypted file system, main encryption tool is proprietary and cannot be scrutinized for exploits, back doors, or other weaknesses. User accounts are administrators by default Since Windows is proprietary and closed-source, there is no outside scrutiny for defects, back doors, or anything that “phones home”. You’re trusting Microsoft completely with whatever secrets you choose to put on your computer.
How to Install Windows XP
The procedure to install Windows XP home edition is very similar to the professional edition. Since Windows XP Pro is more advanced operating system, it will be used to demonstrate the installation procedure. The best way install Windows XP is to do a clean install. It is not difficult to perform a clean installation. Before you perform the installation I recommend that you check Windows XP Compatibility List here: ftp://ftp.microsoft.com/services/whql/hcl/WinXPHCLx86.txt to ensure that your hardware is supported by XP. If your hardware is not on the compatibility list you can check your hardware manufactures website to download the drivers for Windows XP. Save all the necessary drivers onto floppy disks or CD before you start the installation. All versions of Windows XP CD are bootable. In order to boot from CD/DVD-ROM you need to set the boot sequence. Look for the boot sequence under your BIOS setup and make sure that the first boot device is set to CD/DVD-ROM. You can then perform the following steps to install Windows XP: Step 1 - Start your PC and place your Windows XP CD in your CD/DVD-ROM drive. Your PC should automatically detect the CD and you will get a message saying "Press any key to boot from CD". Soon as computer starts booting from the CD your will get the following screen:
Step 2 - At this stage it will ask you to press F6 if you want to install a third party Raid or SCSI driver. If you are using an IDE Hard Drive then you do not need to press F6. If you are using a SCSI or SATA Hard drive then you must press F6 otherwise Windows will not detect your Hard Drive during the installation. Please make sure you have the Raid drivers on a floppy disk. Normally the drivers are supplied on a CD which you can copy to a floppy disk ready to be installed. If you are not sure how to do this then please read your motherboard manuals for more information. Step 3 - Press S to specify that you want to install additional device.
Step 4 - You will be asked to insert the floppy disk with the Raid or SCSI drivers. Press enter after you have inserted the disk. Step 5 - You will see a list of Raid drivers for your HDD. Select the correct driver for your device and press enter.
Step 6 - You will then get a Windows XP Professional Setup screen. You have the option to do a new Windows install, Repair previous install or quit. Since we are doing a new install we just press Enter to continue. Step 7 - You will be presented with the End User Licensing Agreement. Press F8 to accept and continue
Step 8 - This step is very important. Here we will create the partition where Windows will be installed. If you have a brand new unformatted drive you will get a screen similar to below. In our case the drive size is 8190MB. We can choose to install Windows in this drive without creating a partition, hence use the entire size of the drive. If you wish to do this you can just press enter and Windows will automatically partition and format the drive as one large drive. However for this demonstration I will create two partitions. The first partition will be 6000MB (C: drive) and second partition would be 2180MB (E: drive). By creating two partitions we can have one which stores Windows and Applications and the other which stores our data. So in the future if anything goes wrong with our Windows install such as virus or spyware we can reinstall Windows on C: drive and our data on E: drive will not be touched. Please note you can choose whatever size partition you like. For example if you have 500GB hard drive you can have two partitions of 250GB each.Press C to create a partition.
Step 8 - Windows will show the total size of the hard drive and ask you how much you want to allocate for the partition you are about to create. I will choose 6000MB. You will then get the screen below. Notice it shows C: Partition 1 followed by the size 6000 MB. This indicates the partition has been created. We still have an unpartitioned space of 2189MB. Next highlight the
unpartitioned space by pressing down the arrow key. Then press C to create another partition. You will see the total space available for the new partition. Just choose all the space left over, in our case 2180MB.
Step 9 - Now you will see both partition listed. Partition 1 (C: Drive) 6000MB and Partition 2 (E: Drive) 2180MB. You will also have 8MB of unpartitioned space. Don't worry about that. Just leave it how it is. Windows normally has some unpartitioned space. You might wonder what happened to D: drive. Windows has automatically allocated D: drive to CD/DVD-ROM. Select Partition 1 (C: Drive) and press Enter.
Step 10 - Choose format the partition using NTFS file system. This is the recommended file system. If the hard drive has been formatted before then you can choose quick NTFS format. We chose NTFS because it offers many security features, supports larger drive size, and bigger size files.
Windows will now start formatting drive C: and start copying setup files as shown on the two images below:
Step 11 - After the setup has completed copying the files the computer will restart. Leave the XP CD in the drive but this time DO NOT press any key when the message "Press any key to boot from CD" is displayed. In few seconds setup will continue. Windows XP Setup wizard will guide you through the setup process of gathering information about your computer. Step 12 - Choose your region and language.
Step 13 - Type in your name and organization. Step 14- Enter your product key.
Step 15 - Name the computer, and enter an Administrator password. Don't forget to write down your Administrator password.
Step 16 - Enter the correct date, time and choose your time zone.
Step 17 - For the network setting choose typical and press next. Step 18 - Choose workgroup or domain name. If you are not a member of a domain then leave the default settings and press next. Windows will restart again and adjust the display.
Step 19 - Finally Windows will start and present you with a Welcome screen. Click next to continue. Step 20 - Choose 'help protect my PC by turning on autoatic updates now' and press next.
Step 21 - Will this computer connect to the internet directly, or through a network? If you are connected to a router or LAN then choose: 'Yes, this computer will connect through a local area network or home network'. If you have dial up modem choose: 'No, this computer will connect directly to the internet'. Then click Next.
Step 22 - Ready to activate Windows? Choose yes if you wish to active Windows over the internet now. Choose no if you want to activate Windows at a later stage. Step 23 - Add users that will sign on to this computer and click next.
Step 24 - You will get a Thank you screen to confirm setup is complete. Click finish. Step 25- Log in, to your PC for the first time.
Step 26 - You now need to check the device manager to confirm that all the drivers has been loaded or if there are any conflicts. From the start menu select Start -> Settings -> Control
Panel. Click on the System icon and then from the System Properties window select the Hardware tab, then click on Device Manager.
If there are any yellow exclamation mark "!" next to any of the listed device, it means that no drivers or incorrect drivers has been loaded for that device. In our case we have a Video Controller (VGA card) which has no drivers installed. Your hardware should come with manufacturer supplied drivers. You need to install these drivers using the automatic setup program provided by the manufacturer or you need to manually install these drivers. If you do not have the drivers, check the manufacturer’s website to download them. To install a driver manually use the following procedure: (a) From the device manager double click on the device containing the exclamation mark. (b) This would open a device properties window. (c) Click on the Driver tab. (d) Click Update Driver button. The Wizard for updating device driver pops up as shown below:
You now get two options. The first option provides an automatic search for the required driver. The second option allows you to specify the location of the driver. If you don't know the location of the driver; choose the automatic search which would find the required driver from the manufacturer supplied CD or Floppy disk. Windows would install the required driver and may ask you to restart the system for the changes to take effect. Use this procedure to install drivers for all the devices that contain an exclamation mark. Windows is completely setup when there are no more exclamation marks in the device manager.
How to Install Windows 7
Here we demonstrate step-by-step how to install Windows 7 Ultimate. The guide is similar for other versions of Windows 7 such as Home Premium. The best way to install Windows 7 is to do a clean install. It is not difficult to perform a clean installation. Before you start the installation process I recommend that you check Windows 7 System Requirements list: http://windows.microsoft.com/systemrequirements to ensure that your hardware is supported by Windows 7. If you don't have Windows 7 drivers for all your hardware, it is a good idea to download all the drivers from the hardware manufacturer’s website and save all the necessary drivers on a CD-R or a USB drive before you start the installation. Windows 7 DVD is bootable. In order to boot from the DVD you need to set the boot sequence. Look for the boot sequence under your BIOS setup and make sure that the first boot device is set to CD-ROM/DVD-ROM. Step 1 - Place Windows 7 DVD in your DVD-ROMs drive and start your PC. Windows 7 will start to boot up and you will get the following progress bar.
Step 2 - The next screen allows you to setup your language, time and currency format, keyboard or input method. Choose your required settings and click next to continue.
Step 3 - The next screen allows you to install or repair Windows 7. Since we are doing a clean install we will click on "install now".
Step 4 - Read the license terms and tick I accept license terms. Then click next to continue.
Step 5 - You will now be presented with two options. Upgrade or Custom (Advanced). Since we are doing a clean install we will select Custom (Advanced).
Step 6 - Choose where you would like to install Windows 7. If you have one hard drive you will click next to continue. If you have more than one drive or partition then you need to select the appropriate drive and click next. If you need to format or partition a drive then click Drive options (advance) before clicking next.
If you have multiple hard drives and/or multiple partitions on those drive(s), take great care in confirming that you're deleting the correct partition(s). Many people, for example, have second hard drives or partitions that act as backup drives. That's certainly not a drive you want to be deleting. To Delete Other Operating System Related Partitions. If there are any other partitions that need to be deleted, you can do so at this time and then confirm Additional Partition Deletions.
Step 7 – after choosing the location, Windows 7 starts the installation process and starts copying all the necessary files to your hard drive as shown on the image below.
Step 8 - It will go through various stages of the setup and will reboot your system few times.
Step 9 - When your PC reboots it attempts to boot from DVD as it’s the first boot device. Do not press any key during the boot prompt so Windows 7 will continue with the installation by booting from the hard drive.
Step 10 - After the reboot your computer will be prepared for first use.
Windows 7 is now loading drivers, checking to make sure everything has been setup properly, removing temporary files, etc. You don't need to do anything here.
Step 11 - At this stage you need to choose a user name and computer name. Click next to continue. The user account you create here is the Administrator account which is the main account for your Windows 7 that has all the privileges.
Step 12 - Choose your password and password hint just in case you forget your password and need to jog your memory.
Step 13 - You can now type the product key that came with Windows 7 and click next. If you do not enter the product key you can still proceed to the next stage. However Windows 7 will run in trial mode for 30 days. You must therefore activate Windows within 30 days otherwise you can’t access your computer after 30 days.
Step 14 - Help protect your computer and improve Windows automatically. Choose Use recommended setting. Those who use cracked version of windows should select “ask me later “But it is not secure!
Step 15 - Review your time and date settings. Select your time zone, correct the date and time and click next to continue.
Step 16 - Select your computer's current location. If you are a home user then choose Home network otherwise select the appropriate option.
Step 17 - Windows will now finalize the settings for your computer and restart. Step 18 - After the final restart Windows 7 will start to boot up.
Step 19 - Finally you have the logon screen. Just type your password and press enter or click on the arrow to logon to Windows 7 for the first time.
Step 20 - After you have logged on to Windows 7 for the first time, you will see similar desktop to the image below. At this point you can start using your computer. However it may not be fully
configured. You need to make sure that all the hardware is detected correctly and the necessary device drivers are installed. This can be done from the device manager.
Step 21 - To go to device manager click - Start Menu -> Control Panel -> System and Security > System -> Device Manager. You will see all your hardware listed as shown on the image below. You need to check if you have any yellow exclamation marks next to the name of the devices, similar to "Multimedia Audio Controller" on the image below. This indicates that the driver has not been installed for this device. At this stage you can install the driver for this device. To do so, Right Mouse click on Multimedia Audio Controller -> Update Driver Software...
Step 22 - You can choose to "Search automatically for updated driver software" or "Browse my computer for driver software". If you have the driver CD or if the driver is on a USB drive then choose "browse my computer for driver software". Window 7 will search and install the driver from the CD or you can locate the driver manually. Once you have removed all the yellow exclamation marks from the device manager your Windows 7 configuration would be fully complete.
Step 23 - Finally check if you have successfully activated Windows 7. Click Start Menu -> Control Panel -> System and Security -> System. You will get a window similar to the image below. Towards the bottom you will see Windows is activated followed by your product ID. This shows that your copy of Windows 7 is fully activated.
How Setup Windows XP Mode in Windows 7
Windows XP Mode: http://windows.microsoft.com/en-US/windows7/products/features/windows-xp-mode for Windows 7 makes it easy to install and run your applications for Windows XP 32-bit directly from your Windows 7 32-bit or 64-bit based PC. It utilizes virtualization technology such as Windows Virtual PC to provide a Virtual Windows XP environment for Windows 7. Windows XP Mode provides Windows 7 Professional, Enterprise, or Ultimate users the flexibility to run many older productivity applications in a virtual Windows XP environment on a Windows 7based PC. Make sure that your processor supports hardware virtualization, and double-check that the hardware virtualization setting is enabled in your BIOS (the setting is often not enabled although your processor may be supported). You can use the official Intel Processor Identification Utility if you are running Intel: http://www.intel.com/p/en_US/support/highlights/processors/toolspiu , or you can use SecurAble to determine whether or not you’re AMD or Intel processor will support XP Mode. http://www.grc.com/securable.htm .SecurAble is a tiny app from Steve Gibson of the SpinRite fame. When you run the standalone app, it returns information about three features on modern processors: Maximum Bit Length (32-bit or 64-bit), Hardware D.E.P (provides protection against malicious code), and Hardware Virtualization (optimized processor instructions for virtual machines). If it’s not available or locked off, you might be able to go into the system BIOS and activate it. Look carefully in the BIOS because the setting is not always clearly labeled. If you still don’t see it, you might be able to update to the manufacturers latest version and get it to work. Make sure you know what you’re doing when updating your system BIOS and follow all the manufacturer’s steps, otherwise you can turn the PC into a giant paper weight.
If your system doesn’t support Hardware Virtualization, unfortunately you won’t be able to run XP Mode.
Windows Virtual PC: It is the latest Microsoft virtualization technology for Windows 7. It is the runtime engine for Windows XP Mode to provide a virtual Windows environment for Windows 7. With Windows Virtual PC, Windows XP mode applications can be seen and accessed from a Windows 7-based PC. Tips:
To Uninstall Windows XP Mode o Open Control Panel (All items view), click on Programs and Features, and select Windows XP Mode. To Uninstall Windows Virtual PC o Open Control Panel (All items view), click on Programs and Features, click on the View installed updates link in the left pane, and then select Windows Virtual PC (KB958559).
Windows Virtual PC: Requirements
1 GHz 32-bit / 64-bit processor required Memory (RAM) o 1.25 GB required, 2 GB memory recommended Recommended 15 GB hard disk space per virtual Windows environment Supported host (your computer) operating system: NOTE: Windows XP Mode can only be installed on Windows 7 Enterprise, Windows 7 Professional, and Windows 7 Ultimate. o Windows 7 Home Premium (32-bit or 64-bit) o Windows 7 Professional (32-bit and 64-bit) o Windows 7 Ultimate (32-bit and 64-bit) o Windows 7 Enterprise (32-bit and 64-bit) Supported guest (virtual machine) 32-bit only operating system: o Windows XP Virtual Applications feature is supported only on Windows XP Service Pack 3 (SP3) Professional o Windows Vista Virtual Applications feature is supported only on Windows Vista Enterprise and Windows Vista Ultimate o Windows 7 Virtual Applications feature is supported only on Windows 7 Enterprise and Windows 7 Ultimate
Procedure: 1. Go to the Windows Virtual PC website: http://www.microsoft.com/windows/virtualpc/download.aspx , select your 32-bit or 64-bit Windows 7 version and language.
2. Afterwards, click on the Windows XP Mode download button in step 3 at that site.
3. Click on Continue for Windows validation. When validation is completed, click on Continue to start the download process. NOTE: You will need to have cookies enabled to be able to do this.
4. Download and Install Windows XP Mode A) Click on Save, and then save the WindowsXPMode_en-us.exe file to your desktop. .
B) Double click on the downloaded WindowsXPMode_en-us.exe installation file to start installing it. NOTE: The part of the name in red will vary for you depending on what language you selected (step 1). C) Click on the Next button.
D) Click on the Next button.
E) If prompted by UAC, click on Yes. F) When Windows XP Mode is finished installing, click on the Finish button.
5. Download and Install Windows Virtual PC A) At the Windows Virtual PC website, click on the Windows Virtual PC download button in step 3 at that site.
B) Click on Save, and then save the Windows6.1-KB958559-x86-RefreshPkg.msu or Windows6.1-KB958559-x64-RefreshPkg.msu file to your desktop.
C) Double click on the downloaded Windows6.1-KB958559-x86-RefreshPkg.msu or Windows6.1-KB958559-x64-RefreshPkg.msu file to start installing it. D) If prompted by UAC, click on Yes. E) Click on Yes.
F) Click on the I Accept button.
G) When it is finished, click on the Restart Now button. WARNING: This will restart your computer immediately. Be sure to save and close anything that you have open first.
H) When the computer is finished restarting, continue on to step 6 below. 6. Download and Install Windows XP Mode Update NOTE: Enables Windows XP Mode for PCs without Hardware Assisted Virtualization Technology. While the Windows XP Mode Update download may be optional for PCs with Hardware Assisted Virtualization Technology, it will not hurt anything to install it to be safe if you are not sure if you do or not. You will not need to download and install the Windows XP Mode Update if you have the Windows 7 SP1 installed since the SP1 already contains it. You can open winver to see if you are running Windows 7 SP1 or not. Open the Start Menu. In the Search box, type in winver and press Enter.
A) At the Windows Virtual PC website, click on the Windows XP Mode Update download button in step 3 at that site.
B) Click on Save, and then save the Windows6.1-KB8977206-x86.msu or Windows6.1KB8977206-x64.msu file to your desktop.
C) Double click on the downloaded Windows6.1-KB8977206-x86.msu or Windows6.1KB8977206-x64.msu file to start installing it. D) If prompted by UAC, click on Yes. E) Click on Yes.
F) When it is finished, click on the Restart Now button. WARNING: This will restart your computer immediately. Be sure to save and close anything that you have open first.
G) When the computer is finished restarting, continue on to step 7 below. 7. To Open and Run Windows XP Mode A) Open the Start Menu, then click on All Programs, expand the Windows Virtual PC folder, and double click on the Windows XP Mode shortcut. 8. Check the I accept box, then click on the Next button.
9. Type in a password and type it in again to confirm it, and then click on the Next button. NOTE: If you would like to be logged on automatically whenever you open Windows XP Mode (step 7), then check the Remember credentials box.
10. Select (dot) the Help protect my computer by turning on Automatic Updates now box, and then click on the Next button. 11. Click on the Start Setup button.
12. You will now see this for a few moments while Windows XP Mode is being setup.
13. When setup is finished and you did not check the Remember credentials box in step 9 above, then you will need to enter your password entered and click on OK. If you did, then skip this and continue on to step 14. 14. The Windows XP Mode - Windows Virtual PC window will now open. You are now in Windows XP Mode.
1. Next, be sure to install Integration Components and enable Integration Features. NOTE: Sometimes this will be enabled for you automatically during installation. To Install Integration Components Click on Tools on the virtual machine menu bar, and click on Install Integration Components. NOTE: You may need to press CTRL+ALT+Left Arrow to move the mouse pointer out of the virtual machine to click on the menu bar. B) Click on Continue.
C) Click on Run Setup.exe. D) Click on Next.
E) If prompted by UAC, then click on Yes. F) When it's finished installing, click on Finish. G) Click on Yes to restart the virtual machine
H) Log on to the virtual machine by typing in your password for the virtual machine and pressing enter.
I) you will now need to enable the integration features. To Enable Integration Features NOTE: You will only be able to enable the integration features if you had already installed the integration components (step 1). After the first time you do this, you will usually only need to do step 3A to enable the integration features. A) Click on Tools on the virtual machine menu bar, and click on Enable Integration Features. NOTE: You may need to press CTRL+ALT+Left Arrow to move the mouse pointer out of the virtual machine to click on the menu bar. B) Check the Remember my credentials box, and click on Use another account.
C) Type in your user name and password for this virtual machine, then click on OK.
D) Integration features will now be enabled. To Disable Integration Features A) Click on Tools on the virtual machine menu bar, and click on Disable Integration Features. NOTE: You may need to press CTRL+ALT+Left Arrow to move the mouse pointer out of the virtual machine to click on the menu bar. B) Log on to the virtual machine by typing in your password for the virtual machine and pressing enter.
C) Integration features will now be disabled. 16. Set Windows XP Mode Settings A) In the Windows XP Mode window, click on Tools (menu bar) and Settings. B) In the left pane, select Close/Shut Down. C) In the right pane, select (dot) automatically close with the following
action, then select Shut Down and click on OK. 17. To Close Windows XP Mode A) Click on the X in the upper right corner of the Windows XP Mode window like you would any other window in Windows 7or ….. B) In the Windows XP Mode window click on Action (menu bar) and Close. 19. Installing a Program in Windows XP Mode NOTE: You would install a program in Virtual Windows XP just like you would in Windows 7 with the same access to everything in Windows 7. For example, hard drives, DVD drives, USB drives, Windows 7 folders and files, etc..... A) After you have installed any program (ex: CCleaner) in Windows XP Mode, you will notice that there will now also be a shortcut to it in the Windows 7 Start Menu in the Windows XP Mode Applications folder under Windows Virtual PC and Windows XP Mode. NOTE: Double clicking on the program's shortcut (ex: CCleaner) in the Windows 7 Start Menu when Windows XP Mode is closed will open and run the program in Windows 7 but as if it you were running it in Windows XP Mode. You could also move or copy this Windows XP Mode Applications shortcut where you like in Windows 7 for easy use.
The version of Windows is XP Professional SP3. You can easily send the Ctrl+Alt+Del command. To completely turn off the machine the first time you will need to shut it down from this screen.
You can use USB drives as well, just click USB on the toolbar and choose the drive you want XP Mode to recognize. While playing around in XP on your Windows 7 machine is cool, the main reason for XP Mode is to run applications that only work with XP on the new OS. You need to install the XP compatible program on the virtual machine first, just like you normally would. In this example the old school MusicMatch
Player version 7.5 on the XP VM is installed. To run the apps in XP Mode you need to close out of the VM first. Then go to the Start menu and Windows Virtual PC \ XP Mode Applications and the app you want to run.
The virtual machine process starts up but you don’t see the whole OS, just the application you want to run. You can use it just like you would if it were installed on Window 7. You can also go into the VM settings and change things like allocating more memory, hard drives, networking settings…etc.
Xp mode without hardware virtualization
Although one of the neatest new features in Windows 7 Professional and above is XP Mode, but not all machines are capable of running it. So you may want to learn; how to use VMware to run XP Mode on machines without Hardware Virtualization. Even if your computer doesn’t have hardware virtualization, you can still install XP Mode but just cannot run it as you can’t run Virtual PC. Enter VMware Player. This free program lets you create and run virtual machines, whether or not you have hardware virtualization. And, it can directly import XP Mode so you can use that copy of XP for free. A couple features are different, but it’s still a great replacement since you otherwise couldn’t use it at all. VMware Player is the easiest way to run multiple operating systems at the same time on your PC. With its user-friendly interface, VMware Player makes it effortless for anyone to try out Windows 8 developer release, Windows 7, Chrome OS or the latest Linux releases, or create isolated virtual machines to safely test new software and surf the Web. VMware Player can also be used to run a virtual copy of an old PC so that you can recycle the old machines you have under your desk or stored in the closet. Note: XP Mode does not work on Home Versions of Windows 7 and you’ll need VMware Player 3.0 Requirements: Download Windows XP Mode: http://www.microsoft.com/windows/virtual-pc/download.aspx Download VMware Player 3: http://www.vmware.com/products/player Download Securable to Test if your Machine Can Run XP Mode: http://www.grc.com/securable.htm Procedure After download xp mode as we mentioned before; Install it; just follow the default prompts as usual.
Then, download and install VMware player. The download is free, but requires registration. You may see some prompts about installing drivers; simply approve them. It is not usual but happens sometimes. When you are finished installing VMware Player, you will have to restart your computer.
Add XP Mode to VMware Player Now that your computer is rebooted, run VMware Player. We can import XP Mode by clicking File, and then click “Import Windows XP Mode VM.”
VMware Player will simply start importing your XP Mode. Converting XP mode to VMware format may take a couple minutes depending on your hardware, so just be patient.
When this is done, you should see a new virtual machine in VMware Player called XP Mode! Click “Play Virtual Machine” to run XP Mode. XP will run through its first-run setup process.
While it is loading, you may be prompted to install or update VMware Tools. This is required to integrate XP Mode into your computer, so click Update Tools or Install Tools depending on your situation.
The tools will automatically download and install, though you may have to approve an UAC prompt.
Now you can proceed with your XP setup. Accept the license agreement, and choose your locale and keyboard settings.
Enter a name for the virtual machine and an administrative password.
And enter the correct date, time, and timezone. It usually gets the correct time and date from your computer itself, but the time zone is often incorrect. XP will now finalize your changes, and then reboot.
When XP Mode restarts, choose your settings for updates. Then Windows may ask to search for drivers. Simply press cancel, as VMware Tools will contain everything we need.
After a short delay, you should see your XP desktop in VMware Player! There’s one last thing that needs to be installed – VMware Tools. This should automatically open in XP Mode; if not, click Start, then My Computer, and finally double-click on the CD drive which should say VMware Tools.
Now, simply run the Tools installer with the typical setup type, and reboot the XP Mode when it’s finished. Now VMWare is setup and we’re ready to start integrating it with Windows 7.
Integrate XP Mode in VMware Player with Windows 7 The real advantage of the default XP Mode in Windows 7 is that the XP programs are fully integrated with their Windows 7 counterparts. You can run them seamlessly with other programs, copy between them, and even open and save files to the same folders. Let’s set this up in VMware. Copy and paste from Windows 7 to XP Mode in VMware is activated by default. To use your XP programs seamlessly with Windows 7, click VM on the top of the VMware window, and click “Enter Unity.”
You can easily access any program or file in XP mode through a dedicated XP Mode Start Menu. When you hover over your Windows 7 Start button, a new button called “Windows XP Mode” will above it. Click there to access a full start menu from XP Mode right in Windows 7.
Here is an IE 6 window from XP running side-by-side with IE 8 in Windows 7.
By default, the virtualized windows will have a border and the VMware logo on their edge. To remove this logo, click VM in the VMware player window, then settings. Click on the Options tab, and choose Unity on the left. Now uncheck the boxes that say “Show borders” and “Show badges.” Without having the VMWare borders and badges give everything a more authentic XP Mode look and feel. Without having the VMWare borders and badges give everything a more authentic XP Mode look and feel.
You can even use removable devices, such as flash drives, in XP Mode in VMware Player. Whenever you connect a new device to your computer, VMware will remind you that you can add it to XP Mode.
Simply click VM, then Removable Devices. Select your device name, and click Connect.
Save Files in XP Mode to My Documents in Windows 7 By default, files created in XP Mode in VMware Player will be saved inside the virtual machine. It’s more convenient if they’re saved directly to the My Documents folder in Windows 7, so let’s change this. Click VM, then Settings. Click the Options tab, and then choose Shared Folders on the left. Now click the bullet for “Always enabled” and check the box for “Map as a network drive in Windows guests.”
Now click Add at the bottom of that window. This will let us add a shared folder. Let’s add the My Documents folder from Windows 7. Click Browse, and then select your My Documents folder. Click Ok, and then click Next.
Make sure the box is checked that says “Enable this share” and then click Finish. You can now close the settings window as well. Then Back in XP Mode, click Start, then right click on My Documents, and select Properties.
Click Move to find the new My Documents folder and find the folder we just shared from Windows 7 by clicking My Computer, then the drive that says “Shared Folders on ‘vmwarehost’” or something similar. Now select the folder we shared, Documents, and click Ok.
Click Ok in the main properties window. It may offer to copy the files from your old My Documents folder to the new one; choose Yes to make sure you have all of your documents in Windows 7. Now, whenever you go to save a file in XP Mode, it will automatically save in your My Documents folder on Windows 7. You can repeat the same process for any folder you wish, such as your My Pictures and My Music folders. Now you have your full XP Mode running on your computer without hardware virtualization. Almost all the same features are there; the only thing you’re missing is the Start Menu integration, but VMware’s menu is the next best thing. In our tests using VMware worked as good or better as actual XP Mode on a machine that supports hardware virtualization.
Why security matters
The increasing importance of information and communication has brought with it another phenomenon: the rise of a surveillance society. You can think of surveillance as an attempt by the powerful to maintain their dominance by asserting control over communication.
Nation states have responded to new communications technology by pursuing an infrastructure that can easily be re-purposed for total social control. Unlike earlier communication eras, the nature of current technology requires that our information is either secure in a way that frustrates governments, or is totally insecure in a way that makes possible the widespread and detailed monitoring of an entire populous.
Corporations have discovered that the gathering and analysis of massive amounts of personal data is necessary if they want to remain competitive in an information-rich world. In particular, nearly all advertising is shifting toward surveillance-based tracking of our personal behavior. In this context, secure communication has become vitally important.
State surveillance has a long history of resulting in the repression of social movements. Even indirectly, rampant surveillance has a chilling effect on social movements. Corporate surveillance is just as serious as state surveillance. Not only can the massive amounts of data kept on internet users be easily re-purposed for direct state repression, but corporations are now on the verge of obtaining unprecedented power over consumers.
When people start to learn about the rise in surveillance they start to feel overwhelmed. Some decide that it is impossible to be secure, so they resign themselves to live under perpetual surveillance or to forsake all forms of digital communication. Here, we believe there is a third way: our goal is to make a high degree of security easy and accessible for everyone. Much of the fight against surveillance takes place through the legal system and we applaud those who work in this arena. In contrast, our focus is on technology. When laws are unjust, we believe that a new technical reality is necessary in order to alter the legal and political possibilities.
Security overview
Type of security Human Device What is it? Simple changes you can make to your behavior. Steps to make your computer or phone less vulnerable to attack. Ways to encrypt individual messages you send and receive. Blocking sites that track you and encrypting your internet traffic. When is it useful? Helps prevent human error from being the weak leak in any security system. Useful whenever your device might physically fall into the hands of an attacker. Required if you want to ensure the confidentiality of a particular message while stored and transmitted. Helps protect against behavioral tracking, account hijacking, censorship, social network mapping, eavesdropping, and advertising.
Message
Network
Because network surveillance is so pervasive, it is a social problem that affects everyone all the time. In contrast, device and message security are important for people who are being individually targeted by repressive authorities. Improving your network security is fairly easy, in comparison to device or message security.
Having said that, it is important for people facing the prospect of targeted repression to employ device and message security, although this can take some time to learn. These help pages will aid in that journey.
Human Security
Simple behaviors to greatly improve your security
.
These security help pages include a lot of fancy talk about encryption. Ultimately, however, all this crypto-alchemy will be totally useless if you have insecure behavior. A few simple practices will go a long way toward increasing your security.
Save the world with better passwords
Because passwords are almost always the weakest link in any security system where they are used, the first step to better security is better password practice. A strong password should be long, complex, practical, not be related to you personally, secret, unique and fresh by change it regularly. Things to avoid:
Don’t pick a dictionary word or a proper noun! Passwords are often easy to crack because most people pick a password that is a variation on a word in the dictionary. There are simply not that many words in human languages: it is trivial for a computer to try them all! This includes words where you have replaced some letters with numbers. For example, “L0V3” is just as easy to crack as “LOVE”. Don’t use the same password for all your accounts. (insert here talk about password management tools). Also, it can be better to write down your passwords in a secure place rather than use the same one everywhere. Don’t forget to change your password. You should change your password at least once a year. Never tell anyone your password, especially if they ask for it.
How do you create a password that is strong and yet easy to remember? This can be really tough. The general trick is to start with multiple words you can easily remember, convert them into non-words, and add a few uppercase letters and symbols for good luck. Here are some ideas:
Although you should not use a single dictionary word, multiple words strung together can make a great password. For example, “9meLonrain”. Consider mixing words from different languages. For example: Them Eat 1e gateaU au ch()colaT' Create a non-sense acronym from a phrase that is easy for you to remember. For example, you could turn “The Revolution Will Not Be Televised” into “trwNbt” or even better “trwNbt!4”. Incorporating certain symbols, such as: 'c@t(heR1nthery3' 'To be or not to be? That is the question' becomes '2Bon2B?TitQ' 'Are you happy today?' becomes 'rU:-)2d@y?'
Risks evaluations
-watch communication channels you use and how you use them. Such as paper letters, faxes, landline phones, mobile phones, emails and Skype messages. -Consider how you store important information. Computer hard drives, email and web servers, USB memory sticks, external USB hard drives, CDs and DVDs, mobile phones, printed paper and hand-written notes are all likely possibilities. -information could be in the office, at home, in a trash bin out back or, increasingly, 'somewhere on the Internet.
Protection against physical intruder
-ask someone who will help you keep an eye on your office. -protect all of the doors, windows and other points. -install a surveillance camera or a motion-sensor alarm. -create a reception area -Protect network cables by running them inside the office. -Lock network devices such as servers, routers, switches, hubs and modems into secure rooms or cabinets. An intruder can install malware capable of stealing data there. -secure your access point if you’re using wireless. -consider the location of windows, open doors and the guest waiting area, if you have one. -Most desktop computer cases have a slot where you can attach a padlock that will prevent anyone without a key from getting inside. -Use a locking security cable for laptops and small desktop. - In Windows by clicking on the Start menu, selecting the Control Panel, and double-clicking on User Accounts. In the User Accounts screen, select your own account and click create a Password.
-There are a few settings in your computer's BIOS that are relevant to physical security. First, you should configure your computer so that it will not boot from its floppy, CD-ROM or DVD drives. Second, you should set a password on the BIOS itself, so that an intruder cannot simply undo the previous setting. - To store your Windows or BIOS passwords for a particular computer; make sure that you do not keep your only copy of the database on that computer. -Get in the habit of locking your account whenever you step away from your computer. On Windows, you can do this quickly by holding down the Windows logo key and pressing the L key. This will only work if you have created a password for your account, as described above. -Encrypt sensitive information on computers and storage devices in your office
Maintaining your computer hardware healthy
Computers do not adapt well to unstable electricity supplies, extreme temperatures, dust, high humidity or mechanical stress. - Electrical problems such as power surges, blackouts and brownouts can cause physical damage to a computer. Irregularities like this can 'crash' your hard drive, damaging the information it contains, or physically harm the electronic components in your computer. - If you can, you should install *Uninterruptible Power Supplies (UPSs) on important computers in your office. A UPS provides temporary power in the event of a blackout. Alternatively, you can still provide power filters or surge protectors, either of which will help protect you from power surges. -test your electrical network before you connect important equipment to it. Try to use power sockets that have three slots, one of them being a 'ground line', or 'earth'. - Against accidents in general, avoid placing important hardware in passages, reception areas or other easily accessible locations. UPSs, power filters, surge protectors, power strips and extension cables, particularly those attached to servers and networking equipment, should be positioned where they will not be switched off by an accidental misstep. - If you have access to high-quality computer cables, power strips and extension cables, you should purchase enough to serve your entire office and pick up a few extras.
- make sure they have adequate ventilation, or they might overheat - Computer equipment should not be housed near radiators, heating vents, air conditioners or other ductwork.
Security policy
Have good alarm systems and take care of keys and know how take them and which parts of the office should be restricted to authorized visitors. Securely dispose of paper rubbish that contains sensitive information. Have a contact phone in the event of a fire, flood, or other natural disaster and companies or organizations that provide services such as electrical power, water and Internet access.
Keep your software up to date
We already mentioned why this is important in section 1. -enable your windows update by right click on my computer>automatic update >choose automatic (recommended) you could even move away from the Microsoft Windows operating system entirely, and try using a more secure alternative called GNU/Linux or FreeBSD( most secure operating system that establish based on no security holes ). You can download a LiveCD version of Ubuntu Linux , burn it to a CD or DVD, put it in your computer and restart. Your computer will be running GNU/Linux. You’ll be back in Windows .if simply shut down your computer and remove the Ubuntu LiveCD. -use open source program and keep them update to get rid of new virus. To scan your computer and remove the viruses, without starting Windows on your computer refer to: http://www.askvg.com/download-free-bootable-rescue-cds-from-kaspersky-bitdefenderavira-f-secure-and-others
Be cautious on shared computers
Logout: make sure that you always logout when using web-mail. This is very important, and very easy to do. This is particular important when using a public computer. Don’t leave your computer unlocked and unattended. Avoid public computers: this can be difficult. If you do use a public computer, consider changing your password often or using the virtual keyboard link. If you share a computer with friends, create multiple logins which keep user settings separate. You should enable this feature and logout or “lock” the computer when not in use.
Record passwords
There is a feature in windows to create hidden notepad file to save your usual password. But this way is not useful for important password. To use this simply go: RUN>type CMD>type notepad (file name).text:hidden For example go to CMD and type: notepad anna.txt:hidden A new notepad file will open and ask you to save>click yes. Type what you want there and save changes and close. To reveal your hidden file repeat above command and see file again. But to record your password safely, portable keepass is a great tool with a master password, you shouldn’t forget at all; otherwise, there is no way to recover that.
Portable KeePass-Secure Password Storage
Computer Requirements
All Windows versions KeePass is also available for GNU Linux and Mac OS (in the KeePassX version http://www.keepassx.org ). You can find versions of KeePass for other platforms like iPhone, BlackBerry, Android, PocketPC, etc. If you however wish to try other similar programs we recommend: Password Safe available for Microsoft Windows and GNU Linux : http://passwordsafe.sourceforge.net 1Password available for Mac OS, Microsoft Windows, iPhone and iPad : http://agilewebsolutions.com/products/1Password
Portable KeePass is a secure and easy-to-use password management tool. Differences between Installed and Portable Versions of KeePass Given that portable tools are not installed on a local computer, their existence and use may remain undetected. However, keep in mind that your external device or USB memory stick, and portable tools are only as safe as the computer you are using, and may risk being exposed to adware, malware, spyware and viruses. There are no other differences between Portable KeePass and the version designed to be installed. How to Download and Extract KeePass Step 1. Click http://keepass.info/download.html to be directed to the appropriate download site.
Step 2. Click page.
Portable KeePass 2.17 (ZIP Package) to activate the Source Forge download
http://downloads.sourceforge.net/keepass/KeePass-2.17.zip
Step 3. Click to save the and then navigate to it.
Portable KeePass 2.17 (ZIP Package) to your computer;
Step 4. Right click to activate the pop-up menu and then select the Extract files... item to activate the following screen:
The Extraction path and options window Step 5. Navigate to the removable drive or USB memory stick as shown in Figure below, and then click to create a new folder in which to extract the .
Step 6. Enter a name for the new folder in either
or the document tree as shown in Figure below:
The Extraction path and options window document tree (resized) Note: Choosing a different name for the Portable KeePass folder may make its existence, and the fact that you are using it less obvious.
Step 7. Click
to extract its contents to the newly created Portable KeePass folder.
Step 8. Navigate to your external drive or USB memory stick, then open it to view the Portable KeePass folder.
The destination removable drive window displaying the newly extracted Portable KeePass folder Step 9. Double click In installation version Check the below: to begin using Portable KeePass. option as shown in figure
How to Create a New Password Database In the sections that follow, you will be taught how to create a master password, save your newlycreated database, generate a random password for a particular program, create a backup copy of the database and extract the passwords from KeePass when needed. To open KeePass, perform the following steps: Step 1. Select Start > Programs > KeePass Password Safe > KeePass or click the on your desktop to activate the KeePass main screen as follows: icon
How to Create a New Password Database Creating a new password database involves two steps: You must come up with a single, unique and strong master password that you will use to lock and unlock your database of passwords. Then, you must save that password database. To create a new password database, follow these steps:
Step 1. Select File > New as follows: This will activate the Create New Password Database screen as follows:
Step 2. Type in the master password you have invented into the Master Password field.
You will see an orange-green progress bar underneath the password entry. As you type in a password, the amount of green in the bar will increase if the complexity or strength of your password increases with the number of characters used. Tip: You should aim to have at least half the bar filled with green when you've done typing in your password.
Step 3. Click password as follows:
to activate the Repeat Master Password screen and confirm the
Step 4. Type in the same password as before, then click Step 5. Click to see if you are typing in your password correctly. Warning: This is not advisable if you fear that someone may be looking over your shoulder. Once you have successfully typed in the master password twice, the KeePass console is activated as follows:
After you have created the password database, you need to save it. To save the password database, follow these steps: Step 1. Select File > Save As as follows:
This will activate the Save As screen as follows:
Step 2. Type in a name for your new password database file. Step 3. Click your database. to save
Tip: Remember the location and file name of your database! It will come in very handy when you are creating a backup of it. Congratulations! You have successfully created and saved your secure password database. Now you can begin to fill it up with all your current and future passwords. How to Add an Entry The Add Entry screen lets you add account information, passwords and other important details into your newly-created database. In the example that follows, you will be adding entries to store passwords and user names for different websites and email accounts.
Step 1. Select Edit > Add Entry in the KeePass Password Safe screen to activate the Add Entry screen as follows:
Note: The Add Entry screen presents you with a number of fields to be completed. None of these fields are mandatory; information submitted here is largely for your own convenience. It may prove useful in situations where you are searching for a particular entry. A brief explanation of these different text boxes is presented as follows:
Group: KeePass lets you sort your passwords into pre-defined groups. For example: 'Internet' would be a good place to store passwords that relate to website accounts. Title: A name to describe the particular password entry. For example: Gmail password User name: The user name associated with the password entry. For example: [email protected] URL: The internet site associated with the password entry. For example: https://mail.google.com Password: This feature automatically generates a random password when the Add Entry screen is activated. If you are registering a new email account, you can use the 'default' password in this field. You can also use this feature if you want to change an existing password for one generated by KeePass. Since KeePass will always remember it for you, there is no need to even see the password. A randomly generated password is considered strong (that is, difficult for an intruder to guess or break). Generating a random password on request will be described in the following section. You can, of course, replace the default password with one of your own. For instance, if you are creating an entry for an account that already exists you will want to enter the correct password here.
Repeat Password: The confirmation of the password. Quality: A progress bar that measures password strength according to length and randomness. The more green there is on the scale, the stronger your chosen password. Notes: Here is where you type in descriptive or general information about the account or site for which you are storing information. For example: Mail server settings: POP3 SSL, pop.gmail.com, Port 995; SMTP TLS, smtp.gmail.com, Port: 465 Note: Creating or modifying the password entries in KeePass does not change your actual passwords! Think of KeePass as a secure electronic address book for your passwords. It only stores what you write in it, nothing more. If you select Internet from the Group drop-down list, your password entry might resemble the following:
Step 2. Click
to save your changes to the Add Entry screen.
Your password entry now appears in the Internet group.
Note: The bottom panel of this window displays information about the entry selected. This includes creation, editing and expiry time as well as notes you may have recorded in the entry. It does not reveal the password.
Expires: Check this item to activate text boxes in which you can specify an expiry date. By doing this, you could add a reminder for yourself to change the password at a specific time (every 3 months, for example). When a password has expired, it will appear with a red cross next to its name, with a red cross next to its name as shown in the example below:
How to Edit an Entry You may edit an existing entry in KeePass at any time. You can change your password (it is generally considered good security practice to change a password every three to six months), or modify other details stored in the password entry. To edit an entry, perform the following steps: Step 1. Select the correct Group in the left-hand side to activate the entries associated with it. Step 2. Select the relevant entry, then right click on that selected entry to activate the following window:
Step 3. Click password.
to save any necessary changes to this information, including the
To change an existing password (that you previously created yourself) for one generated and recommended by KeePass, please read the following section.
How to Generate Random Passwords Long, random passwords are considered strong in the world of security. Their randomness is based on mathematical principles and cannot simply be 'guessed' by someone who is trying to break into one of your accounts. KeePass supplies a Password Generator, to help you with this process. As you have seen above, a random password is automatically generated when you add a new entry. This section will describe how to generate one you. Note: The Password Generator can be activated from within the Add Entry and Edit/View Entry screens. Alternatively, select: Tools > Password Generator. Step 1. Click from within either the Add Entry or Edit/View Entry screen, to activate the Password Generator screen as follows:
The Password Generator screen presents a variety of choices for generating a password. You can specify the length of the desired password, the pool of characters from which it will be created and much else. For our purposes, we can use the default options presented. This means that the generated password will be 20 characters long and made up of lower and upper case letters, as well as numbers.
Step 2. Click to begin the process. When complete, KeePass will present the generated password to you.
Note: You can view the generated password by clicking . However, this creates a security risk as we discussed above. In essence, you will never need to see the generated password. We will explain more about it in section Using KeePass Passwords.
Step 3. Click
to accept the password and return to the Add Entry screen as follows:
Step 4. Click
to save this entry.
Step 5. Select File > Save to save your updated password database.
How to Exit, Minimize and Restore KeePass You can minimise or exit the KeePass program at any time. When you open or restore it again, you will be prompted to enter your Master Password. KeePass minimises itself, appearing in your system tray (at the bottom right corner of the screen) as follows: . KeePass also lets you lock the program by performing the following steps: Step 1. Select File > Lock Workspace to activate the following screen:
Step 2. Click to save your information and disable the KeePass console and the following icon will appear in your System Tray: Step 3. Double click this icon to restore KeePass to its normal size, and activate the following screen:
Step 4. Enter your Master Password to open KeePass
To close KeePass perform the following step: Step 1. Select File > Exit to close the KeePass program completely. If you have any unsaved changes in the database, KeePass will prompt you to save them.
How to Create a Backup of the Password Database file The KeePass database file on your computer is denoted by its .kdb file extension. You can copy this file to a USB memory stick. No one else will be able to open the database without the master password. Step 1. Select File > Save As from the main screen, and save a copy of the database to another location. You can run the entire KeePass program from a USB memory stick. Please refer to the Portable KeePass page.
How to Reset your Master Password You can change the Master Password at any time. This can be done once you have opened the password database. Step 1. Select File > Change Master Key
Step 2. Type in the new Master Password twice when prompted to do so.
Using KeePass Passwords Given that a secure password is not easily memorized, KeePass lets you copy it from the database and paste it onto whatever account or website requires it. For greater security, a copied password will only remain on the clipboard for about 10 seconds, so it will save time to have your account or website already open and running, so that you can paste the relevant password there as required. Step 1. Right click on the required password entry to activate a drop-down list,
Step 2. Select Copy Password as follows: The KeePass Password Safe screen
Step 3. Go to related account site and paste password into appropriate field:
the or the the
Tip: For efficient copying, pasting and switching windows, use the keyboard shortcuts. Press and hold the Ctrl key, then press C to copy a password. Press and hold the Ctrl key, then press V to paste that password. Press and hold the Alt key, then press the tab key to switch between open programs and windows. A Gmail Account displaying a pasted password
Note: By using KeePass all the time, you never actually have to see or know what your password is. The copy/paste functions take care of moving it from the database to the required window. If you use the Random Generator feature and then transfer this password to a new email account registration process, you will be using a password that you have never seen in plain view. And it still works!
Installing KeePassX on Ubuntu
To install on Ubuntu we will use the Ubuntu Software Center from Applications->Ubuntu Software Center.
Type KeePass in the search field at the top right and the application KeePassX should automatically appear in the listing.
Highlight the item (it may already be highlighted by default) and then press 'Install'. You will be asked to Authorise the installation process:
Enter your password and press 'Authenticate' the installation process will then begin.
Ubuntu does not offer very good feedback to show the software is installed. If the green progress indicator on the left has gone and the progress bar on the right has gone then you can assumed the software is installed. To check you can open the program from the menu Applications>Accessories->KeyPassX
Encrypting Passwords with KeePassX on Ubuntu First open KeePassX from the Applications->Accessories -> KeePassX menu.
The first time you use KeePassX you need to set up a new database to store your passwords. Click on File->New Database
You will be asked to set a master key (password).
Choose a strong password for this field - refer to the chapter about passwords if you would like some tips on how to do this. Enter the password and press 'OK'. You then are asked to enter the password again. Do so and press 'OK'. If the passwords are the same you will see a new KeePassX 'database' ready for you to use.
Now you have a place to store all your passwords and protect them by the 'master' password you just set. You will see two default categories 'Internet' and 'Email' - you can store passwords just under these two categories, you can delete categories, add sub-groups, or create new categories. For now we just want to stay with these two and add a password for our email to the email group. Right click on the email category and choose 'Add New Entry...':
So now fill this form out with the details so you can correctly identify which email account the passwords are associated with. You need to fill out the fields 'Title' and the password fields. All else is optional.
KeePassX gives some indication if the passwords you are using are 'strong' or 'weak'...you should try and make passwords stronger and for advice on this read the chapter about creating good passwords. Press 'OK' when you are done and you will see something like this:
To recover the passwords (see them) you must double click on the enter and you will see the same window you used for recording the information. If you click on the 'eye' icon to the right of the passwords they will be converted from stars (***) to the plain text so you can read it. Now you you can use KeePassX to store your passwords. However before getting too excited you must do one last thing. When you close KeePassX (choose File->Quit) it asks you if you would like to save the changes you have made.
Press 'Yes'. If it is the first time you used KeePassX (or you have just created a new database) you must choose a place to store your passwords. Otherwise it will save the updated information in the file you have previously created. When you want to access the passwords you must then open KeePassX and you will be asked for the master key. After typing this in you can add all your passwords to the database and see all your entries. It is not a good idea to open KeePassX and have it open permanently as then anyone could see your passwords if they can access your computer. Instead get into the practice of just opening it when you need it and then closing it again.
Encrypting Passwords with Keychain on Mac OSX
Mac OSX comes pre-installed with the build in password manager 'Keychain'. Because of it's tight integration with the OS most of the time you will hardly know it exists. But every now and then you will have a pop-up window in almost any application asking 'do you want to store this password in your keychain?'. This happens when you add new email accounts to your mail client, login to a protected wireless network, enter your details in your chat client etc. etc. etc. Basically what happens is that Mac OSX offers you to store all that login data and different passwords in an encrypted file which it unlocks as soon as you login to your account. You can then check your mail, logon to your WiFi and use your chat client without having to enter your login data all the time over and over again. This is a fully automated process, but if you want to see what is stored where and alter passwords, or lookup a password you will have to open the Keychain program. You can find the Keychain program in the Utilities folder which lives in the Applications folder. When you open it you will see that your 'Login' keychain is unlocked and see all the items contained in it on the right bottom side of the window. (note: the window here is empty because it seemed to be deceiving the purpose of this manual to make a screenshot of my personal keychain items and share it here with you)
You can double click any of the items in the Keychain to view it's details and tick 'Show password:' to see the password associated with the item.
You will note that it will ask you for your master or login password to view the item.
You can access modify any of the items and also use the Keychain to securely save any bits and pieces of text using the notes. To do this click on notes and then choose 'New secure Note item' from the file menu.
Device Security
1 Disk Encryption 2 Personal Firewall
Disk Encryption
Difficulty: Easy to Hard Why: Prevent access of information stored on your computer’s hard disk. Easiest: LUKS encrypion of partitions at fresh installation. Easy: formatting new partition with LUKS, move existent data there and scrub the old location of data: http://code.google.com/p/diskscrub/ Medium: LUKS encryption on LVM. Medium: ecryptfs over specific files/directories. Hard: encryption of whole disk, with key file placed in another device (like a pendrive). Hardest: Steganographic methods. In first section we discussed how to work with LUKS and dm-crypt in detail.
Personal Firewall
Firewall Difficulty: Easy Why: Make your computer less vulnerable to outside attack from the network.
Setting up LUKS encryption on USB drives
In Ubuntu, the easiest way to encrypt a whole drive is using LUKS, because it is easily readable by most Linux computers and can even be set up on a Windows PC, if absolutely necessary. LUKS is a cross-platform standard. Thanks to FreeOTFE: http://freeotfe.org , you get LUKS for Win32. http://code.google.com/p/cryptsetup
Following instructions are condensed adaptations of articles 1.https://help.ubuntu.com/community/EncryptedFilesystemsOnRemovableStorage 2.https://help.ubuntu.com/community/EncryptedFilesystemHowto You can Set up your drives using these instructions on Ubuntu 8.10 but you are be able to successfully mount and access the drives using Ubuntu 8.04 – Hardy Heron. The process may have been faster using eSATA and the method can also be easily adapted for creating a handy, encrypted USB “thumb” drive. Necessary Software In order to start, you must have the cryptsetup package already installed: sudo apt-get install cryptsetup Finding the drive After powering on the drive and hooking it up to the computer you need to identify the device: dmesg | tail -20 [33884.688746] usb 4-1: new high speed USB device using ehci_hcd ... [33884.764079] usb 4-1: configuration #1 chosen from 1 choice [33884.764868] scsi8 : SCSI emulation for USB Mass Storage devices [33884.765316] usb-storage: device found at 9 [33884.765321] usb-storage: waiting for device to settle before scan... [33888.042416] usb-storage: device scan complete [33888.043707] scsi 8:0:0:0: Direct-Access HDS72505 0KLA360 ... [33888.047550] sd 8:0:0:0: [sdb] 976773168 512-byte hardware sectors [33888.048292] sd 8:0:0:0: [sdb] Write Protect is off [33888.048300] sd 8:0:0:0: [sdb] Mode Sense: 00 38 00 00 [33888.048305] sd 8:0:0:0: [sdb] Assuming drive cache: write through [33888.049648] sd 8:0:0:0: [sdb] 976773168 512-byte hardware sectors [33888.050421] sd 8:0:0:0: [sdb] Write Protect is off [33888.050428] sd 8:0:0:0: [sdb] Mode Sense: 00 38 00 00 [33888.050432] sd 8:0:0:0: [sdb] Assuming drive cache: write through [33888.050438] sdb: unknown partition table
[33888.066470] sd 8:0:0:0: [sdb] Attached SCSI disk [33888.066545] sd 8:0:0:0: Attached scsi generic sg2 type 0 In the example above (from the first article) you can see that the drive has been recognized as /dev/sdb. Your drives may show up differently (mine appeared as /dev/sdd and /dev/sde.) I’ll continue to use /dev/sdb to refer to the drive we are working with, but you should replace it with whatever your result is.
Create the partition Before you can actually set up encryption or format the drive, you must create a partition. This is simply a portion of the drive you intend to store data on. A single physical drive may contain multiple partitions (as is usually the case with a Linux boot drive) or just one. At this point you could easily choose to set up both an encrypted and a non-encrypted partition on your drive. You don’t have a need for this, so continue with a single partition. While it can be accomplished via the command line, choose the graphical GParted program, available under the “System -> Administration -> Partition Editor” menu. Choose your device via the drop-down menu in the upper right-hand corner. Then, select the unallocated space and create a new partition that encompasses the entire available space. We do not want to format the partition, only create it, so select “unformatted” as the filesystem.
Click “Apply” and your new partition will be created. You should now have a partition named something like /dev/sdb1 (notice there’s now a number added.) Once you have created the partition successfully, close GParted.
Setting up encryption The next section is copied verbatim from the aforementioned article: The dm-crypt, sha256 and aes kernel modules will need to be loaded prior to encrypting the partition:
sudo modprobe dm-crypt sudo modprobe sha256 sudo modprobe aes If the following error messages appear when loading sha256 and aes: sudo modprobe sha256 WARNING: Error inserting padlock_sha ... No such device sudo modprobe aes WARNING: Error inserting padlock_aes ... No such device It is an indication that the system does not have a hardware cryptographic device.See https://bugs.launchpad.net/ubuntu/+source/linux/+bug/206129 The workaround is to add the following lines (using your favorite editor) to the bottom of /etc/modprobe.d/aliases and re-run the modprobe commands for the sha256 and aes kernel modules: alias sha256 sha256_generic alias aes aes_generic Note that this is only necessary when we are setting up the drive. Later we will access them through Gnome and won’t need these modules. Encrypting the partition Finally, we can run the command to encrypt the /dev/sdb1 partition. While there are other ways of securing your encrypted drive (such as key file stored locally or on a USB flash drive). Choose a strong passphrase; any password 12 characters or longer not consisting of dictionaryfindable words should suffice. Use the following command: sudo cryptsetup --verify-passphrase luksFormat /dev/sdb1 -c aes -s 256 -h sha256
The LUKS-formatting command above has the following options:
–verify-passphrase – ensures the passphrase is entered twice to avoid an incorrect passphrase being used -c aes – specifies the use of AES encryption (c for cipher): http://en.wikipedia.org/wiki/Advanced_Encryption_Standard -s 256 – specifies a 256-bit key size -h sha256 – use 256-bit SHA for password hashing: http://en.wikipedia.org/wiki/SHA
To reducing some computational overhead use 128-bit AES encryption instead. Therefore, command instead looks something like: sudo cryptsetup --verify-passphrase luksFormat /dev/sdb1 -c aes -s 128 -h sha256
Creating the filesystem After setting up the encrypted partition, you must open and map it in order to set up the filesystem and begin using it. Start with: sudo cryptsetup luksOpen /dev/sdb1 secureUSB it should prompt you for your passphrase and map the drive to /dev/mapper/secureUSB. Now you can format the encrypted partition with a filesystem using whatever method you prefer. Such as using “GParted “to format in ext3, I have already mentioned. Like before, select the device you want to create the filesystem on – in this case /dev/mapper/secureUSB. You should again see a block of unallocated space, which you should select and create a new partition within. You may be presented with a big, scary message about setting a disklabel – tell it to create (since you have no data to lose on the drive at this point anyway!) The create new partition screen will look just the same as before, only this time you will want to specify the filesystem type you want to use. Apply all the pending operations and wait for the formatting process – it can take quite a while, especially for large drives.
Mounting the encrypted drive Having successfully set up encryption and created a filesystem, we’re almost ready to to mount the drive and begin using it! (Of course, this is still assuming you’re using USB. If you’re using eSATA then this won’t work easily.
Shut down the computer, disconnect the drive, and reboot. Once you’re back up and logged in, reconnect the drive and Gnome should prompt you for the passphrase and then mount automatically.
If you want the drive to unlock automatically on this computer, select “remember forever.” After you’re unlocked and mounted, the final step is to take ownership of the drive’s root folder with a user other than your sudo/root user: sudo chown youruser:youruser /media/disk Where youruser is the user you want to have ownership and /media/disk is where gnome automounted the drive. For more information see: http://www.g-loaded.eu/2005/11/10/encrypt-devices-using-dm-crypt-and-luks/ http://www.emcken.dk/weblog/archives/164-encrypted-usb-drive-in-ubuntu.html
eCryptfs
eCryptfs is a POSIX-compliant enterprise-class stacked cryptographic filesystem for Linux. Layering on top of the filesystem layer eCryptfs protects files no matter the underlying filesystem, partition type, etc. During installation there is an option to encrypt the /home partition. This will automatically configure everything needed to encrypt and mount the partition. As an example, this section will cover configuring /srv to be encrypted using eCryptfs.
Using eCryptfs First, install the necessary packages. From a terminal prompt enter: sudo apt-get install ecryptfs-utils Now mount the partition to be encrypted: sudo mount -t ecryptfs /srv /srv You will then be prompted for some details on how ecryptfs should encrypt the data. To test that files placed in /srv are indeed encrypted copy the /etc/default folder to /srv: sudo cp -r /etc/default /srv Now unmount /srv, and try to view a file: sudo umount /srv cat /srv/default/cron Remounting /srv using ecryptfs will make the data viewable once again.
Automatically Mounting Encrypted Partitions There are a couple of ways to automatically mount an ecryptfs encrypted filesystem at boot. This example will use a /root/.ecryptfsrc file containing mount options, along with a passphrase file residing on a USB key. First, create /root/.ecryptfsrc containing:
key=passphrase:passphrase_passwd_file=/mnt/usb/passwd_file.txt ecryptfs_sig=5826dd62cf81c615 ecryptfs_cipher=aes ecryptfs_key_bytes=16 ecryptfs_passthrough=n ecryptfs_enable_filename_crypto=n Adjust the ecryptfs_sig to the signature in /root/.ecryptfs/sig-cache.txt. Next, create the /mnt/usb/passwd_file.txt passphrase file: passphrase_passwd=[secrets] Now add the necessary lines to /etc/fstab: /dev/sdb1 /mnt/usb ext3 /srv /srv ecryptfs defaults 0 0 ro 00
Make sure the USB drive is mounted before the encrypted partition. Finally, reboot and the /srv should be mounted using eCryptfs.
Other Utilities The ecryptfs-utils package includes several other useful utilities:
ecryptfs-setup-private: creates a ~/Private directory to contain encrypted information. This utility can be run by unprivileged users to keep data private from other users on the system. ecryptfs-mount-private and ecryptfs-umount-private: will mount and unmount respectively, a users ~/Private directory. ecryptfs-add-passphrase: adds a new passphrase to the kernel keyring. ecryptfs-manager: manages eCryptfs objects such as keys. ecryptfs-stat: allows you to view the ecryptfs meta information for a file.
More information is here: https://launchpad.net/ecryptfs http://manpages.ubuntu.com/manpages/natty/en/man7/ecryptfs.7.html https://help.ubuntu.com/community/eCryptfs
TrueCrypt : less secure way for disk encryption
You can encrypt your files, making them unreadable to anyone but you or you can hide them in the hope that an intruder will be unable to find your sensitive information. TrueCrypt or DiskCryptor can both encrypt and hide your file. While other software can provide encryption that is equally strong, TrueCrypt was designed specifically to make this kind of secure file storage as simple as possible. When your TrueCrypt volume is 'mounted' (whenever you can access the contents yourself), your data may be vulnerable, so you should keep it closed except when you are actually reading or modifying the files inside it.
- Disconnect encrypted volumes mounted when you walk away from your computer for any length of time. - Disconnect them before putting your computer to sleep. - Disconnect them before allowing someone else to handle your computer. - Disconnect them before inserting an untrusted USB memory stick or other external storage device, including those belonging to friends and colleagues. - If you keep an encrypted volume on a USB memory stick, remember that just removing the device may not immediately disconnect the volume. Even if you need to secure your files in a hurry, you have to dismount the volume properly, then disconnect the external drive or memory stick, then remove the device. You might want to practice until you find the quickest way to do all of these things.
If you decide to keep your TrueCrypt volume on a USB memory stick, you can also keep a copy of the TrueCrypt program with it. TrueCrypt's deniability feature is one of the ways in which it goes beyond what is typically offered by file encryption tools. This feature can be thought of as a peculiar form of steganography that disguises your most sensitive information as other, less sensitive, hidden data. it works by storing a 'hidden volume' inside your regular encrypted volume. You open this hidden volume by providing an alternate password that is different from the one you would normally use.
TrueCrypt - Secure File Storage
TrueCrypt is a program which secures your files by preventing anyone without the correct password from accessing them. It functions like an electronic safe, letting you lock up your files so that only someone with the correct password can open them. TrueCrypt works by letting you set up volumes or sections on your computer where you can securely store files. When you create data in, or move data to these volumes, TrueCrypt will automatically encrypt that information. As you open or take your files out, it automatically decrypts them for use. This process is called on-the-fly encryption. TrueCrypt will protect your data from being accessed by locking it with a password that you will create. If you forget that password, you will lose access to your data! TrueCrypt uses a process called encryption to protect your files. Please bear in mind that the use of encryption is illegal in some countries. Rather than encrypting specific files, TrueCrypt creates a protected area, called a volume, on your computer. You can safely store your files inside this encrypted volume. TrueCrypt offers the ability to create a standard encrypted volume or a hidden volume. Either one will keep your files confidential, but a hidden volume allows you to hide your important information behind less sensitive data in order to protect it, even if you are forced to reveal your TrueCrypt volume. This guide explains both volumes in detail. Computer Requirements
Windows 2000/XP/2003/Vista/7 Administrator rights required for installation or to create volumes but not to access existing volumes
GNU Linux, Mac OS and other Microsoft Windows Compatible Programs: Note: it is possible to use TrueCrypt for GNU Linux and Mac OS. Many GNU Linux distributions, for instance Ubuntu: http://www.ubuntu.com, support on-the-fly encryption-decryption for the entire disk as a standard feature. You can decide to use it when you install the system. You can also add the encryption functionality to your Linux system by using an integration of dm-crypt : http://www.saout.de/misc/dm-crypt and cryptsetup and LUKS: http://code.google.com/p/cryptsetup . Another approach is to use ScramDisk for Linux SD4L: http://sd4l.sourceforge.net , a free and open source on-the-fly encryption-decryption program.
For the Mac OS you can use FileVault, which is part of the operating system, to provide on-thefly encryption and decryption for the content of your home folder, and all the sub-folders. You may also find the free and open source program Encrypt This : http://www.nathansheldon.com/files. It can encrypt selected files into .DMG disk image. There are many encryption programs for Microsoft Windows. We recommend a few of them below:
The FREE CompuSec:
http://www.ce-infosys.com/english/free_compusec/free_compusec.aspx It is free, proprietary, on-the-fly encryption/decryption program. It can either encrypt a portion of or the entire computer disk, USB drives or a CD. The DataCrypt module of CompuSec can be used to encrypt individual files as well.
CryptoExpert 2009 Lite: http://www.cryptoexpert.com/lite is free, proprietary, on-thefly encryption-decryption program that creates container encryption files, similar to TrueCrypt. AxCrypt: http://www.axantum.com/AxCrypt is a free and open source program that can encrypt separate files. Steganos LockNote: https://www.steganos.com/us/products/for-free/locknote/overview is a free and open source program. You can use it to encrypt or decrypt any text. The text will be stored in the LockNote application: The mechanism to encrypt or decrypt a note is part of it. LockNote is portable, and installation is not required.
How to Install TrueCrypt Step 1. Double click appear. If it does, click ; the Open File - Security Warning dialog box may to activate the TrueCrypt License screen.
Step 2. Check the I accept and agree to be bound by the license terms option to enable the Accept button; click to activate the following screen:
The Wizard Mode in the default Install mode
Install mode: This option is for users who do not wish to hide the very fact that they use TrueCrypt on their computer. Extract mode: This option is for users who wish to carry a portable version of TrueCrypt on a USB memory stick and do not wish to have TrueCrypt installed on their computer. Note: Some of the options (for example, entire partition and disk encryption) will not work when TrueCrypt is extracted only. Note: Although the default Install mode is recommended here, you may still use TrueCrypt in portable mode later on. To learn more about using the TrueCrypt Traveller mode, please refer to Portable TrueCrypt .
Step 3. Click
to activate the following screen:
The Setup Options window Step 4. Click system. Step 5. Click to activate the Installing screen to begin installing TrueCrypt on your
to activate the following screen:
The TrueCrypt Setup confirmation dialog box Step 6. Click to launch the TrueCrypt web site, and complete the TrueCrypt .
installation, and then click
Note: All users are strongly encouraged to consult the help documentation available from TrueCrypt after completing this tutorial.
How to Create a Standard Volume TrueCrypt lets you create two kinds of volumes: Hidden and Standard. In this section, you will learn how to create a Standard Volume in which to store your files. To begin using TrueCrypt to create a Standard Volume, perform the following steps: Step 1. Double click or Select Start > Programs > TrueCrypt > TrueCrypt to open TrueCrypt. Step 2. Select a drive from the list in the TrueCrypt pane as follows:
The TrueCrypt console Step 3. Click to activate the TrueCrypt Volume Creation Wizard as follows:
The TrueCrypt Volume Creation Wizard window
There are three options for encrypting a Standard Volume. We will use the Create an encrypted file container option. Step 4. Click to activate the following screen:
The Volume Type window The TrueCrypt Volume Creation Wizard Volume Type window lets you specify whether you would prefer to create a Standard or Hidden TrueCrypt volume. Step 5. Check the Standard TrueCrypt Volume option. Step 6. Click to activate the following screen:
The Volume Creation Wizard - Volume Location pane You can specify where you would like to store your Standard Volume in the Volume Creation Wizard - Volume Location screen. This file can be stored like any other file.
Step 7. Either type in the name of the file into the text field, or click the following screen:
to activate
The Specify Path and File Name navigation window Note: A TrueCrypt Volume is contained inside a normal file. This means that it can be moved, copied or even deleted! You need to remember both the location and name of the file. However, you must choose new file name for the volume you create (also refer to section How to Create a Standard Volume on a USB Memory Stick). There, we will create our Standard Volume in the My Documents folder, and name the file My Volume as shown in figure above. Tip: You can use any file name and file extension. For example, you can name your Standard Volume recipes.doc, so that it will look like a Word document, or holidays.mpg, so it will look like a movie file. This is one way you can help disguise the existence of your Standard Volume. Step 8. Click to close the Specify Path and File Name window and return to the Volume Creation Wizard window as follows:
The TrueCrypt Volume Creation Wizard displaying the Volume Location pane Step 9. Click to activate following figure.
How to Create a Standard Volume on a USB Memory Stick To create a TrueCrypt Standard Volume on a USB memory stick, perform steps 1 to 7 in section How to Create a Standard Volume, where you activate the Select a TrueCrypt Volume screen. Instead of choosing My Documents as your file location, navigate to and then choose your USB memory stick. Then, enter a file name and create the Standard Volume there. How to Create a Standard Volume At this stage, you are ready to choose a specific encryption method (or algorithm as it is referred to on the screen) to encode the data that will be stored in your Standard Volume.
The Volume Creation Wizard Encryption Options pane Note: You may leave the default options here as they appear. All algorithms presented in the two options here are considered secure.
Step 10. Click
to activate the TrueCrypt Volume Creation Wizard screen as follows:
The Volume Creation Wizard displaying the Volume Size pane The Volume Size pane lets you specify the size of the Standard Volume. In this example, it is set at 10 megabytes. However, you may specify a different size. Consider the size of the documents and file types you would like to store, and then set an appropriate volume size for them. Tip: If you would like to backup your Standard Volume to a CD later on, then you should set the size to 700MB or less. Step 11. Type in your specific volume size into the text field, and then click activate the following screen: to
The TrueCrypt Volume Creation Wizard featuring the Volume Password pane Important: Choosing a secure and strong password is among the most important tasks you will perform when creating a Standard Volume. A good password will protect your encrypted volume
and the stronger the password you choose, the better. You don't have to create your own passwords, or even remember them, if you use a password generation program like KeePass. Step 12. Type your password and then re-type your password into the Confirm text fields. Important: The Next button will remain disabled until passwords in both text fields match. If your password is not particularly safe or secure, you will see a warning advising you of this. Consider changing it! Although TrueCrypt will still work with any password you have chosen, your data may not be very secure. Step 13. Click to activate the following screen:
The TrueCrypt Volume Creation Wizard featuring the Volume Format pane TrueCrypt is now ready to create a Standard Volume. Move your mouse randomly within the TrueCrypt Volume Creation Wizard window for few seconds. The longer you move the mouse, the better the quality of the encryption key. Step 14. Click to begin creating your standard volume.
TrueCrypt will now create a file named My Volume in the My Documents folder as earlier specified. This file will contain a TrueCrypt Standard Volume, 10 Megabytes in size that you can use to securely store your files. After a Standard Volume has been successfully created, the following dialog box will appear:
The TrueCrypt volume has been successfully created message screen Step 15. Click TrueCrypt console. Step 16. Click to complete creating your Standard Volume and return to the
to close TrueCrypt Volume Creation Wizard.
Portable TrueCrypt
Differences between the Installed and Portable versions of TrueCrypt Given that portable tools are not installed on a local computer, their existence and use may remain undetected. However, keep in mind that your external device or USB memory stick, and portable tools are only as safe as the computer you are using, and may risk being exposed to adware, malware, spyware and viruses. Portable TrueCrypt allows you to use a powerful and simple file encryption tool without being detected. Having Portable TrueCrypt on removable device or USB memory stick lets you use it from different workstations. There are very few differences between both the installed and portable versions of Portable TrueCrypt, the main one being that Portable TrueCrypt does not permit the encryption of the entire disk or system disk. For more information regarding the differences between TrueCrypt and Portable TrueCrypt, please refer to the following page: http://www.truecrypt.org
Downloading, Extracting and Using Portable TrueCrypt Note: The folder into which Portable TrueCrypt is to be extracted must be created manually on the removable device or USB memory stick before the extraction process. Step 1. Navigate to your removable device or USB memory stick in which to extract the Portable TrueCrypt program, and then right-click to activate its associated menu. Step 2. Select the New item to activate its sub-folder, and then select the Folder sub-menu item, as shown in Figure below:
The Windows explorer folder and sub-folder Step 3. Enter the name of the folder. Note: You may give this folder a less obvious name to conceal the existence of the Portable TrueCrypt program. Portable TrueCrypt can be extracted from the same archive as installation version. To download Portable TrueCrypt, perform the almost similar following steps: Step 1. Open www.truecrypt.org/downloads Step 2. Click following screen: beneath the section to activate the
The Opening TrueCrypt Setup 7.0a.exe installation prompt Step 3. Click then navigate to it. Step 4. Double click appear; if it does, click to save the installation file to your computer, and
; the Open File - Security Warning dialog box may to activate the TrueCrypt installation wizard.
Step 5. Check the Extract option to extract TrueCrypt portable to a removable drive or USB device as shown in Figure below:
The Wizard Mode - Select one of the modes window
Step 6. Click
to activate the Extraction Options window as follows:
The Extraction Options window Step 7. Click to activate the Browse for Folders window as follows:
The Browse for Folder window Step 8. Navigate to your destination folder on either the external drive or USB memory stick, and then click , to return the Extraction Options window as follows:
The Extraction Options window displaying the destination folder Step 9. Click to begin extracting TrueCrypt to your removable drive or USB memory stick; a few seconds later, the following windows will appear:
The TrueCrypt pop-up confirmation dialog box and Extraction Complete window Step 10. Click and then click to complete the installation process. option was enabled (as it usually is by default), the
If the following screen will appear:
An example of Portable TrueCrypt extracted to a removable drive Step 11. Navigate to and then double click to run Portable TrueCrypt.
Please refer to the Truecrypt chapter in the Hands-on Guide section from this point onwards, for instructions on how to use TrueCrypt. How to Eliminate All Traces of Having Extracted Portable TrueCrypt Important: After you have successfully extracted Portable TrueCrypt to your external/removable device, you must delete the installation file from your computer to further eliminate any traces of you having downloaded and installed Portable TrueCrypt. Step 1. Navigate to the folder in which Portable TrueCrypt was downloaded, and then right click the installation file to activate the Windows pop-up menu; then, select the Delete command to move it to your Recycle Bin. Step 2. Double click to open its associated window, and then select and delete the file.
Note: If you have either CCleaner or Eraser installed, you can use either of them to eliminate all traces of your having ever downloaded and installed Portable TrueCrypt.
How to Mount a Standard Volume In TrueCrypt, to mount a Standard Volume refers to making the standard volume available for use. In this section, you will learn how to mount your newly created standard volume. To begin mounting your standard volume, perform the following steps: Step 1. Double click TrueCrypt. or Select Start > Programs > TrueCrypt > TrueCrypt to open
Step 2. Select any drive from the list as follows:
The TrueCrypt console In this example the Standard Volume will be mounted as the M: drive. Note: In the following figure, the M: drive has been selected for mounting the standard volume; however, you may choose another listed drive. Step 3. Click The Select a TrueCrypt Volume screen will appear as follows:
The Select a TrueCrypt Volume screen Step 4. Select the standard volume file that you created, then click and return to the TrueCrypt console. Step 5. Click to close figure 2
to activate the Enter password for prompt screen as follows:
The Enter password prompt screen Step 6. Type the password in the Password: text field. Step 7. Click to begin mounting the Standard Volume.
Note: If the password you typed is incorrect, TrueCrypt will prompt you to re-type your password and click mounted as follows: . If the password is correct, the Standard Volume will be
The TrueCrypt console displaying the newly mounted Standard Volume Step 8. Double click the highlighted entry in TrueCrypt or double click the corresponding drive letter in the My Computer screen to access the Standard Volume (now mounted on drive M: on your computer).
Accessing the Standard Volume through the My Computer screen Note: We have just successfully mounted the My Volume standard volume on a virtual disk M: This virtual disk behaves like a real disk, except that it is entirely encrypted. Any files will be automatically encrypted when you copy, move or save them to this virtual disk (a process known as on-the-fly encryption). You can copy files to and from the Standard Volume just as you would copy them to any normal disk (for example, by dragging-and-dropping them). When you move a file out of the Standard Volume, it is automatically decrypted. Conversely if you move a file onto the Standard Volume, TrueCrypt automatically encrypts it. If your computer crashes or is suddenly switched off, TrueCrypt will immediately close the Standard Volume. Important: After transferring files to the TrueCrypt volume, make sure that no traces of the files are left behind on the computer or USB memory stick that they came from.
How to Dismount the Standard Volume In TrueCrypt, to dismount a Standard Volume simply means to make a volume unavailable for use.To close or dismount a Standard Volume and make its files accessible only to someone with a password, perform the following steps: Step 1. Select the volume from the list of mounted volumes in the main TrueCrypt window as follows:
Selecting the Standard Volume to be dismounted Step 2. Click to dismount or close your TrueCrypt standard volume.
Important: Make sure to dismount your TrueCrypt volume before putting your computer to Standby or Hibernate mode. Better yet, always shut-down your computer or laptop if you plan on leaving it unattended. This will prevent anyone from being able to gain your volume password. To retrieve a file stored in your standard volume once you have closed or dismounted it, you will have to mount it again.
How to back up your Volume
Backing up your documents, files and folders on a regular basis is critical. Backing up your TrueCrypt volume is vital, and (fortunately) easy to do. Don't forget that your volume must be dismounted before you back it up. Step 1. Navigate to your Standard Volume file (in figure below, it is located in the My Documents folder).
The My Documents window displaying the My Volume file Step 2. Save the file to an external memory device, like a CD, DVD or a USB memory stick. Tip: If you have large amounts of data that you want to encrypt and archive repeatedly, why not create a new Standard Volume which is the same size as a CD or DVD? This could be used as a secure storage technique. Before you back up the standard volume to a removable device, make sure that the device size corresponds to the size of your volume. Backup Medium CD DVD
Suggested TrueCrypt Volume Size 700mb 3900mb
USB memory Suggested 25% of total capacity (e.g. For 128MB USB stick, use 30MB for your Standard Volume) stick
About Hidden Volumes In TrueCrypt, a Hidden Volume is stored within your encrypted Standard Volume, but its existence is concealed. Even when you 'mount' or open your standard volume, it is not possible either to find or to prove the existence of the hidden volume. If you are forced to reveal your password and the location of your standard volume, then its content may be revealed, but not the existence of the hidden volume within. Imagine a briefcase with a secret compartment. You keep files that you do not mind having confiscated or losing in the normal section of your briefcase, and you keep the important and private files in the secret compartment. The point of the secret compartment (especially a welldesigned one), is to hide its own existence and therefore, the documents within it. How to a Create a Hidden Volume The creation of a TrueCrypt Hidden Volume is similar to creating a TrueCrypt Standard Volume: Some of the panes, screens and windows are even the same. Step 1. Open TrueCrypt. Step 2. Click Step 3. Click to activate the TrueCrypt Volume Creation Wizard. to accept the default Create an encrypted file container option.
Step 4. Check the Hidden TrueCrypt volume option as follows:
The TrueCrypt Volume Creation Wizard with the Hidden TrueCrypt volume option enabled Step 5. Click to activate the following screen:
The TrueCrypt Volume Creation Wizard - Mode window Direct mode: This option lets you create the Hidden Volume within an existing Standard Volume.
Normal mode: This option lets you create a completely new Standard Volume in which to store the Hidden Volume.In this example, we will use the Direct mode.
Note: If you would rather start a new Standard Volume, please repeat the process from the section How to Create a Standard Volume. Step 6. Check the Direct Mode option and then click Volume Creation - Volume Location window. to activate the TrueCrypt
Note: Make sure the Standard Volume is unmounted before selecting it. Step 7. Click to activate the following screen:
The TrueCrypt Volume Creation Wizard - Select a TrueCrypt Volume window
Step 8. Locate the volume file using the Select a TrueCrypt Volume window as shown in the figure. Step 9. Click Step 10. Click to return to the TrueCrypt Volume Creation Wizard. to activate the Enter password screen.
Step 11. Type in password you used when creating the Standard Volume into the Password text field to activate the following screen:
The TrueCrypt Volume Creation Wizard - Hidden Volume Message pane Step 12. Click after you have read the message to activate the Hidden Volume Encryptions Options screen. Note: Leave both the default Encryption Algorithm and Hash Algorithm settings for the Hidden Volume as they are. Step 13. Click to activate the following screen:
The TrueCrypt Volume Creation Wizard - Hidden Volume Size window You will be prompted to specify the size of the Hidden Volume. Note: Consider the kind of documents, their quantity and size that need to be stored. Do leave some space for the Standard Volume. If you select the maximum size available for the Hidden Volume, you will not be able to put any more new files into the original Standard Volume.
If your Standard Volume is 10 Megabytes(MB) in size and you specify a Hidden Volume size of 5MB (as shown in figure above), you will have two volumes (one hidden and one standard volume) of approximately 5MB each. Ensure that the information you store in the Standard Volume does not exceed the 5MB you have set. This is because the TrueCrypt program itself does not automatically detect the existence of the Hidden Volume, and it could accidentally overwrite it. You may risk losing all files stored in the hidden volume if you exceed your previously established size. Step 14. Type in the desired hidden volume size into the corresponding text box as it’s shown in figure above. Step 15. Click to activate the Hidden Volume Password window.
You must now create a different password for the hidden volume from the one used to protect your standard volume. Again, remember to choose a strong password. Please refer to the KeePass chapter to learn more about creating strong passwords. Tip: If you anticipate being forced to reveal the contents of your TrueCrypt volumes, then store your password for the standard volume in KeePass, and create a strong password that you only have to remember for hidden volume. This will help you to conceal your hidden volume, as you will not leave any trace of its existence. Step 16. Create a password and type it in twice, and then click following screen: to activate the
The TrueCrypt Volume Creation Wizard - Hidden Volume Format pane
Leave the default File System and Cluster options as they are. Step 17. Move the mouse cursor around the screen to increase the cryptographic strength of the encryption and then click to format the hidden volume.
After the hidden volume has been formatted, the following screen appears:
The TrueCrypt Volume Creation Wizard message screen Note: Figure 8 both confirms that you have successfully created a hidden volume, as well as warning you against the dangers of overwriting files in the hidden volume when storing files in the standard volume. Step 18. Click to activate the Hidden Volume Created window and then click
and return to the TrueCrypt console. The hidden volume has now been created inside your standard volume. You may now store documents in the hidden volume, which remain invisible even to someone who has obtained the password for that particular standard volume. How to Mount the Hidden Volume The method for mounting or making a Hidden Volume accessible for use is exactly the same as that for a Standard Volume; the only difference is you will use the password that you have just created for the Hidden Volume. To mount or open the Hidden Volume, perform the following steps: Step 1. Select a drive from the list (in this example, drive K):
A mount drive selected in the TrueCrypt Volume screen Step 2. Click to activate the Select a TrueCrypt Volume window.
Step 3. Navigate to and then select your TrueCrypt volume file (same file as for the standard volume). Step 4. Click Step 5. Click to return to the TrueCrypt console. to activate the Enter Password for prompt screen as follows:
The Enter Password screen Step 6. Type the password you used to create the hidden volume, and then click Your hidden volume is now mounted (or opened) as follows: .
The TrueCrypt main screen displaying the newly mounted Hidden Volume Step 7. Double click on above entry or access it through the My Computer window.
Tips on How to Use the Hidden Disk Feature Securely The purpose of the hidden disk feature is to escape a potentially dangerous situation by appearing to hand over your encrypted files, when someone in a position of power demands to see them, without actually being forced to reveal your most sensitive information. In addition to
protecting your data, this may allow you to avoid further jeopardizing your own safety or exposing your colleagues and partners. For this technique to be effective, you must create a situation where the person demanding to see your files will be satisfied by what you show them and let you go. To do this, you may want to implement some of the following suggestions:
Put some confidential documents that you do not mind having exposed in the standard volume. This information must be sensitive enough that it would make sense for you to keep it in an encrypted volume. Be aware that someone demanding to see your files may know about hidden volumes. If you are using TrueCrypt correctly, however, this person will not be able to prove that your hidden volume exists, which will make your denial more believable. Update the files in the standard volume on a weekly basis. This will create the impression that you really are using those files. Whenever you mount a TrueCrypt volume, you can choose” enable the Protect hidden volume against damage caused by writing to outer volume feature”. A very important feature, it lets you add new 'decoy' files to your standard volume without the risk of you accidentally deleting or overwriting the encrypted contents of your hidden volume. As mentioned earlier, exceeding the storage limit on your standard volume may otherwise destroy your hidden files. Do not enable the Protect hidden volume feature when forced to mount a TrueCrypt volume, because doing so requires you to enter the secret password to your hidden volume and will clearly reveal that volume's existence. When you are updating your decoy files in private, however, you should always enable this option. To use the Protect hidden volume feature, perform the following steps: Step 1. Click on the Enter Password prompt shown in figure 10, above. This will activate the Mount Options window as follows:
The Mount Options window Step 2. Check the Protect hidden volume against damage caused by writing to outer volume option. Step 3. Type in your Hidden Volume password, and then click .
Step 4. Click to mount your standard volume. After you have successfully mounted it, you will be able to add decoy files without damaging your hidden volume. Step 5. Click to dismount or your make your standard volume unavailable for use, when you have finished modifying its contents. Remember: You only need to do this when you are updating the files in your standard volume. If forced to reveal your standard volume to someone else, you should not use the Protect hidden volume feature.
Installing TrueCrypt on Ubuntu
TrueCrypt is not available in the standard Ubuntu repositories. This means you cannot use the Ubuntu Software Center or apt-get (a command line method for installing software on Ubuntu) to install it. Instead you must first visit the TrueCrypt downloads page (http://www.truecrypt.org/downloads).You will see a drop-down menu under the heading Linux.
From the '(Select a package)' drop down menu you can choose from four options:
This is a little technical - the console version is the one you choose if you are either very technical and don't like Graphical User Interfaces or you wish to run this on a machine that you have only a terminal (command line or 'shell') access to (like a remote server for example). Assume you are running this in your laptop its best to choose the easy 'standard' option - this will give you a nice user interface to use. From these two options you need to choose the one most suitable for the architecture of your machine. Don't know what this means? Well, it basically comes down to the type of hardware (processor) running on your computer, the options are 32bit or 64-bit. Unfortunately Ubuntu does not make it easy for you to find this information if you don't already know it. You need to open a 'terminal' from the Applications->Accessories menu and type the following, followed by the [enter] key uname -a The output will be something like 'Linux bigsy 2.6.32-30-generic #59-Ubuntu SMP Tue Mar 1 21:30:46 UTC 2011 x86_64 GNU/Linux'. In this instance you can see the architecture is 64-bit ('x86_64'). In this example I would choose the 'Standard - 64-bit (x64)' option. If you see 'i686' somewhere in the output of the uname command then you would choose the other standard option to download. Once selected press the 'download' button and save the file to somewhere on your computer. So the installation process is still not over. The file you downloaded is a compressed file (to make downloading it is faster) and you need to first de-compress the file before you install it.
Fortunately Ubuntu makes this easy - simply browse to the file on your computer and right click on it and choose 'Extract Here'.
You will see a new file appear next to the compressed file:
Nearly done! Now right click on the new file and choose 'open' :
If all is well you will see a window open like this:
Choose 'run' and you see the following:
Now we are getting somewhere...press 'Install TrueCrypt'. You will be displayed a user agreement. At the bottom press 'I accept and agree to be bound by the license terms' (sounds serious). You will then be shown another info screen telling you can uninstall TrueCrypt. Press 'OK' then you will be asked for your password to install software on your computer. Enter your password and then you will finally see a screen like this:
TrueCrypt is installed and you can access it from the Applications->accessories menu...close the setup window.
Installing TrueCrypt on OSX
1. To install TrueCrypt on OSX first visit the download page (http://www.truecrypt.org/downloads) and press the download button under the OSX section.
2. Download this to your computer find the .dmg file and open it to acces the installation package.
3. Open the installation package, and click away through the dialogues.
4. Choose the standard installation. (You can choose to do a customized installation and deselect FUSE, but why would you? You need it!)
6. After the installation finishes you can find the program in your Applications folder
Steganography
Steganography is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message, a form of security through obscurity. The word steganography is of Greek origin and means "concealed writing" from the Greek words steganos (στεγανός) meaning "covered or protected", and graphei (γραφή) meaning "writing". The first recorded use of the term was in 1499 by Johannes Trithemius in his Steganographia, a treatise on cryptography and steganography disguised as a book on magic. Generally, messages will appear to be something else: images, articles, shopping lists, or some other covertext and, classically, the hidden message may be in invisible ink between the visible lines of a private letter. The advantage of steganography, over cryptography alone, is that messages do not attract attention to themselves. Plainly visible encrypted messages—no matter how unbreakable—will arouse suspicion, and may in themselves be incriminating in countries where encryption is illegal. Therefore, whereas cryptography protects the contents of a message, steganography can be said to protect both messages and communicating parties. Steganography includes the concealment of information within computer files. In digital steganography, electronic communications may include steganographic coding inside of a transport layer, such as a document file, image file, program or protocol. Media files are ideal for steganographic transmission because of their large size. As a simple example, a sender might start with an innocuous image file and adjust the color of every 100th pixel to correspond to a letter in the alphabet, a change so subtle that someone not specifically looking for it is unlikely to notice it.
Techniques
Physical Steganography has been widely used, including in recent historical times and the present day. Possible permutations are endless and known examples include:
Hidden messages within wax tablets — in ancient Greece, people wrote messages on the wood, then covered it with wax upon which an innocent covering message was written. Hidden messages on messenger's body — also used in ancient Greece. Herodotus tells the story of a message tattooed on the shaved head of a slave of Histiaeus, hidden by the hair that afterwards grew over it, and exposed by shaving the head again. The message allegedly carried a warning to Greece about Persian invasion plans. This method has obvious drawbacks, such as delayed transmission while waiting for the slave's hair to grow, and the restrictions on the number and size of messages that can be encoded on one person's scalp.
During World War II, the French Resistance sent some messages written on the backs of couriers using invisible ink. http://en.wikipedia.org/wiki/Invisible_ink Hidden messages on paper written in secret inks, under other messages or on the blank parts of other messages. Messages written in Morse code on knitting yarn and then knitted into a piece of clothing worn by a courier. Messages written on envelopes in the area covered by postage stamps. During and after World War II, espionage agents used photographically produced microdots to send information back and forth. Microdots were typically minute, approximately less than the size of the period produced by a typewriter. World War II microdots needed to be embedded in the paper and covered with an adhesive, such as collodion. This was reflective and thus detectable by viewing against glancing light. Alternative techniques included inserting microdots into slits cut into the edge of post cards. http://en.wikipedia.org/wiki/Microdot During World War II, a spy for Japan in New York City, Velvalee Dickinson, sent information to accommodation addresses in neutral South America. She was a dealer in dolls, and her letters discussed the quantity and type of doll to ship. The stegotext was the doll orders, while the concealed "plaintext" was itself encoded and gave information about ship movements, etc. Her case became somewhat famous and she became known as the Doll Woman. Cold War counter-propaganda. In 1968, crew members of the USS Pueblo intelligence ship held as prisoners by North Korea, communicated in sign language during staged photo opportunities, informing the United States they were not defectors, but rather were being held captive by the North Koreans. In other photos presented to the U.S., crew members gave "the finger" to the unsuspecting North Koreans, in an attempt to discredit photos that showed them smiling and comfortable.
Digital Modern steganography entered the world in 1985 with the advent of the personal computer being applied to classical steganography problems. Development following that was slow, but has since taken off, going by the number of "stego" programs available:
Concealing messages within the lowest bits of noisy images or sound files. Concealing data within encrypted data or within random data. The data to be concealed is first encrypted before being used to overwrite part of a much larger block of encrypted data or a block of random data (an unbreakable cipher like the one-time pad generates ciphertexts that look perfectly random if you do not have the private key). Chaffing and winnowing: http://en.wikipedia.org/wiki/Chaffing_and_winnowing
Mimic functions convert one file to have the statistical profile of another. This can thwart statistical methods that help brute-force attacks identify the right solution in a ciphertextonly attack: http://en.wikipedia.org/wiki/Ciphertext-only_attack Concealed messages in tampered executable files, exploiting redundancy in the targeted instruction set. http://en.wikipedia.org/wiki/Instruction_set Pictures embedded in video material (optionally played at slower or faster speed). Injecting imperceptible delays to packets sent over the network from the keyboard. Delays in keypresses in some applications (telnet or remote desktop software) can mean a delay in packets, and the delays in the packets can be used to encode data. Changing the order of elements in a set. Content-Aware Steganography hides information in the semantics a human user assigns to a datagram. These systems offer security against a non-human adversary/warden. Blog-Steganography. Messages are fractionalized and the (encrypted) pieces are added as comments of orphaned web-logs (or pin boards on social network platforms). In this case the selection of blogs is the symmetric key that sender and recipient are using; the carrier of the hidden message is the whole blogosphere: http://en.wikipedia.org/wiki/Blogosphere Modifying the echo of a sound file (Echo Steganography). Secure Steganography for Audio Signals. Image bit-plane complexity segmentation steganography: http://en.wikipedia.org/wiki/BPCS-Steganography
Network All information hiding techniques that may be used to exchange steganograms in telecommunication networks can be classified under the general term of network steganography. This nomenclature was originally introduced by Krzysztof Szczypiorski in 2003. Contrary to the typical steganographic methods which utilize digital media (images, audio and video files) as a cover for hidden data, network steganography utilizes communication protocols' control elements and their basic intrinsic functionality. As a result, such methods are harder to detect and eliminate. Typical network steganography methods involve modification of the properties of a single network protocol. Such modification can be applied to the PDU (Protocol Data Unit),to the time relations between the exchanged PDUs,or both (hybrid methods). Moreover, it is feasible to utilize the relation between two or more different network protocols to enable secret communication. These applications fall under the term inter-protocol steganography. Network steganography covers a broad spectrum of techniques, which include, among others:
Steganophony - the concealment of messages in Voice-over-IP conversations, e.g. the employment of delayed or corrupted packets that would normally be ignored by the receiver (this method is called LACK - Lost Audio Packets Steganography), or, alternatively, hiding information in unused header fields.
WLAN Steganography – the utilization of methods that may be exercised to transmit steganograms in Wireless Local Area Networks. A practical example of WLAN Steganography is the HICCUPS system (Hidden Communication System for Corrupted Networks)
Printed Digital steganography output may be in the form of printed documents. A message, the plaintext: http://en.wikipedia.org/wiki/Plaintext , may be first encrypted by traditional means, producing a ciphertext: http://en.wikipedia.org/wiki/Ciphertext . Then, an innocuous covertext is modified in some way so as to contain the ciphertext, resulting in the stegotext. For example, the letter size, spacing, typeface: http://en.wikipedia.org/wiki/Typeface , or other characteristics of a covertext can be manipulated to carry the hidden message. Only a recipient who knows the technique used can recover the message and then decrypt it. Francis Bacon developed Bacon's cipher as such a technique. The ciphertext produced by most digital steganography methods, however, is not printable. Traditional digital methods rely on perturbing noise in the channel file to hide the message, as such, the channel file must be transmitted to the recipient with no additional noise from the transmission. Printing introduces much noise in the ciphertext, generally rendering the message unrecoverable. There are techniques that address this limitation, one notable example is ASCII Art Steganography. Audio In steganography, the message used to hide the secret message is called the host message or cover message. Once the contents of the host message or cover message are modified, the resultant message is known as a stego message. In other words, a stego message is a combination of a host message and a secret message. Audio steganography requires a text or audio secret message to be embedded within a cover audio message. Due to availability of redundancy, the cover audio message before steganography and the stego message after steganography remains the same. Text Steganography can be applied to different types of media including text, audio, image, video, etc. However, text steganography is considered to be the most difficult kind of steganography due to the lack of redundancy in text as compared to image or audio. However, it requires less memory and provides for simpler communication. One method that could be used for text steganography is data compression. Data compression encodes information in one representation, into another representation. The new representation of data is smaller in size. One of the possible schemes to achieve data compression is Huffman coding. Huffman coding assigns smaller length codewords to more frequently occurring source symbols and longer length codewords to less frequently occurring source symbols.
Unicode steganоgraphy uses lookalike characters of the usual ASCII set to look normal, while really carrying extra bits of information. If the text is displayed correctly, there should be no visual difference from ordinary text. Some systems, however, may display the fonts differently, and the extra information would be easily spotted. Using Sudoku puzzles This is the art of concealing data in an image using Sudoku which is used like a key to hide the data within an image. Steganography using sudoku puzzles has as many keys as there are . This is equivalent to around 70 possible solutions of a Sudoku puzzle, which is bits, making it much stronger than the DES method which uses a 56 bit key
Application Note: Steganography is used by some modern printers, including HP and Xerox brand color laser printers. Tiny yellow dots are added to each page. The dots are barely visible and contain encoded printer serial numbers, as well as date and time stamps. Example from modern practice The larger the cover message is (in data content terms—number of bits) relative to the hidden message, the easier it is to hide the latter. For this reason, digital pictures (which contain large amounts of data) are used to hide messages on the Internet and on other communication media. It is not clear how commonly this is actually done. For example: a 24-bit bitmap will have 8 bits representing each of the three color values (red, green, and blue) at each pixel. If we consider just the blue there will be 2 8 different values of blue. The difference between 11111111 and 11111110 in the value for blue intensity is likely to be undetectable by the human eye. Therefore, the least significant bit can be used (more or less undetectably) for something else other than color information. If we do it with the green and the red as well we can get one letter of ASCII text for every three pixels. Stated somewhat more formally, the objective for making steganographic encoding difficult to detect is to ensure that the changes to the carrier (the original signal) due to the injection of the payload (the signal to covertly embed) are visually (and ideally, statistically) negligible; that is to say, the changes are indistinguishable from the noise floor of the carrier. Any medium can be a carrier, but media with a large amount of redundant or compressible information are better suited. From an information theoretical point of view, this means that the channel must have more capacity than the "surface" signal requires; that is, there must be redundancy. For a digital image, this may be noise from the imaging element; for digital audio, it may be noise from recording techniques or amplification equipment. In general, electronics that digitize an analog signal suffer from several noise sources such as thermal noise, flicker noise, and shot noise. This noise
provides enough variation in the captured digital information that it can be exploited as a noise cover for hidden data. In addition, lossy compression schemes (such as JPEG) always introduce some error into the decompressed data; it is possible to exploit this for steganographic use as well. Steganography can be used for digital watermarking: http://en.wikipedia.org/wiki/Digital_watermark , where a message (being simply an identifier) is hidden in an image so that its source can be tracked or verified (for example, Coded AntiPiracy), or even just to identify an image (as in the EURion constellation).
Using by terrorists The Federal Plan for Cyber Security and Information Assurance Research and Development, published in April 2006 makes the following statements:
"...immediate concerns also include the use of cyberspace for covert communications, particularly by terrorists but also by foreign intelligence services; espionage against sensitive but poorly defended data in government and industry systems; subversion by insiders, including vendors and contractors; criminal activity, primarily involving fraud and theft of financial or identity information, by hackers and organized crime groups..." (p. 9–10) "International interest in R&D for steganography technologies and their commercialization and application has exploded in recent years. These technologies pose a potential threat to national security. Because steganography secretly embeds additional, and nearly undetectable, information content in digital products, the potential for covert dissemination of malicious software, mobile code, or information is great." (p. 41–42) "The threat posed by steganography has been documented in numerous intelligence reports." (p. 42)
Moreover, an online "terrorist training manual", the "Technical Mujahid, a Training Manual for Jihadis" contained a section entitled "Covert Communications and Hiding Secrets Inside Images. By early 2002, a Cranfield University MSc thesis developed the first practical implementation of an online real-time Counter Terrorist Steganography Search Engine. This was designed to detect the most likely image steganography in transit and thereby provide UK Ministry of Defence Intelligence Staff a realistic approach to "narrowing the field", suggesting that interception capacity was never the difficulty but rather prioritising the target media. Despite this, there are no publicly reported instances of terrorists using computer steganography. Al Qaeda's use of steganography is somewhat simpler: In 2008 a British man, Rangzieb Ahmed, was alleged to have a contact book with Al-Qaeda telephone numbers, written in invisible ink. He was convicted of terrorism.
It is claimed that In 2010, the Federal Bureau of Investigation revealed that the Russian foreign intelligence service uses customized steganography software for embedding encrypted text messages inside image files for certain communications with "illegal agents" (agents under nondiplomatic cover) stationed abroad . Note: although along with growing Steganography technologies, many monitoring software are invented, but to overcome them is possible by mixing modern and old Steganography techniques.
In practice Steganography applications conceal information in other, seemingly innocent media. Steganographic results may masquerade as other file for data types, be concealed within various media, or even hidden in network traffic or disk space. We are only limited by our imagination in the many ways information and data can be exploited to conceal additional information. The following provides a list of stegangraphy and related products. NOTE: Some of the programs listed here contain strong encryption components, and the export of them from the US is restricted by the EAR regulations.
1. Blindside by John Collomosse. http://www.blindside.co.uk/
Last
known
addresses:
[email protected]
2. BMP Secrets by Parallel Worlds. Parallel Worlds is a company based in Kiev, capital of Ukraine. Tel.: +380 (44) 442 6077 Tel./Fax.: +380 (44) 442 0516 Pager: +380 (44) 461 0146 ab# 100252 GSM SMS: [email protected] e-mail: [email protected] · General Information: [email protected] · Services: [email protected] · Customer and Product Support: [email protected] · Products Sales: [email protected] · Web design: [email protected] · Other questions: [email protected] Visit Parallel Worlds page at http://www.pworlds.com Visit our steganography page at http://www.pworlds.com/techn/steganography.phtml Visit BMP Secrets page at http://www.pworlds.com/products/bmp-secrets.phtml http://www.pworlds.com 3. BMPEmbed v1.54 (DEMO) Data Embed by Brook Sandford and Ted Handel (LANL.gov) IMAGES: (BMP ) 4. BMPTable v2.16 (DEMO) Data Embed by Brook Sandford and Ted Handel (LANL.gov) Brook Sandford [email protected] Ted Handel [email protected] IMAGES: (BMP ) 5. Camouflage 2.0 by Frederic Peters. Last known contact information for the author: Frédéric Péters, rue Chantraine, 38 4420 Montegnée Belgique e-mail :
[email protected] [email protected] IMAGES: (TGA (24-bit uncompressed, 640x480, minimum of 921618 bytes). Author recommends using PNG. ) 6. Contraband Hell Edition (CHE) by Julius B. Thyssen & Hens Zimmerman of Immortalware / JTHZ Productions based in Amsterdam, The Netherlands. Last known urls: http://come.to/us or http://www.jthz.com/puter/ CHE runs on Win9x and process 24bit BMP images 7. Contraband, Contraband 9g by Julius B. Thyssen & Hens Zimmerman of Immortalware / JTHZ Productions based in Amsterdam, The Netherlands. Last known urls: http://come.to/us or http://www.jthz.com/puter/ CHE runs on Win9x and process 24-bit BMP images 8. Courier v1.0 by Kelce Wilson. Last known address: http://pages.prodigy.net/robyn.wilson/ runs on Win32 systems and embeds in IMAGES: (BMP (24-bit - will convert lower resolutions to 24-bit) ) 9. Covert.tcp C source code for Covert Channels in the TCP/IP Protocol Suite by Craig H. d Rowland. Published in f،®sT - moٌ @¥ (First Monday), Vol.2 No.5 - 5 May 1997. The article and source code are available from http://www.firstmonday.dk/issues/issue2_5/rowland/ 10. Data Stash v1.1, v1.1a Lim, Chooi Guan Previous addresses: [email protected] http://www.skyjuicesoftware.com/software/ds_info.html Claims to embed in the following media: IMAGES: (any binary ) AUDIO: (any binary ) TEXT: (yes, but suggest avoiding ) FILE/DISK: (any binary ) OTHER: (any binary ) 11. dc-Steganograph The application is also known as: DC-Stego and DiSi-Steganograph. A DOS program that hides data in 320x200 256 color PCX-files. Author's last known address: http://members.tripod.com/~Nikola_Injac/stegano/ 12. DCT-Steg (aka DCT-Jpeg) by Stefan Katzenbeisser embeds in JPEG images by manipulating the DCT coefficients 13. Digital Picture Envelope by the Digital Picture Enveloping Research Group. Product is based on the BPCS Steganography research. Previous addresses: [email protected] http://www.know.comp.kyutech.ac.jp/BPCSe/Dpenve/DPENVe-home.html The application runs on Win32. IMAGES: (BMP (adaptive) ) 14. Diskhide by MTC Medincom (Russia). DOS application that hides data on disks 15. Dmagic by ذerek de Oliveira (Russia) Previous addresses: [email protected] and [email protected] Hides files and folders on Windows systems 16. DPT (Data Privacy Tool) by Bernard Last known URL: http://www.xs4all.nl/~bernard/home_e.html Hides in BMP images. The author recommends 24-bit BMPs
17. EasyPrivacy Pro v2.1.1 by D4F Corp Last known addresses: Landstrasse 25, 9490 Vaduz, Liechtenstein ( Europe ) [email protected] or [email protected] http://www.digi4fun.com/EasyPrivacy.html The application runs on Win32 systems and embeds in BMP images 18. EIKONAmark by I. Pitas is now a series of watermarking products that embed in a variety of media types. The original EIKONAmark processed images: (input: BMP, JPG, TIF, TGA, GIF output: TIF, TGA, JPG) 19. Empty Pic by Robert Wallingford. Previous addresses: [email protected], [email protected], and [email protected] URL: http://www.crtelco.com/~robertw/ Empty Pic is a command line tool for Windows that "hides" a GIF image by replacing the palette with a single color. The original may be restored with the software. 20. Encrypt Pic by Fredric Collin. Previous addresses: [email protected], http://members.nbci.com/_XMCM/fredc/index2.html http://members.nbci.com/_XMCM/fredc/encryptpic.html http://members.xoom.com/fredc/encryptpic.html The application runs on Win32 systems. Data is embedded in BMP images. 21. Encrypted Magic Folders (EMF) (also Magic Folders) by PC Magic Software Addresses: [email protected] http://www.pc-magic.com/ This application hides and encrypts files and folders 22. EzStego by Romana Machado, author of Stego1a2 for the Mac. EzStego is "steganography made easy" - previously available at http://www.stego.com. EzStego is an implementation of Stego in Java. Stego is available at http://www.nic.funet.fi/pub/crypt/steganography/ 23. F5 by Andreas Westfeld (Dresden, Germany) Previous addresses: [email protected] http://www.inf.tu-dresden.de/~aw4 The application hides in JPEG images by manipulating the DCT coefficients 24. FatMacPGP 2.6.3 Previous address: http://www.math.ohio-state.edu/~fiedorow/PGP This application is for MAC computers 25. FFEncode Hides data in a Morse code of null characters. The file maybe downloaded from http://www.rugeley.demon.co.uk/security/encrypt.htm (UK). 26. Folder Guard Jr. (also see Folder Guard) by WinAbility (Andrei Belogortseff). Previous address: WinAbility, P.O.Box 5534 Buffalo Grove, IL 60089-5534 U.S.A. http://www.winability.com WIN: (9x/Me/NT/2000 ) FILE/DISK: (hide files & folders ) 27. Folder Guard by WinAbility (Andrei Belogortseff). WinAbility? P.O.Box 5534 Buffalo Grove, IL 60089-5534 U.S.A. http://www.winability.com This product has more features than Folder Guard Jr. WIN: (Win 9x/Me/@K/XP/Vista ) FILE/DISK: (hide files & folders )
28. Ghost Host by Kelce Wilson. Previous address: http://pages.prodigy.net/robyn.wilson/ WIN: (Win ) FILE/DISK: (Hides (appends) "ghost" files at the end for other files. ) 29. Gif-It-Up by Lee Nelson. Win32 application that hides in GIF images. 30. Gifshuffle by Matthew Kwan (Darkside Technologies) - Australia. Previous addresses: [email protected] http://www.darkside.com.au/gifshuffle/ WIN: (Win (DOS) ) IMAGES: (GIF (palette manipulation) ) 31. Giovanni by BlueSpike, Inc (Scott Moskowitz). http://www.bluespike.com Bluespike offers watermarking products for various media formats 32. Gzsteg by Andy Brown and Ken Pizzini hides in GZ compressed files and is available at http://www.nic.funet.fi/pub/crypt/steganography/ 33. Hermetic Stego by Peter Meyer, Hermetic Systems This program is capable of hiding in a BMP image or across multiple BMP images. More information and download from http://www.hermetic.ch/hst/hst.htm 34. Hidden by Evgeny Vasjuk Previous addresses: [email protected] [email protected] http://www.bashnet.ru/~evgenyww/ FILE/DISK: (hide files and folders ) 35. Hide and Seek by Colin Maroney Hide and Seek 4.1 http://www.nic.funet.fi/pub/crypt/steganography/ (Finland) and Hide and Seek 5.0 is significant update to hideseek v4.1 which includes a lot of new features. Available at www.rugeley.demon.co.uk (UK) Hide and Seek for Windows 95 is also available 36. Hide In Picture by Davi Tassinari de Figueiredo. Previous addresses: [email protected] http://www.brasil.terravista.pt/Jenipabu/2571 PORTUGAL http://www.brasil.terravista.pt/Jenipabu/2571/e_hip.htm WIN: (9x/Win32) IMAGES: (BMP ) 37. Hide Unhide (Hide) by GRYPHON Microproducts (no longer exists). Previous address: PO BOX 10087, Silver Spring, MD 20914, USA DOS command line IMAGES: (TIFF) 38. Hide by Toby Sharp. Previous addresses: Secret Software [email protected] http://www.geocities.com/toby.sharp/hidev2.zip WIN32 IMAGES: (24-bit color, 8-bit grayscale ) 39. Hide4PGP by Heinz Repp hides data in BMP, WAV, and VOC files. Available from the author's website: http://www.heinz-repp.onlinehome.de/Hide4PGP.htm (Germany) 40. Hideme (Hide Me) for Windows (encryption tool) by Terry Mechan Olympic Communications Previous address: [email protected] http://www.fis.lv/olympic Hides files & directories by encrypting them and placing them in a "hide me" file
41. In Plain View (IPV) by 9-Yards Computing. Previous addresses: [email protected] http://www.9-Yards.com Win32 IMAGES: (BMP (24-bit) ) 42. InThePicture (ITP) 2.01, 2.02 by INTAR Technologies. Previous addresses: 23 Sapphire Drive Barons Wood Royal Leamington Spa Warwickshire, CV31 3LB ENGLAND Administrative Contact, Billing Contact: Hogg, Ash (AH2184) [email protected] Intar Technologies Limited 12 Penfold Close Bishops Tachbrook Leamington Spa CV33 9SF UK +44-(0)1926-426621 (FAX) +44-(0)1926-426621 http://www.intar.com/ITP/itpinfo.htm WIN: (9x ) IMAGES: (BMP (4-bit, 8-bit, 24-bit) ) 43. Invisible Encryption by Bernd Binder Fractal Iteration of Information (FITIN) Germany http://www.fitin.com (down for some time) Written in JAva IMAGES: (GIF ) 44. Invisible Files 2000 (IF2000), Pro v5.0 (IF2000 Pro) by ANNA Ltd. Previous addresses: [email protected] Technical Support: [email protected] Any other questions: [email protected] FAX: (508) 355-8507 http://www.softsecurity.com WIN: (9x ) FILE/DISK: (hides files and folders ) 45. Invisible Secrets (numberous versions - also marketed as 1-2-Free Steganography) originally by NeoByte? Solutions. Headquarters: Aleea Rogerius 12 Bloc H1, Ap. 11 Oradea Romania Previous addresses: Corporate WWW: http://www.neobytesolutions.com Invisible Secrets homepage : http://www.invisiblesecrets.com WIN: Win32 Claims to hide in: IMAGES: (BMP, PNG, JPG) AUDIO: (WAV) TEXT: (HTML) 46. jpeg-jsteg DOS hides information in the DCT coefficients of JPEG's JFIF image format. FTP-Server: http://www.nic.funet.fi/pub/crypt/steganography/ (Finland) 47. JPHS (aka JPHide JPSeek, JP hide and seek) by Allan Latham Previous address: http://linux01.gwdg.de/~alatham/stego.html Windows Command line and linux versions IMAGES: (JPG ) 48. JPHSWin by Allan Latham. A Windows OS graphical implementation of JPHS. WIN: (9x ) IMAGES: (JPG ) 49. Jsteg Shell by John Korejwa Previous address: http://www.tiac.net/users/korejwa/jsteg.htm GUI front end for jpeg-jsteg. WIN: (9x/NT ) IMAGES: ( JPG - LSB of DCT coefficients ) 50. Magic Folders (MF) (also see Encrypted Magic Folders) by RSE Software Inc.(PC Magic Software). http://www.pc-magic.com/ FILE/DISK: (Hide files and folders ) 51. Makes Files Invisible (MFI) by PC Magic Software Previous address: MFI Registration 1157 57th Drive SE Auburn, WA 98092 (253) 939-4105 http://pc-magic.com WIN: (3.x/9x ) FILE/DISK: (hide files ) 52. Mandelsteg by Henry Hastur DOS Command line product. Generates GIF images of Mandelbrot Fractal graphics for hiding data.
53. Mimic by Peter Wayner. Generates text using context free grammar 54. MP3Stego, MP3Stego_GUI by Fabien Petitcolas. http://www.petitcolas.net/fabien/steganography/mp3stego/index.html AUDIO: (MP3 ) 55. MP3Stegz, by Achmad Zaenuri claims to hide a file (of any type) inside mp3 without changing it's size and sound quality. http://achmadz.blogspot.com/2008/05/hide-any-fileinside-mp3-file.html AUDIO: (MP3 ) 56. Nicetext by George Davida and Mark T. Chapman Previous addresses: [email protected] http://www.nicetext.com/ http://www.ctgi.net/nicetext/ Pseudo-random text-based stego using context-free grammer and customizable dictionaries 57. Outguess by Niels Provos http://www.outguess.org/ Another tool for hiding in DCT coefficients of JPEG images. 58. Paranoid by Nathan Mariels. Paranoid is primarily an encryption program that allows you to encrypt files with IDEA, triple DES, and an algorithm written by the author Nathan Mariels. It is a steganography program in that it allows you to hide files in sounds. FTP-Server: ftp://ftp.hacktic.nl/pub/crypto/macintosh/ (The Netherlands) 59. PGE - Pretty Good Envelope Hides data file into a GIF or JPG file of any size or resolution using a very simple method of appending the message to the file, and then appending a 4 byte little endian number which points to the start of the message. The encryption used is considered "weak" by the author, using another encryption method prior to applying PGE is recommended. Download from Version 1.0 (includes encryption) http://www.rugeley.demon.co.uk/security/encrypt.htm (UK) or version 2.0 (does not include encryption)http://www.afn.org/~afn21533/rgdprogs.htm (US). Stealth by Timo Rinne and Cirion oy Available 60. PGM http://www.nic.funet.fi/pub/crypt/steganography/ (Finland) IMAGES: (PGM ) at
61. PGPn123 A Windows front-end to PGP, which will hide a text file inside text. Basically a PGP shell tool that also includes a steganography option. Two versions are available: pn123-05.zip (freeware) and an enhanced version pn123e18.zip (shareware). Both may be available at http://www.stegoarchive.com (US) 62. PicSecret by Andrew Lee (Cortic Software). PicSecret allows users to hide text messages in images. Available for Mac OS X (free) and as a web-interface online at http://www.picsecret.com 63. PIILO, PILO by Tuomas Aura (now with Microsoft Research). Hides in PGM images 64. PixelTag by Joshua Smith and Barrett Comiskey (previously with MIT Media Lab). Previous address: http://www.media.mit.edu/pixeltag 65. Puff v1.01, 2.00 and OpenPuff v2.00, v3.01 by Cosimo Oliboni (Italy): Puff/OpenPuff is a significant rewrite and uses multiple encryption algorithms. Puff 2.X is not compatible
with v 1.01. Due to a cryptography rewrite, v3.X is not compatible with v2.X. V3.00 was removed due to a bug in the unhiding routine - this is fixed in v3.01. Carriers for steganogrphic content includes: Images: (BMP, JPG, PCX, PNG, TGA), Audio: (AIFF, MP3, NEXT/SUN, WAV), Video: (3GP, FLV, MP4, MPG, SWF, VOB) in unused space, Files: (WIN PE MODULES). http://members.fortunecity.it/blackvisionit/PUFFV200.HTM 66. S-Mail by Security Software Development (SSD) Ltd. Previous addresses: Nassau BAHAMAS http://www.ssdltd.com http://www.privacysoftware.com/ Versions for DOS 5.0+ and Win32 Hides in EXE and DLL files 67. S-Tools by Andrew Brown - S-Tools hides in a variety of cover media. This software is a good illustration of different versions hiding in different media. These versions cover hiding in BMP, GIF, WAV, and even on unused floppy disk space. Download: S-Tools 1.0 S-Tools 2.0 S-Tools 3.0 S-Tools 4.0 FTP-Server: ftp://ftp.funet.fi/pub/crypt/mirrors/idea.sec.dsi.unimi.it/code/ (Finland) 68. Safer v2.0 (kill v1.2, unkill v2.0) by C. Petermann (CpH). Versions available for DOS 5.0+, OpenDOS, Win32, and Amiga operating sytems Hides data on floppies 69. SandMark watermarking software by Christian Collberg and Gregg Townsend. Previous address: http://www.cs.arizona.edu/sandmark/ Unix/Linux: ( ) Watermarks Java code 70. ScramDisk by Anonymous (AMAN) Author of the program wishes to remain anonymous. ScramDisk support could once be obtained through the alt.security.scramdisk newsgroup. The author uses the pseudonym AMAN. Information about Scramdisk is hosted by Sam Simpson. ([email protected]) Previous address: http://www.scramdisk.clara.net/ Several products have been derived from Scramdisk. A sourceforge project is also avilable providing Scramdisk 4 Linux (SD4L) based on this product. Win32 AUDIO: (WAV ) 71. Scytale by Patrick Buseine is a Windows PGP interface that includes an option to hide data in .PCX files. Previous website http://scytale.rever.fr/main.html (France) 72. SGPO (SteganoGifPaletteOrder) by David Glaude and Didier Barzin. Previous contact information: David GLAUDE: [email protected] http://www.geocities.com/SiliconValley/Heights/2099/index.htm. Didier BARZIN: [email protected] http://student.ulb.ac.be/~dbarzin/. Written in Java IMAGES: (GIF (palette) ) 73. SilentEye by Anselme Chorein. SilentEye is a cross-platform application with binaries and source code available for Windows and Linux with MAC OSX version coming soon. Steganographic processing supports BMP images and WAV audio files. http://www.silenteye.org. 74. Snow (also variants include !SnowDOS, SnowJava, JSnow By Matthew Kwan is available in both DOS and JAVA executable formats. "snow exploits the steganographic nature of whitespace. Locating trailing whitespace in text is like finding a polar bear in a
snowstorm. And it uses the ICE encryption algorithm, so the name is thematically consistent." Information and software is available at http://www.darkside.com.au/snow/index.html (Australia) 75. Snowdisk by Scott G. Miller. Previous address: [email protected] Linux software for hiding on unused diskspace. Fills the disk space with the encrypted contents of and random data. 76. Spam Mimic (spammimic) by David Mckellar. See: http://www.spammimic.com/ for more information Generates spam-like text and fake PGP blocks to hide data 77. Spyder by Lucas (Luke) Natraj. Command line tool IMAGES: (BMP 8-bit ) 78. Stash (Stash-It) by Chris Losinger, Smaller Animals Software, Inc. Previous Contact information: Administrative Contact, Billing Contact: Losinger, Chris (CL4280) [email protected] Smaller Animals Software, Inc. 8701 Walkelin Ct Raleigh, NC 27615 919-844-7951 (FAX) 9198447951 http://www.smalleranimals.com Win32 IMAGES: (256-color PCX, BMP / 24-bit BMP, TIFF, PNG, PCX) 79. Stealth A PGP tool for steganography which strips any standard headers off of a PGP encrypted message to make the result look like random noise. Download from Adam Back's site http://cypherspace.org/adam/stealth/ (UK) Version 2.01b is avilable at ftp://ftp.hacktic.nl/pub/crypto/steganographic/ (The Netherlands) Versions are also available at: http://www.nic.funet.fi/pub/crypt/steganography/ (Finland) 80. Stealthencrypt Internet Security Suite by Herb Kraft or Amy Seeberger, Sublimated Software. Previous contact information: 703 Pier Avenue B330 Hermosa Beach, CA 90254 http://www.stealthencrypt.com/ Windows IMAGES: (BMP, TIF ) 81. Stegano (also WinStegano and steg_win) by Thomas Biel DOS and Windows applications for hiding data in BMP images 82. Steganos - Steganos Security Suite by Fabian Hansmann (Steganos.com) hides data in BMP, VOC, WAV and ASCII files. See http://www.steganos.com for the latest information. (Germany) Earlier versions of steganos are available at: ftp://ftp.funet.fi/pub/crypt/mirrors/idea.sec.dsi.unimi.it/code/ (Finland) Steganos 1.4 is a small DOS program Steganos for Windows 95 is an upgrade version 1.4 The Steganos Security Suite was introduced in version 2.0 Version 3r5 is avilable at ftp://ftp.hacktic.nl/pub/crypto/steganographic/ (The Netherlands) 83. StegFS (Steganographic File System) by Andrew D. McDonald. Previous addresses: http://www.mcdonald.org.uk/andrew/ http://ban.joh.cam.ac.uk/~adm36/StegFS Linux 84. Steghide by Stefan Hetzl. http://steghide.sourceforge.net/ Source code is aviailable and several ports are available for different operating systems. IMAGES: (BMP) AUDIO: (WAV, AU )
85. StegMark (also StegComm and StegSign) by DataMark Technologies (Singapore). Contact information: DataMark Technologies Pte Ltd Suite 106, Innovation Centre, Block 1, 16 Nanyang Drive Republic of Singapore 637722 Tel: (65)-793-7725 (65)-7937726 Fax: (65)-793-7790 Email: [email protected] http://www.datamarktech.com/index.htm Claims to embed in multiple file formats and media types IMAGES: (BMP, JPG, GIF, TGA, TIFF, PNG ) AUDIO: (MIDI, WAV, AVI, MPEG ) 86. Stego - Steganosaurus, Stegosaurus by John Walker - Text-based steganography program to send encrypted messages and files. For more information and syntax see: http://www.fourmilab.ch/nav/topics/crypto.html (Switzerland) public domain. 87. Stego (Stego v1.0a2) by Romana Machado is a steganography tool that enables you to embed data in Macintosh PICT format files, without changing the appearance or size of the PICT file. Thus, Stego can be used as an "envelope" to hide a previously encrypted data file in a PICT file, making it much less likely to be detected. Available at: http://www.nic.funet.fi/pub/crypt/steganography/(Italy) and ftp://ftp.hacktic.nl/pub/crypto/macintosh/ (The Netherlands) 88. Stegodos also known as Black Wolf's Picture Encoder by Black Wolf. This is a command line tool (actually several) that hide in 256-color screen captures. The screen captures are 320x200. Available at http://www.nic.funet.fi/pub/crypt/steganography/ (Finland) and ftp://idea.sec.dsi.unimi.it/security/crypt/cypherpunks/steganography/ (Italy) 89. Stegotif by Giovambattista Pulcini. Previous addresses: http://www.verrando.com/pulcini http://www.geocities.com/SiliconValley/9210 Win32 command line IMAGES: (TIFF, TGA (LSB 24-bit RGB) ) 90. Stegowav by Giovambattista Pulcini Previous addresses: http://www.verrando.com/pulcini http://www.geocities.com/SiliconValley/9210 Command line tool (WinDOS) AUDIO: (RIFF (8/16 bits) PCM wave (.WAV) ) 91. Stegowav by Peter Heist. Previous addresses: [email protected] and [email protected] Java code AUDIO: (Microsoft WAV ) 92. StegParty by Steven E. Hugg. Previous Contact Info: Hamco Software (COMETBUSTERS-DOM) 1249 Turkey Point Rd Edgewater, MD 21037 USS Previous e-mail [email protected] http://www.cometbusters.com/hugg/projects/stegparty.html Unix/Linux Generates text to hide data (not random gibberish) 93. Stext by Ulrich Kuehn. Previous address: [email protected] Command line application that generates text to hide information 94. SubiText also TextSign Watermark by Compris.com Previous contact information: Compris.com Opelstr. 10 D-67661 Kaiserslautern-Siegelbach Germany phone: (+49) 06301 - 703340 fax: (+49) 06301 - 703119 E-Mail:mailto:[email protected] http://www.textsign.com/
95. Suresign (Signum) by Signum Technologies http://www.signumtech.com Windows and MAC versions of the watermarking application. Claims: IMAGES: (Invisible watermark and visible logo with Photoshop Plug-in ) AUDIO: (WAV files with the Cool Edit Audio Plug-in ) 96. SysCop by MediaSec Technologies LLC Previous contact information: MediaSec Technologies LLC 321 South Main Street, Suite 2 Providence, RI 02903 USA Tel: (401) 453 6363 x 108 Fax: (401) 453 0444 Email: [email protected] http://www.mediasec.com Digital watermarking products for for Windows, Mac, and Linux Carriers: Images, MPEG-1, MPEG-2 97. Textego by Chirs Huson. Previouis address: http://www.soltec.net/~huson/ TEXT: substituion cipher that makes text files look like a cross between mad libs and bad poetry 98. TextHide (see SubiText) 99. Texto Texto by Kevin Maher is a text steganography program which transforms uuencoded or PGP ascii-armoured ascii data into English sentences. Texto text files look like something between mad libs and bad poetry, (although they do sometimes contain deep cosmic truths) and should be close enough to normal english to get past simpleminded mail scanners. FTP-Server: http://www.nic.funet.fi/pub/crypt/steganography/ (Finland) 100. Virtual Steganographic Laboratory (VSL) by Michal Wegrzyn is a graphical block diagramming tool that allows complex using, testing and adjusting of methods both for image steganography and steganalysis. VSL provides friendly GUI along with modular, plug-in architecture. Available at Sourceforge: http://sourceforge.net/projects/vsl/ 101. VisualCrypto (Visual Cryptography) by Jouko Holopainen . Previous contact information: Purjehtijantie 4 A 10 FIN-90560 Oulu FINLAND [email protected] as of 1996-05-14 Versions for Windows, MAc, and Linux IMAGES: (Input from PGM (B&W) images and output to Postscript (PS). ) 102. Vodka-tonic by lordlsd is a cryptography-steganography hybrid tool. It can hide data into different filetypes and encrypt the information. Available at http://www.astalavista.com/index.php?section=directory&cmd=detail&id=3181 103. wbStego by Werner Bailer is a steganography to hide data in bitmaps, text files and HTML files. Available at http://www.8ung.at/wbailer/wbstego/ (Austria) 104. WitnesSoft No longer available. Used to be offered by Aliroo. WitnesSoft contained DocSec - Invisible, scannable label for organizational document security. PrintAuthentic Invisible, programmable background for official document authentication. SoftProtect Built in marking mechanism for software protection. CopyRight - invisible page marking of for copyright protection of printed intellectual property.
105. Wnstorm - White Noise Storm Wnstorm (White Noise Storm) is a cryptography and steganography software package which you can use to encrypt and hide files within PCX images. Available at http://www.nic.funet.fi/pub/crypt/steganography/ (Finland) 106. Xidie Security Suite Xidie is one of the most complete, innovative and complex application in steganography branch. Offer over 50 carrier types including many new technologies like ADS, Microsoft Office carrier, Registry keys etc. Most of carrier types implemented in Xidie are unique:Tiff and Word, Excel workbooks, Access databases Registry keys, Microsoft console documents, Event log files Cookies, subtitles, dictionary and PDF documents, Alternate data streams and attaching method with multiple files Technical specifications: carrier. Commercial site: http://www.stegano.ro http://web.clicknet.ro/xidie/index.html 107. Z-File (Zfile Camouflage and Encryption System) by INFOSEC Information Security Company, Ltd. (Taiwan) Previous addresses: http://www.in4sec.com (no longer) http://www.infosec.com.tw (no longer) Win32 application IMAGES: (BMP) 108. http://sourceforge.net/projects/camerashy/?_test=b 109. http://wbstego.wbailer.com/
An example: SilentEye SilentEye is a cross-platform application design for an easy use of steganography, in this case hiding messages into pictures or sounds. It provides a pretty nice interface and an easy integration of new steganography algorithm and cryptography process by using a plug-ins system. SilentEye is free to use (under GNU GPL v3). Main Features
Windows Mac OS X Linux
Hide information into images and sounds (LSB) o JPEG o BMP o WAVE Encrypte data o AES128 o AES256 Capacity to hide text or file zlib compression of message Drag & Drop
Architecture Media format and encryption are supported by plug-ins :
Format Plug-in : o Image format plug-ins (ex: BMP, JPEG), which allow you to save informations into output files (ex: .jpeg). o Audio format plug-ins (ex: WAVE), provided output for .wav files Cryptography plug-ins: o Allow application to encrypte data before hidding them (ex: AES 256)
Using this architecture provides easy integration of new steganography algorithm and cryptography process.
Preview
Protect your computer from malware and hackers
No computer is safe against hackers or malicious software, called malware. So what you can do to avoid virus infection
Worms, macroviruses, trojans and backdoors are some of the more well-known viruses. Spread over the Internet, using email, malicious webpages or other means to infect unprotected computers. Others spread through removable media, particularly devices like USB memory sticks. They can also take control of your computer both software and hardware! Antivirus: Avast is a free excellent anti-virus for windows and needs to register once every 14 months, although it is a little big and need more CPU than some other useful program such as Kaspersky or NOD32. In most cases you should use more programs to stop infections, for example NOD32 only detects 70-75% of threats, and so you have to use malware byte or spybot as a supplement. -To avoid crashing your system, don’t run two antivirus programs at the same time. -allow your program to receive updates -Enable your anti-virus -Scan on your computer regularly. -do not open any attachment received from an unknown source. -disable your operating system's 'AutoPlay' feature. Under Windows XP, right-clicking on your CD or DVD drive, selecting Properties and clicking on the AutoPlay tab. For each content type, select the Take no action or Prompt me each time to choose an action options then click OK.
Avast! - Anti-Virus
Avast! is a full-featured anti-virus program that detects and removes malware and viruses from your computer. Although Avast! Is free for non-commercial use on a home or personal computer, your free copy must be registered after installation, otherwise it will expire in 30 days. Registration also ensures that you will automatically receive the latest Avast! And Program versions and virus definitions as they become available. There are two basic parts to dealing with malware and other assorted viruses when using Avast!. The first is scanning your computer to identify such threats. The second involves either deleting or moving such threats to the Avast! Virus Chest. Deleting and/or moving malware and viruses to the Virus Chest effectively prevents them from interacting with different computer systems, for instance, the file system or email programs. it may seem unusual to store such malware or viruses. However, if they have attached themselves to important or sensitive information, you may want to recover or save that infected document, file or program as far as possible. In rare instances, Avast! may misidentify legitimate code or programs as being malware or a virus. Generally referred to as 'false positives', that code or those programs might be important to your system, and you may want to recover them.
A Short Guide to Dealing with Virus Outbreaks There are a number of precautions you can take to limit hostile or malicious threats to your computer system; for instance, avoiding dubious or problematic web sites, or regularly using anti-virus or anti-spyware programs like Avast! or Spybot. However, we also sometimes find ourselves having to share a local-area network (LAN) and/or Internet connection. The following points are offered for consideration when dealing with a virus attack in a community setting or while at work:
Disconnect your computer from the Internet or the local network - physically. If you have a wireless connection, disconnect your computer from the wireless network itself. If possible, switch off and/or remove your wireless card. If your computer is on a network, you should immediately disconnect all computers on that network from the Internet, and then disconnect them from the local network. Every user should stop using the network and begin running Avast! or similar trusted anti-virus software to detect and delete the virus. This may seem like an exhausting process, but it is imperative in maintaining individual system and network integrity. Schedule a boot-time scan for all computers on the network. Write down the names of any viruses that you find, so that you can research them - and then delete them, or move
them to the Avast! Virus Chest. To learn how to perform a boot-time scan, please refer to section 4.6 How to Perform a Boot-time Scan. Even if a virus has been either deleted or repaired, repeat the previous step, and run boottime scans on all computers, until Avast! no longer displays any warning messages. Depending on the severity of the malware or virus attack, you may not have to perform a boot-time scan more than once.
Homepage: www.Avast.com Computer Requirements:
All Windows Versions Although we recommend Avast! Free Antivirus in this chapter, there are other free antimalware programs compatible with Microsoft Windows that are worth recommending as well:
Avira Anti Virus Personal Edition: http://www.free-av.com AVG Anti-Virus: http://free.avg.com
After installing Avast, Click (through MAINTENANCE and Registration menu items) to activate the following two screens in quick succession:
The Free Antivirus Registration screen The Avast! Free Antivirus Registration pops-up window advises you that information is being retrieved. It is followed by another screen warning you that Avast! will expire in 30 days if you do not register your software by then. (It also displays information about commercial software products and promotions currently available.)
The Your Registration Status screen Step 3. Click to activate again, followed by this screen:
The Antivirus Free Registration - Registration Form Note: The Name and Email are the only mandatory text fields. They are identified by asterisks and outlined in small red squares. The other fields are not mandatory in the registration process. Step 4. Type your name and email address into the corresponding text fields, and then click to activate the following screen:
Thank You for Registering pop-up screen Step 5. Click follows: to access the YOUR REGISTRATION pane in the main user interface as
The YOUR REGISTRATION pane registration confirmation You have now completed registering of your copy of Avast!,
To update Avast , Click
to activate the following screen:
The main interface displaying the Maintenance UPDATE pane
The Maintenance UPDATE pane is used to update the program and virus definitions manually. Click to begin updating the engine and virus definitions.
Click after the engine and virus definition process has been completed, to return to the Maintenance UPDATE screen. Updating the Avast! program upgrade follows a similar procedure to updating the engine and virus definitions. Click upgrade process. to start the update process, and start the Program
Click after the program upgrade process has been completed, to return to the Maintenance UPDATE pane.
How to Use the Pop-up Menu to manually update Avast!
The Avast! program upgrade and virus definition updates can be performed through the Avast! pop-up menu. The pop-up menu can be used to directly access the Maintenance UPDATE screen. To manually update the Avast! Engine and virus definitions using the pop-up menu perform the following steps: Step 1. Right click in the System Tray to activate the following pop-up menu:
The Avast! pop-up menu
How to Perform a Boot-time Scan The Avast! boot-time scan lets you perform a full scan of your hard drive before the Microsoft Windows Operating System starts running. At the moment the boot-time scan is performed, the majority of malware programs and viruses are still dormant, that is, they have not had the opportunity to activate themselves, or interact with other system processes yet. As such, they are usually quite easily exposed and removed. The boot-time scan also directly accesses the disk, and bypasses the drivers for the Windows file system, a favourite target of most computer threats. This will display even the most persistent 'rootkits' - the name for a particularly malignant form of malware. It is strongly recommended that you run a boot-time scan even if there is only a remote suspicion that your computer system may be compromised or infected. The Boot-time Scan option is recommended for a complete and thorough scan of your computer system. It may require some time, depending on your computer speed and the amount of data and number of hard drives you may have. The Boot-time Scan is always scheduled for the next time you start your computer.
To scan your system at boot time, perform the following steps: Step 1. Click Step 2. Click computer. Step 3. Click to activate the BOOT-TIME SCAN pane. to schedule a boot-time scan the next time you start your
to start the boot-time scan immediately, if you prefer.
Note: A boot-time scan starts before the operating system and interface are loaded; as such, only a blue screen appears, displaying the progress of the scan as follows:
The Avast! Boot-time scheduled scan Avast! will prompt you for a response every time a virus is detected, and to Delete, Ignore, Move or Repair any or all identified viruses, but it is recommended that you do not ignore them under any circumstances. A list of these commands only appears if a virus is detected on your system.
How to Deal with Viruses
During the Avast! installation process, the Avast! Virus Chest was created on your hard drive. The Virus Chest is simply a folder isolated from the rest of your computer system, and used to store malware and viruses detected during the scan, as well as infected or threatened documents, files or folders. If you have already updated your program upgrade and virus definitions, you will be familiar with the MAINTENANCE tab - which is also how you access the Avast! Virus Chest. To begin dealing with any malware or viruses detected during a scan, perform the following steps:
Step 1. Click
to activate the following screen:
The SCAN RESULTS window displaying THREAT DETECTED! warning Step 2. Click to display the drop-down list of possible actions to be applied to the detected threats as shown in Figure above.
Note: In this exercise, we are concerned with moving infected files to the Virus Chest. However, the drop-down list displays three other options and they are described below: Repair: This action will attempt to repair the infected file. Delete: This action will delete - permanently - the infected file. Do nothing: This action means exactly what it says, and is definitely not recommended for treating potentially harmful malware or virus threats. Step 3. Select the Move to Chest item, and then click screen: to activate the following
The viruses have been moved to the Virus Chest successfully
How to Use the Virus Chest The Avast! Virus Chest is an electronic 'dead zone' or 'quarantine', where you can examine the virus and determine its potential threat by either researching it on the Internet, or submitting it to a virus laboratory - an option available in Avast! when you right-click a virus listed in the Virus Chest. Double clicking a virus in the Virus Chest will not activate or run the malware or virus because the Virus Chest keeps it isolated from the rest of your system. Tip: Alternatively, you can transfer important or sensitive information to the Avast! Virus Chest to keep it safe during a virus attack. You are now free to decide how to deal with the virus once it has been safely moved to the Avast! Virus Chest.
Step 1. Click
and click
to activate the following screen:
The Virus Chest displaying two viruses Step 2: Right click either virus to display the menu of actions that can be applied to a selected virus as follows:
The pop-up menu of actions for viruses in the Virus Chest Note: Double clicking a virus in the Virus Chest will not activate or run it. It will only display the virus properties, or basically the same information you would obtain by selecting Properties from the pop-up menu. The following list describes the actions used to deal with viruses in the pop-up menu as follows: Delete: This item will delete the virus irreversibly. Restore: This item will restore the virus to its original location. Extract: This item will copy the file or virus to a folder you have specified. Scan: This item will resubmit the virus to another scan.
Submit to virus lab...: This item will let you submit a virus for further analysis against a database of known viruses. Selecting this item will activate a virus submission form for you to fill out and submit. Properties: This item will reveal more details about the virus selected. Add...: This item lets you browse your system for other files you would like to add to the Virus Chest. This is potentially very useful if you have files you would like to protect during a virus outbreak. Refresh all files: This item will update your files, so that you will be able to view the latest files.
Advanced Virus Removal Methods Sometimes the protection offered by Avast!, Comodo Firewall and Spybot is simply not sufficient; despite our best efforts, our personal and work systems do become infected by malware and other viruses. In section A Short Guide to Dealing with Virus Outbreaks, a few methods were offered for dealing with persistent malware and viruses. However, there is more that can be done to eliminate such threats from your computer. Method A: Using Anti-malware Rescue CDs/DVDs Some anti-malware software companies also offer a free anti-virus 'rescue' CD/DVD. These can be downloaded in ISO image format (that is, a format that can be easily burned onto a CD or DVD). To begin using these anti-malware CDs/DVDs, perform the following tasks: 1. 2. Download and burn the anti-malware program to a CD. You can use free program like http://www.imgburn.com to burn the image to the disk. Insert the disk to infected computers, CD/DVD player and then restart your computer from this CD/DVD. Often you can do this by pressing key F10 or F12 on your keyboard just after switching on the computer. Pay special attention to the instruction on the screen of your computer while it starts to learn how to do this on your computer.
3.
Re-connect your system to the Internet so that the anti-malware program will automatically update its virus definitions if necessary, after which it will begin scanning your computer hard drives to remove any detected software threats.
Method B: Re Installing the Microsoft Windows Operating System Note: Before you begin, make sure you have all the appropriate license or serial numbers, and installation copies for the Windows OS and other programs you require. This procedure may be time consuming but worth the effort if you can't eliminate malware and virus threats the other way. In rare instances, a virus infection can be so destructive that the software tools recommended earlier may be rendered useless. In situations like this, we recommend that you perform the following tasks: 1. Create a backup or copy of all your personal files on the computer. 2. Reinstall the Microsoft Windows operating system formatting the entire disk. 3. Update the Microsoft Windows operating system after the installation has been completed. 4. Install avast! (or your preferred anti-virus program) and update it. 5. Install whatever programs you require and remember to download the latest versions and all the updates for each program. Note: Under no circumstances should you connect your backup disk to your computer before you have successfully performed these tasks. You might risk infecting your computer again. 1. Connect your backup disk to your computer and scan it thoroughly to detect and eliminate any existing problems. 2. After you have detected and deleted any problems, you may copy your files from the backup disk to the computer hard drive.
Spyware
It is malicious software that can track the work you do and send your information to unauthorized person and they reveal confidential information about you. As Malicious WebPages are a major source of spyware infection, you should pay extra attention to the websites you visit and make sure that your browser settings are secure. Watch for browser windows that appear automatically, and read them carefully instead of just clicking yes or OK. When in doubt, you should close 'pop up windows' by clicking the X in the upper right-hand corner, rather than by clicking Cancel. -in Mozilla Firefox, you can install the NoScript add-on to prevent auto play potentially dangerous programs. -Never accept content from unknown websites.
Portable Spybot
Portable Spybot - Search & Destroy is used to detect and remove different kinds of adware, malware and spyware from your computer. It offers free updates and lets you immunise your Internet browser against future infection by known malware. There are no other differences between Portable Spybot and the version designed to be installed on a local computer.
Differences between the Installed and Portable Versions of Spybot - Search & Destroy Given that portable tools are not installed on a local computer, their existence and use may remain undetected. However, keep in mind that your external device or USB memory stick, and portable tools are only as safe as the computer you are using, and may risk being exposed to adware, malware, spyware and viruses.
There are no other differences between Portable Spybot and the version designed to be installed on a local computer.
How to Download and Extract Portable Spybot - Search & Destroy To begin downloading and extracting Portable Spybot - Search & Destroy, perform the following steps: Step 1. Click http://portableapps.com/apps/security/spybot_portable appropriate download site. to be directed to the
Step 2. Click page; Step 3. Click to save the computer, and then navigate to it. Step 4. Double click box may appear; if it does, click
to activate its associated Source Forge download
installation file to your
; the Open File - Security Warning dialog to activate the following screen:
The Language Installer window Step 5. Click Step 6. Click to activate the following screen: to activate the License Agreement window. option after you have read the to activate the following screen:
Step 7. Click to enable the License Agreement, and then click
Step 8. Click
to activate a screen resembling the following:
Step 9. Navigate to your destination external drive or USB memory stick, as shown in Figure above, then click to confirm the location of the Spybot - Search & Destroy Portable file, and return to the Choose Install Location window.
Step 10. Click
to begin installing the Spybot - Search & Destroy Portable program,
to complete the installation process, and then navigate to the removable then click drive or USB memory stick which the Portable Spybot - Search & Destroy program was saved.
The newly installed Portable Spybot program with its folder highlighted in blue Step 11. Open the Portable Spybot - Search & Destroy folder, and then double click to begin launch Portable Spybot - Search & Destroy.
Firewalls
Like a security guard that sees incoming/outgoing data communication between your computer and network. It is critical that you defend yourself against untrusted connections from the Internet and from local networks. When one of these programs tries to contact the outside world, your firewall will block the attempt and give you a warning unless it recognizes the program and verifies that you have given it permission to make that sort of connection. COMODO and Zone Alarm are both free excellent firewall. Get Zone Alarm-Free Firewall from its official website: http://www.zonealarm.com Or CNET: http://download.cnet.com/ZoneAlarm-Free-Firewall/3000-10435_4-10039884.html After downloading, simply install it .Program installation was largely a smooth experience, taking about 5 minutes. Users will have to reboot their computers after it’s done. The e-mail checker built into the toolbar is compatible with Hotmail, Gmail, Yahoo, RR, Univision, and POP3 accounts. Unfortunately, there's no IMAP support.
Comodo Firewall
COMODO Firewall is a full featured and renowned firewall, free for personal use. It helps to protect your computer from unauthorized connections to and from the Internet. Homepage www.personalfirewall.comodo.com Alternatively you can grab Comodo free Firewall from CNET here: http://download.cnet.com/Comodo-Firewall/3000-10435_4-75181464.html Computer Requirements
Windows 2000/XP/2003/Vista Administrator rights required for installation
GNU Linux, Mac OS and other Microsoft Windows Compatible Programs: GNU/Linux comes with a built-in firewall (netfilter/iptables: http://www.netfilter.org ) and very good network security setup. There are various user-friendly interfaces to the built-in firewall, we particularly recommend GUFW (Graphical Uncomplicated Firewall): https://help.ubuntu.com/community/Gufw
How to Install COMODO Firewall Overview of the COMODO Firewall Installation Installing COMODO Firewall is a relatively easy and quick procedure, divided into two stages: the first involves manually disabling the Windows Firewall, and the second is the actual COMODO Firewall software installation. Ideally, you should only use one firewall program for your computer system at any given time. If you are currently using another firewall on your computer, it must be uninstalled before you install COMODO Firewall, so as to eliminate potential software conflicts between similar types of programs.
How to Disable the Windows Firewall To disable the Windows Firewall program, perform the following steps: Step 1: Select Start > Control Panel > Windows Firewall to activate the Windows Firewall screen. Step 2. Check the Off (not recommended) option to disable the Windows Firewall as shown in Figure 1 below:
The Windows Firewall with the Off option enabled Step 3. Click to complete disabling the Windows Firewall.
How to Install COMODO Firewall Note: COMODO Firewall does not automatically uninstall older or previously existing versions of its software. It must be manually uninstalled it before you begin installing the latest version. To begin installing COMODO Firewall, perform the following steps: Step 1. Double click to begin the installation process. The Open File to activate the following
Security Warning dialog box may appear. If it does, click confirmation dialog box:
The Select the language confirmation dialog box Step 2. Click to activate the End User License Agreement. Please read the End User License Agreement before proceeding with the rest of the installation process, and then click to activate the Free Registration screen. Step 3: Do not enter your email address into the Enter your email address (optional) text field; simply click to activate the Extracting the Packages screen.
After the extraction process has been completed, the Firewall Setup Destination Folder appears. Step 4. Click to accept the default path and activate the Firewall security level selection screen, and then check the Firewall Only option as follows:
The Firewall Security level selection screen
Definition of Firewall Security Level Options Each firewall security level option caters to users of different levels. Each option balances different kinds of protection with complexity of usage, as well as the number of security alerts you may receive. A brief description of each security level is provided as follows: Firewall Only mode: This option lets you run COMODO Firewall without the Defense + feature enabled. It readily identifies popular applications which are relatively safe (like web browsers and email clients); reducing the number of security alerts you may receive. It offers general explanations of why a particular alert screen has appeared. In addition, the actions to be undertaken are relatively simple. Firewall with Optimum Proactive Defense mode: This option combines the solid protection of the Firewall Only mode with the Defense+ feature enabled. Defense+ offers active protection against malware designed to circumvent different firewalls. The COMODO Firewall Alerts offer more in-depth explanations of why a certain application or request is being blocked and you have the option of partially isolating or 'sandboxing' a suspicious file or program. Firewall with Maximum Proactive Defense mode: This option combines the security of the Firewall with Optimum Proactive Defense option with 'anti-leak' protection against more 'passive' security threats, for instance details about open ports on your computer being sent over the Internet. The sandbox feature is fully automated. Step 6. Click to activate the COMODO Secure DNS Configuration screen, with the I would like to use COMODO Secure DNS Servers option enabled as follows:
The COMODO Secure DNS Configuration screen
Important: Although no Domain Name System (DNS) server is ever completely secure, the advantages of using the COMODO Secure DNS Servers outweigh the disadvantages. It offers additional protection from pharming and phishing, which are two popular methods used by malicious forces to 'hijack' or redirect your computer to a dangerous or hostile site. COMODO Secure DNS Servers may also protect you from government interference, while being easy to set up during the installation process, and by facilitating safer access to web sites which are registered with COMODO. For instance, accidentally typing in the wrong URL will activate a message from the COMODO Secure DNS Servers resembling the following:
A typical example of a COMODO Secure DNS Server notification Step 7. Click to activate the Ready to Install COMODO Firewall screen, and then
click to begin the installation process, and activate the Installing COMODO Firewall screen. After the installation process has been completed, it will activate the Completed the COMODO Firewall Setup Wizard screen. Step 8. Click to activate the Done confirmation screen, and then click activate the following confirmation dialog box: to
The Firewall Installer confirmation dialog box Step 9. Click installation procedure. to restart your computer, and complete the COMODO Firewall
After your computer restarts itself, the The New Private Network Detected! Screen appears as follows:
The COMODO Firewall New Private Network Detected! Screen Tip: If you are working in a LAN environment, simply check the “I would like to be fully accessible to other PCs in this network “option to enable file/folder/printer and/or Internet connection sharing. Step 10. Either type in a name in the Give a name to this network for your network text field or simply accept the default name offered as shown in Figure above. Leave the options listed under Step 2 - Decide if you want to trust the other PCs in this network unchecked, and then click to complete the installation. The COMODO Firewall desktop icon and the COMODO Firewall connectivity icon simultaneously appear with figure above. Before you connect to the Internet, the connectivity icon appears in the System Tray as follows:
The COMODO Firewall connectivity icon outlined in black in the System Tray Going online or launching on-line related programs (for instance, web browsers) will trigger a series of light orange downwards-pointing arrowheads and/or light green upwards-pointing arrowheads, indicating incoming and outgoing Internet connection requests, and are depicted as follows:
The COMODO Firewall connectivity icon in action
After COMODO Firewall has been running for a few moments, the COMODO Message Center pop-up message appears as follows:
The COMODO Message Center pop-up screen Note: Click the Learn more hyperlink to be directed to the COMODO forums community-based help. Tip: Right-click the COMODO Firewall connectivity icon in the System Tray (as displayed in figure 8) to activate the following pop-up menu and its associated sub-menus as follows:
The connectivity icon Configuration menu and sub-menu The connectivity icon menu lets you change the COMODO Firewall products you are using. Selecting the Configuration item activates the Manage My Configurations sub-menu where you can select either COMODO - Proactive Security or COMODO - Internet Security to enable the sandboxing feature. In addition, each product may have its security level adjusted from within the connectivity icon pop-up menu as follows: The connectivity icon Firewall Security Level sub-menu
How to Allow and Block Access Using COMODO Firewall Every time Comodo Firewall receives a connection request, it activates a pop-up Firewall Alert prompting you to either Allow or Block access to your system to and from the Internet. First try with a safe program such as Firefox: Remember my answer, will automatically allow or block connection requests from this program the next time it attempts to connect to your computer, based on whatever choice you have specified here. Enable the Remember my answer option if and only if you are completely sure of your decision. If you have either determined a request is unsafeclick to direct COMODO Firewall to deny access to your system.To open the COMODO Firewall main user interface. Select Start > Programs > Comodo > Firewall > Comodo Firewall. You may right-click the COMODO Firewall icon to activate its pop-up menu, and then select Open as follows:
The Comodo Firewall user interface in the default Summary mode Click to activate the corresponding detailed summary of the outbound requests at a given moment as follows:
An example of the Active Connections window displaying Internet traffic details
Click to activate a similar Active Connections window for the inbound requests at a given moment.
Tip: Click to stop all inbound and outbound requests, if your Internet service suddenly slows down or stalls, and you have reason to suspect a malicious process or program is either downloading itself or in operation. Doing so immediately sets the Firewall operational mode to . Review the detailed summary in the Active Connections window to identify the possible source of the problem. After you are certain you have resolved the issue successfully, click processing inbound and outbound requests to COMODO Firewall and return to usual. to begin as
Advanced Configurations and Settings
Right click the connectivity icon to activate the pop-up menu and sub-menu as follows:
The Firewall Behavior Settings window lets you customize firewall security by using a variety of features and options, including the firewall security level, the number and type of security alerts received and packet analysis and monitoring.
Safe Mode: This mode is the default setting for the COMODO Firewall, including the Optimum Proactive Defense and Maximum Proactive Defense installations. Block All: This mode stops all Internet-related traffic and overrides any firewall configurations and rules you have specified. It will neither generate traffic rules for applications, nor record or 'learn' their behaviors.
Custom Policy: This mode applies only the user-defined COMODO Firewall security policies and network traffic policies that you have previously defined in the Firewall Tasks > Network Security Policy and the Defense+ Tasks > Computer Security Policy windows. The Defense+ system constantly monitors the activities of all executable files currently residing on your computer. An executable file is simply an application or program, or a part of it, and typically but not exclusively, is identified by the following file extensions: .bat, .exe, .dll, .sys, and others.
To manually enable the Defense+ system and activate the Defense+ Settings window, perform the following steps: Step 1. Click the Defense+ tab in the COMODO Firewall main user interface and then click
Paranoid Mode: This mode is the highest available level of security, and monitors all and any executable files apart from those you have specified as safe, including those on the Trusted Software Vendor list.
Information recovery
When losing information happens to you, it is extremely important that you already have an upto-date backup and a well-tested means of restoring it. First of all you should prevent to lose your information and make sure they are in safe place, free of malware and protected by a good firewall and strong passwords, but sometimes virus attacks, hackers, electrical short circuits, power spikes, water spills, theft, confiscation, demagnetization, operating system crashes and hardware failure, to name just a few. Preparing for disaster is just as important as defending against it. To make a backup policy, fist you should know where your information are located; home, office, or on the web such as your mail. The master copy is generally the most up-to-date version of a particular file or collection of files, and corresponds to copy that you would actually edit if you needed to update the content. Obviously, this distinction does not apply to files of which you have only one copy, but it is extremely important for certain types of information. One common disaster scenario occurs when only duplicates of an important document are backed up, and the master copy itself gets lost or destroyed before those duplicates can be updated. Imagine, for example, that you have been travelling for a week while updating the copy of a particular spreadsheet that you keep on your USB memory stick. At this point, you should begin thinking of that copy as your master copy, because the periodic, automated backups of the outdated version on your office computer are no longer useful. Write down the physical location of all master and duplicate copies of the information identified above. This will help you clarify your needs and begin to define an appropriate backup policy.
Defining your backup strategy Essentially, you need to make sure that each data type is stored in at least two separate locations. Electronic documents - Create a full backup of the documents on your computer using a program like Cobian Backup, which is described in more detail below and protect your electronic document backups using encryption
Program databases - Once you have determined the location of your program databases, you can back them up in the same way as electronic documents.
Email - Rather than accessing your email only through a web browser, install an email client like portable Thunderbird and configure it to work with your account. Most webmail services will
provide instructions on how to use such programs and, often, how to import your email addresses into them. You can learn more about this in the Further Reading section, below. Make sure that you leave a copy of your messages on the mail server, rather than just moving them over to your computer.
Mobile phone contents - To back up the phone numbers and text messages on your mobile phone, you can connect it to your computer using the appropriate software, which is generally available from the website of the company that manufactured your phone. You may need to buy a special USB cable to do this, however. As an alternative, you can use the phone to copy your text messages and contact information from your SIM card onto the phone itself, and then copy them onto a backup SIM card. This method can be particularly useful as an emergency backup solution, but remember to keep the extra SIM card safe. The ability to copy contact information and text messages between a mobile phone and its SIM card is a standard feature, but if your phone allows you to store this kind of information on a removable flash memory card instead, then backing it up may be even easier.
Printed documents - Where possible, you should scan all of your important papers, and then back them up along with your other electronic documents, as discussed above.
Creating a digital backup When backing up your electronic documents, you should remember to back up your program databases, as well as text files, word processing documents, presentations, PDFs and spreadsheets and multimedia files. Email stored by an application such as Thunderbird is a special example of a program database.
Storage devices
Compact Discs (CDs) CDs store around 700 Megabytes (MB) of data. These discs may begin to deteriorate after five or ten years. To create a backup you will need a CD burner and blank disc. Disc can be CD-RW to erase and updating files.
Digital Video Discs (DVDs) - DVDs store up to 4.7 Gigabytes (GB) of data and they can use with a DVD-RW burner and they have a lifespan similar to what is mentioned above for CDs.
USB memory sticks - A USB memory stick holds as much information as the capacity of the device allows. They are inexpensive widely available with more advantages than CDs or DVDs with life around 10 years.
Upload to remote server –encryption of data before uploading to any remote server is mandatory and it but the speed and stability of your own Internet connection.
Backup Software Cobian Backup - Secure File Storage
Cobian Backup is used for creating archives of your digital files. They can be stored on your computer, office network, removable devices or Internet servers. Cobian Backup is a userfriendly tool that can be set to run automatically, at regularly scheduled times, and to include only files that have changed since your last backup. Homepage: www.educ.umu.se/~cobian /cobianbackup.htm Computer Requirements
XP, 2003, Vista, 2008, Windows 7 Windows 95, 98 and ME are compatible with Cobian version 7 When archiving greater numbers of documents and files, you will benefit from using either a specialized program to backup files (like Cobian Backup) or a file synchronization tool. There are many tools for helping you like below: Freebyte Backup is a freeware backup program designed for Microsoft Windows; http://www.freebyte.com/fbbackup Unison File Synchronizer is a free and open source program for Microsoft Windows, Mac OS, and GNU/Linux; http://www.cis.upenn.edu/~bcpierce/unison
Allway Sync is a freeware Microsoft Windows files synchronization tool; http://allwaysync.com . It has a portable version too. FreeFileSync: http://freefilesync.sourceforge.net is a free and open source files synchronization tool for GNU/Linux and Microsoft Windows; Time Machine is a backup utility developed by Apple, included with Mac OS (version 10.5 and up); https://secure.wikimedia.org/wikipedia/en/wiki/Time_Machine_%28Mac_OS%29 Ubuntu GNU/Linux users please read Backup Your System guide describing tools you may use. https://help.ubuntu.com/community/BackupYourSystem
How to Install Cobian Backup Installation Note: Before you begin the installation process, verify that you have both the latest versions of the Microsoft Windows Installer and the Microsoft.NET Framework. Installing Cobian Backup is a relatively easy and quick procedure. To begin installing Cobian Backup, perform the following steps: Step 1. Double click ; the Open File - Security Warning dialog box may appear. If it
to activate the light blue Extracting the resource progress status bar, does, click followed a few moments later by the following screen:
The Cobian Setup Please select a language window
Step 2. Click
to activate the Please read and accept the license agreement screen; again to activate the following screen:
check the I accept option, and then click
The Select an installation directory window Step 3. Click to activate the following screen:
The Installation type and Service options window Step 4. Check the Use Local System account option in the Service options pane, so that your own resembles Figure above.
Important: This option ensures that Cobian Backup will be running silently in the background all the time, so that your backups will occur as scheduled. Step 5. Click to activate the following message prompt:
The Cobian Backup 10 message prompt Step 6. Click to activate the next installation screen, and then click continue with the installation process. to
Step 7. Click to complete the installation process. After the installation process has been completed, the Cobian Backup icon will appear in the Windows System Tray as follows:
How to Backup Your Directories and Files In this section you will learn how to perform a simple backup or archive of a specified files and/or folders. Cobian Backup uses a backup task which can be configured to include a specified group of files and/or folders. A backup task can be set to run on a specified day and time. To create a new backup task, perform the following step: Step 1. Click to create a new backup task, and activate the New task window as follows:
The New task pane The left sidebar lists a number of tabs and their associated screens - used to set different backup options and parameters - are displayed in the pane at right. All the options in the General tab are described below: Option Descriptions Task Name: This Task Name text field lets you enter a name for the backup task. Use a name that identifies the nature of the backup. For example, if the backup is going to contain video files, you could name it Video Backup. Disabled: This option must be left unchecked. Warning: Enabling the Disabled option will override the rest of the options, and prevent the backup task from running. Include Subdirectories: This option lets you include all the subdirectories/folders within a selected directory/folder for the backup task. This is an efficient method for backing up a large number of folders and/or files. As an example, if you select the My Documents folder and check this option, then all files and folders in My Documents will be included in the backup task.
Create separated backups using timestamps: This option lets you specify that the date and time of the backup task will be automatically included in the folder name containing your backup file. This is a good idea because it means that you will easily be able to identify when the backup was performed. Use file attribute logic: This option is only relevant when you choose to perform an incremental or differential backup (see below). File attributes contain information about the file. Note: The following option is only available for Windows OS versions more recent than and including Windows XP. Use Volume Shadow Copy: This option lets you backup files which are locked. Cobian Backup verifies this information to determine whether there has been a change in the source file from the last time a backup was performed. If you then run a Differential or Incremental backup, the file will be updated. Note: You will only be able to run a full or 'dummy backup' if you disable this option (the dummy backup option is explained below). Backup type Descriptions Full: This option means that every single file in the source location will be copied to your backup directory. If you have enabled the Create separated backups using timestamp option, you will have several copies of the same source (identified by the time and date of the backup in the folder title). Otherwise, Cobian Backup will overwrite the previous version (if any). Incremental: This option means the program will verify if the files selected for backup have been changed since the last backup was performed. If there has been no change, it will be skipped over during the backup process, saving backup time. The Use file attribute logic option needs to be checked in order to perform this backup. Differential: The program will check if the source has been changed from the last full backup. If there is no need to copy that file, it will be skipped, saving backup time. If you have run a full backup before on the same set of files, then you can continue backing it up, using the Differential method. Dummy task: You can use this option to get your computer to run or shut down programs at certain times. This is a more advanced option which is not really relevant to our basic backup procedure.
Step 2. Click
to confirm your search options and parameters for your backup task.
How to Create a Backup File To begin creating a backup file, perform the following steps: Step 1. Click in the left sidebar of the New task window to display a blank version of the following screen:
The New task (MyBackup) window displaying the Source and Destination panes Step 2. Select the files you want to back up. (In Figure above, the My Documents folder is selected.) Step 3. Click in the Source pane to activate the following menu:
The Source pane - Add button menu Step 4. Select Directory if you want to back up an entire directory, and Files to back up individual files. To specify individual files or directories to be backed up, select Manually, and type in the file path or directory for your backup.
Note: You can add as many files or directories as you like. If you wish to back up files currently on your FTP server, choose the FTP site option (you will need to have the appropriate server login details). When you have selected the files and/or folders, they will appear in the Source area. As you can see in Figure above, the My Documents folder is displayed there, meaning this folder will now be included in the backup task. The Destination pane specifies where the backup will be stored. Step 5. Click in the Destination pane to activate the following menu:
The Destination pane - Add button menu
Step 6. Select Directory to open a browser window where you select the destination folder for your backup file. Note: If you want to create several versions of the backup file, you may specify several folders here. If you selected the Manually option, you must type in the full path to the folder where you want to keep the backup. To use a remote Internet server to store your archive, select the FTP site option (you will need to have the appropriate server login details). The screen should now resemble the example above example with file(s) and/or folder(s) in the source area and folder(s) in the destination area. However, don't click OK just yet! You still need to set a schedule for your backup. How to Schedule Your Backup Task For your automatic backup to work, you need to fill in the Schedule section. This section lets you specify when you want the backup to be performed. To set the schedule options, perform the following steps: Step 1. Select from the left sidebar, to activate the following pane:
The Properties for myBackup displaying the Schedule type pane The Schedule type options are listed in the drop-down menu, and described below: Once: The backup will be done once only at the date and time specified in the Date/Time area. Daily: The backup will be done every day at the time specified in the Date/Time area. Weekly: The backup will be done on the days of the week selected. In the example above, the backup will be done on Fridays. You may select other days also. The backup will be done on all days selected at the time specified in the Date/Time area. Monthly: The backup will be done on the days typed into the days of the month box at the time specified in the Date/Time area. Yearly: The backup will be done on the days typed into the days of the month box, during the month specified, and at the time specified in the Date/Time area. Timer: The backup will be done repeatedly at intervals specified in the Timer text box in the Date/Time area. Manually: You will have to run the backup yourself from the main program window.
Step 2. Click follows:
to confirm the options and settings for the backup schedule as
The New task window displaying a configured Schedule type pane Once you have decided on a backup schedule, you have completed the final step. The backup will now run on the folders specified according to the schedule you have chosen. How to Compress Your Backup File Step 1. Create a backup task as documented in section How to Create a Backup File containing the backup files you want to archive. Step 2. Select follows: from the left sidebar to activate the New task screen as
The New task screen displaying the Compression and Strong Encryption panes The Compression pane is used to specify the method for compressing your backup. Note: Compression is used to reduce the amount of space for file storage. If you have a bunch of old files that you use only occasionally, but you still want to keep, it would make sense to store them in a format where they take up as little space as possible. Compression works by removing a lot of unnecessary coding out of your documents, while leaving important information intact. Compression does not damage your original data. The files are not viewable when compressed. The process must be reversed and your files 'decompressed' when you want to view the files again. The three sub-options in the Compression type drop-down list are: No Compression: This option does not perform any compression, as you would expect. Zip Compression: This option is the standard compression technique for Windows systems, and the most convenient. Archives once created can be opened with standard Windows tools (or you can download the ZipGenius: http://www.zipgenius.it program to access them). Selecting a compression type listed automatically enables the Split options section, and its corresponding drop-down list.
The Split options apply to storage on removable media, for example CDs, DVDs, floppy disks and USB memory sticks. The various split options will subdivide the archive into sizes that will fit onto your storage device of choice. Example: Let's say that you are archiving a large number of files, and you want to burn them to a CD. However, your archive size turns out to be larger than 700MB (the size of a CD). The splitting function will split the archive into pieces smaller than or equal to 700MB, which you can then burn onto your CDs. If you are planning to back up onto your computer's hard disk, or the files that you want to back up are smaller than the device you plan to store them on, you can skip this section. The following options are available to you when you click on the Split options drop-down list. Your choice will depend on the type of removable storage device available to you.
The Split Options drop-down list 3, 5" - Floppy disk. This option is big enough to perform backup of a small number of documents Zip - Zip Disk (check the capacity of the one you are using). You will need a special Zip Drive in your computer and the custom-made disks CD-R - CD disk (check the capacity of the one you are using). You will need a CD Writer in your computer and a CD writing program (see DeepBurner Free: http://www.zipgenius.it version or other disk burning tools: http://www.thefreecountry.com/utilities/dvdcdburning.shtml ). DVD - DVD disk (check the capacity of the one you are using). You will need a DVD Writer in your computer and a DVD writing program (see DeepBurner Free version or other disk burning tools). If you are backing up onto several USB memory sticks you may want to set a custom size. To do this, perform the following steps:
Step 1. Select the Custom size (bytes) option, then type the size of the archive in bytes into the text field as follows:
The Custom size text field To give you an idea of sizes
1KB (kilobyte) = 1024 bytes - a one-page text document made in Open Office is approximately 20kb 1MB (megabyte) = 1024 KB - a photo taken on a digital camera is usually between 1 - 3 MB 1GB (gigabyte) = 1024 MB - approximately half hour of a DVD quality movie Note: When choosing a custom size to split your backup for a CD or DVD disk, Cobian Backup will not copy the backup to your removable device automatically. Rather, it will create your archive in those files on the computer and you will need to burn them to the CD or DVD disk yourself. Password Protect: This option lets you enter a password to protect the archive. Simply type, and then re-type a password into the two boxes provided. When you try to decompress the archive, you will be asked for the password before the task commences. Note: If you want to secure your archive, you should think about using another method than a password. Cobian Backup lets you encrypt your archive. This will be covered in section, How to encrypt the Backup File. Alternatively, you may also refer to the Truecrypt Hands-on Guide to find out how to create an encrypted storage space on your computer or removable device. Comment: This option lets you write something descriptive about the archive, but it is not a requirement. How to Decompress Your Backup File To decompress your backup, perform the following steps: Step 1. Select > Tools > Decompressor as shown below;
The Tools menu displaying the Decompressor option The Decompressor window appears as follows:
The Cobian 10 Backup - Decompressor window Step 2. Click decompress. to open a browse window to enable you to select the archive you want to
Step 3. Select the archive (.zip or .7x file) and then click
.
Step 4. Select a directory into which you will unpack (output) the archived file. Step 5. Click archive. to open another window that lets you choose the folder in which to unpack the
Step 6. Select a folder, and then click
.
Use Windows Explorer to view the files that go to that folder.
About Encryption Encryption may be a necessity for those wishing to keep their backup secure from unauthorized access. Encryption is the process of encoding, or scrambling, data in such a way that it appears unintelligible to anyone who does not have the specific key needed to decode the message.
How to Encrypt Your Backup File The Strong encryption pane is used to specify the encryption method to be used. Step 1. Click the Encryption type drop-down box to activate its list of different encryption methods as follows:
The Encryption type drop-down list
To keep things simple, we recommend that you choose from either the Blowfish or the Rijndael (128 bits) methods. These will provide excellent security for your archive, and let you access the encrypted data with a chosen password. Step 2. Select the Encryption type you want to use. Note: Rijndael and Blowfish both offer approximately the same level of security. DES is weaker but the encryption process is faster. Step 3. Type and re-type the password into the two boxes provided as below.
The The Encryption type and Passphrase text fields The strength of the password is indicated by the bar marked 'Passphrase quality'. The further the bar moves to the right, the stronger the passphrase.
Step 4. Click .
How to Decrypt Your Backup File Decrypting your backup file is easy and quick. To decrypt your backup file, perform the following steps: Step 1. Select > Tools > Decrypter and Keys:The Tools menu with Decrypter and Keys item selected This will activate the Decrypter and Keys window as follows:
The Cobian Backup 10 Decrypter and Keys window
Step 2. Click Step 3. Click
to select the archive you want to decrypt. to select the folder in which to store the decrypted archive.
Step 4. Select the same encryption type you selected in section How to Encrypt Your Backup File, in the Methods drop-down list.
The New Methods drop-down list Step 4. Select the appropriate encryption method (the one you used to encrypt your backup file). Step 5. Type your passphrase into the Passphrase text fields.
Step 6. Click
.
The file(s) will be decrypted to the location that you specified.
Recovering from accidental file deletion
Recuva is an easy-to-use data recovery tool. It lets you scan for and retrieve previously deleted documents, files, folders and other information, including emails, images and video formats. Recuva also uses secure overwriting techniques for erasing important, private or sensitive information. A file deleed using the standard Windows operating system Delete function, even after the Recycle Bin has been emptied, might still exist on the computer. Recuva cannot recover files after programs like CCleaner or Eraser have been used to wipe free disk space. Homepage www.piriform.com/recuva Computer Requirements
All Windows Versions (Note: Support for Windows 98 has been discontinued.)
GNU Linux, Mac OS and other Microsoft Windows Compatible Programs: For GNU Linux users, we recommend R-Linux: http://www.r-tt.com/data_recovery_linux Mac OS users will appreciate TestDisk and PhotoRec: http://www.cgsecurity.org , which are also compatible with Microsoft Windows and GNU Linux. In addition to Recuva, there are other free file recovery programs compatible with Microsoft Windows that are well worth recommending:
NTFS Undelete : http://ntfsundelete.com Disk Digger : http://diskdigger.org PCInspector File Recovery : http://www.pcinspector.de/Default.htm?language=1 FileRestorePlus : http://undeleteplus.com
How to Download and Extract Recuva Portable To begin downloading and extracting Recuva Portable, perform the following steps: Step 1. Click http://www.piriform.com/recuva/download/portable to be directed to the appropriate download site, and automatically activate the following screen: Step 2. Click navigate to it. to save the installation file to your computer; and then
Make a folder with name Recuva Portable in your removable disk and extract portable version to activate the Portable Recuva wizard. there. Double click
Perform Different Scans Using Recuva
Before You Begin Here, you will learn how to perform different types of scans, and be introduced to the General and Actions tabs in the Options screen. Note: A scan will simply retrieve and display the files which are potentially recoverable. The actual recovery procedures are discussed in How to Recover and Securely Overwrite Files Using Recuva. How to Perform a Scan Using the Recuva Wizard The Recuva Wizard is recommended in situations where neither the full nor partial name of the file you would like to recover is known. It is also recommended if this is the first time you are using Recuva. The Recuva Wizard lets you set the scan parameters by letting you specify the file type and/or from where the file was deleted. To begin scanning for deleted files, perform the following steps:
Step 1. Click or select Start > Programs > Recuva > Recuva to launch the program, and activate the following screen:
The Welcome to the Recuva Wizard screen Tip: If you know the exact or even partial name of a file you would like to recover, click to go to the Piriform Recuva main user interface, and then follow the steps in section 3.2 How to Perform a Scan without Using the Recuva Wizard. Step 2. Click to activate the following screen:
The Recuva Wizard File type screen
The Recuva Wizard File type displays a list of different file types, and describes what files might be recovered when each option is enabled. Step 3. Check the Other option as shown in Figure above, and then click the following screen: to activate
The Recuva Wizard File Location screen
Note: The default setting for the Recuva Wizard File Location screen is the I'm not sure option. This option will extend the scan to all drives as well as removable media, except CDs, DVDs and optical media. It may, therefore, require a longer time to generate results.Files are most frequently deleted from Recycle Bin in the Windows operating systems, to minimize the chance of your accidentally deleting private or sensitive information. Step 4. Check the In the Recycle Bin option as shown in Figure above, and then click to activate the following screen:
Thank you, Recuva is now ready to search for your files
Note: For this exercise, do not enable the Deep Scan option. This scanning technique will be discussed in section How to Perform a Deep Scan. Step 5. Click to begin recovering your deleted files.
During the file recovery process, two progress status bars appear in quick succession. The Scanning the drive for deleted files progress bar lists the deleted files. The Analyzing the file contents progress bar groups and sorts the deleted files into file types and degree of recoverability. They also display the duration of the scanning and analysis processes. Your Piriform Recuva main user interface may then resemble the following screen:
The Piriform Recuva main user interface with deleted files The Piriform Recuva main user interface lists information about each deleted file, arranged in six columns. Each column is described as follows: Filename: This displays the name and file extension of the deleted file. Click the Filename title to arrange the deleted files in alphabetical order. Path: This displays where the deleted file was found. Given that the In the Recycle Bin option was enabled in this example, the file path is C:RECYCLER for all the deleted files. Click the Path title to view all the files listed under a particular directory or file path.
Last modified: This displays the last time the file was modified before it was deleted, and can be useful in helping to identify the file you would like to recover. Click Last modified to list the deleted files according to the oldest or most recent. Size: This displays the size of the file. Click Size to list the deleted files beginning with the largest or smallest deleted file. Status: This displays the extent to which the file is recoverable, and corresponds to the file status icons discussed in Figure 6 below. Click Status to sort the deleted files into the three basic categories, and list them from Excellent to Unrecoverable. Comment: This displays why a given file may or may not be recoverable, and the extent to which a deleted file has been overwritten in the Windows Master File Table. Click Comment to view the extent to which a file or group of files have been overwritten. Each file is associated with a colored status icon which indicates the extent to which each file can be successfully recovered:
The file status icons The following list describes each status icon:
Green: The chances for a full recovery are excellent. Orange: The chances for recovery are acceptable. Red: The chances for recovery are unlikely.
How to Perform a Scan without Using the Recuva Wizard To access the Recuva main user interface directly, (that is, not use the Recuva Wizard), perform the following steps:
Step 1. Click
or select Start > Programs > Recuva > Recuva to activate Figure 1.
Step 2. Check the Do not show this Wizard on startup option, and then click activate the following screen:
to
The Recuva main user interface The Piriform Recuva main user interface is divided into the results pane on the left and the Preview, Info and Header tabs in which to sort and view information about a specific deleted file. It lets you set certain scan options, similar to those in the Recuva Wizard. Step 3. Click to activate the drop-down list and select the drive to be scanned; the Local Disk (C:) is the default and used in this example as follows:
The hard drive drop-down list The Filename or path drop-down list lets you specify the kind of file you are looking for, and loosely corresponds to the Recuva Wizard File type screen displayed in the second Figure.
The File name or path drop-down list The Filename or path feature is a combination of a text box and drop-down list. It has two main uses: To let you directly search for a specific file, and/or to sort through a list of deleted files, according to file type. Alternatively, the Filename or path feature can be used to search for files of a specific type, or to sort through a general list of deleted files in the results pane. To begin scanning for a file of which all or part of the name is known, perform the following steps: Step 1. Type in the name or partial name of a file you would like to recover as follows (in this example, the file triangle.png is being scanned):
The File name or path drop-down list displaying triangle.png Tip: Click to reset the File name and path (which appear greyed out).
Step 2. Click to begin scanning for your deleted file(s); shortly thereafter, a screen will appear resembling the following:
The Recuva user interface displaying the triangle.png file in the Preview tab
How to Perform a Deep Scan Using Recuva The Enable Deep Scan option lets you conduct a more thorough scan; naturally, a deep scan takes a longer time, depending on your computer speed and the number of files you have. This option might prove useful if your initial scan does not display the files you would have liked to recover. Although a deep scan may even take hours depending on the amount of data stored on your computer, it may improve your chances of recovering the files you require. The Recuva Deep Scan option can be enabled either through checking the Enable Deep Scan option in the Recuva Wizard . Step 1. Click to activate the Options screen, then click the Actions tab as follows:
The Options screen displaying the Actions tab Step 2. Check the Deep Scan (increases scan time) option, then click Step 3. Click to begin scanning for deleted files using the Deep Scan option. As mentioned earlier, a deep scan can potentially take a few hours, depending on the size of your hard disk and computer speed: .
The Scan displaying the estimated number of hours required for a deep scan
An Introduction to the Options Screen In this section, you will learn how to use the different settings to successfully recover and overwrite your private or sensitive information in the Options screen. To configure these settings, perform the following steps: Step 1: Click to activate the following screen:
The Options screen displaying the General tab in default mode The Options screen is divided into the General, Actions and About tabs. The General tab lets you define a number of important settings, including Language (Recuva supports a spectacular 37 languages seamlessly), View mode and disabling or enabling the Recuva Wizard.
The View mode drop-down list The View Mode lets you select how you would like to view the deleted files, and can also be enabled whenever you right click a file in the Piriform Recuva.
List: This option lets you view the deleted files in a list as shown before. Tree: This option lets you view the directory path of deleted files in the form of an expandable tree.
Thumbnails: This option lets you view the deleted files as graphics or images where possible. Most importantly perhaps, the Advanced section of the General tab lets you set the number of times your data can be overwritten by random data to protect it from recovery by hostile or malicious parties. The Secure overwriting drop-down list displays four options for overwriting your private information. Its default mode is Simple Overwrite (1 pass) displayed in Figure above. A pass refers to the number of times your document, file or folder will be overwritten with random data to render it completely unreadable. Step 2: Select the DOD 5220.22-M (3 passes) option as follows:
The Secure overwriting drop-down list with the DOD 5220.22-M (3 passes) selected A single pass may prove quite effective in overwriting a given document, file or folder; however, there are parties with the resources and skills to recover a relatively light secure overwrite. Three passes is a solid balance between the time required to perform a secure overwrite, and the ability to recover that document, file or folder. Step 3. Click to save your General tab configuration options.
The Options screen displaying the Actions tab
Show files found in hidden system directories: This option lets you display files in hidden system directories.
Show zero-byte files: This option lets you show you files that have little to no content, and which are basically irrecoverable. Show securely deleted files: This option lets you display files that have been securely deleted in the results pane. Note: If you have already used CCleaner or a similar program, it changes the filename to ZZZZZZZ.ZZZ when it securely deletes a file, for security reasons.
Deep Scan: This option lets you scan the entire drive for the deleted document or file; if previous scans have proven ineffective in locating your file, the Deep Scan may prove useful. However, it does require more time. Please refer to section How to Perform a Deep Scan Using Recuva. Scan for non-deleted files (for recovery from damaged or reformatted disks): This option lets you attempt to recover files from disks that may have sustained physical damage or software-related corruption.
Recover and Securely Overwrite Files Using Recuva
In this section, you will learn how to recover a previously deleted file, as well as how to securely overwrite any private or sensitive information. Recuva lets you create a new folder for storing your recovered files. Although Recuva does let you use existing folders, for reasons of safety and security, we recommend that you copy your recovered files to a removable device like a backup drive or USB memory stick. Important: Although Recuva does an excellent job of securely overwriting information, it may leave a file marker indicating the existence of such a file. To protect your privacy and security, it makes sense to save any important, private or sensitive information to a removable device, and not to the original location or path. How to Recover a Deleted File To begin recovering a deleted file, perform the following steps: Step 1. Connect your removable disk or a USB memory stick to your computer. Step 2. Check the check box next to a file you want to recover to enable the Recover... button or double click that file to both check and highlight that file. Step 3. Click Browse For Folder screen. to activate the
Step 4. Select a destination and then click to create your recovery folder as shown in Figure below.
The Browse For Folder dialog box displaying the newly created folder on a removable device
Note: In this example, the folder for storing your recovered documents and files has been given an obvious label. However, keeping your digital privacy and security in mind, we encourage you to be more careful in labelling your own folder. Step 5. Click follows: to begin the file recovery process; a progress status screen appears as
The Recovering files progress status screen After the files have been recovered, a confirmation will appear resembling the following screen:
The Operation Completed screen Note: Recuva supports multiple file recovery. Simply check the check boxes of the files you would like to recover and perform steps 3 to 5. Now that you are comfortable with recovering a previously deleted file, you are ready to learn how to use the pop-up menu to perform multiple file recoveries and secure overwriting of files. How to Use the Pop-up Menu Recuva offers different options for selecting the documents, files or folders you would like to delete or securely overwrite.
Checking is generally used to quickly select several non-contiguous or separate files for recovery or secure overwriting. Highlighting is generally used to quickly select contiguous multiple files in a block or group for recovery or secure overwriting.
Right click on a deleted file displayed in the Recuva main to activate the following pop-up menu:
The pop-up menu Recover Highlighted: This item lets you recover all or any highlighted deleted file(s). Recover Checked: This item lets you recover a checked deleted file. Check Highlighted: This item lets you check a highlighted deleted file. Uncheck Highlighted: This item lets you uncheck a highlighted deleted file. As you recall, the View Mode can also be set in the General tab in the Options screen. This item lets you select how you would like to view the deleted files.
List: This option lets you view the deleted files in a list as in following Figure. Tree: This option lets you view the directory path of deleted files in the form of an expandable tree. Thumbnails: This option lets you view the deleted files as graphics or images where possible. Highlight Folder: This option lets you select multiple deleted files according to their directory path, and lets you perform the actions listed in the pop-up menu on them. Secure Overwrite Highlighted: This option lets you securely overwrite a highlighted deleted file. Secure Overwrite Checked: This option lets you securely overwrite a checked deleted file, changing its status icon to red.
How to Securely Overwrite a Deleted File To securely overwrite a deleted file, perform the following steps: Step 1. Check the individual file you would like to have securely overwritten, and then right click the check box it to activate the pop-up menu. Step 2. Select to activate the following confirmation dialog box:
The Secure overwrite confirmation dialog box Step 3. Click to begin the overwriting process; depending on the size and status of the file as well as the Secure overwriting option you selected in the General tab in the Options screen, this could take some time. After the overwriting process has been completed, a screen resembling the following appears:
The Operation complete screen You have successfully completed recovering and securely overwriting files using Recuva previously deleted files.
How to destroy sensitive information
When you delete a file, even after you empty the Recycle bin, the contents of that file remain on your hard drive and can be recovered by anyone who has the right tools and a little luck. In order to ensure that deleted information does not end up in the wrong hands, you will have to rely on special software that removes data securely and permanently.
Deleting information
From a purely technical perspective, there is no such thing as a delete function on your computer. Of course, you can drag a file to the Recycle Bin and empty the bin, but all this really does is clear the icon, remove the file's name from a hidden index of everything on your computer, and tell Windows that it can use the space for something else. Until it actually does use that space, however, the space will be occupied by the contents of the deleted information, much like a filing cabinet that has had all of its labels removed but still contains the original files. This is why, if you have the right software and act quickly enough, you can restore information that you've deleted by accident, as discussed before. You should also keep in mind that files are created and insecurely deleted, without your knowledge, every time you use your computer. Suppose, for example, that you are writing a large report. It may take you a week, working several hours each day, and every time the document is saved, Windows will create a new copy of the document and store it on your hard drive. After a few days of editing, you may have unknowingly saved several versions of the document, all at different stages of completion. Windows generally deletes the old versions of a file, of course, but it does not look for the exact location of the original in order to overwrite it securely when a new copy is made. Instead, it simply puts the latest version into a new section of the metaphorical filing cabinet mentioned above, moves the label from the old section to the new one, and leaves the previous draft where it was until some other program needs to use that space. Clearly, if you have a good reason to destroy all traces of that document from your filing cabinet, removing the latest copy is not going to be enough, and simply throwing away the label would be even worse.
Remember, too, that computer hard drives are not the only devices that store digital information. CDs, DVDs, USB memory sticks, floppy disks, flash memory cards from mobile phones and removable hard drives all have the same issues and you should not trust a simple delete or rewrite operation to clear sensitive information from any of them.
Wiping information with secure deletion tools
When you use a secure deletion tool, such as those recommended in this chapter, it would be more accurate to say that you are replacing, or 'overwriting,' your sensitive information, rather than simply deleting it. If you imagine that the documents stored in those hypothetical filing cabinet discussed above are written in pencil, then secure deletion software not only erases the content, but scribbles over the top of every word. And, much like pencil lead, digital information can still be read, albeit poorly, even after it has been erased and something has been written over the top of it. Because of this, the tools recommended here overwrite files with random data several times. This process is called wiping, and the more times information is overwritten, the more difficult it becomes for someone to recover the original content. Experts generally agree that three or more overwriting passes should be made; some standards recommend seven or more. Wiping software automatically makes a reasonable number of passes, but you can change that number if you like. Wiping files There are two common ways to wipe sensitive data from your hard drive or storage device. You can wipe a single file or you can wipe all of the 'unallocated' space on the drive. When making this decision, it may be helpful to think about the other hypothetical example proposed earlier-the long report that may have left incomplete copies scattered throughout your hard drive even though only one file is visible. If you wipe the file itself, you guarantee that the current version is completely removed, but you leave the other copies where they are. In fact, there is no way to target those copies directly, because they are not visible without special software. By wiping all of the blank space on your storage device, however, you ensure that all previously-deleted information is destroyed. Returning to the metaphor of the poorly-labeled file cabinet, this procedure is comparable to searching through the cabinet, then erasing and scribbling repeated over any documents that have already had their labels removed.
Eraser is a free and open-source secure deletion tool that is extremely easy to use. You can wipe files with Eraser in three different ways: by selecting a single file, by selecting the contents of the Recycle Bin, or by wiping all unallocated space on the drive. Eraser can also wipe the contents of the Windows swap file, which is discussed further below. Always make sure you have a secure backup before wiping large amounts of data from your computer. Wiping temporary data The feature that allows Eraser to wipe all unallocated space on a drive is not as risky as it might sound, because it only wipes previously-deleted content. Normal, visible files will be unaffected. On the other hand, this very fact serves to highlight a separate issue: Eraser can’t help you clean up sensitive information that has not been deleted, but that may be extremely well-hidden. Files containing such data may be tucked away in obscure folders, for example, or stored with meaningless filenames. This is not a major issue for electronic documents, but can be very important for information that is collected automatically whenever you use your computer. Examples include:
Temporary data recorded by your browser while displaying WebPages, including text, images, cookies, account information, personal data used to complete online forms and the history of which websites you have visited. Temporary files saved by various applications in order to help you recover should your computer crash before you can save your work. These files might contain text, images, spreadsheet data and the names of other files, along with other potentially sensitive information. Files and links stored by Windows for the sake of convenience, such as shortcuts to applications you have used recently, obvious links to folders that you might prefer to keep hidden and, of course, the contents of your Recycle Bin should you forget to empty it. The Windows swap file. When your computer's memory is full, for example when you have been running several programs at the same time on an older computer, Windows will sometimes copy the data you are using into a single large file called the swap file. As a result, this file might contain almost anything, including WebPages, document content, passwords or encryption keys. Even when you shut down your computer, the swap file is not removed, so you must wipe it manually. In order to remove common temporary files from your computer, you can use a freeware tool called CCleaner, which was designed to clean up after software like Internet Explorer, Mozilla Firefox and Microsoft Office applications (all of which are known to expose potentially sensitive information), as well as cleaning Windows itself. CCleaner has the ability to delete files securely, which saves you from having to wipe unallocated drive space, using Eraser, after each time you run it.
Tips on using secure deletion tools effectively
You are now familiar with a few of the ways in which information might be exposed on your computer or storage device, even if you are diligent about erasing sensitive files. You also know what tools you can use to wipe that information permanently. There are a few simple steps that you should follow, especially if it is your first time using these tools, in order to ensure that your drive is cleaned safely and effectively:
Create an encrypted backup of your important files, as discussed before. Close down all unnecessary programs and disconnect from the Internet. Delete all unnecessary files, from all storage devices, and empty the Recycle Bin Wipe temporary files using CCleaner. Wipe the Windows swap file using Eraser. Wipe all of the free space on your computer and other storage devices using Eraser. You might need to let this procedure run overnight, as it can be quite slow.
You should then get into the habit of:
Periodically using CCleaner to wipe temporary files Wiping sensitive electronic documents using Eraser, instead of using the Recycle Bin or the Windows delete function Periodically using Eraser to wipe the Windows swap file Periodically using Eraser to wipe all unallocated space on your hard drives, USB memory sticks, and any other storage devices that may have had sensitive information deleted from them recently. This might include floppy disks, rewritable CDs, rewritable DVDs and removable flash memory cards from cameras, mobile phones or portable music players.
Tips on wiping the entire contents of a storage device
You might occasionally need to wipe a storage device completely. When you sell or give away an old computer, it is best to remove the hard drive and let the computer's new owner acquire one for herself. If this is not an option, however, you should at least wipe the drive thoroughly with Eraser before handing it over. And, even if you do keep the drive, you will probably want to wipe it anyway, regardless of whether you intend to reuse or discard it. Similarly, if you purchase a new hard drive, you should wipe your old one after copying your data and making a secure backup. If you are intending to throw away or recycle an old drive, you should also consider destroying it physically. (Many computer support professionals recommend a few strong blows with a hammer before discarding any data-storage device that once contained sensitive information.) In any of the situations described above, you will need to use Eraser to wipe an entire hard drive, which is impossible as long as the operating system is running on that particular drive. The easiest way to get around this issue is to remove the drive and put it into an external USB 'drive enclosure,' which you can then plug into any computer with Eraser installed on it. At that point, you can delete the full contents of the external drive and then use Eraser to wipe all of its unallocated space. Fortunately, this is not something you will have to do often, as it may take quite some time. Rather than trying to wipe data that have been stored on a rewritable CD or DVD, it is often better to destroy the disc itself. If necessary, you can create a new one containing any information you wish to keep. And, of course, this is the only way to 'erase' content from a nonrewritable disc. It is surprisingly difficult to destroy the contents of a CD or DVD completely. You may have heard stories about information being recovered from such discs even after they were cut into small pieces. While these stories are true, reconstructing information in this way takes a great deal of time and expertise. You will have to judge for yourself whether or not someone is likely to expend that level of resources in order to access your data. Typically, a sturdy pair of scissors (or a very sturdy paper shredder) will do the job nicely. If you want to take extra precautions, you can mix up the resulting pieces and dispose of them in various locations far from your home or office.
Eraser - Secure File Removal
Homepage www.heidi.ie/eraser Computer Requirements
All Windows Versions
Portable Eraser
Portable Eraser is used to permanently delete sensitive data. It can also wipe a digital storage device of all recoverable data.
Differences between Installed and Portable Versions of Eraser Given that portable tools are not installed on a local computer, their existence and use may remain undetected. However, keep in mind that your external device or USB memory stick, and portable tools are only as safe as the computer you are using, and may risk being exposed to adware, malware, spyware and viruses. Portable Eraser does not require the .Net Framework in order to run, and the extraction and installation time required is minimal. Aside from that, there are no other differences between Portable Eraser and the version designed to be installed on a local computer.
How to Download and Extract Portable Eraser To begin downloading and extracting Portable Eraser, perform the following steps: Step 1. Click http://portableapps.com/apps/utilities/eraser_portable to be directed to the appropriate download site.
Step 2. Click Step 3. Click to save the computer; then navigate to it.
to activate the Source Forge download page. installation file to your
Step 4. set your destination to removable disk and install the content there like below:
Step 5. Double click
to launch Portable Eraser. run Eraser as follows:
The Eraser main user interface
How to Configure Eraser Note: It is recommended that you overwrite the data at least three times. Tip: Each overwrite or pass takes time and therefore, the more passes you make, the longer the erasing process will take. This will be especially noticeable when erasing large files, or wiping free space. The number of passes can be set by accessing the Preferences: Erasing menu. Step 1. Select > Edit > Preferences > Erasing... as follows:
The Eraser [On-Demand] screen displaying the Edit menu options The Preferences: Erasing window appears as follows:
The Eraser Preferences: Erasing window The Preferences: Erasing screen describes how the files are to be overwritten. Description: This column lists the name of the overwrite procedure.
Passes: This column lists how many times the data will be overwritten. In this example, we will overwrite our data using the Pseudorandom Data method. By default, only one pass is made when using this option. However, for extra security we will increase the number of passes. Step 2. Select the # 4 Pseudorandom Data option as shown in Figure above. Step 3. Click to activate the Passes screen as follows:
The Eraser Passes screen Step 4. Set the number of passes to between three and seven (remember the time/security tradeoff). Step 5. Click to return to the Passes screen.
# 4 Pseudorandom Data should now resemble the following:
The Eraser Erase screen with pane showing item 4 selected Tip: Make sure the check boxes labeled Cluster Tip Area and Alternate Data Streams are checked as follows (they are checked by default):
The Eraser Cluster Tip Area and Alternate Data Streams check boxes in default mode
Cluster Tip Area: A computer hard disk is divided into small segments called 'clusters'. Usually, a file spans several clusters, and often a file will not completely fill the last cluster. The unused space on this last cluster is called the cluster tip area. This cluster tip area may contain sensitive information from the other file that was written over this cluster before and occupied more of the cluster. Information from a cluster tip may be readable by a data recovery specialist. So, check the Cluster Tip Area check box for greater security. Alternate Data Streams: When a file is stored on your computer, it may come in different parts. For example, this text contains both text and images. These would be stored on your computer in different locations or 'streams'. So, check the Alternate Data Streams check box to ensure that all data associated with the file is deleted. Step 6. Click .
You have now set the overwrite method for Eraser to wipe files. You should also set the same options for the Unused Disk Space feature that appears on the next tab in the Preferences: Erasing screen. However, you may set the number of passes to a reasonable figure -- taking into consideration that a free-space wipe will take around two hours per pass.
How to use Eraser in Windows Explorer It is common for people to use Eraser through the My Computer Windows Explorer programs, rather than through the Eraser program itself. Step 1. Open a folder containing a file you want to delete permanently. Step 2. Right-click on this file. Two new options appear on the pop-up menu, Erase and Eraser Secure Move as follows:
Erase and Eraser Secure Move options
We are going to use the Erase option to permanently delete this file. Step 3. Select the Erase item from the menu, as shown in Figure above. The Confirm Erasing pop up dialog box will appear as follows:
The Confirm Erasing pop up dialog box If the file displayed in the pop up dialog box is the one you want to delete permanently, perform the following step: Step 4. Click to permanently erase or wipe the file from your computer.
Warning: Any file deleted in this manner with be irretrievably and permanently deleted. Therefore, you must be completely sure that you really want to erase a particular file, or group of files. To securely move a file/s from one location to another (for example, from your computer to a USB memory stick): Step 5. Select You will need to answer the same warning prompt, as above, to continue.
How to Wipe Unused Disk Space Erasing unused disk space involves wiping all traces of previously existing files from the 'empty space' of your hard drive/portable storage device. This empty space usually contains files that were not deleted properly . Step 1. Select Start > Programs > Eraser > Eraser Tip: You can perform the wiping task on demand or you can schedule it to occur at a specified time. Important: This process could take between 2 and 5 hours to complete and will slow your computer down while it operates. It is a good idea to run or schedule the free space wipe when you are not using your computer (or have gone home/to bed for the night).
How to use the On-Demand Task To create an On-Demand task for wiping unused disk space, perform the following steps: Step 1. Click Step 2. Select File > New Task as follows:
Selecting a New Task in the File menu The Unused space on drive option should be selected. Step 3. Choose the drive you want to clear the free space on. (In this example, the Local Disk (C:) has been selected. This is usually the primary hard drive on most computers.)
The Eraser Task Properties screen Step 4. Click interface. to create, and then run the task which will appear in the Eraser user
Step 5. Right-click the task to activate the pop-up menu as follows:
The Eraser screen with Run selected
Step 6. Select Run to activate the Eraser pop up dialog box as follows:
The Eraser pop up dialog box Step 7. Click .
The Eraser progress status window displays the wiping process on the unused disk space as follows:
The Eraser window in the process of wiping unused disk space
How to Use the Scheduler Feature Since we may not always remember to do this kind of computer 'housekeeping', Eraser has an option that lets you schedule a wiping task so that it runs at an appointed time every day, or one day per week. Step 1. Click in the Eraser main screen.
Step 2. Select File > New Task as follows: Selecting a New Task in the File menu
Step 3. Set these options as outlined in section How to Use the on-Demand Tasks Option.
The Eraser Task Properties screen displaying the Schedule tab Step 4. Click the Schedule tab to activate its associated pane with two configurable settings:
The Eraser Schedule tab Step 5. Select day or event item that best suits your needs from the Every drop-down list.
Step 6. Enter the time that best suits your needs in the At timer, which can only be entered in a 24-hour format. Step 7. After you have set a time and day, click The scheduled task will appear as follows: .
The Eraser Scheduled task list Note: The computer must be switched on for the scheduled task to run.
How to Remove a Task After you have run either an on-demand task or a scheduled task, you may want to remove it from your task list.To remove an on-demand task, perform the following steps: Step 1. Click to display its corresponding task list as follows:
The Eraser task list
Step 2. Select the task you want to remove, as shown in Figure above. Step 3. Right-click to activate the pop-up menu and select the Delete item to remove the task from the task list. (Alternatively, you may click located beneath the Eraser menu bar.
The process for removing a Scheduled Task is almost identical. To remove a scheduled task, perform the following step: Step 1. Click , and then repeat steps 2 and 3, as described in this section.
How to Erase the Windows Recycle Bin Eraser also allows you to erase any traces of documents you may have deleted from the Windows Desktop Recycle Bin.To access this feature, perform the following steps: Step 1. Right click anywhere on the Recycle Bin icon to activate the Eraser pop-up menu as follows:
The Eraser pop-up menu for the Recycle Bin Step 2. Select the appropriate item from the pop-up menu to begin erasing your Recycle Bin.
File Shredder to securely delete data under Windows
For Windows there is a good open source tool called "File Shredder". This tool can be downloaded from http://www.fileshredder.org The installation is very straightforward, just download the application and install it by hitting the next button. After installation this application will automatically start. You can then start using it for shredding files. However the best part of the program is that you can use it from within windows itself by right clicking on a file. Click right on the file you want to shred, and choose File Shredder -> Secure delete files
A pop-up asks if you really want to shred this file
After confirming, there your file goes. Depending on the size of the file this can take a while
GNU Linux, Mac OS and other Microsoft Windows Compatible Programs: On the GNU/Linux, the secure-delete package can be used from the terminal: securely-delete to either securely delete files and folders, or wipe free space on the disk. Secure-delete can also be integrated with a graphical file manager: secure-delete option to nautilus file manager in Linux. ****************************************** Installation secure-delete for Linux Installation of secure-delete is easy. Since this tool is a command-line only tool, I will show you how to install it from the command line. Here are the steps. 1. Open up a terminal window. 2. Issue the command sudo apt-get install secure-delete. 3. Type your sudo password (that’s your user password, in case you weren’t aware) and hit Enter. 4. Allow the installation to complete. You now have secure-delete installed on your machine and ready to start trashing those files and folders. Deleting a file Let’s say you have a file in your home directory (~/) called secret_stuff.txt. To delete this with secure-delete you would use the srm command (secure remove). To do that you would issue the command like so:
srm ~/secret_stuff.txt That file is now VERY gone. Don’t expect the removal of the file to be as fast as it would with the rm command. Why does it take longer? When you issue the srm command on a file, securedelete does the following: 1. 2. 3. 4. 5. 1 Pass with 0xff. 5 Random passes. 27 Passes with special values defined by Peter Gutmann (a leading cryptographer). Rename the file to random value. Truncate the new file.
Between each pass the file is also opened by O_SYNC mode and then an fsync() call is made.
Deleting a folder Deleting a folder is as simple as deleting a file. Let’s say you have the folder ~/secret_stuff that needs to be deleted for good. To do this with srm you would use the -r (recursive) switch like so: srm -r ~/secret_stuff Depending upon the size and the amount of the directory contents, the deletion will take some time. Clearing free space If you have installed and re-installed OSes on your computer, you could very easily have residual files remaining in the free space of your current installation. You can ensure that space is free of any traces of files or folders with the command sfill. There are two things about this command you need to know: You have to have admin rights (so you have to use sudo) and you have to know the mount point of the free space. This command is very slow, so make sure you give it plenty of time to run. Let’s say you have a drive attached to your machine that has been used a number of times and is mounted to /media/external. To completely clean out the free space on this drive you would issue the command: sudo sfill /media/external After some time the free space on that particular drive would be completely free of any trace of directories or files. http://www.ubuntugeek.com/tools-to-delete-files-securely-in-ubuntu-linux.html
*********************************
Install the Nautilus Actions Configuration utility
First, install the nautilus-actions package, which provides a graphical utility for editing the Nautilus right-click menu. We’ll use this utility to add the secure delete option. You can install the nautilus-actions package by using the following command: Fedora Ubuntu
sudo yum install nautilus-actions sudo apt-get install nautilus-actions
Once installed, you can configure the new menu option. Configure the new menu option Now you should have an option in the Preferences menu called “Nautilus Actions Configuration.” This will allow you to specify the new option for securely deleting files from the file manager. Click the “define new action” button (or select it from the file menu). Specify the information as shown below (feel free to use whatever text you want as the label and tooltip; this is up to you!):
Next, click the “Command” tab. This is where you’ll specify what the new menu item will actually do when it’s clicked. As you see below, I am using the shred program as my securedelete method, which is located at /usr/bin/shred. For the parameters, I need to specify -u in order to have shred delete the file once it’s been overwritten.
Clicking the “legend” button shows that the option to pass a list of files to the command line is %M. So my full parameters string becomes “-u %M”. You should feel free to customize the command however you like, by reading the manager for the command you are using, and by referencing the legend to figure out which substitution strings to use. For example, you might want to use the “-z” option for shred, which will use a final pass of zeros, to “hide” that the file has been shredded, or the “-n” option to specify the number of passes to use. Finally, you’ll want to set the conditions under which the menu item appears. In the “Conditions” tab, I’ve selected for the secure delete option to appear only when files are selected, and to allow it to be used on multiple files at once. Here is how my Conditions tab looks:
With that, double-check that you’ve entered everything correctly, and click “Save” in the file menu. Test it out That’s all you need to do — the only thing left is to test that it works. Find some files you want to shred, or create a few dummy files (obviously don’t use this on data you need to keep!). you
can use a bash “for” loop to create a few test files, and then opened Nautilus to the directory where you put them.
Selecting them all and right-clicking, I see the secure deletion option. Clicking it and watching in “top” shows that it is working correctly. Those files are gone! You can use this for anything! The nautilus-actions utility can be used for more than just adding secure-deletion options to the file manager; you can use it to execute any command-line operation you want
Basic of using bash for loop
Basic Syntax The “for” loop is useful when you want to repeat an operation multiple times, for example, on multiple files, or for multiple inputs. The basic syntax of the “for loop” is as follows; you can type each line into your shell one line at a time: for x in $y do some_command done Let’s examine this a little more closely. On the first line, we the “for” statement, which says that, for every item in variable $y, which presumably is a list of items, make the variable x equal to that item in $y. The for loop will then execute all the commands between “do” and “done”, once for each item in $y. To see what this actually does, you can build a very simple for loop:
for x in 1 2 3 4 5 do echo “Hello, world, ${x} times” done The output of this will be simply, Hello, world, 1 times Hello, world, 2 times Hello, world, 3 times Hello, world, 4 times Hello, world, 5 times In reality, this is how it should appear in your terminal:
Not a very useful loop, but now you can see how the basics work.
A more useful loop Once you understand the fundamental structure of the “for” loop, it is easier to build a useful command. For example, let’s say that you want to rename a bunch of files in some predictable manner; perhaps, you want to move all the “.txt” files to “.txt.old”. It would take a very long time to do this with the GUI, and probably just about as long with the command line if you didn’t use a loop. But the for loop makes it trivial: for eachTxtFile in *.txt do mv ${eachTxtFile} ${eachTxtFile}.old done The above snippet will rename all files that are in the current directory, and end with .txt, to their current name, with “.old” appended. Now what would have taken a significant amount of tedious labor in the GUI is done in just a few seconds, because you’ve used a simple for loop. For loop ranges Sometimes you want to repeat a certain command several times, like in the above “hello world” example, but more times than you’d like to type out. Bash has a built-in function for this, which
allows you to specify a range to act on. For example, the above Hello World example can be simplified, using a range: for eachNumber in {1..5} do echo “Hello, world, ${x} times” done Or, perhaps you want to create a thousand files. This might take all day by hand, but automating it with a for loop can complete the task in just a second: for eachNumber in {1..1000} do touch $eachNumber done These are all very basic loops, but you can probably see how they can quickly become huge time-savers.
Another explanation of securely delete data under Ubuntu/Linux
Shred is installed in Ubuntu by default and can delete single files. Wipe is not installed by default but can easily be installed with using Ubuntu Software Center or if you understand the command line you can install it with apt-get install wipe. Wipe is a little more secure and has nicer options. It is possible make access to these program's easy by adding it as an extra menu option To add the securely wipe option, it's required to install these two programs wipe and nautilusactions If the two programs are installed follow the following steps. If they are not installed use the Ubuntu Software Center to install them or on the command line simply type apt-get install nautilus-actions wipe Open the "Nautilus Actions Configuration" from the System -> Preferences menu
We have to add a new action. To do this, start clicking on the "create new action button", the first option in the toolbar
Next is describing the new action. You can give the action every name you wish. Fill out this title in the "Context label" field. In this example we used "Delete file securely"
Click on the second tab ("Command"), here is how we specify the action we want. In the field "Path", type "wipe" In the field parameters type "-rf %M" Please be sure about the capitalization of all characters here, this is very important.
Next is specifying the conditions, click on the conditions tab and choose the option "Both" in the "Appears if selection contains..." box. With this option you can wipe both files and folders
securely. If done, click the save button (second item on the icon bottom toolbar) or use the menu File->Save
Now close the Nautilus Actions Configuration tool. Unfortunately, after this, you have to relogin into your system, so ether reboot or logout/login.
Now browse to the file you want to securely delete and right click:
Choose 'Delete File Securely'. The file will then be wiped 'quietly' - you do not get any feedback or notice that the process has started or stopped. However the process is underway. It takes some time to securely delete data and the bigger the file the longer it takes. When it is complete the icon for the file to be wiped will disappear. If you would like to add some feedback you can change the parameters field in Nautilius Actions Configuration tool to this: -rf %M | zenity --info --text "your wipe is underway please be patient. The icon of the file to be wiped will disappear shortly." The above line will tell you the process is underway but you will not know the file is deleted until the icon disappears.
Securely delete data under MacOSX
There are basically to build-in steps to make to securely delete your data on Mac OSX. 1. Erase the free-space on your hard-drive containing all the data of items which are deleted in an unsecure way. 2. Make sure that every file from then on is always securely deleted. We start with the first one: Erasing Free Space 1. Open Disk-Utility which resides in the Utilities folder inside the Applications folder. 2. Select your hard drive and click on 'Erase Free Space'.
3. Three options will appear, from top to bottom more secure, but also they take much more time to complete. Read the descriptions on each one of them to get an idea from what will happen if
you use them and then choose which one might suite your needs the best and click 'Erase free Space'. If time is no issue, then use the most secure method and enjoy your free time to get a good coffee while you Mac crunches away on this task. If the crooks are already knocking on your front-door you might want to use the fastest way.
Securely Erasing Files Now that your previously deleted data is once and for ever securely erased you should make sure that you don't create any new data that might be recovered at a later date. 1. To do this open the finder preferences under the Finder Menu.
2. Go to the advanced tab and tick 'Empty trash securely'. This will make sure that every time you empty your trash all the items in it will be securely deleted and are really gone!
Note: Deleting your files securely will take longer than just deleting them. If you have to erase big portions of unimportant data (say your movie and mp3 collection) you may want to uncheck this option before doing so.
CCleaner - Secure File Deletion and Work Session Wiping
CCleaner is an easy-to-use and efficient program, essential to protecting your digital privacy and security. By permanently deleting (or wiping) your browser history, cookies, other temporary files created during your work session, as well as free space on the disk, CCleaner limits the ways in which hostile or malicious parties can monitor your work habits and preferences or infect your system.
Homepage www.ccleaner.com Computer Requirements
All Windows Versions GNU Linux, Mac OS and other Microsoft Windows Compatible Programs Another excellent temporary file removal and shredder tool compatible with GNU Linux and Microsoft Windows is BleachBit: http://bleachbit.sourceforge.net . BleachBit lets you wipe temporary files in 70 of the most popular applications, operating system temporary files and free hard disk space. An open-source program with a portable version, BleachBit is available in 32 languages. Ubuntu Linux users can also refer to the Cleaning up all those unnecessary junk files… http://ubuntuforums.org/showthread.php?t=140920 guide to learn about cleaning your system. Mac OS users will appreciate free tools from Titanium’s Software, OnyX and Maintenance: http://www.titanium.free.fr to erase traces of your work session. To securely wipe your Trash, open the Finder menu and then select Finder > Secure Empty Trash.... To always securely wipe your Trash, select Finder > Preferences and then click the Advanced tab. Next, check the Empty Trash securely option. To wipe free space on the disk, run the Disk Utility system application, select the disk partition, choose Erase tab, and then click the Erase Free Space.. button.
Things you should know about this tool before you start The default settings on your computer system or an Internet browser automatically collect and create a data trail that a knowledgeable hostile or malicious party can follow - not unlike a hunter with its prey. Every time you use an Internet browser or word processor, or program, temporary data and files are generated and stored on your computer system. It could also generate lists of recently viewed documents or web pages. For example, whenever you type a web address into your Internet browser, a list of those addresses beginning with that/those letter(s) may be displayed as follows:
An Internet browser address bar displaying different URLs. Although browser histories may be convenient, they also let someone identify the web sites you have visited. Moreover, your recent activities may be exposed by temporary data collected from images that appear on those web sites, including email messages or information typed into Internet forms. To remove temporary data created every time you use a program, you would have to open each individual program directory, identify and then manually delete its temporary program files from there. CCleaner simply displays a list of programs and lets you choose the program(s) from which all temporary files should be deleted. Important: Although CCleaner only erases temporary files, and not the actual documents saved on your computer
Portable CCleaner
There are no other differences between Portable CCleaner and the version designed to be installed on a local computer. Step 1. Click http://www.piriform.com/ccleaner/download/portable to be directed to the appropriate download site. Step 2. Click to save the installation file to your computer
Step 3. Set your destination to removable disk and install the content there like below:
The CCleaner program extracted to the destination folder on a designated external hard drive Step 9. Double click to launch Portable CCleaner.
How to Configure CCleaner To configure CCleaner, perform the following steps: Step 1. Either click CCleaner console. or select Start > Programs > CCleaner to activate the Piriform
Step 2. Click
to activate the following screen:
The Options window displaying the default About pane Step 3. Click to activate the Settings pane. The Settings pane lets you choose the language you are most comfortable working in, and determine how CCleaner will delete temporary files and wipes drives. Note: The Secure Deletion section appears with the Normal file deletion option enabled. Step 4. Click the Secure file deletion (Slower) option to enable the drop-down list. Step 5. Expand drop-down list and select the DOD 5220.22 M item from the Secure file deletion (Slower) option to resemble the following screen:
The Settings pane displaying the Secure Deletion options
After you have set this option, CCleaner will overwrite the files and folders you have selected for deletion with random data, effectively wiping them from your hard disk. The passes in the Secure deletion drop-down list, refer to the number of times your data will be overwritten by random data. The greater the number of passes selected, the more times your document, file or folder will be overwritten with random data. This reduces the recoverability of that document, file or folder, but increases the length of time required by the wiping process.
How to Delete Temporary Files in CCleaner
How to Delete Temporary Files In this section, we will learn how to delete all the temporary files created by Microsoft Windows and most applications that you use on your computer. Step 1. Click or select Start > Programs > CCleaner to activate the CCleaner console.
Step 2. Click the following screen:
to activate
The CCleaner console displaying the Cleaner pane
The Cleaner window is divided into two panes, the left pane displaying the Windows and Application tabs and the right pane featuring an empty space to display information or results from a given cleaning operation. The Analyze and Run Cleaner buttons are located beneath that space.
The Windows and Applications tabs with all options checked Note: By using the following steps, you will delete temporary files for the items you have checked in both the Windows and Applications tabs. Given that different users have different programs installed on their computer, your own list of applications may vary somewhat from the example in Figure above.
Step 3. Scroll down the Windows and Applications tabs and check all the options in the Advanced section too. As you check some of the options, a warning confirmation dialog box appears, explaining what each option will affect:
An example of a Warning confirmation dialog box Note: Check all the options in the Windows and Applications tabs to enable a full and thorough cleaning of the temporary files. However, it is essential that you understand what kind of configurations and settings are being deleted. Warning: By checking the Wipe Free Space option, you will significantly extend the amount of time required for the cleaning process; as such, ensure you have at least an hour or more for this. Step 4. Click available for deletion. to generate and view a list of the different temporary files
Tip: Close all other programs before you begin the cleaning process. If you leave them open, CCleaner may not remove all the temporary files associated with those programs, and you may receive pop-up notices resembling figure below.
An example of a notice to close Firefox/Mozilla Step 5. Click to continue listing the files for deletion.
An example of a list of temporary files for deletion Note: CCleaner only deletes the temporary files generated whenever you use an application – and not the application itself. In Figure above for example, the Applications – Office 2003 program suite remains installed on the computer, but its temporary files have been deleted. However, to use CCleaner to uninstall a program, please refer to Advanced Options, FAQ and Review, section How to Uninstall Programs Using CCleaner. Step 6. Click following screen: to begin deleting these temporary files, and activate the
Confirmation dialog box
Step 7. Click to delete these temporary files as follows; after the deletion has been completed, the results displayed may resemble the following screen:
The file deletion results
You have now successfully deleted your temporary files from both the Windows and Applications tabs using CCleaner.
How to Clean the Windows Registry in CCleaner
Before You Begin CCleaner also lets you clean the Windows Registry, a database which stores configuration information, and hardware and software settings on your system. Every time you alter basic system configuration information, install software or perform other routine tasks, these changes are reflected and stored in the Windows Registry. Over time; however, the Windows Registry accumulates outdated configuration information and settings, including traces of obsolete programs. The CCleaner Registry option lets you scan and remove such information, improving the overall function and speed of your system, as well as protecting your digital privacy and security. Tip: A scan of the Windows Registry should be performed on a monthly basis.
How to Clean Your Windows Registry Using CCleaner
Step 1. Click
to activate the following screen:
The CCleaner user interface in Registry mode
The CCleaner Registry window is divided into a Registry Cleaner list, and a pane used to display information about any problems identified. Step 2. Check all the items in the Registry Cleaner list, and then click to begin scanning for registry-related problems to be fixed; after some time, your results may resemble the following:
The results pane displaying a list of problems to be fixed As a precautionary measure before you begin fixing the Windows Registry, you will be prompted to save a backup file of your registry. If a problem occurs after the Windows Registry has been cleaned, you may restore the Windows Registry to its original state using this backup file. Step 3. Click to activate the following confirmation dialog box as follows:
The confirmation dialog box Note: If you forget where you have stored your backup registry file, simply perform a search for a .reg file extension.
Step 4. Click
to create a backup of your registry, and activate the following screen:
The Save As location browser Step 5. Click following dialog box: after you have chosen a location for your backup file, to activate the
The Fix Issue/Fix All Selected Issues dialog box Advanced or expert level users will appreciate the ability to fix some problems and ignore others, depending on their requirements. Average users and beginners are recommended to simply fix all the selected issues.
Step 6. Click would like to. Step 7. Click
or
to view each problem, and then click
to fix only those you
to fix all the selected issues.
The Windows Registry has now been successfully cleaned. Tip: Repeat steps 3 to 6 until you no longer see any problems to be fixed.
How to Recover Your Registry Backup File If you suspect that cleaning the Windows Registry has caused a problem with the functioning of your system, the registry backup file you already created can be used to restore the original registry and reduce interference with your system. To restore the original registry, perform the following steps: Step 1. Select Start > Run to activate the Run confirmation dialog box and then type in regedit as follows:
The Run confirmation dialog box Step 2. Click to activate the following screen:
The Registry Editor Step 3. Select File > Import from the menu bar to activate the Import Registry File screen, and . then select Step 4. Click to activate the following confirmation dialog box:
Another Registry Editor dialog box confirming the registry backup file has been restored Step 5. Click to complete the restoration of the registry backup file.
Advanced Options, FAQ and Review
Advanced Options Two CCleaner features which could improve the overall efficiency of your computer system are the Uninstall and Startup features are described in the sections that follow. Also, you will learn how to permanently delete or wipe any free space on a specified drive.
How to Uninstall Programs Using CCleaner Important: Make sure the program to be deleted or uninstalled is not essential to the proper functioning of your computer system before you begin doing so. By deleting unused or unwanted previously installed software before running CCleaner, you may also remove their temporary files and folders. This may reduce the number of temporary files and folders to be deleted, as well as the length of time for the cleaning process. The CCleaner Uninstall feature is the equivalent of the Microsoft Windows Add or Remove Programs feature. The Uninstall feature lists the programs more clearly and quickly. To begin uninstalling obsolete programs, perform the following steps: Step 1. Either click CCleaner console. or select Start > Programs > CCleaner to activate the Piriform
Step 2. Click
and then click
to activate the following screen:
The Tools option displaying the Uninstall pane Step 3. Select a program from the Programs to Remove list, and then click uninstall the selected program. to
Tip: Advanced or experienced users will find the Rename Entry and Delete Entry features useful in keeping the existence of certain software private. Either feature ensures only you know about the existence of this program, keeping it safe from hostile or malicious parties which may use the Microsoft Windows Add/Remove Programs feature or CCleaner to view them. Step 4. Click to rename that program. Alternatively, click delete a program from that list, but without actually uninstalling it. How to Disable Auto-Start Programs in CCleaner An auto-start program is configured to automatically start itself whenever you turn your computer on. Auto-start programs may start making demands on finite system resources, and slow down your computer at start-up time. to
Step 2. Click
and then click
to activate the following screen:
The Tools option displaying the Startup pane Step 3. Select a program from those listed in the Startup pane and then click to disable the program so it does not automatically start running when you turn on your computer.
How to Wipe Free Disk Space Using CCleaner In the Windows operating system, deleting a file merely removes a reference to that file, but may not remove its actual data. Although the area of that drive will eventually be overwritten with new files over time, a knowledgeable individual could rebuild either all or sections of that file. However, you can prevent this from happening by wiping the free space on your hard disk. CCleaner also lets you wipe the Master File Table. The Master File Table (MFT) is an index of all file names, their locations, and other information. When Microsoft Windows deletes a file it only marks the index entry for that file as deleted for reasons of efficiency. The MFT entry for the file and the content of the file continue to reside on the hard disk. Note: Performing a hard disk and Master File Table wipe consumes a considerable amount of time, and the amount of time required depends on the number of passes set. Before you can begin wiping the empty spaces on your hard disk and Master File Table, certain options must be set in both the Options > Settings and Cleaner panes.
To set the drive you would like to wipe, perform the following steps: Step 1. Scroll down the list to check both the Secure Deletion and Secure file deletion (Slower) options, and then select if you have not already done so.
Step 2. Click
and then click
to activate the Settings pane.
Step 3. Check the Wipe Free Space drives and Wipe MFT Free Space options as follows:
The Settings panes with both Wipe options checked
Step 4. Click
to activate the Piriform CCleaner main console.
Note: The next step is optional if you have already enabled this section when performing a routine cleaning your temporary files. Tip: Remember to close all the other programs before you begin the wiping process. If you leave them open, CCleaner may not remove all the temporary files associated with those programs. Step 5. Scroll down the Windows tab to the Advanced section and then check the Wipe Free Space option to activate the following warning:
The Warning confirmation dialog box Step 6. Click and then click to activate the following screen:
The confirmation dialog box Step 7. Click Table. to begin wiping the empty spaces on your hard disk and Master File
On Microsoft Windows apart from Eraser described in this chapter one can also use CCleaner to securely delete files and folders from Recycle Bin. CCleaner can also wipe free space on the disk. Another recommended tool that can be used to securely delete files is Freeraser. On Microsoft Windows apart from Eraser described in this chapter one can also use CCleaner to securely delete files and folders from Recycle Bin. CCleaner can also wipe free space on the disk. Another recommended tool that can be used to securely delete files is Freeraser. http://www.freeraser.com We would also like to recommend the following multiplatform tool: DBAN - Darik's Boot And Nuke: http://www.dban.org . It is a package which you burn onto a CD and start your computer from. DBAN allows you securely delete the whole content of any hard disk that it detects, which makes it the ideal utility for bulk or emergency data destruction.
Using DBAN to wipe the contents of a hard disk
It is possible to use DBAN on a USB drive or CD. You will learn both methods here: Distribution Home Page: http://www.dban.org Download DBAN from http://downloads.sourceforge.net/project/dban/dban/dban-2.2.6/dban2.2.6_i586.iso?use_mirror=autodetect Or: https://sourceforge.net/projects/dban/files/dban/dban-2.2.6/dban-2.2.6_i586.iso/download To make a bootable CD of DBAN, burn the .iso file by a burning software for example: http://www.imgburn.com If you prefer to use USB version of DBAN follow these instruction: Minimum Flash Drive Capacity: 32MB (11MB free space) DBAN Live USB Flash Drive Creation Essentials
Windows PC to perform conversion dban-2.2.6_i586.iso 32MB+ USB flash drive (fat32 formatted) Universal USB-Installer (does the conversion) Download:http://www.pendrivelinux.com/downloads/Universal-USB-Installer/UniversalUSB-Installer-1.8.8.0.exe and run Universal USB Installer, select DBAN 2.2.6 from the drop down list and follow the onscreen instructions Once the installation to USB is complete, restart your PC and set your BIOS or Boot Menu to boot from the USB device, save your changes and reboot
Notes: The DBAN autonuke feature may also Nuke the Flash Drive (and as usual, any other drive it detects). To prevent DBAN's autonuke feature from wiping the thumb drive, "Remove your thumb drive after DBAN has loaded, but before it has started wiping drives."
Wiping procedure
To start, boot from a bootable CD. This may involve changing the BIOS options to make the computer boot from CD. Use the menus to select Hard Disk Tools, then Wiping Tools, then Darik's Boot and Nuke. Turn on the computer that you would like to clean. You must set the system BIOS to use the CD\DVD drive or USB drives ahead of the Hard disk to boot. Verify the computer is booting to the CDROM drive before the HD,then insert the DBAN CD. PC's vary in the exact requirements to enter the BIOS settings, but usually you press F1, F2 or F12 while the computer is booting.
Once DBAN has booted, you will be presented with the following screen:
DBAN Startup Menu Screenshot
Autonuke The easiest option is to type autonuke, and then press ENTER. This will wipe any fitted hard drives, using the default options. The progress of each hard drive will be displayed in the main, lower part of the screen. The time taken, and an estimate of the time remaining, is displayed in the Statistics box. The screenshot below shows DBAN wiping two hard drives:
When DBAN is finished, it will display a message similar to the one below:
Interactive Mode Interactive mode allows greater control. To start DBAN in interactive mode, just press ENTER at the DBAN start screen. When DBAN has started, you will be presented with the following screen:
At the above screen, click the letter “M” for method and select “RCMP TSSIT OPS-II” by pressing “ENTER.” This method is recommended for sensitive data, and is recommended by the Canadian Government for material up to and including Secret material. Now press the “Space” key. This will select your IDE drive that you would like to wipe clean. If you would like to choose a different drive to clean, then use your “Arrow” keys to select the drive and press the “Space” key to select the drive. Warning: All data will be lost including the operating system and all programs. This is not a reversible process! After selecting your drive, your screen should say 'wipe'-Since you just selected the disk to wipe clean, now it is time to start the cleaning process. At this time press the 'F10' key. This is the point of no return and will start the cleaning process. Both the 'DoD' and 'RCMP TSSIT OPS-II' process will take a while to finish. Please plan on allocating at least 12 hours for this process until succeeded.
Who is speaking?
We let the cops, experts in the field to devote their time while we have better things to do. Although it is so hard to explain into the words all details related to offline security. We know very well the operation of operating systems, and particularly that of Debian GNU / Linux. We have a strong foundation in cryptography, but are very far from being able to claim any expertise in this area. Although we have done this project to support digital privacy:
But
Depend on the political positions and the invasion to our privacy, we can shift from: Good to Evil
