Hardening Linux?

A

Aether

Guest
I know the basics. I'm familiar with the functionality of the OS. I know tails and whonix. The nature of Linux is fairly secure, but I want it better. As far as network security, there are firewalls and intrusion detection systems, but how can I configure it to be as stealthy and encrypted as possible? I'm not really concerned with internet levels security. LUKS isn't good enough for me as far as disk encryption. I just want the most secure thing possible. Multiple layers of encryption, using something stronger than AES-256 or RSA. Both are broken, backdoored or will soon be. I've considered ECC, but I can't hardly grasp it. Any ideas or suggestions?
 


If your looking for encryption I would recommend looking at truecrypt. It is open source and so less likely to have any backdoors ect. If you have the skill you can even double check the code your self.

On top of that it offers several features I think you would be interested in, such as having up to 3 layers of encryption using different styles. It also have some nice features as far as "plausible deniability" meaning that you can hide an entire OS in an encrypted area that is hidden within your encrypted disk.

If done properly then the hidden area should be impossible to detect. This means that even if your forced to give up the key to your hard drive you can still have protected files. They can't force you to give up the key to an area that may or may not exist......
 
They can't force you to give up the key to an area that may or may not exist......
That may depend on your country and law.
 
I used truecrypt when I was using windows, I really like it's features but it doesn't have the option for whole disk encryption on Linux when I last downloaded it. I could have just missed it. I do really like the hidden volumes. Truecrypt makes me nervous because there is hard evidence that the NSA has tampered with encryption software and algorithms in the past. Privacy is a capital crime these days. Regardless I would very much like to implement the cascading encryption, all with independent keys with the whirlpool hash function. As a 17 year old kid I might say it's a daunting task. I really don't know where to start. I'm in it for the long run so my main adversary is the quantum computer. Shor's algorithm can break AES-256 and it's not far off. Some sort of polymorphic eliptic curve algorithm, I don't know. But as far as going beyond very secure passwords, a good firewall and IDS, minimal packages, single user account, and secure network hardware, I must find ways to increase security.
 
That may depend on your country and law.

Not really, If you use it correctly then it is impossible to tell the area exists. I don't care who you are, you can't force me to tell you something that you can't even prove exists. To try and force it out of someone would mean running the risk of trying to force someone to give you something they do not have.
 

Members online


Top