Академический Документы
Профессиональный Документы
Культура Документы
Volume 1
May 2012
'Security is a not a product, but a process.' It's more than designing strong cryptography into a system; it's designing the entire system such that all security measures, including cryptography, work together. Bruce Schneier
2012 Anna farahmand - Micheal Webber The copy write belongs to the authors. ---No legal action will be entered into regarding the copying printing or sharing of this document in its unaltered form so ...........please copy upload and share the wisdom of this document.................. No profiting from sales of this of this document will be tolerated. (Micheal Webber)
Find more from Anna Farahmand and Michael Webber by Google them or here: http://www.scribd.com/annafarahmand
Content
Preface Some basics on computers Machines to process data The material The motherboard Processor The RAM The hard drive Other devices The BIOS Electricity, magnetic fields and radio waves Software The operating system Applications Libraries The data storage The scores File systems File formats Virtual memory (swap) Marks on all floors In RAM In virtual memory Standby and hibernation The day before Hibernation Newspapers Automatic backups and other lists Metadata Malware, spyware and other cookies Malware Keyloggers or keystroke loggers Printing problems? A bit of Steganography Memory, more ... Some illusions of security ... Proprietary software, open source, free The metaphor of the cake Proprietary software: blind faith The advantage of having the recipe: free software The password of an account does not protect its data About the "delete" files 11 14 14 14 15 15 17 18 19 19 20 21 21 22 22 22 22 23 23 24 24 25 26 26 26 27 27 27 29 30 31 33 34 34 35 35 35 35 36 37 39 39
Deleting a file does not delete the content ... Beginning of a solution: rewrite several times over the data Some limits of the rewriting The discs 'smart' File systems "smart" What they do not know ... Many other times we "erase" how to leave no trace? Portable software: a false solution One way to protect themselves: cryptography Protect data from prying eyes How does cryptography work? Want a picture? For a hard drive... Summary and limitations Ensure the integrity of data The power of the chopper Check the integrity of software Verify a password Symmetrical, asymmetrical? Choose appropriate responses Risk Assessment Define a security policy A matter of compromise How? A few rules Simple Vs. complex White list, black list We're not robots Use-by date Use case Use case: a new beginning, never to pick up the pieces Context Assess the risks Define a security policy First step: just open the eyes to see Second step: the dresser drawer was not encrypted Third step: the law as a means of coercion Step Four: Networking Angle: a breach in the encryption system used Angle of attack: cold boot attack Angle: the eye and video surveillance Angle: the non-encrypted and BIOS Angle: malware Angle of attack: brute force Working on a sensitive document
39 40 40 41 42 43 43 43 43 45 45 46 48 49 50 51 52 53 54 55 55 55 57 57 58 58 59 59 61 61 61 62 62 63 64 64 64 65 66 66 67 67 68 68 69 69
Working on a sensitive document on a live system ... Working on a sensitive document on a Debian encrypted ... Working on a sensitive document on Windows ... Starting point: windows or a sieve of security holes Second step: Windows in a locked compartment (almost) tight Install Virtual Box Install Windows "clean" in Virtual Box Install the necessary software in the Windows "clean" Freeze "clean" Windows New project, new beginning When the project is completed Another new project? Third stage: possible attacks and measures Common limitations to these security policies Use case: archive a completed project Tools Use a terminal Terminal? Terminal administrator? Choose a passphrase Boot from a CD or USB stick Use a live system Discrete systems live Download a live system Verify the authenticity of the live system Install the system live on the selected media Boot from a live system Install an encrypted Limitations Use a USB key Check fingerprint of the installation media Prepare the Installation Media The actual installation Some tips to keep Some documentation on Debian and GNU / Linux Select, test and install software Find Software Find an application Install a Debian package How can I change Debian's repositories Erase data "for real" Delete files and their contents ... Add to Nautilus a command to delete files and their contents Delete a whole disk "for real" Clear all the contents of a disk Find the device path Launch the shred
73 74 76 76 76 77 77 78 78 79 81 81 81 82 83 85 86 90 93 93 99 99 100 101 101 103 103 104 106 106 106 110 114 115 115 116 116 121 122 126 129 130 133 133 133 134
Use the disc Delete the contents of a LUKS encrypted partition Make unrecoverable data already deleted Add a command for Nautilus to make unrecoverable the data already deleted Partition and encrypt a hard drive Prepare a hard Create an unencrypted partition Create an encrypted partition Use an encrypted hard drive Back up data File Manager and encrypted storage Making backups Restore a backup Ensure that backups are always readable using Already Dup Make a backup Restore a backup Ensure that backups are always readable Create a "user" account on a Debian system Remove a "user" account on a Debian system Share a secret Use the checksums Get the checksum of a file Check the integrity of a file Allow others to verify the integrity of a file Make a checksum in graphical mode Install and use a virtualized system Install Virtual Box Install a Windows virtualized Save an image of a clean virtual disk Delete virtual machine "for real" Create a new virtual machine from a clean image Send files to a virtualized system Bring out the files in a virtualized system Keep an updated system Maintain a live system Maintain an encrypted system The daily updates of an encrypted system Transition to a new stable release Security-focused operating system Feel the love of free and open source software Terminal-The Command Line Windows Command Prompt Linux Installing Ubuntu Linux Encrypted Ubuntu 8.04
135 135 138 140 143 145 147 147 148 149 150 150 150 150 151 152 153 153 153 155 158 161 161 162 162 162 165 165 167 169 170 171 174 175 177 177 177 177 178 185 189 190 207 222 222 229
Full installation of Ubuntu to a USB flash drive Moving WUBI to a USB Flash Drive How to make Ubuntu Live USB from CD Install Debian Live to a Flash Drive from Windows Ubuntu Privacy Remix: UPR Windows How to Install Windows XP How to Install Windows 7 How Setup Windows XP Mode in Windows 7 Xp mode without hardware virtualization Why security matters Human Security Risks evaluations Protection against physical intruder Record passwords KeePass-Secure Password Storage- install and use on different Os Device Security Disk Encryption Setting up LUKS encryption on USB drives eCryptfs TrueCrypt Steganography An example: SilentEye Protect your computer from malware and hackers Avast! - Anti-Virus Spyware-spybot Firewalls Comodo Firewall Information recovery Backup Software: Cobian Backup - Secure File Storage Recuva: Recovering from accidental file deletion Recover and Securely Overwrite Files Using Recuva How to destroy sensitive information Eraser - Secure File Removal File Shredder to securely delete data under Windows Install the Nautilus Actions Configuration utility Securely delete data under MacOSX CCleaner - Secure File Deletion and Work Session Wiping Using DBAN to wipe the contents of a hard disk Who is speaking?
269 273 276 278 284 287 287 295 308 326 340 342 343 343 347 347 373 373 374 379 381 416 433 435 436 448 452 453 464 466 483 495 499 504 516 519 528 531 550 554
Preface
The other side of the digital memory Nowadays, computers, Internet and mobile phones tend to take more and more space in our lives. The making digital often seems very practical: it's fast, it can talk to a lot of people very far away, you can have all your history in photos, we can easily write text... but it has no benefits for us except we follow digital security rules. Indeed, it is much easier to listen quietly conversations through mobile phones in a noisy street, or to find the information you want on a hard drive, rather than a shelf overflowing with papers. In addition, much of our personal information published somewhere, either by ourselves or by others, or because we are encouraged - because the technologies leave traces , or simply because you are not careful. Nothing to hide? "But do not be paranoid, I have nothing to hide," you might respond to the previous statement... Two examples, however, all animals tend to show the opposite: no one wants to see their secret codes or credit card account eBay fall into any hands and nobody likes to see his home address was published on the Internet in spite of himself... But beyond these stupid questions in defense of private property, privacy should be a challenge in itself. First, it is because of what is allowed or not allowed with a computer. Those arrested for digital activities did not please their government languishing in prison in every country in the world not only in China or Iran. Also, what is allowed today, how do you know what will happen tomorrow? Governments change, laws and situations as well. If we do not have to hide now, for example, regular attendance at a militant website, how to know what will happen if it is linked to a process of repression? The traces have been left on the computer ... and could be used as incriminating evidence. Last but not least, at the time companies control more and more paranoid, more and more determined to track down the subversion and see behind every citizen a potential terrorist and, hiding in itself becomes a political issue. Nevertheless, many people, work for governments as employers, advertisers, or the cops , have an interest in obtaining access to our data and the information because of global economy and politics.
All this may lead to think that we do not want to be controlled by a "Big Brother" whatsoever. It already exists or that it anticipates its emergence, the best is probably to ensure that it cant be used against us by all wonderful tools that we offer and modern technology. Also, all have something to hide, even if only to clean their tracks! Understand in order to choose This section is an attempt to describe understandable terms in the digital world, a focus on some ideas to better understand what we are exposed in use of a particular tool. So, be able to sort through the all "solutions" more or less dangerous, and what they do not protect. In reading these pages, you may feel that nothing is really safe with a computer, well, that's true. And it is false. There are tools and appropriate uses. Often the questions are not so much "should be used or not these technologies?But rather" when and how to use (or not)? " Take the time to understand Software are easy to use by our brains ... if we allow easy use of computers, they also made us take off on the ends of life assigned to them. With the acceleration of computers, our connections to the Internet are very fast. With the mobile phone and Wi-Fi, signal to get a telephone or to connect a network cable to the computer to communicate is already obsolete. Be patient, take the time to learn or think would become superfluous: we want everything right away, we want the solution. But this involves many decisions to assign. This guide is intended to propose alternative solutions that require taking the time to understand and apply. Apply its practices for the digital world. We urge you to build your raft around and do not forget to take this guide and send your comments to us. A "guide" This guide is an attempt to bring together what we learned during years of practice, error, reflection and discussion to share. It involves the technologies very quickly .To make it more digestible, we divided all we wanted to tell in several sections. The computer in the first section is offline so threats, desires and responses are different as well. The technology is changing rapidly. It is clear that it is always the case. During 2011-2012 we saw the publication of a serious study on the persistence of data protected on USB drives, SSDs and other flash memory. Conclusion: encryption and full overwritten appear to be the only strategies with minimum guarantees. New laws authorize or make mandatory the installation of software that can only be seen as malicious in terms of security.
This recalls, if necessary, the need to take seriously the continuing threats in our digital world. In terms of tools, in February 2011 we saw the release of new version of Debian, called "Squeeze" and In April of that year version 0.7 of the Tails live system based Squeeze released. It was therefore necessary to review the tools to operate on these new systems. The creation of encrypted disks is greatly simplified with these new versions: you can now make the bulk of the operation without the need for a terminal. Installing VirtualBox is also easier. Debian Squeeze contains software to make backups in a few clicks on the section has been expanded. And for those who have already installed a previous version of Debian (Lenny), a new tool explains how to upgrade to Debian Squeeze. With this revision, we hope this guide be a companion in crossing the digital jungle ... at least until the next one. Faced with the complexity of computer and digital, the amount of information to swallow in an attempt to gain some practical self-defense can seem overwhelming. It certainly is for those who seek to understand everything at the same time... This first volume will concentrate on the use of a computer "offline" - before any connection. But there are also more general valuable knowledge whether the computer is connected to a network or not.So we put aside until the second volume, threats specifically related to the use of the Internet and networks. Offline for this piece, like the others, we take the time to dwell on the basics, their implications in terms of security / confidentiality / privacy . After the analysis of use cases, we can look at some practical recipes. Here we want to use fuzzy concept: something that revolved around the possibility of deciding what is revealed, to whom it reveals, and what is kept secret, something that would also include some attention to foil attempts to penetrate the secrets. One last point before we jump into the water: the illusion of security is much worse than a clear conscience of a weakness. So take the time to read the first parts before we throw our keyboards ... or even to throw our computers out the window.
Machines to process data Computers are machines invented to care information. They so precisely record, process, analyze and classify information, even in very large quantities. In the digital world, copying information costs only a few micro-watts, in other words not much: it is essential to have that in mind if we limit access to information. You just have to consider that information on a computer (and even more when it is on a network) to accept that this information can escape. This guide can help to limit the damage, but it should still take note of the reality.
The material Sum of components connected to each other, our computer is first an accumulation of data, we can touch, move, hack, break. The entire screen / keyboard / power (or CPU), or the laptop, is useful when you want to simply plug it to the right place. But to know what happens to our data, a more detailed examination is needed. We consider here the contents of a "classic computer, sometimes called PC. But we will find most of these components with slight variations on other machines: Macs, mobile phones, "box" Internet connection, MP3 player, etc...
The motherboard
A computer is mostly composed of electronic components. The motherboard is a big circuit board that connects most of these elements. On the motherboard will connect at least one CPU, RAM, a storage system (hard drive), a component to start the computer (BIOS) and other cards and devices as required. We will soon make a small tour through all that to have a idea of how it will be useful later.
Processor
The processor (also called CPU, central processing unit) is the component that handles the processing of data. To represent the work of a processor, the most usual example on which to rely is the calculator. On a calculator you enter data (numbers) and operations to make it (addition, multiplication or otherwise) before examining the results, possibly to use it then as a basis for further calculations. A processor works exactly the same way. Using data (which can be a list of operation to perform), to run the chain. It is only that, but it does very quickly.
But if the processor is a simple calculator, how can we then perform processing of information that is not numbers, for example text, images, sound or moving the mouse? Simply by turning it into whatever number is not, using a previously defined code. For the text, it can be, for example A = 65 , B = 66 , etc.. Once this code set, you can scan your information. With the previous code, we can for example convert "GUIDE" in 71, 85, 73, 44, 69 . This series of numbers used to represent the letters that make our word. But the scanning process will always lose information. For this example, the passage loses the specificity of the handwriting; letters are equally hesitant to "information." When things pass through the sieve of the digital world, we always lose some pieces necessarily. Beyond the data, the operations that the processor must perform are coded as binary numbers. A program is a series of instructions, handled like any other data.
Inside the computer, all these numbers are themselves represented by means of electrical states: a lack of current, or current presence. So there are two possibilities, the famous 0 and 1 that can cross over the place. That's why we talk about bi-nary. And only with a bunch of son and several billion transistors (switches, not so different from those to turn on or turn off the light in a kitchen) that data processing is done. All processors do not work the same way. Some are designed to be more effective for certain types of calculation, the other to consume less energy, etc.. Moreover, all the processors do not have exactly the same instructions. There are large families, called architectures. This is important because a program designed to run on a given architecture does not usually work on another.
The RAM
The memory (RAM or Random Access Memory) is often presented in the form of strips, and plugs directly into the motherboard.
A bar of RAM
The RAM used to store all software and open documents. This is where the processor fetches the data to process and store the results of operations. This information must necessarily be present in a form directly usable to perform the calculations. Access to RAM is very fast: just the time is needed to connect the processor to the memory box to read (or write). When the RAM is not powered by electricity, its data become unreadable after a few minutes or hours, depending on the model.
A hard drive 3 inches Since the RAM is erased due to power off, the computer needs another place to store data and programs between each running computer. It is also referred as persistent memory or read-only memory: a memory in which the written information remain even without power. The solution is generally a hard drive. It is often a metal shell in which there are multiple disks that rotate without stopping. These discs are tiny pieces of iron. Above of each disk are read heads. Using magnetic fields, the latter detect and alter the position of pieces of iron. This is the position of pieces of iron that can encode the information to be stored. This mechanism is much slower - about 50 times than access to the RAM. But, it's easier to put much more information. The information on a hard drive is of course materials, but also programs and all the data they use to work like temporary files, logs, backup files, configuration files, etc... The hard disk memory retains a semi-permanent and almost complete for all kinds of signs that speak of us, what we do, with whom and how, once you use a computer.
Other devices
With only one CPU, RAM and storage media, you get a computer already. Other devices can be a keyboard, mouse, monitor, network adapter (or wireless), DVD player, etc... Some devices require additional chips so that the processor can access it. These chips can be soldered directly to the circuit of the motherboard (this is typically the case for the keyboard) and then require the addition of a more circuit, delivered as a map. To reduce the number of specific chips (and therefore expensive and complicated to develop), systems access devices tend to become uniform. For example, the standard USB (Universal Serial Bus) is increasingly used to connect printers, keyboards, mice, additional hard drives, network adapters, or what is commonly called the "USB".
The BIOS
Award BIOS chip on a motherboard To start the computer, you must give the processor a first program, in order to load the programs to be executed next. This is usually the role of the BIOS (Basic Input / Output System, or base I / O system). This is tiny software contained in a memory chip on the motherboard. This memory is part of a third type: the flash memory. It is a memory that retains information when it is off, but we cant replace the content in an operation called flashing. Also this type of memory found in the "USB" or "hard" so-called Solid State Disk (SSD). With running this first program on the computer it allows, among others, to choose where the operating system you want to use (which will be loaded from a hard drive, USB key, a CDROM or from the network).
1. Berke Durak was able in 1995 to capture the electromagnetic waves emitted by most of the components of his computer with a simple walkman radio capable of receiving. http://lambda-diode.com/electronics/tempest 2. Sylvain Pasini and Martin Vuagnoux have made scary videos to illustrate their Compromising Electromagnetic Emanations of paper Wired and Wireless Keyboards published in 2009. http://lasecwww.epfl.ch/keyboard
Software
In addition to the amount of physical elements that make a computer, we must also consider the less tangible elements: software. At the time of the first computers, whenever it had run different treatments, we had to physically intervene to change the layout of cables and components. It is far today: the operations to be performed for the treatment of data have become like the others. Data is called "programs" that are loaded, modified, manipulated by other programs. The programs are generally written to try to do one thing and do it well, especially to keep this understandable by humans who design them. It is then the interaction of tens of thousands of programs that will enable them to perform complex tasks for which computers are commonly used today. when you click on a button, it is launching a chain of events, an impressive amount of calculations, which lead to electrical impulses coming to the end to change a physical object (such as we want to burn a CD, a display that changes its LEDs to display a new page, or a hard drive that enables or disables micro-switches to create the sequence binary data that will be a file).
The operating system is usually stored on the hard disk. However, it is also quite possible to use an operating system stored on a USB drive or burned onto a CD-ROM. In the latter case, we speak of live system (no changes can be made on the CD).
Applications
The Software Called "applications" can actually do what you want to ask the computer. An example is Mozilla Firefox web browser, OpenOffice.org for office or GIMP or Adobe Photoshop for image processing. Each operating system defines a method for very specific applications can access the hardware, data, network, or other resources. The applications that you wish to use must be designed for the operating system of the computer.
Libraries
There are libraries for graphical display (ensuring consistency of what is displayed on the screen) to read or write file formats, to connect some network services, etc... If you're not a programmer, you barely need to touch libraries. However, it may be interesting to know their existence, if only because a problem (like a programming error) in a library can affect any software that uses it.
The scores
Like in a cabinet you can put several shelves; you can "cut" a hard drive into several partitions. Each shelf may have a different height, a different classification, depending on whether you want to put books or files, alphabetically or by order of reading. Similarly, a hard disk, each partition can be different in sizes and contain a different type of material: a file system.
File systems
A file system is used primarily to be able to find information in our huge pile of data, such as the contents of a cookbook can directly go to the right page to read the recipe for the evening feast. It may be important to note that deleting a file does that removing a row in the table of contents. Going through all the pages, you can always find our recipe One can imagine thousands of different formats to store data, and there are so many different file systems. It comes to formatting when creating a file system on a media. Given that the operating system that gives programs access to data, a file system is often closely linked to an operating system. For example: NTFS, FAT32 are those usually used by the Windows operating systems, type ext ( ext3 , ext4 ) is often used in GNU / Linux types HFS, HFS + and HFSX are employed by Mac OS X. If the software is adequate, it is nevertheless possible to read a file system that is "foreign" to the system being used. Windows is unable to read and an ext3 partition, unless you install the appropriate software. One consequence of this can exist on a given computer storage spaces invisible to the user because they are not recognized by the operating system (or not accessible to the user), but are in fact present.
File formats
The handled data are generally grouped as files. A file content, has also a name, a location (the folder where it is located), size, and other details as the file system used. But within each file, the data themselves are organized differently depending on their nature and the software used to manipulate them. We talk about file format to differentiate them. In general, it is at the end of a file name, sometimes called extension, to indicate the file format. Examples: for music, we use the MP3 or Ogg, a text document to OpenOffice. Org will be OpenDocument Text (ODT) for images, there will be a choice of JPEG, PNG, format of Adobe Photoshop (PSD), etc.. It may be interesting to differentiate between open formats, details of which are public and proprietary formats, often designed to be handled by specific software.
Proprietary formats have sometimes been observed under the microscope to be opened by other programs, but their understanding is often imperfect and subject to change from one version to another application. This is typically the case with the Microsoft Word format, often referred to .doc .
In RAM
We have seen that the information first is stored on the computers RAM. As long as the computer is turned electric, it contains all the information the system needs. It retains many traces necessarily: keystrokes (including passwords), open files, various events that marked the arousal phase of the computer. By taking control of a computer that is on, it is not very difficult to make it spit out, all the information in RAM, for example to a USB drive or to another computer over the network. And take control of a computer can be as simple as plugging an iPod 1 . Once recovered, the amount of information contained in the RAM on the computer and those who use it can then be exploited... Moreover, if these data become unreadable when turned off, it takes time, however, which may be enough for a malicious person has time to recover what is there. This is called a "cold boot attack": the idea is to copy the contents of the RAM before it had time to fade, so use it later. It is even technically possible to wear at very low temperatures the fresh memory of an off computer - in which case its content can remain for several hours or even days 2 . This attack, however, must be carried out soon after power off. In addition, when using a few large programs (such as a huge image retouching with Adobe Photoshop or GIMP) before turning off the computer, which has left traces in memory above are likely to be overwrite. More importantly, there is software specifically designed to overwrite the contents of the RAM with random data.
1. 0wned by year iPod PacSec/core04 presented at the conference by Maximillian Dornseif. Hacking Computers Over USB on Schneier on Security. http://www.schneier.com/blog/archives/2006/06/hacking_compute.html http://md.hudora.de/presentations 2. Least We Remember: Cold Boot Attacks on Encryption Keys presented to the 17th USENIX Security Symposium (Sec '08), J. Alex Halderman, Seth D. Schoen, Nadia Heninger, William Clarkson, William Paul, Joseph A. Calandrino, Ariel J. Feldman, Jacob Appelbaum, and Edward W. Felten. http://citp.princeton.edu/memory
In virtual memory
As explained earlier, the operating system uses, in some cases, part of the hard drive to help memory. It happens especially if the computer is heavily used, for example when working on large images, but also in many other cases, is unpredictable. The most disturbing consequence of this system, however, is convenient that the computer will write information found in RAM to the hard drive.... potentially sensitive information, therefore, will remain legible after turning off the computer. With a computer configured as a standard, it is illusory to believe that a document read from a USB stick, even with open portable software, never leave a trace on the hard disk. To avoid letting anyone access this data, it is possible to use an operating system configured to encrypt virtual memory.
Hibernation
The hibernation, known in English as suspend to disk, is to save the entire memory on the hard drive and then completely turning off the computer. In its next start, the operating system will detect hibernation, re-copy the backup to the RAM and start working from there. On GNU / Linux systems, the memory copy is usually in the swap . On other systems, it can be in one big file, often hidden. Since it is the content of the RAM is written to the hard disk, it means that all programs and open documents, passwords, encryption keys and others may be found by anyone accessing the hard drive, as long as nothing has been rewritten on top. This risk is limited by the encryption of the hard drive: the passphrase will be required to access the RAM backup.
Newspapers
Operating systems have a strong tendency to write in their journals a detailed history of what they do. These also called logs are useful to the operating system to work, and used to correct configuration problems or bugs. However, their existence can sometimes be problematic. The existing cases are numerous, but the following examples should suffice to give an idea of this risk:
GNU / Linux, the system keeps the date, time and name of the user who logs each time a computer is turned on; always under GNU / Linux, the make and model of each removable media (external hard drive, USB key ...) are usually kept plugged in; Mac OS X, the date of printing and how many pages are in the newspapers; Windows, the event monitor records the name of the software, the date and time of installing or uninstalling an application.
Windows, Microsoft Office can keep the reference of a file name already removed from the menu of the "recent documents", and sometimes even keep temporary files with the contents of the file in question; GNU / Linux, a log file may contain the name of a file previously deleted. And OpenOffice.org can keep as many traces of a deleted file as Microsoft Office. In practice, there are dozens of programs running well; When using a printer, the operating system often copies the file on hold in the "queue". The contents of this file once the file is empty, has not disappeared from the hard drive so far; Windows, when you connect a removable drive (USB key, external hard drive, CD or DVD), the system often begins to explore its contents in order to offer software tailored to the reading: This exploration allows automatic memory list all files on the medium used, even if none of its files is consulted.
It is difficult to find an adequate solution to this problem. A file, even fully removed, will probably continue to exist on the computer for a while in a different form. A search of the raw data of the disk would show whether copies of the data exists or not ... unless they are only referenced or stored in a different form, in compressed form, for example. In fact, only the overwriting of the entire disk and installing a new operating system can be assured that the traces of a file have been removed. And in another perspective, the use of a live system, including the development team pays special attention to this issue; ensure that these tracks will not be left other than the RAM.
Metadata
Around the information contained in a file, there is information about the content. These "data about data" commonly called "metadata." Part of the metadata is stored by the file system: file name, date and time of creation and modification, and often much more. But many file formats also store metadata inside the file. They may be known to anyone who has access to the file. The metadata stored depend on the formats and software used. Most audio files can save the song title and artist. Word processors or PDFs record an author's name, date and time of creation, and even the history of recent changes... The prize goes probably to image formats like TIFF or JPEG photo files those created by a digital camera or mobile phone containing a standard called EXIF metadata. It may contain the date, time, and sometimes the geographical coordinates of the shooting. And the make, model and serial number of the apparatus used, plus a miniature version of the image. And all this information tends to remain after passing through a photo editing software. The case of the miniature is particularly interesting: many photos available on the Internet still contain an entire cropped image ... and faces have been "blurred". 1 For most file formats, however, there is software to review and possibly remove metadata.
1. Maximillian Dornseif and Steven J. Murdoch, Hidden Data in Internet Published Documents presented at 21C3 . http://md.hudora.de/presentations
Malware
Malware 1 is software that was developed in order to harm: information gathering, hosting illegal, relay spam and so on. Some examples are Computer viruses, worms, Trojan horses, spyware, rootkits (software to take control of a computer), and keyloggers . Some programs may belong to several of these categories simultaneously. To install on a computer, some malicious software exploiting vulnerabilities in the operating system two or applications. They are based on errors of design or programming to divert the course of the program to their advantage. Unfortunately, such "security holes" were found in many software, and new ones are constantly found, both by people who seek to correct them or by others who seek to exploit them. Another common way is to encourage the person using the computer to launch the malware by hiding in seemingly innocuous software. The attacker then not has to find serious vulnerabilities in popular software. It is particularly difficult to ensure that computers shared by many people or computers that are located in public places, such as a library or Internet cafe, have not been corrupted. In addition, most serious malware leave no immediately visible signs of their presence, and can even be very difficult to detect. In 2006, Joanna Rutkowska presented at the conference Black Hat malware called "Blue Pill". This demonstration showed that it was possible to write a rootkit using virtualization technology to fool the operating system and thus make very difficult to identify the presence of malware, once it loaded. This software can steal passwords, read documents stored on the computer (even encrypted documents if they have been deciphered at a time), wipe devices anonymity on the Internet, make catches of desktop screen and hide themselves from other programs. They can sometimes use the microphone, webcam and other computer peripherals. There is even a black market where one can buy such programs, customized for different purposes. However, it is much more common for these programs are working to obtain credit card numbers, passwords, eBay account or online banks, to send spam or participate in an attack by saturating server applications, rather to spy on specific individuals or organizations. Infection initiated by the cops is still possible, even if it requires the implementation of costly resources and is generally linked to a particular investigation. To give an example from the United States, the FBI wrote a program called CIPAV for Computer and Internet Protocol Address Verifier. That latter has been used to identify a fifteenyear-olds who emailed threats of attack against a high school in Washington 3 . More recently, the HADOPI law requires that users "secure" their connection, on pain of being responsible for illegal use which would be made. For this, the authority of law enforcement had
the good sense to provide Internet users intentionally install spyware that record a lot of data on the use of their connection, as well as to identify machines that have used it 4 . Nobody knows how many computers are infected with malware, but some believe that is the case for 40 to 90% of Windows installations. It is therefore likely to be on the first Windows you see. So far, using a minority operating system (such as Mac OS X or GNU / Linux) significantly reduces the risk of infection because they are less involved, the development of specific malware being economically less profitable. We can already mention some ways to reduce the risk:
install (or use) any software of unknown origin: do not trust the first came website 5 ; take seriously the warnings of recent operating systems that attempt to notify users when using insecure software, or indicate when an update is necessary for safety; Finally, limit the possibility of installing new software: by limiting the use of "administrator" account and the number of people with access rights.
1. All this part is greatly inspired by the passage devoted to the question in the Surveillance Self-Defense Guide for the Electronic Frontier Foundation. https://ssd.eff.org/tech/malware 2. According to the Internet Storm Center, an installation of Microsoft Windows on which the security updates were not made is compromised in less than 4 minutes if connected directly to the Internet. http://isc.sans.edu/survivaltime.html 3. Source: Wired, July 2007, FBI's Secret Spyware Tracks Down Teen Who Made Bomb Threats http://www.wired.com/politics/law/news/2007/07/fbi_spyware 4. See software specifications : http://translate.googleusercontent.com/translate_c?hl=en&rurl=translate.google.com&sl= fr&tl=en&u=http://hadopi.fr/download/sites/default/files/page/pdf/Consultation_sur_les %2520specifications_fonctionnelles_des_moyens_de_securisation.pdf&usg=ALkJrhipm ZHbqJqc5UK0sat748zm-E9cfQ 5. This advice applies equally to people using GNU / Linux. In December 2009, the site gnome-look.org issued a malware presented as a screen saver. It was downloaded as Debian package among other savers and wallpapers. http://lwn.net/Articles/367874
1. Source: Keystroke Loggers & Backdoors, http://security.resist.ca/keylog.shtml 2. To get an idea, many models are freely available for between 40 to $ 100. http://www.google.com/products?q=keyloggers 3. Source: ZDNet Australia, December 2007, Microsoft wireless keyboard hacked from 50 http://www.zdnet.com.au/news/security/soa/Microsoft-wireless-keyboardmeters . hacked-from-50-metres/0,130061744,339284328,00.htm 4. In 2000, the use of a keylogger has allowed the FBI to obtain the passphrase used by a nesting of the Philadelphia Mafia to encrypt documents. http://www.theregister.co.uk/2000/12/06/mafia_trial_to_test_fbi
Printing problems?
It was believed to have toured the surprises that we reserve our computers ... but even the printers began to have their little secrets.
A bit of Steganography
First thing to know: Many high-end printers sign their work. This signature Steganography one based on very slight details of printing, often invisible to the naked eye, and inserted in each document. They identify with certainty the make, model, and in some case the serial number of the machine that was used to print a document. It says "for sure" because that's why these details are there: in order to recover the machine from its work. All printers are not equipped with this system, known as watermarking, but this is the case for many current models 2 . In addition, other types of evidence related to the wear of the machine are left on the documents and with all printers. Because with age, the print heads are shifted, slight errors occur, the parts wear out, and all that is in as a signature unique to the printer. Like ballistics identifies firearm from a bullet, it is possible to use these flaws to identify a printer from a page that has been released. To protect against them , it is interesting to know the details of printing cant withstand by repeated copying: copy the printed page, and then photocopy of the photocopy obtained, adequate to remove such signatures. By cons ... we surely leave other, photocopiers defects, and sometimes Steganography signatures similar to those printers. In short we turn around, and the problem becomes special to choose which tracks you want to leave...
1. To learn more about steganography, we recommend reading the Wikipedia article devoted to him . https://en.wikipedia.org/wiki/Steganography 2. The Electronic Frontier Foundation is trying to maintain a list of manufacturers and models of printers prying . https://www.eff.org/issues/printers
Memory, more...
Some printers are sufficiently "advanced" to be closer to a real computer as an ink pad. They can pose problems to the next level, since they come with a memory: it, like that of the PC, keeps track of documents that have been printed as long as the machine is turned on ... or until another document covers them. Most laser printers have a memory that can hold a dozen pages. Newer models or those with integrated scanners can, in turn, contain thousands of pages of text... Worse still, some models, often used for large prints as in the copy centers, sometimes have hard drives internal, which the user has no access, and keep track of the document too - and this time, even after power off.
Free software, however, deliver the recipe for anyone who wants to understand or modify the operation of the program. It is easier to know what feeds our processor, and therefore what will take care of our data.
In addition, the mode of production of free software is not compatible with the introduction of backdoors: it is a collective mode of production, rather open and transparent, in which people quite varied, so it is not easy 'put discreetly gifts to the attention of bad people. It should however be wary of the software described as open source. These also give access to their bowels, but development patterns more closed, more opaque. Modification and redistribution of this software is prohibited for the worst and best but made formally authorized in practice very difficult. Given that only the team behind the software will be able to participate in development, we can consider that, in practice, no one will read in detail the source code ... and so that no one really check their operation.
This is the case, for example, TrueCrypt encryption software whose source code is available, but its development is closed and its license restricts the modification and redistribution. As far as we are concerned, the fact that software is open source should rather be seen as a selling point than as a sign of confidence.
Except ... the distinction between free software and open source is increasingly blurred: IBM Employees and company write large parts of the most important free software, and it does not always look closely at what they write. For example, here are the statistics of employers people who develop the Linux kernel (which is free), expressed in number of lines of source code change over a short period of time 1 :
Organization Percentage (None) 18.6% Novell 16.9% Red Hat 9.9% Broadcom 5.6% Intel 5.2% (Unknown) 5.1% Google 2.7% IBM 2.0% Nokia 1.6% Microsoft 1.3% And so on. So ... it is not impossible that a person who writes a piece of software in a corner, and that the "open source community" trust, was able to slip bits of malicious code. If using only free software delivered by a GNU / Linux distribution non-commercial, it is unlikely that this happens, but it is a possibility. Is then trust the people working on the distribution to study the operation of programs that are integrated? However, it is important to remember that this trust is valid only if it does not install anything on their system. For example, on Debian official packages of the distribution are "signed", which is used to verify their origin. But if you install packages or extensions for Firefox from the Internet without checking, you are exposed to the risks mentioned about malware. Finally, and not make us more illusions: Free or not, there is no software that can, by itself, ensure the privacy of our data to do so, there are only practical associated with the use of certain software. Chosen Software should have elements to allow us to give them some confidence.
1. Source:, Linux Weekly News, November 24, 2009, Who wrote 6.2.32 . http://lwn.net/Articles/363456/
1. Source: Secure Deletion of Data from Magnetic and Solid-State Memory by Peter Gutmann, presented at the 6th USENIX Security Symposium in 1996. http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html
However, opening a hard drive to examine the entrails takes time and considerable material and human resources ... investment that will not necessarily be accessible to everyone, all the time.
For flash memory chips to enter a USB hard drive or SSD, even if it is not immediate, the operation is much simpler: just a soldering iron, and connection to a device to directly read the memory chips. These are for about 1500 dollars 2 .
1. The low-end models will not work properly after they were written a hundred thousand times, and five million for the best, according to Wikipedia . https://secure.wikimedia.org/wikipedia/fr/wiki/Solid_State_Drive 2. The Salvation Flash Data Doctor or the PC-3000 Flash SSD Edition are both sold as professional tools to recover data from damaged flash devices. http://www.sd-flash.com/&usg=ALkJrhgU6M9J-Umt_Za_6OuQ9Sd1HVdcNA , http://www.pc-3000flash.com/&usg=ALkJrhg61tqi7YJ7nS8OfvAey-FyVq4Ksg
Let us say right away: these programs do not protect most people who use "non-portable" software .Worse, the speeches promoting them to create an illusion of safety with huge nonsense like "you keep all your data on your key and no one can see the sites you visit, or read your mail." 1 It is not true unfortunately.
Main problems
These solutions "turnkey" therefore pose few problems rather unfortunate... Its traces remains on the hard disk If the software was made "portable" correctly, it should not deliberately leave traces on the hard disk of the computer on which it is used. But in fact, the software has not absolute control. It largely depends on the operating system on which it is used, which may need to write the "virtual memory" on the hard drive , or record various traces of what it does in its journals and other "recent documents" . All that will then remain on the hard disk. There is no reason to trust an unknown system We saw earlier that many systems did absolutely not what you believe. However, since the software will use the portable version on the computer where it is launched, it will suffer from all the cookies and other malware that may be present... We do not know who compiled them, and how Changes to the software to make portable are rarely checked, even though they are generally not made by the authors of the software itself. Therefore, you can suspect that software, even more than their non-portable versions contain security vulnerabilities, whether accidentally or intentionally introduced. We discuss further this issue to have the choice of software that installs or downloads.
1. This excerpt comes from the early versions of the introductory text of FramaKey , a collection of portable software made by Framasoft , a French site for the promotion of free software. The new presentation of the FramaKey it says now "the web browser and mail client will protect your privacy and the host, leaving minimal traces" ... without elaborating on the nature of these traces. http://framakey.org/En/Index http://forum.framasoft.org/viewtopic.php?t=8359 , http://www.framasoft.net
Confidentiality: to prevent prying eyes; Authenticity: ensuring the source of the message; Integrity: ensuring that the message has not changed.
We may want three things at once, but it can also mean just one or the other. The issuer of a confidential message may wish to deny being the author (and therefore the one cant authenticate). You can also imagine wanting to certify the origin (authentication) and the integrity of an official statement to be released publicly (far from being confidential). In what follows, we will talk about messages, but the cryptographic techniques that apply to any number, thus any data, once digitized. Note; cryptography does not try to hide messages, but to protect them. To hide messages, it is necessary to use Steganography techniques (like those used by the printers mentioned earlier), we will not discuss here.
1. For a good overview of different methods, called "attacks", commonly used in cryptanalysis, one can refer to the Wikipedia page. https://secure.wikimedia.org/wikipedia/en/wiki/Cryptanalyse
Plaintext: ASSAULT >>>>>>>>>>>>>>>>>> cipher text: DVVDXOW A + 3 letters= D Except with the figure of Caesar, it is easy to analyze the frequency of letters and find the words. So another big idea is broadcast. This will explode the message to make it more difficult to recognize. An example of this technique is the transpose column: e.g; Google my secure idea
google mysecu gmr oye osi ged lce eua reIdea Diffusion in 3 points
In these two small examples, we could have decided to shift 6 characters instead of 3, or to break the columns using two lines instead of 3. We call this piece that can change the encryption key an algorithm. the second master plan to encrypt messages is one-time pad. In cryptography, the one-time pad (OTP) is a type of encryption which has been proven to be impossible to crack if used correctly. Each bit or character from the plaintext is encrypted by a modular addition with a bit or character from a secret random key (or pad) of the same length as the plaintext, resulting in a ciphertext. If the key is truly random, as large as or greater than the plaintext, never reused in whole or part, and kept secret, the ciphertext will be impossible to decrypt or break without knowing the key. Suppose Alice wishes to send the message "HELLO" to Bob. Assume two pads of paper containing identical random sequences of letters were somehow previously produced and securely issued to both. Alice chooses the appropriate unused page from the pad. The way to do this is normally arranged for in advance, as for instance 'use the 12th sheet on 1 May', or 'use the
next available sheet for the next message'. The material on the selected sheet is the key for this message. Each letter from the pad will be combined in a predetermined way with one letter of the message. It is common, but not required, to assign each letter a numerical value: e.g. "A" is 0, "B" is 1, and so on. In this example, the technique is to combine the key and the message using modular addition. The numerical values of corresponding message and key letters are added together, modulo 26. If key material begins with "XMCKL" and the message is "HELLO", then the coding would be done as follows:
H 7 (H) + 23 (X) = 30 = 4 (E) E E 4 (E) 12 (M) 16 16 (Q) Q L 11 (L) 2 (C) 13 13 (N) N L 11 (L) 10 (K) 21 21 (V) V O message 14 (O) message 11 (L) key 25 message + key 25 (Z) message + key (mod 26) Z ciphertext
If a number is larger than 25, then the remainder after subtraction of 26 is taken in modular arithmetic fashion. This simply means that if your computations "go past" Z, you start again at A. The ciphertext to be sent to Bob is thus "EQNVZ". Bob uses the matching key page and the same process, but in reverse, to obtain the plaintext. Here the key is subtracted from the ciphertext, again using modular arithmetic:
E 4 (E) - 23 (X) = -19 = 7 (H) H Q 16 (Q) 12 (M) 4 4 (E) E N 13 (N) 2 (C) 11 11 (L) L V 21 (V) 10 (K) 11 11 (L) L Z ciphertext 25 (Z) ciphertext 11 (L) key 14 ciphertext key 14 (O) ciphertext key (mod 26) O message
Similar to the above, if a number is negative then 26 is added to make the number positive. Thus Bob recovers Alice's plaintext, the message "HELLO". Both Alice and Bob destroy the key sheet immediately after use, thus preventing reuse and an attack against the cipher. The KGB often issued its agents one-time pads printed on tiny sheets of "flash paper"paper chemically converted to nitrocellulose, which burns almost instantly and leaves no ash The method can be implemented now as a software program, using data files as input (plaintext), output (ciphertext) and key material (the required random sequence). The XOR operation is often used to combine the plaintext and the key elements, and is especially attractive on computers since it is usually a native machine instruction and is therefore very fast. However, ensuring that the key material is actually random is used only once, never becomes known to the opposition, and is completely destroyed after use is hard to do. The auxiliary parts of a software one-time pad implementation present real challenges: secure handling/transmission of plaintext, truly random keys, and one-time-only use of the key.
Related problems Despite Shannon's proof of its security, the one-time pad has serious drawbacks in practice: it requires perfectly random one-time pads, which is a non-trivial software requirement secure generation and exchange of the one-time pad material, which must be at least as long as the message. (The security of the one-time pad is only as secure as the security of the one-time pad key-exchange). careful treatment to make sure that it continues to remain secret from any adversary, and is disposed of correctly preventing any reuse in whole or part hence "one time". difficulties in completely erasing computer media. Which brings us to the third big idea: the secret lies only in the key. After many attempts, we realized it was a bad idea to assume that no one could understand the encryption algorithm. Sooner or later, someone will eventually find out ... by force if necessary. Today, the algorithm can be detailed on Wikipedia long, and the bottom up, allowing anyone to verify it. that is to say that the only way to decrypt a text will have the key that was used with it.
1. The following passage is a very partial adaptation of the comic Jeff Moser on the AES algorithm . http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html 2. http://en.wikipedia.org/wiki/XOR 3. Quantum cryptography and VA theorem Kotel'nikov's one-time key and sampling:
h p://www.ufn.ru/ru/ar cles/2006/7/k/
4. http://www.schneier.com/crypto-gram-0210.html#7
Want a picture?
Specifically, to ensure the confidentiality of our data, we use two operations: * Encrypt: plaintext algorithm + + key ciphertext (secret) (public) (secret) (public) * Decipher: + ciphertext + algorithm key plaintext (public) (public) (secret) (secret)
For an example of practical use, consider the following message: The spaghetti is in the closet. After the encrypted message using the software GnuPG with AES256 algorithm, and as passphrase "this is a secret," we get: -----BEGIN PGP MESSAGE----jA0ECQMCRM0lmTSIONRg0lkBWGQI76cQOocEvdBhX6BM2AU6aYSPYymSqj8ihFXu wV1GVraWuwEt4XnLc3F+OxT3EaXINMHdH9oydA92WDkaqPEnjsWQs/oSCeZ3WXoB 9mf9y6jzqozEHw== =T6eN -----END PGP MESSAGE----Here is a look that takes text after encryption: content has become perfectly undrinkable. Data "in the clear," readable by everyone, have been transformed into another format, incomprehensible that does not have the key. For decryption, it suffices to use GnuPG again, with our ciphertext, this time. The latter we will ask the passphrase, and if this is correct, we will finally obtain the information that we needed to prepare lunch.
With this system, change the access code is simple, as it will be enough to replace just this header with a new one.
1. LUKS system, used under GNU / Linux, can even use multiple versions of the encrypted encryption key. Each of these versions can be encrypted with a different passphrase, which allows multiple people to access the same data without having to hold the same secret.
The operating system and software have access to data and the encryption key as much as us, so it depends on the trust we put them Anyone who gets physical access to the computer, access to the contents of the RAM. When an encrypted disk is enabled, it contains, in short, the data on which we worked for the lighting of the computer (even if it is encrypted on the disk). But in all above it contains, as stated, the encryption key, which can be copied. So it is better to get used to, turn off the computer, and disable (unmount, eject) the encrypted disks when not in use.
In some cases it may be necessary to provide hardware solutions to power off quickly and easily 1 , so the encrypted disks again become inaccessible without the pass phrase unless you do a cold boot attack . It is also possible that a keylogger has been installed on the computer, and it stores the passphrase.
Moreover, a certain limit which makes it possible legal" attack in many countries .for example ,In France, anyone is supposed to give the password to the authorities when requested, as explained in Article 434-15-2 of the Penal Code 2 : Is punished by three years imprisonment and a fine of 45,000 euros to the fact, for anyone with knowledge of the secret agreement decryption of an encryption may have been used to prepare, facilitate or commit a crime or a crime to refuse such agreement to the judicial authorities >>>>>>>>>>>>>>... >>>>>>>>>>>>>>>>> , the penalty is increased to five years of imprisonment and a 75,000 euro fine. Please note there: when requested. That is to say that the law is vague enough to allow requiring any person holding encrypted data. It may possibly be asked the passphrase of a carrier. Note that person, to our knowledge, has so far never been convicted of that. Finally, it may be wise to remember that the math used in cryptographic algorithms sometimes have faults. And a lot more often, the software implementing them have weaknesses. Some of these problems can be transformed in a simple matter of "double click...
1. For this reason, it is fashionable to not leave the battery plugged into a laptop when not in use. It is then sufficient to remove the power cable to turn it off. 2. The legal term is "encryption". A search on the word Lgifrance give an exhaustive list of legislation for this area.
with small pieces, impossible to reconstruct the original object without trying all the objects of the earth the same object, when passed through a grinder, always give the same pieces; Two different objects must provide various pieces.
When these properties are met, we just have to compare pieces from two different objects to see if they were the same. The small pieces that come out of our chopper commonly called a checksum or fingerprint. It is usually written in a form that looks like: f9f5a68a721e3d10baca4d9751bb27f0ac35c7ba Since our chopper works with data of any size and any shape, compare fingerprints can allow us to more easily compare images, CDs, software, etc... Our chopper is not magic either. One can imagine all the same although reducing anything in small cubes of equal size, one can end up with the same small cubes from two different objects. This is called a collision 1 . This pile is fortunately mathematical dangerous than when it is possible to cause ... what has happened for several hash functions after several years of research.
1. http://en.wikipedia.org/wiki/MD5
As the numbers are the same, Bob is happy and is sure; he uses the same CD as that provided by Alice. Calculate the checksums doesnt not take much longer than reading the full CD ... or a few minutes at most. Now, let's get into the skin of Eve, which was paid to take over Bob's computer without his knowledge. For this, she wants to create a CD that looks like Alice, but contains malicious software. Unfortunately for her, the hash function only goes in one direction. She must start with the original CD to get Alice. Then she changes the CD to introduce malicious software. This first version closely resembles the original. This might fool more than one person who would not care, but she knows that Bob will check the checksum of the CD which will install the new version. As Alice uses the SHA256 hash function, which has no known defects, it remains to Eve to try a large number of data variation of the CD, in the hopes of obtaining a collision, is the same checksum as Alice. Unfortunately for her, and fortunately for Bob, even with many powerful computers, the chances of Eve in a reasonable time (for example a few years) are extremely low. So, just get a fingerprint or checksum by trusted intermediaries to verify the integrity of data. The challenge is then to obtain the fingerprints by means of confidence to be able to check their authenticity...
1. The names used in this example are the names traditionally used in cryptographic scenarios. Alice and Bob are trying to communicate while escaping the surveillance of Eve. The latter name comes from the consonants in English with Eavesdropping
Verify a password
Another example of using hash functions for verifying the authenticity of a request for access. If computer access is protected by a password, such as logging in GNU / Linux one it requires that the computer can verify if the password is correct. But passwords are not stored on the computer because it would be too easy to read. But how does the computer sure the password typed is correct? When you choose a password on a computer, the system, in fact records, through a hash function, an imprint of the password to verify access, in the same way the password that was entered. And if the fingerprints are the same, it considers that the password was correct. It is therefore possible to verify that the password matches, without keeping the password itself!
Symmetrical, asymmetrical?
Encryption techniques mentioned so far are based on a single secret key, which allows both to perform encryption and decryption. In this case we speak of symmetric encryption. This is in contrast with the asymmetric encryption that does not use the same key to encrypt and decrypt. Also called "public key encryption", that is mainly used for communication "online" One of the most interesting properties of asymmetric cryptography is the possibility of digital signatures. Like its paper, a digital signature to affix a mark of recognition on the data. These digital signatures using asymmetric cryptography that is the easiest way to verify the origin of software. 1
Risk Assessment
When we asked what measures put in place to protect data and digital communications, it becomes quickly realize that by the material, we advance a little in the dark. First, because most of the solutions that could be put in place also have their disadvantages: sometimes they are very difficult to deploy, maintain or use, sometimes there is a choice between different techniques, none of which completely meets "specifications" that one has set; sometimes they are too new to be sure they actually work, etc..
Privacy: hide information from unwanted eyes; integrity: store information in good condition, and prevent them from being changed without our permission. Accessibility: ensuring that information remains accessible to people who need them.
It is therefore to define, for each set of information to protect, the need for confidentiality, integrity and accessibility. As these will generally fall into conflict, we realize now that it will, eventually, set priorities and find compromises among themselves in terms of security.
Therefore, before seeking a solution, the question is who might attempt to gain access to our sensitive information, to discern whether it is necessary to look for complicated solutions or not. A completely secure computer is in any case impossible, as well as in this story, but rather to put obstacles in the way of those who might spy what you want to protect. The more we think how great these people, the more and strong poles must be used. Assess the risks, so it's primarily question: what data you want to protect, and who may be interested in these data. From here you can have a vision of what means they have (or at least, as far as possible, try to learn) and therefore define an appropriate security policy.
A matter of compromise
You can always better protect its data and digital communications. There is no limit to the possibilities of attack and surveillance, or to devices that can be used to protect themselves. However, each extra protection you want to set up a corresponding effort in terms of learning, time, not only an initial effort to get started, to install the protection, but also very often a complex of Use extra time spent typing passphrases, perform repetitive and tedious procedures to focus attention on technique rather than the use that would be the computer. In each situation, there is a suitable compatibility between ease of use and the desired level of protection. Sometimes it is simply no compromise: it is sometimes concluded that the efforts would be needed to protect against a credible risk would be too painful, and it is better to take the risk ... or simply not use of digital tools to store some data or to talk about certain things. There are other ways, with proven efficacy for a long time: some manuscripts of the Bible have survived for centuries, buried in jars stored in caves...
How?
To answer the question: what set of practices, tools adequately protect me against the risks previously evaluated? For example you can do your current practices, and put yourself in the shoes of the enemy - as sickening as it is - you ask the following questions: 1. Faced with such a security policy, what are the angles of attack the most practicable? 2. What are the means to implement to do this? 3. Do you think these methods can be used by opponents? If you answer "yes" to the third question, take the time to learn about solutions that would protect against these attacks, and then imagine the changes caused by these practical solutions and security policy that result. If it sounds feasible, put yourself in the shoes of the enemy, and ask yourself again the matters set out above. Repeat this process of reflection, research and imagination to find a feasible way, a tenable compromise. In case of doubt, it is always possible to ask a trustworthy person and more skilled in the art to get into the skin of the opponent will be pleased to see that you made yourself the bulk of reflection, which will encourage definitely help you on the issues that remain beyond your reach.
A few rules
Before looking more closely at the case study and practical security policies that could be put in place, there are some principles, some large families of choice...
Simple Vs complex
Security, a simple solution should always be preferred to a complex solution. First, because a complex solution offers more "attack surface", that is to say more places can reveal security problems ... which will surely happen. Second, because a solution is more complex, it takes knowledge to imagine, implement, maintain ... but also to examine, evaluate its relevance and its problems. What is that, in general, a more complex solution, the less it will have undergone sharp eyes - and outside - to establish its validity. Finally, quite simply, a complex solution, which does not entirely in the mental space of the people who have developed, is more likely to generate security problems resulting from complex interactions of individual cases or difficult to detect. For example, instead of spending hours to set up systems to protect a particularly sensitive computer against intruders from the network, it may even possible to remove the network card physically.
The problem is that despite their defects, tools based on a blacklist approach abound (as we shall see), as opposed to those based on the method white list. Implement the white listing approach therefore requires that an initial effort, it can be important, is soon rewarded: learning to use a live system that does not write anything on the hard drive without being asked, it takes considerable time, but once done it is better than long sessions of hard drive cleaning, that always inefficient because based on the principle of black list. Another illustration is provided by antivirus software, designed to prevent the execution of malicious programs. Because they operate on the principle of the blacklist, their databases must be constantly updated, always it is late. An answer to this problem, with the white list approach, is to prevent the execution of any program that has not been previously recorded, or limit the policy options for each program, these techniques, known as Mandatory Access Control, also need to maintain lists, but it is in this case white lists, and a symptom of an outdated list will be the malfunction of software, rather than hacking into the computer. Also, it is much more interesting to have the means, where possible, to rely on white lists the largest possible, in order to do lots of cool things with computers, with some confidence and build, when the white list is not adequate, solid on blacklists of known provenance, keeping in mind the intrinsic problem with the blacklists method is that will eventually complete, but sharing our discoveries.
1. The terms "white list" and "black list" can evoke a racist dimension, whether the terms themselves, or their ranking. However, it seemed unwise not to use the terms established and currently used by all programs, manuals and other technical documentation.
Use-by date
Once you defined security policy, do not forget to review it from time to time! The world of computer security is evolving very quickly, and a solution considered reasonably safe today may well be easily challenged next year. We shouldnt forget to think in our security policies it is important to monitor the software life which depends on: their problems, with an impact on safety, their updates , sometimes with good or bad surprises ... All this takes a little time, and as foreseen from the start.
Use case
It is enough of theories, now we illustrate these concepts with some use cases: from situations, we will indicate the method used to define an appropriate security policy. Many of the technical solutions will be explained in the following, to which we refer as needed. Concepts in this section go on the assumption that all the computers involved are never connected to networks, and especially the Internet.
Context
Consider a computer used without special precautions for several years. This machine may pose one or more of the following: 1. Hard drive keeps track of past events; 2. The operating system is proprietary software (eg Windows), and full of malware. In addition, troublesome files are stored in a perfectly transparent. Indeed, this computer is used for a variety of popular activities, some of which, dare we admit, are perfectly legal, such as:
listen to music and watch movies made over the Internet; help undocumented immigrants to prepare their cases for the prefecture; draw a nice greeting card for Grandma; manufacture of false documents menus greatly simplifying administrative procedures (inflate payroll, when you are tired of being denied rentals, apartment based apartment ') maintain accounting family; produce text, music or videos of "terrorists" - more precisely threatening, according to the European definition of terrorism a "cause [...] massive destruction [...] an infrastructure [...] may [...] to produce economic losses considerable, "" in order to [...] unduly compelling public authorities [...] to do or abstain from doing any act "for example, employees of your Telecom, in a struggle threaten to put out of harm's billing system, and thus enable users to make free phone calls.
1. Framework Decision 2002/475/JHA of the Council of the European Union on the fight against terrorism, June 13, 2002. http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32002F0475:FR:NOT
Confidentiality: prevent an unwanted eye falls too easily on the information stored in the computer; Integrity: prevent such information from being modified without our knowledge; Accessibility: ensuring that information remains accessible when you need it.
Here, accessibility and confidentiality are paramount. Against whom do we want to be protected? This is important: according to the answer given to it, the policy can vary. The legal consequences This computer may be seized during a search. For example, your son has generously donated a gram of shit to a friend broke, which, after being caught, the police informed of the origin of the thing ... as a result of what your son is considered criminal trafficker drugs. Hence they search. In such cases, the computer is very likely to be examined by the police, jeopardizing the goal of confidentiality. The range of means likely to be implemented will be the policeman, turning on the computer and clicking everywhere. The legal expert will examine much more closely the hard drive; however it is unlikely that extra resources used by legal expert that usually is in the hands of special services and military centers. Burglary This computer could be stolen during a burglary. Unlike the police, the thieves may not have much to do with your little secrets ... and do not denounce. Worst of all is that they recover your data. However, it is unlikely to implement major ways to find them on the hard disk of the computer.
4. Against this kind of situations we are trying to protect here. Again, there is a security policy must be thought as a whole. Without a minimum of reasons in practice, there is no point to bother to type passphrases long as a day without bread. It is time to sort the papers in the drawers, and clean up any USB key, CD, DVD with data we now calculate: 1. 2. 3. 4. save to support the encrypted data to be retained for USB sticks and external hard drives: delete content for real for CD and DVD: destroy and dispose the waste Decide what to do on previously saved data: the copy on the hard disk or newly encrypted archive.
And beyond these problems, several angles of attack are still possible against such a security policy.
turn off the computer when not in use; be possible to cut the power quickly and easily: switch easily accessible power strip, remove the battery from laptop when it is plugged in (... then you just have to unplug the power cord to turn off the machine); Make access to the compartment containing the RAM of your computer longer and more difficult, for example by gluing / welding.
choose a long passphrase , making it impossible to recall "on the fly" by a human observer; Check around, looking for potential eye (human or electronic) side, before you type the passphrase.
1. http://www.bootdisk.com/bootdisk.htm 2. https://help.ubuntu.com/8.04/installation-guide/i386/boot-usb-files.html
Angle: malware
We learned in a previous chapter that the software installed on a computer without our knowledge can steal data. In this case, such software is able to transmit the encryption key from the hard drive to an opponent ... then he will get through this key, access to encrypted data, when he has physical access to the computer. Install malicious software on the Debian system discussed here requires the skills of the highest level of the attacks discussed above, but also more prepared. Such an attack is therefore, again,
science fiction, at least in regard to the situation at hand. In other situations, it should sometimes be extremely careful about the source data and software that is injected into the computer, especially when connected to the Internet... The recipe for installing software provides some useful leads on how to properly install new software.
a leaflet must be written; a poster should be drawn; a book must be design then exported to PDF; leakage of information must be organized to reveal the awful practices of an employer; A film must be edited and burned to DVD.
In all these cases, the challenges are much the same. Since it would be too difficult to increase the overall, again, the security of the computer, it was decided that this particular project should receive preferential treatment.
Conventions vocabulary
Subsequently, we will name:
Working files: all files needed to carry out the work: images or footage used as bases, documents saved by the software used, etc..; The work: the final result (leaflet, poster, etc.).
Confidentiality: ensuring that no unwanted eye finds the work too easy and / or work files; Integrity: ensure that these documents may be changed without our knowledge; Accessibility: to ensure that these documents remain accessible when needed.
Here, accessibility and confidentiality are paramount. Accessibility is important, because the main objective is still to achieve the work. And term of confidentiality, it all depends on the publicity of the work. Restricted to work If the content of the work is not completely public or completely secret, we hide both the work and work files. Publicly disseminated work If the work is intended to be published, the issue of confidentiality is reduced to that of anonymity. Working files better go under the carpet: in fact, discovered information on a computer reveals that its owners have done the work ... with potentially unpleasant consequences this may have.
But that's not all: if the work, or intermediate versions are stored on this computer (PDF, etc...), Date of creation is most likely stored in the file system and the metadata. The fact that this date is prior to the publication of the work can easily bring adversaries to draw conclusions about its annoying genealogy. Against whom do we want to protect them? All possibilities described in this guide: the computer used to perform the work can be stolen, more or less accidentally, by any cops or robbers.
Addicted to Windows?
The first question that arises is: which operating system to use? It depends, of course, the software used for this project: If you are running GNU / Linux, continue reading this chapter to study the options available to us. If you work only on Windows (unfortunately), there are still feasible paths that can limit the damage. Come to see what this road looks like, ignoring the following paragraphs, which are dedicated to GNU / Linux.
Consider only the standard "confidentiality"; the live system is better than installation version. Live system problems A live system has its value, but also is a source of inconvenience. For example, if our favorite software not given in the live system, which is indispensable to the project must:
Authors of the live system could add the desired software; install the software in the live system at the beginning of each work session; Build a custom version of the live system, integrating the software, which is not (yet) an easy operation to the time of writing.
... And it happens that none of these solutions is feasible without risking a nervous breakdown. However, the other hypothesis is not easy: to limit the traces of an encrypted Debian system it means that extend the blacklist of undesirable marks - is an infinite task, which in addition requires a good understanding of the operating system, and the results still largely unsatisfactory. Therefore, most experienced people who participated in the writing this project now advise the use of live systems suitable for working on sensitive documents ... as far as possible.
Note that it is possible to install a Debian in Virtual Box, but this is for experienced users.
Limitations
Some limitations common are to this method and that based on an encrypted Debian that is discussed below.
work files are stored encrypted on external media, which can be conveniently "put away" when not in use;
Configuration files of the dedicated user, and the history of his operations, are stored in his personal file.
These two locations are properly cleaned when the project is completed, if the disaster (if your system is in the law hand and they discovered a problem in the cryptographic system) comes after the fact, residual traces on the hard disk will be less obvious and less likely that if we had done it in the ordinary way. To establish such a working method look at use cases include:
create a user ; encrypt a USB drive ; archive a completed project ; Delete a user ; Delete "for real.
We're lucky. It is sufficient that the accident (search, burglary, etc...) Occurs at the wrong time. Our discipline is quite strict. Indeed, if we forget or we do not take the time to go "store" the hard drive when no longer needed, and the accident occurs, that time is lost, end of the game.
In addition, tools exist to encrypt data on Windows. Anyway the fact remains that those tools must rely on the features offered by the black box that is Windows. We can not therefore be wary, and in any case, Windows will have access to our data clearly, and no one knows what it can do. To conclude this short tour in the court of doubtful miracles, adding that; the only "solution" in this case would be a black list approach, including the crass inefficiency has been explained previously.
Virtualization one can implement such systems. This is a set of techniques that allow hardware and software to run multiple operating systems, separately from each other (almost) on a single computer as if they were working on separate physical machines. It is relatively easy these days to run Windows inside a GNU / Linux, by cutting all network access at the same time - especially in the insulation of the Internet. Caution: It is advised to read this entire chapter before rushing on practices; description of the hypothesis is quite long, and its limitations are discussed at the end of this chapter. It would be a shame to spend four hours to follow these recipes, before realizing that any other solution would, in fact, more appropriate. Begin by summarizing the proposed hypothesis. The idea is to run Windows in a sealed compartment inside an encrypted Debian system like that has been mentioned before. What will be the hard drive for Windows; it is actually a large file, stored next to all our other files on the hard drive of our encrypted Debian system. This file, which really has nothing in particular, called a virtual disk image, sometimes abbreviated as a disk image. The fact is that this pseudo-disk is a file, which more accurately describes the proposed procedure.
1. If it is necessary to hide who produces films, having video editing software can be compromised because it would be difficult to deny the activity if necessary.
Raw material ( images or text from other sources); Software required for new project, and not in the thawed virtual image.
We have already seen how, but it was a very special case: the installation of new Windows software in a "clean" guest. Share files with a "dirty" Windows requires more thought and care, we will now study it. The approach is slightly different, depending on the medium, to import files (CD, DVD, USB folder on the encrypted hard disk system), but the precautions for use are the same:
Windows should only have access to the files you want to import. This is not about to give it access to a folder that contains, pell-mell files for projects that should not be cut between them. That means starting with a separation phase and storage. When Windows needs to read (copy) the files in a folder, it is given only read access to that folder. You give the right to write to Windows here or there, it will leave the least annoying trace.
Note that, when deciding to share a folder on the host system with a guest Windows, Virtual Box proposes to make the permanent division. It avoids re-handling whenever it is necessary to send a file to the guest Windows, but it involves the risk of drop files in that folder without thinking that they can be read by Windows and its minions. Therefore, to avoid mix brushes, we recommend:
create a folder to import the project; name this folder as explicitly as possible, for example: readable file by Windows; Never share other folders with the guest Windows.
The section send files to the virtualized system" explains how to do it practically.
To take the box to copy, or at the printer, exporting a PDF file; To send project on DVD, or the freshly made film.
When you need to get a CD or DVD not encrypted, and the host machine is equipped with a burner, just "lend" this device, temporarily to the guest Windows to burn on this system. There is no requirement to recover the files to a non-encrypted, it is possible to export them to an empty folder, dedicated to this use, and store on an encrypted volume that can be:
an encrypted USB key, which activates on Debian by typing the same passphrase; The hard drive of Debian which is encrypted by the host office.
This dedicated folder will be shared via Virtual Box with the guest Windows. Emphasize the words empty and dedicated: Windows can read and edit this folder content, and it would be wrong to allow it to play back when we only need to export a file. To avoid mix brushes and limit contagion, we recommend:
create an export file per project; name this folder as explicitly as possible, for example: Directory where Windows can write; Never share other folders with the guest Windows, apart from the import folder that is necessary as mentioned in the previous paragraph.
Sections recover files from a virtualized system "and" encrypt a USB "explain how to do it practically.
The image of dirty disc is removed and delete the Virtual Box "for real"; Imported file is deleted "for real"; The export folder is deleted "for real" ... after checking for last time, that everything must be kept has been archived elsewhere.
Sections erase disk images "and" delete files "explain how to perform these operations.
Store the virtual disk image out of the hard disk Of the host system
One idea is to store virtual disk image used by the Windows guest out of the hard drive of the host system. For example, on an external encrypted hard drive. So even if the disk is decrypted on the host system, our work files remain inaccessible ... as long as the external hard drive that contains them, properly "stored." This approach is to type "black list" with all the problems it poses. Work files and Windows are certainly taken from the host system's hard drive, but do not forget one thing: these data will be used by software run by the host system, namely: VirtualBox. In next we explain that still various traces remain, on the internal hard drive of the computer used. To follow this track:
Learn about the limitations shared by all alternatives considered in this case to use; Refer to the recipe used to encrypt an external hard drive.
learn about the limitations shared by all alternatives considered in this case to use; Refer to the recipe used to encrypt an external hard drive, and one that explains how to use a live system.
Moreover, the " issues "addressed in the first section, are relatively general, so it may be appropriate to reconsider the actual situation precisely, for example in particular cases of electricity, magnetic fields and radio waves , and the effects of different cookies .
Is it really necessary?
The first question to ask before archiving such files is: is it really necessary to keep them? It is sometimes the best solution.
Confidentiality: prevent an unwanted eye falls too easily on the archived information; Integrity: prevent such information from being modified without our knowledge; Accessibility: ensuring that information remains accessible when you need it.
Here, accessibility is secondary for privacy: the whole idea of archiving: making data access more difficult for everyone to give them a better confidentiality.
Against whom do we want to protect them? The risks considered in our new beginning "apply here as well: a burglary, a search; that is not directly related to protecting information you want here. Add to these risks, the possibility that the book, film or any other product is related to Commissioner, Minister, CEO or equivalent. It happens. Assume that:
That authority has heard evidence to suspect him who committed the masterpiece; This authority is able to mandate a cohort of heavy armed men, in the morning on the homes of suspects.
Such an inappropriate intrusion will lead to a minimum, the seizure of any computer equipment that can be discovered. This material will then be given by the intruder to other henchman authorities, who practice a kind of autopsy to uncover the data on this material.
Method
The simplest method at present is: 1. Create a USB key or external hard drive encrypted ; 2. Copy the archived files to this device; 3. Delete and overwrite the contents of working files. After these steps, the key or hard drive can be stored in a place other than the computer used commonly. One might consider using CD or DVD, for their low cost, but at present it is more difficult to quantify correctly the data on these media.
Use the same passphrase for its system daily The passphrase of daily system, if it is encrypted, is a phrase that saved regularly, which is likely to remember. For cons:
If one is forced to reveal the common passphrase, access to the archive is also possible; It is necessary to have very strong confidence in the computers which you will access the archives. Otherwise, one can get "bitten" without his knowledge, the passphrase; can then be used to read not only archived information, but also all data stored on the computer.
Share the secret to many It is possible to share a divided secret to many. This requires several people to gather to gain access to archived content: it can make it difficult for both desired and undesirable access.
Tools
In this third part, we will explain how to apply in practice some of the tracks mentioned above. This part is a technical appendix to the previous: once understood the issues related to privacy in the digital world, once selected the appropriate responses, remains the question of "How? which this Annex provides some answers.
Use a terminal
Often, we use a personal computer by clicking on menus and icons. However, there is another way to "talk" by typing bits of text that are called "commands". We call this way of interacting with a computer "terminal", "shell" or "command line". This guide seeks whenever possible to avoid the use of this tool, which is quite confusing when you are not used to. However, its use has sometimes been necessary.
What is a terminal?
A detailed explanation on the use of command lines is not the purpose of this guide, and the Internet is full of tutorials and courses one . However, it seems necessary to ask some basics on how to use it.
So we'll just start by opening a terminal: a standard GNOME desktop, simply click Applications Accessories Terminal. A window appears that says: LOGIN @NAME_ OF_ THE_ MACHINE: ~ $ At the end is a square, called "slider", which is where to enter the command text. Specifically, with the login name roger and a machine named debian, there will be like this: roger@debian:~$ It is from this state, called the "command prompt", which can directly type the commands you want to run on the computer. The net effect of these commands is often the same as that which can be obtained by clicking the right place in a graphical interface. For example, if in the terminal you just opened, we type gedit as an input, the result is opening a text editor. We could have done exactly the same thing by clicking Applications Accessories Text Editor gedit. By cons, we cant enter a new order in our terminal as they will not leave the text editor. In this guide, the t the terminal is mainly used to perform actions that are not offered by graphical user interface (GUI) for now.
On orders
Orders are orders as we give to the computer through the terminal. These "command lines" have their own language, with their words, letters, and their syntax. Some remarks on the subject are therefore useful.
Syntax An example, taken from a tool that will be presented later: sfill -l -v /home ^^^^^ ^^ ^^ ^^^^^ program option option argument In this command line, you can see, in order:
Command is called sfill. The command is usually an installed program on the system;
Two options, -l and -v that modify program behavior sfill. These may be optional depending on the program (and beginning with a dash or two for them to be distinguished); An argument /home, which states that on which the command will work. There may be several, or none, depending on the order.
Each of these elements must be separated from the others by one (or more) space (s). So there is a space between the command and the first option, between the first option and the next, between the last option and the first argument, between the first and subsequent arguments, etc. To know the available commands, their options and arguments, no mystery: each order normally has a manual page. To access, simply go to System Help and then in man pages. But these may be difficult to understand in appearance of technical, and are usually available in English.
Inserting the path of a file When using a terminal, it is often necessary to specify folders and files. It is talk of "path" because it usually describes which folder and subfolder is a file. To separate a file in it, use the character / (pronounced "slash"). As an example, here is the document path recipe.txt which is located in the Documents folder of the account's alligator: /home/alligator/Documents/recipe.txt Like many commands expect the file names as arguments, it becomes tedious to type their full path names by hand. There is one simple way to insert a path: when you catch the mouse icon to a file, and it is moved to release the terminal, the path is written where the cursor is. However, this works with real files or folders and will not work, for example, for files in the trash, the folder icon on the desktop or USB keys.
Execution Once we have entered an order, we ask the computer to the "run" by pressing the Enter key.
End or interruption of the order The execution of the command takes more or less time. When completed, the terminal always returns to the state it was before it issues the command, the "command prompt"
roger@debian:~$ We then say that the terminal "makes by hand. If you want to interrupt the execution of an order before it is finished, you can press the Ctrl key and while keeping this button press the C key. Then the order is stopped immediately, just like when you close the window of a program.
Typography Most of the symbols used to enter commands are full of common symbols. When a command uses the symbol " - " it is only the" dash "that can be obtained by typing. Other symbols are rarely used outside the terminal, but are available with standard keyboards. They are even shown on the keyboard, and accessed using the right Alt key, denoted AltGr. Here, based on a standard PC keyboard French, the correspondence of a few buttons with the symbols they write and their names (although some will actually be used in this guide):
Keys AltGr + 2 AltGr + 3 AltGr + 4 AltGr + 5 AltGr + 6 AltGr + 8 AltGr + 0 AltGr +) AltGr + =
Result ~ # { [ | \ @ ] }
Symbol name tilde sharp brace left bracket pipe backslash at sign right bracket right brace
Names to replace Sometimes we will name something that has been found for later use. For example, suppose that the identifier is LOGIN. We're working under the identifier: daisy. When you write "type LOGIN replacing LOGIN ID by its own account ", it will actually hit daisy. If you type LOGIN, it will not work...
Another warning
Moreover, orders must be typed accurately. Forget space, omit an option, the wrong symbol, be inaccurate in an argument changes the direction of the order. And as the computer does exactly what is asked, if we change the order, it will do exactly nothing...
Exercise
We will create an empty file named "test", which will then remove. In a terminal, enter the command: Touch test And press Enter so the computer executes it. The command: touch gave the order to create an empty file; the argument test gives the name of this file. No options are used.
One can then verify the file was created by running ls (which means "list"): ls Once the order is initiated, the computer responds with a list. On the one used for testing, we have: Desktop test Desktop is the name of the file that already existed, and test is the file name that you just created. Another computer could have responded with many other files in addition to Desktop and test. That meets the command ls is just another way to see what can be obtained elsewhere. By clicking on the desktop, the icon of the personal file, it may be noted in the file browser the appearance of a new icon representing the file test that you just created... We will now delete this file. The command line to do is a general syntax: rm [options] DELETE_ A_ FILE_ NAME We will use the option -v. To insert the file name to be deleted, we will use the trick given above to specify the path of the file. We will therefore:
type rm -v in our terminal, type a space to separate the option -v of the sequence, In the Personal Folder window, we will take with the mouse the icon of the test and place in the terminal.
Similar to windows that we use: del name of the file (by drag and drop in command prompt called CMD) At the end of this operation, we should get something like: rm -v '/home/LOGIN/test' We can then press the Enter key and see that the computer responds: /home/LOGIN/test deleted This indicates that it has deleted the requested file. You can still check his absence by launching a new ls : ls
you should note the absence of test in the list. On the same computer as earlier, this gives: Desktop And the icon should also have disappeared in the file browser. Apparently it was removed ... although, as explained in the first part, the content still exists on disk. As it was an empty file named "test", we can say that this is no big deal.
To read more
This first experience could be the beginning of a long passion. To maintain it, nothing better than taking the time to read Starting console " and using the terminal in Linux from related websites.
1. http://ubuntu-en.org
Choose a passphrase
A passphrase is a secret that is used to protect encrypted data. This is used to encrypt a hard drive, documents... When we speak of a password, we consider a pass phrase must consist of at least 10 words. A good passphrase is a passphrase which one can remember, and must be impossible to guess. A simple technique to find a good passphrase difficult to guess, yet easy to remember is to use song lyrics: 1. We often do not sing aloud. 2. Avoiding the chorus, find a verse that you like. 3. Consider this verse and transform it somewhat. For example, we can put the punctuation, replace the words by writing SMS, etc.. Whenever we need to type the passphrase, we sing our own song (mentally). It is best to avoid accented characters or other symbols are not directly available on a U.S. keyboard. This can avoid problems with missing buttons, and especially bad character encoding. For example: There's a dark secret in me dont leave me locked in your heart We can transform it like this: There is a DARK secret in me: do not leave me locked in Ur heart! I am sure you can find numerous methods to use complex passphrase.
Try simply
Put the CD in the drive, or connect the key, and then (re) start the computer. Sometimes it works alone. If it is working, reading more is useless!
Press [KEY] to select temporary boot device [KEY] = Boot menu [KEY] to enter MultiBoot Selection Menu
These messages say to use the key to select a boot device. This key is often F12 or F10. On the Mac, there is an equivalent of this option: immediately after turning on the computer, you must press and hold the alt key (sometimes labeled option). After a while, you should normally appear the Boot Manager. Let back to our PC. Often, the BIOS is going too fast, you do not have much time to read the message, understand it and press the key. Never mind, once identified the correct key, reboot the machine and press the question (do not press and hold, but press and release several times) when turning on the computer.
With a little luck, a message like this appears: +----------------------------------+ | Boot Menu | +----------------------------------+ | | | 1: USB HDD | | 4: IDE HDD0: BDS GH87766319819 | | 8: Legacy Floppy Drives | | | | <Enter Setup> | If it works, you win. Choosing the right entry in this menu, moving with the arrow keys and , then press Enter. For example, to boot from a USB flash drive, choose USB HDD. The computer should boot from the selected device. More is useless!
Press [KEY] to enter setup Setup: [KEY] [KEY] = Setup Enter BIOS by pressing [KEY] Press [KEY] to enter BIOS setup Press [KEY] to access BIOS Press [KEY] to access system configuration For setup hit [KEY]
These messages say to use the key [KEY] to enter the BIOS. This key is often Delete or F2, sometimes F1, F10, F12, Esc, Tab () or something else. The following table summarizes the access keys in BIOS for some common manufacturers of computers 2 .
manufacturer model Keys observed Acer Recent models F2, delete Acer Old models Ctrl+Alt+Esc, F1 AST, ARI Ctrl+Alt+Esc, Ctrl+Alt+delete Compaq Recent models F10 Compaq Old models F1, F2, del CompUSA del Cybermax Esc Dell Recent models F2 Dell Old desktops Ctrl+Alt+Enter, del Dell Old laptops Fn+Esc, Fn+F1 eMachines Tab (), del, F2 Fujitsu F2
manufacturer model Keys observed Gateway F1, F2 HP F1, F2, Esc HP tablet PC F10, F12 IBM Recent models F1 IBM Old models F2 IBM/Lenovo Recent models F1, F2 IBM/Lenovo Old models Ctrl+Alt+F3, Ctrl+Alt+Ins, Fn+F1 Intel Tangent del Micron F1, F2, del NEC F2 Packard Bell F1, F2, del Shuttle F1, del Sony F1, F2, F3 Tiger del Toshiba F1, Esc Toshiba Equium F12
Often, the BIOS is going too fast, and we did not have time to read the message, understand it and press. Never mind, once identified the correct key, reboot the machine by pressing the button in question (do not press and hold, but the press and release it several times). Sometimes you need to reboot and try again... If an image is displayed instead of the message we hoped, it may be that the BIOS is configured to display a logo rather than messages. Try pressing Esc or Tab () to see the messages. If the computer starts too quickly to allow time to read the messages it displays, it is sometimes possible to press the Pause button (usually top right of the keyboard) to freeze the screen. Press again any key can "unfreeze" the screen.
Change the boot sequence Once in the BIOS, the screen is often blue or black, and full menus. In general, an area at the bottom or right of the screen explains how to navigate between the options, how to change tabs ... It is often in English. The keys to use for moving are usually described as, for example : Move. These are the arrow keys and and / or and . Sometimes the Tab key () is useful too. BIOS screen
The idea is to dig into it until you find something that contains boot, for example:
Once found the correct input, and then find how it is changing. For example: Enter: Select or +/: Value . The goal is then to put the CD or USB first, according to which you want to start. Sometimes you have to enter a submenu. For example if there is a menu Boot order and it is written in support Enter: Select, press Enter to reach the menu. Other times, the options are changed directly. For example, if an option as First boot device and is written using +/-: Value, press the + key or - until the correct value, such as IDE CDROM, is selected. Sometimes it is rather to use the Page Down key or Page up key. Other times, they are like keys F5 and F6. At other times, these keys are used to up and down the device in a list corresponding to the boot order. How to choose new configuration Once we managed to select the right support for starting, we must ask ourselves if we want to leave it forever or not. If you want to leave, it may be useful to place the hard drive second in the boot sequence. Thus, if the first support is absent, the computer will boot to the hard drive. If you do not put the hard drive in the boot, the computer will not start over, even in the absence CD or USB drive. However, the fact of leaving the computer boot from external media can have unfortunate consequences: it becomes a little easier for a hacker to start using this support, for example to carry out an attack. One can certainly set up the BIOS password to access the computer, which must be entered before any startup. But it is useless to count on it to protect anything: this protection can mostly be circumvented easily. Save and Exit Once the new configuration is established, it remains to save and exit. Again, read the help screen, such as F10: Save . Sometimes you have to support one or more times so hit Esc to get the right menu. A message will appear asking if you are sure you want to save and exit. For example: +-------------------------------------+ | Setup Confirmation | +-------------------------------------+ | | Save configuration and exit now | | | | <Yes> <No> | | | +-------------------------------------+ We really want to save, so we select yes and press Enter.
1. Protocols illustrated for some BIOS are available on http://www.hiren.info/pages/biosboot-cdrom 2. Sources: http://pcsupport.about.com/od/fixtheproblem/a/biosaccess_pc.htm and http://michaelstevenstech.com/bios_manufacturer.htm
Download torrent
To download publications in peer-to-peer, you must first download a small file, called a torrent. This file contains information that will be required to download software to find the source files that are to be obtained. On the download page for Tails, we can see that is mentioned a number of BitTorrent. They correspond to the latest recommended version of Tails. It may be useful to understand how these files are named:
the architecture for which it works, such as i386 and PowerPC ; Version, for example 0.7.
There are also several extensions for the same file names:
The files .torrent corresponds to the torrent that can download the live system. The files .asc contain cryptographic signature .torrent .
So we will download the file .torrent to our architecture - select i386 which is more popular.
Debian or Ubuntu; the menu Applications Internet open the Transmission BitTorrent client. If not there, it is necessary, first, install the package transmission-gtk ; Mac OS X; it is also possible to install Transmission ; http://www.transmissionbt.com/download Windows; you can install the free client Vuze. http://www.vuze.com
Burn a CD
The downloaded file is an "ISO image", that is a file format that most CD burning software recognize as "raw CD image." In general, if you insert a blank or rewritable disc in the drive, and right-click the downloaded file and choose Burn a disc; burning software will do writing the image on the CD. On Windows, if you do not already have software capable of burning ISO images, free software InfraRecorder (www.infrarecorder.org) will do the job.
Once done, the full command should look like: cat '/home/lea/Desktop/tails-i386-0.7.iso' > /dev/sdx The copy starts as soon as we press Enter, and then only shows a simple square to the next line. After patience, you can close the terminal. Then remains to reopen the window of the Disk Utility and click on Disconnect safely to ensure that the copied data on your USB stick have arrived at their destination. We can then close the Disk Utility.
1. To encrypt the hard drive during installation of Ubuntu, it is necessary to use the CD named alternate install: http://www.ubuntu.com/download/ubuntu/alternative-download http://www.ubuntu.com/download/ubuntu/download
Limitations
Warning: This simple encrypted installation does not solve all the problems of confidentiality. It protects the data under certain conditions.
encryption and limitations Studying in detail the practical limitations of such a system and possible attacks against it.
Otherwise, the installation of an encrypted system can provide a false sense of security, the source of many problems.
1. For some materials, problems may come from defects in the functioning of integrated firmware. These problems can be corrected by updates provided by manufacturers. This can be a good idea to make update the BIOS, the Embedded Controller or other components prior to installation. Unfortunately, these procedures differ too much from
one material to another to be detailed in this book, but can usually be found on the manufacturer's website ...
An installation media
For installing the system, the simplest is to use a CD, DVD or USB stick. However, Debian has several variants, and it is therefore necessary to first choose the best method suited to your situation.
The installation CD
The fastest way is to use an installation CD. The CD contains only the first pieces of the system. It then downloads software to install from the Internet. This requires that the computer you want to install Debian is connected to the Internet, preferably via a network cable (not Wi-Fi, which rarely works inside the installer). Files (also called "images") containing a copy of the installation CD are on the site of the Debian Project 1 . You should download the one whose name ends with amd64-i386-netinst.iso , this image will work on all home computers manufactured after 2006 2 .
1. The images of multi-architecture network installation: http://cdimage.debian.org/debiancd/current/multi-arch/iso-cd/ 2. For the "old" Macs (iBook G4, for example), it is necessary to use the image whose name ends with powerpc-netinst.iso which can be found on http://cdimage.debian.org/debiancd/current/powerpc/iso-cd/ . Note: It is not possible to transfer that image on a USB key. 3. The installation DVD for architecture amd64 : http://cdimage.debian.org/debiancd/current/amd64/iso-dvd/ 4. The installation DVD for architecture i386 : http://cdimage.debian.org/debiancd/current/i386/iso-dvd/
where you downloaded the image from the installation media, download files SHA1SUMS and SHA1SUMS.sign ; If we only have a live system , it is possible to put the downloaded image on a USB drive, then check the fingerprint from the live system; check the GnuPG signature of the print, available in the file SHA1SUMS.sign ; Finally, check that the fingerprint of the downloaded file is the one expected.
Then add a space. We will indicate the source of the copy. To do this, we must, with the mouse, grab the icon of the ISO file and drop it into the terminal. After releasing the button, it should appear look like: cat '/home/domi/Desktop/debian-6.0.1a-amd64-i386-netinst.iso' It's still not finished, because we must now specify the destination of the copy, by adding at the end of our command: > The _device Once done, the full command should look like something this: cat '/home/domi/Desktop/debian-6.0.1a-amd64-i386-netinst.iso' > /dev/sdx The copy starts as soon as we press enter. After it, you can close the terminal. Then the window reappears from the Disk Utility and you click on Disconnect safely to prevent any damage to the newly copied data on your USB stick.
Use a USB key in addition to a CD or DVD If you use a CD or DVD to complete the installation, it is necessary to copy additional firmware on a USB key. It is possible to use a USB drive that already contains data, but the key should not be encrypted. To do this, create a new directory in the key that you named firmware Archive Manager) the contents of the archive that you just downloaded.
1
Simply (with a GNU / Linux) double-click the file firmware.tar.gz you just downloaded. Archive Manager opens: click on the Extract button in the top menu and then select the folder location as firmware of the USB key. We can then remove the key. Use a single USB If you are installing from a USB stick, it is possible to copy the firmware on the same key. For this, we must first open the Disk Utility from the menu Applications System Tools. Then:
plug the USB into the computer; select the USB drive from the list on the left; In the right side, click on the area indicated as free volumes under the title; click on the Create a partition; choose FAT as the type and firmware as the name; Click on the Create button.
We can now close the Disk Utility; use the Archive Manager to extract the contents of the archive downloaded previously on the space of the USB firmware, and then remove it.
1. The directory name should really be firmware, otherwise it will not work.
After a little patience, a menu named Select a language appears: the installer offers to choose a language for the rest of the installation. Always move with the arrows, select English and press Enter. A menu asks the country to fine-tune the adaptation of the system. Choosing a location, and press Enter. In choosing the keyboard layout, the default English should be if you have an English keyboard. The installer then loads the files it needs.
The installer takes a little time to configure the network, and then requests the hostname. Choose a pet name for the computer. this name will then be visible from the network, and may also be part of the files created or modified with the system that is being installed. The installer asks for the Domain. Without going into details, it is better to leave this field empty (it is so clear that the program can eventually be pre-filled).
The installer asks to choose the country of the mirror of the Debian archive. It then asked the mirror of the Debian archive to use. The default can be for example ftp.debian.org or ftp.fr.debian.org . The installer asks if you need an HTTP proxy. It is left empty. Then the installer downloads the files it needs to continue.
It is then necessary to confirm the password for the superuser account. In Full name of the new user, choose the name associated with the first account created on the system. This name is often recorded in the documents created or modified, so it may be worthwhile to choose a new nickname. In ID for the user account, choose a username (login) for the account. It is pre-filled, but can be changed. The installer warns, in case you want to change it, it must begin with a lowercase letter and be followed by any number of numbers and lowercase letters. The installer asks a password for the user who has the right to administer the computer, if you decided not to enter a password "root" above.
Partition disks
Then CD starts the partitioning tool. It detects the partitions, and will propose to change them.
In Partition disks, choose guided partitioning. In the partitioning menu, choose Guided - use entire disk with encrypted LVM. Choose Hard disk to partition on which to install Debian GNU / Linux. If you want to remove the currently installed system, it is generally the first record of the list. The installer then suggests different partitioning schemes. Here, there are several possibilities: o All in one partition still works; o If you have a large disk (not less than 20 GB), you can choose this to store the directory /home, which will contain your personal data in a separate partition.
The installer warns as it will apply the current pattern of partitioning, which will be irreversible. Since we did well to preserve and what we wanted to keep, answer yes to write changes to disks and configure LVM? The installer will then replace the old contents of the disk with random data. It's very long - several hours on a large disk - and it therefore leaves time for other things! The installer asks an encryption Passphrase. Choose a good passphrase and type it. Confirm the passphrase by typing it again. The installer displays a list of all partitions it will create. You can trust him and Finish partitioning and write changes. The installer warns that it will destroy all data on disk. The whole disc has already been filled with random data, so if it contained important data have already been erased. Reply yes to Must apply the changes to the disks? The installer creates the partitions, which can take a little while.
Select Software
Then it asks Would you like to participate in the study on the use of statistical packages? You can safely answer yes to disclose much more information: since the software will Anyway downloaded from the Debian servers, they may already know what packages are used if they wanted. The installer asked what software to install. Its proposal agrees in general: Desktop environment and Standard system utilities, plus Laptop appropriate. Then, to reach the submit button, use the Tab key (). The installer then installs the rest of Debian GNU / Linux. It is long; there is time to go and do something else.
1. The installation manual is available in many versions to choose from on http://www.debian.org/releases/squeeze/installmanual.html or for French user here: http://www.debian.org/releases/squeeze/installmanual.fr.html . It is written for PC 32-bit or PC 64-bit depending on the version of the installer, you will use. 2. For example, the file names starting with b43 firmware are for a type of Wi-Fi card, which are not directly distributed by Debian. To run them, it will attempt to install one of the functional system packages: firmware-b43-installer, firmware-b43-lpphy-installer or firmware-b43legacy-installer. 3. This is called sudo, as in the terminal, it will be possible, adding sudo to the beginning of the line, execute a command as "superuser." 4. If you are not very comfortable with typing, often in the early days we make a mistake in the passphrase, and it is more probable that no character is displayed. Do not worry about the repeated errors, and insist to successfully enter the phrase without fail ... After some time, typing errors will be rare.
The reference guide official Debian ; http://www.debian.org/doc/manuals/debianreference/index.en.html The home page of the official documentation for using Debian ; http://www.debian.org/doc/user-manuals The Formation Debian GNU / Linux: an excellent self-study about Debian in French. http://formation-debian.via.ecp.fr
You can find much documentation on the use of GNU / Linux. Although they are often very useful but sometimes have uneven quality. In particular, many of them stop working when part of the system will be changed, or will be very concerned with the privacy you would expect from your system. It is therefore necessary to think critically and try to understand before applying. Here are some references to wikis and forums:
The official Debian wiki; http://wiki.debian.org and http://www.debian-fr.org/ ANDESE: a wiki and forum in French on Debian. http://www.andesi.org
How to find a Debian package? When trying to achieve new tasks with a computer, it is often necessary to install new software; Which selection criteria? Sometimes you choose a program to perform a certain task, and then it is common to feel lost in multiple solutions available. How to install a Debian package? Once we know which package contains the software we want to use, it is time to install it properly; How to modify the Debian repositories? Debian package containing types of programs named deposits. If the deposits that come with Debian contain virtually all the software you might need, it is sometimes useful to add new repositories.
Find Software
Sometimes you already know the name of the software you want to install - because we were advised, it has been found on the Internet and we want to know if it is in Debian. Other times, you know only the task, you want to do. In all cases, the database software available in Debian, certainly answers our questions. Here are some tips to find what you looking for:
find an application applies to search a program that could be opened in the Applications menu, otherwise ... Find a Debian package can be applied in all cases. It gives more choice, where it is still easy to get lost. For example, when we find the German dictionary for OpenOffice.org, or codec, drivers, etc...
Find an application
Open through the menu System Administration archive. Then there are two techniques to search an application: o Enter keywords or the name of the application in the search box at the top right. The search results appear below. Descriptions of less common applications are rarely translated into non-English languages. o Browse the categories and subcategories by clicking on the icons that represent them. In the application list, after clicking on an application, you can press more to see its detailed description, and often a screenshot. Just click on Install, to install it. It is likely that the computer asks us the password administration before proceeding. You can also check the changes will be made.
In the System menu, go to the Administration submenu, and open the Synaptic Package Manager. Since the package manager can change the software installed on the computer, and then to choose which programs we trust, we are reassured that we request our password to open. In the package manager, let's reload the list of available packages by clicking the Reload icon. The package manager then downloads the latest information on available packages from a Debian server. Then there are two techniques to search a package:
Click the Search icon in the toolbar. There, Info and verify the name is selected in Search. Then type a set of keywords in the search box (for example " German dictionary openoffice") and click on Search; o Select a category from the left column. The search results or the packages will appear in the list at the top right. By clicking on the name of a package, its description appears in the lower right. Now, it remains to install the corresponding package.
o
Criteria selection
It is sometimes necessary to choose a program to perform a certain task, and then it is common to feel lost in the multiple of solutions available. Here are some criteria to make a proper decision. The advantage of using open source software over proprietary software has already been explained. The following steps will therefore only use the free software available.
Installation mode
It is usually best to install software provided by the GNU / Linux distribution (e.g. Debian). There are two main reasons for this. First, a practical issue: the distribution provides the tools to install and maintain, more or less automated, a software package: it alerts us when a security vulnerability affects any software that is used. But when you install software that is not provided by distribution, you must remember to update, recognize security vulnerabilities that are discovered, manage dependencies between software. It takes effort, time, and skills. On the other hand, a matter of security policy: when GNU / Linux distribution is chosen, it was implicitly decided to give some confidence to a group of people. Install software that is not provided by distribution means a similar decision about a new set of people, a new process. Such a decision not taken easily: when deciding to install software not belonging to Linux distribution, we expand the set of processes and people who are given the confidence, and therefore it increases the risks.
Maturity of distribution
The novelty, washes whiter than white is often a trap. Better, if possible, to choose a program that has reached a certain maturity: in the software actively developed and used for at least a few years, chances to discover problems and fix them are the biggest... including security vulnerabilities. To see this, look at the history of each software on their website or in the file named Change log (or similar), usually delivered with the software.
Who develops? A person, persons, an entire team? Is there the number of people who contribute to the source code by increasing or decreasing? Is development active? It is about responsive, long-term monitoring of resistance. Software development is an endurance race, not a sprint.
What about collective communication tools that underlie the development (lists and chat rooms, for example):
Is there easy access to the discussions leading the development of the software? Do these discussions bring many people together? Do these people take it to its development, or they only use it?
What atmosphere prevails? Dead calm, dead silence, joyous cacophony, serious chilling, open arms, implied hostility, tender complicity, etc..? Will there the volume of discussion in recent months / years, by decreasing or increasing? More than the gross volume, it is important the proportion of messages getting answered: software mature, stable and well documented will not necessarily lead to discussions, but if nobody is there to answer questions from neophytes, it can be a bad sign. Can we leave our suggestions for improvement? If so, are they considered? Are the answers still given by a small number of people, or are there any practical wider supports?
Popularity
Popularity is a difficult criterion in software. The fact that the vast majority of desktop computers currently run under Windows does not suggest that Windows is the best operating system available. However, if this software is not used by many people, it is doubtful of its long-term if the development team had to stop working on this software, what would become of it? What will take over? It can therefore be, as a rule, it is necessary to choose a software used by a sufficiently large number of people, but not necessarily the most widely used software. In order to measure the popularity of software, it is possible, on the one hand, using the same criteria as those described above regarding the dynamics of "community" formed around it. On the other hand, Debian publishes the results of its popularity contest 1 , which compares not only the number of people who have installed a particular software, but even more importantly, the evolution in time of their popularity.
Increased security
Here again is a standard double-edged. We can start with a look at safety monitoring 2 proposed by Debian. In seeking software by name, you can have the list of security issues that were discovered and sometimes resolved. If this software has a perfect safety record blank, it may mean either that any one cares, or that the software is written in an extremely rigorous. If security flaws were discovered in the software, there are several implications, sometimes contradictory. 1. These vulnerabilities were discovered and corrected: So they no longer exist;
So someone was concerned to find them, and someone else to fix them: it can be assumed that attention is given to this question. 2. These flaws have existed: Software may be written without safety is a particular concern; Other faults may exist, undiscovered or worse, not yet published.
To refine our intuition with respect to this software, it may be appropriate to consider the criterion "time": for example, it is not dramatic as some flaws were discovered in the early software development, if none has been discovered in recent years. we can then put that on account of the mistakes of youth. Conversely, if new vulnerabilities are discovered regularly, for years, and until very recently, it is quite possible that the software still has many security problems ... totally unknown or unpublished. To illustrate this, it is possible to compare the historical flaws of Claws Mail: http://www.clawsmail.org and the Thunderbird: http://www.mozilla.org/projects/thunderbird.
Development team
Who wrote this software? If one was able to answer this question, various indices can help us determine the confidence that can be given to the development team. For example:
The same people have also written another program, we already use intensively, our impressions of the other software are very relevant in the context of this study. Members of the development team have addresses that end up @debian.org , and therefore have the right to modify the software provided by Debian GNU / Linux, if we use this distribution, we are already giving, in fact, some trust these people. Members of the development team have addresses that end up @google.com , indicating that Google's payroll if there is no doubt as to their technical skills, one wonders how their work is guided by their employer, it is worthy of no confidence in its intentions regarding your personal data.
1. http://popcon.debian.org/ 2. The Debian security team maintains information for each packet seen on the security tracker. http://security-tracker.debian.org/tracker
Apply Changes
It is possible to repeat the last two steps to install multiple packages simultaneously. Once we have prepared this installation, it only remains to launch it by clicking Apply in the toolbar. The package manager opens a window where list everything it will do. Have a look to check it was right, and then click on Apply. The package manager then downloads the packages from the Internet, edited, and then installs them. Sometimes the manager says that some packages could not be verified: this information should not be taken lightly. In this case, it is better to cancel the download, click on Reload in the main menu and start over package selection. If the indication appears again, this may be the result of an attack, a technical failure or configuration concerns. It is better to refrain from installing new packages before identifying the problem. Finally, if all went well, the package manager window displays as what changes have been implemented and we can click on Close. Then it is a good idea to close the package manager to prevent it falling into other hands.
Fingerprints in this guide, which were verified on the Internet from many different connections require to trust the source; If possible, fingerprints can be found on other computers on which the deposits in question have been previously installed if it can be accessed.
This protocol is very far from certain. It is, however, a good way to install malicious software. Some fingerprints verified by us Two prints of deposits among the most used are reproduced below:
Deposit Date Footprint 1D7F C53F 80F8 52C1 88F4 ED0B 07DC 563D 1F41 B907
September 2009 A3C4 F0F9 79CA A22C DBA8 F512 EE8C BC9E 886D DD89
Compare these fingerprints with those on other computers If we can have access to computers on which the deposits that you want to use have already been installed, we can cross the tracks in this guide with those present on these computers.
To do this on various computers, open a Terminal from the menu manager Applications Accessories. Then type: apt-key finger Then press Enter. This gives a list of deposits key, each in the following form: Pub 2048R/886DDD89 2009-09-04 [expire: 2014-09-03] Fingerprint key = A3C4 F0F9 79CA A22C DBA8 F512 EE8C BC9E 886D DD89 uid deb.torproject.org archive signing key Sub 2048R/219EC810 2009-09-04 [expire: 2012-09-03] This is the third line of each entry gives the name of the repository. It is in this list to find the name of the deposit that we want. In the example above, we have: uid deb.torproject.org archive signing key It is therefore deb.torproject.org key. The matching fingerprint is on the line just above: Fingerprint key = A3C4 F0F9 79CA A22C DBA8 F512 EE8C BC9E 886D DD89 Then write down the footprint for future comparisons. Retrieve the key of a deposit from the Internet We must first open System Preferences Passwords and Encryption Keys.
from the menu Distant select Search remote key; In Search of the key container, type part of name of the desired key or identifier, such as "torproject.org" or "1F41B907" (for debian-multimedia), then click Search; A window containing remote keys [...] appears. Here we have for example "deb.torproject.org archive signing key" to identifying 886DDD89 ; Click on this key, and then click the Import button. We can then close the window with the list of keys found at a distance.
To ensure that the key you just received is the one expected, it is now checking its mark:
Once the key is imported, go to the other tab key in the main window. Select the key to check, in our example "deb.torproject.org archive signing key." Right Click with mouse and in context menu that appears, choose Properties. Go to the Details tab. Footprint in there is the checksum of the key. To ensure we have the right key Check that the fingerprint matches with that found before.
If this is the case, you can export the key to a file before adding it to the software that will use it to check the contents of the deposits. To do this, close the window with the properties, to once again right-click the key, this time choose Export ... and save, for example on his desk, accepting the default name. We can close Passwords and encryption keys.
Go to the Authentication tab and click on Import Key File ... Select the file where you saved previously downloaded the key - deb.torproject.org signing key.asc archive (for example on the desktop above) and click OK. We can then delete the file.
Update the packages available It is now possible to close the Sources of updates. The software then reloads the package lists. Accept by clicking Refresh. Install package with the deposit keys Once the key added, we have access to the repository. It usually provides a package containing the keys of this deposit, and allowing them to easily update. It is often called from the deposit name, followed by the word keyring. For example, for debian-multimedia.org, it's debianmultimedia-keyring . We must therefore take the time to install this package, if available 1 .
A little theory
For most of the recipes coming, we will use the software contained in the Debian package secure-delete. Guttmann method One standard way to recover data that has been overwritten on a hard drive is to capture and process the analog signal obtained from the drive's read/write head prior to this analog signal being digitized. This analog signal will be close to an ideal digital signal, but the differences will reveal important information. By calculating the ideal digital signal and then subtracting it from the actual analog signal, it is possible to amplify the signal remaining after subtraction and use it to determine what had previously been written on the disk.
For example: Analog signal: +11.1 -8.9 +9.1 -11.1 +10.9 Ideal Digital signal: +10.0 -10.0 +10.0 -10.0 +10.0 Difference: +1.1 +1.1 -0.9 -1.1 +0.9 Previous signal: +11 +11 -9 -11 +9 -9.1 -10.0 +0.9 +9
This can then be done again to see the previous data written: Recovered signal: +11 +11 -9 -11 +9 +9 Ideal Digital signal: +10.0 +10.0 -10.0 -10.0 +10.0 +10.0 Difference: +1 +1 +1 -1 -1 -1 Previous signal: +10 +10 -10 -10 +10 +10 However, even when overwriting the disk repeatedly with random data it is theoretically possible to recover the previous signal. The permittivity of a medium changes with the frequency of the magnetic field. This means that a lower frequency field will penetrate deeper into the magnetic material on the drive than a high frequency one. So a low frequency signal will, in theory still be detectable even after it has been overwritten hundreds of times by a high frequency signal. Documentation 1 of the package says: The deletion process works as follows: 1. How to crash (in safe mode) replaces the contents of the file 38 times. After each run, the disk cache is emptied; 2. the file is truncated, so that an attacker does not know which disk blocks belong to the record; 3. the file is renamed, so that an attacker cant draw any conclusions about the content of the deleted file from its name; 4. Finally, the file is deleted. [...] The protocol described above is based on a publication of Peter Gutmann published in 1996 2 . Adopted compromise The 38 overwrites above comes from the study by Peter Gutmann. But it focuses on technology drives that no longer exist today. He has since added at the end of his article, a paragraph entitled Epilogue that tells us, in essence, a hard disk 3; simply overwrite the data several times with random data. But apart from the nature and number of overwrites; the process described above is quite topical. In addition, the NIST (National Institute of Standards and Technology, a U.S. government agency among others in this country used the security protocol,) has published a recent study 4 of the NSA, which explained that in modern hard disks, the data are so glued to each other that it becomes impossible to carry out tests to find the magnetic traces of deleted data, in fact, the data density of hard drives continues to grow, to increase their storage capacity.
Therefore, we content ourselves with a few random passages in the recipes that follow, specifying how to implement the original method of Gutmann. This will again make the right compromises, in each case, between speed and the desired level of protection, depending on the size of data to be overwritten, the age of the hard drive, and confidence that 'is given to NIST. For USB and other flash memory For USB (or other flash memory), a study in 2011 problematic.
5
This study shows that cant be guaranteed to have overwritten the entire contents of a given file, regardless of the number of overwrites. While this makes the data inaccessible by simply plugging the key, they are always accessible to anyone who looked directly into the flash memory chips. The only method that worked consistently was overwritten several times the entire USB drive. In most cases, two passages were enough, but on some models, twenty rewrites were necessary before the data are deleted for real. Based on these observations, the answer appears to be preventive by systematically encrypt USB drives, making operation very difficult to extract information directly from the flash memory chips. And after the event whole crashing, despite its limitations, still protect it against attacks. Other limitations of erase "secure" It can still remain on the file information to be found, especially if you use a file system like ext3, ext4, ReiserFS, XFS, JFS, NTFS, a writing system, compression or backup disk (e.g. RAID) or via a network.
On other systems
We have seen that it is illusory, if one uses a proprietary operating system, to seek a real intimacy. Although there are software supposed to delete files with their content on Windows and Mac OS X, so it's much harder to trust them.
Let's go
It can erase:
1. File README.gz installed on a Debian /usr/share/doc/secure-delete. 2. Peter Gutmann, Secure Deletion of Data from Magnetic and Solid-State Memory, Department of Computer Science, University of Auckland, 1996. http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html 3. Using technology PRML, appeared in 1990. https://secure.wikimedia.org/wikipedia/en/wiki/PRML , http://en.wikipedia.org/wiki/Partial_Response_Maximum_Likelihood , http://www.storagereview.com/guide/histFirsts.html 4. Special Publication 800-88: Guidelines for Media Sanitization. http://csrc.nist.gov/publications/nistpubs/800-88/NISTSP800-88_rev1.pdf 5. Reliably Erasing Data From Flash-Based Solid State Drives by Michael Wei, Laura M. Grupp, Frederick E. Spada and Steven Swanson. http://www.usenix.org/events/fast11/tech/full_papers/Wei.pdf
Command line
If you are comfortable with the use of terminal, deleting files and their contents with srm is simple. Just run the command:
srm -r -l -v file_name Note: The options -r , -l and -v proposed for use here as part of the command srm , have the following meanings:
The option -r indicates that the target will be deleted recursively, including subfolders The option -l indicates that srm wants overwrites the file contents twice, including once with random data. If you prefer using the original method of Gutmann (longer, and perhaps safer), do not use this option. The option -v indicates that you want to use the verbose mode when running the command: for example, indicates the terminal after the actions it performs. This allows following the progress of the order: a new star will appear after each overwrite the file.
On this subject, take a look at the section on command line (use a terminal)
Download the script on the desktop. Verify its checksum... Here are the SHA256 checksum: 20a3782bd00f269be825b84a61886e33d1b66169900d4b425cd2ecf2a5294f27
Second option: write the script When you cant download the script, you must write it yourself by following these instructions:
Open the gedit text editor that is in the Applications menu, then Accessories. Write on the blank page that appeared:
#!/bin/bash if zenity --question \ -- text "Do you want to delete $ {*} overwriting its contents?" \ -- title "Delete overwriting data"; then srm -r -l "$@" && \ zenity --info --text "${*} has been deleted." \ - title "Deleted by overwriting the data" || zenity -- error \ -- text "An error occurred during the deletion of $ {*}." \ -- title "Deleted by overwriting the data" fi
French users can use the script below or use the file attached: #!/bin/bash if zenity --question \ --text "Voulez-vous vraiment supprimer ${*} en crasant son contenu ?" \ --title "Supprimer en crasant les donnes"; then srm -r -l "$@" && \ zenity --info --text "${*} a bien t supprim." \ --title "Supprimer en crasant les donnes" || zenity --error \ --text "Une erreur est survenue durant l'effacement de ${*}." \ --title "Supprimer en crasant les donnes" fi
Save the file by clicking Save. With name: Deleted_ by_ overwriting_ the_ data and store on the desktop. Exit the text editor gedit.
Select the file Deleted_ by_ overwriting_ the_ data on the desktop. Right Click by the mouse. In the context menu that appears, click Cut. Open the File Browser that is in the menu Applications System Tools. In the menu Go Location ..., then type ~/.gnome2/nautilus-scripts/ and press Enter. Paste the file by clicking on the Edit menu click Paste.
Select the file Deleted_ by_ overwriting_ the_ data on the desktop. Right Clicking the mouse button. In the context menu that appears, click Properties. In the box that appears dialoque, go to the Permissions tab, check Allow executing file as program. Close the box by clicking Close.
Check
In the context menu of the File Browser, a submenu Scripts containing the command Deleted_ by_ overwriting_ the_ data should appear
Select files and folders to be deleted. Right clicking the mouse button. In the context menu that appears, click Scripts, then Deleted_ by_ overwriting_ the_ data.
to erase the disc contained a not encrypted GNU / Linux, there must be at least two partitions, one with a swap file system, ext3 in general; to erase the disc contained an encrypted GNU / Linux, there must be at least two partitions, one with an ext2 file system, the other usually encrypted or unknown; To erase the disc contains a Windows system, there must be rated one or more partitions NTFS or FAT32.
In addition, the device corresponding to the internal drive is usually the first on the list. Once the disc is found and selected, we can read the hard path in the right, under the title Hard, next to the tag device. The device path begins with /dev/ followed by three letters, the first two being sd or hd, for example, /dev/sdx. Write the path somewhere, you will write it instead of the_device. Warning: this path is not necessarily always the same. It is better to start this short procedure after restarting the computer, connect or disconnect a USB key or hard drive. This will avoid unpleasant surprises ... like losing the contents of another hard drive.
Once the command issued and verified, press Enter. The command shred will then write to the terminal what it does by adding the command to shred; the option -v that is, "verbose": shred: /dev/sdb: pass 1/3 (random)... shred: /dev/sdb: pass 2/3 (random)... shred: /dev/sdb: pass 3/3 (random)... At the end of the procedure, the terminal displays a new command prompt. We can then close the terminal.
Open a terminal administrator From the menu Applications Accessories, open a Terminal administrator. Check the first location and retrieve the size of the LUKS header
In the terminal, the command cryptsetup luksDump gives full information on LUKS header, and the size on disk (into sectors 512 byte). Enter then, replacing the_encrypted_device by the path recognized above: cryptsetup luksDump the_encrypted_device if the device path was wrong, the terminal returns either no response, either: Device the_encrypted_device is not a valid LUKS device. If we got it right, it should rather be told something like: LUKS header information for /dev/sdx2 Version: 1 Cipher name: aes Cipher mode: cbcessiv:sha256 Hash spec: sha1 Payload offset: 2056 MK bits: 256 MK digest: a4 79 85 49 1f 3f 71 e5 1e c6 07 14 88 0c 02 27 59 80 25 58 MK salt: b7 b1 2a 5d 6d c5 b5 d2 06 55 a3 85 5d 07 af 9b c9 03 46 c6 e6 2f 29 1a 9d b7 58 05 44 cc 68 f9 MK iterations: 10 UUID: d73cbb8a-058f469e-935a-7f71debd8193 Key Slot 0: ENABLED Iterations: 170901 Salt: ec 1e 63 b7 13 fb 20 21 18 5d 86 44 42 d0 f2 af 52 a4 74 54 22 3f d8 0b ad 69 8c 46 f2 d3 79 4d Key material offset:8 AF stripes: 4000 We will need the size of the header (in sectors), written on the line Payload offset. It will be used later by the name of OFFSET.
Device the_encrypted_device is not a valid LUKS device. Finally it is possible or even advisable, to erase whole partition.
Making unrecoverable the data already removed from the file browser
You can configure the file browser of the GNOME desktop in order to make it unrecoverable for the data already deleted.
Command line
Warning: the method described below does not work properly on FAT32 file systems. To check the filesystem of a partition, you can right-click the disk icon on the desktop. Then on the Properties window at the end of the General tab, you can read the file system type. If the computer says vfat or fat, then sfill not overwrite free space if it is less than 4 GB! In this case, it is better to use the method based on the file browser, which has the advantage to operate correctly on a FAT32 file system. Open a terminal administrator Open a terminal by clicking on the Applications menu, then Accessories and finally Terminal administrator. Identify the location and start cleaning with sfill Prior to launching the command, you will need to tell sfill the folder paths already deleted on the partition and you want to make it more difficult to recover. So choose any folder on this partition: be called DOSSIER. In the terminal, then type: sfill -l -v DOSSIER And validate the command by pressing the Enter key. The option -l asks sfill to overwrite the space twice. If you prefer using the original method of Gutmann (longer, and perhaps safer), you must remove this option from the command line. An example For example: you want to overwrite the free space of the partition on which it contains personal file. For this, we must find login - the one before you type the password when connecting to the session. It appears in the beginning of the title bar of the file browser when you open its personnel file. We call it LOGIN. Then type in the terminal manager and replacing it with LOGIN above: sfill -l -v '/home/LOGIN' For the user lucia , it would: sfill -l -v '/home/lucia' Then wait a long time (many hours), especially if you have a large disk.
A possible compromise If after trying sfill , we see that it is really too slow to use, it is interesting to know that you can give the option -l again to sfill , to clear a less secure but faster: thus, instead of two overwrites, sfill will do that - with random data. This is less secure than the previous method, but it's better than not starting sfill at all. To do this, you have to start sfill as follows: sfill -l -l -v DOSSIER
Download the script on the desktop from here: Verify its checksum. Here are the SHA256 checksum: c907691c03d12ad2eadc2ca9758615580d663695b503f6579bef6afa111ccff9
Second option: write the script When you cant download the script, you must write it yourself:
Open the text editor gedit from the menu Applications Accessories.
#!/bin/sh test -z "$PWD" && exit 1 mkdir -p "$PWD/overwrite" trap "rm -rf $PWD/overwrite" EXIT { (echo 0 MAX=4000000 FREE="$(df -P "$PWD" | awk '/\// { print $4 }')" if [ "$FREE" -gt "$MAX" ]; then for n in $(seq 0 $((90 / ($FREE / $MAX))) 90); do echo "$n" FILE="$PWD/ overwrite /$FREE.$n.$$" echo "# overwrite of $FILE" dd if=/dev/zero of="$FILE" seek="$MAX" bs=1k count=1 shred -n 3 "$FILE" done echo 90 fi echo "# overwrite the remaining free space" RESULT=$(gksu --description "sfill" "sh -c ' sfill -l -l \"$PWD/overwrite\" && sfill -l -l \"$PWD/overwrite\" && sfill -l -l \"$PWD/overwrite\" || echo ERROR") test "$RESULT" = "ERROR" && exit 1 rm -rf "$PWD/overwrite" echo 100 echo "# Overwrite the free space successfully completed" ) || { echo "# An error has occurred." zenity -- error \ -- Text "An error has occurred during overwrite of the space." \ -- Title "Overwrite of free space" } ; } | Zenity --progress --title "Overwrite of free space"
#!/bin/sh test -z "$PWD" && exit 1 mkdir -p "$PWD/ECRASEMENT" trap "rm -rf $PWD/ECRASEMENT" EXIT { (echo 0 MAX=4000000 FREE="$(df -P "$PWD" | awk '/\// { print $4 }')" if [ "$FREE" -gt "$MAX" ]; then for n in $(seq 0 $((90 / ($FREE / $MAX))) 90); do echo "$n" FILE="$PWD/ECRASEMENT/$FREE.$n.$$" echo "# crasement de $FILE" dd if=/dev/zero of="$FILE" seek="$MAX" bs=1k count=1 shred -n 3 "$FILE" done echo 90 fi echo "# crasement de l'espace libre restant" RESULT=$(gksu --description "sfill" "sh -c ' sfill -l -l \"$PWD/ECRASEMENT\" && sfill -l -l \"$PWD/ECRASEMENT\" && sfill -l -l \"$PWD/ECRASEMENT\" || echo ERROR") test "$RESULT" = "ERROR" && exit 1 rm -rf "$PWD/ECRASEMENT" echo 100 echo "# crasement de l'espace libre termin avec succs" ) || { echo "# Une erreur est survenue." zenity --error \ --text "Une erreur est survenue pendant l'crasement de l'espace libre." \ --title " crasement de l'espace libre" } ; } | zenity --progress --title " crasement de l'espace libre" Save the file using File Save. The name Overwrite the free space on this partition and store on the desktop Exit the text editor.
Select the file Overwrite the free space on this partition on the desktop.
Right click the mouse button. In the context menu that appears, click Cut. Open the File Browser from the menu Applications System Tools. Go to the menu Location, enter ~/ .gnome2/nautilus-scripts / and press Enter. Paste the file from the menu Edit Paste.
Select the file Overwrite the free space on this partition. Right click the mouse button. In the context menu that appears, select Properties. In the dialog box that appears, go to the Permissions tab, check Allow executing file as program. Close the box by clicking Close.
Check
In the context menu of the File Browser, a submenu Scripts containing the command Overwrite the free space on this partition Should appear.
Open a folder that is in the partition whose space will be overwritten. This can be, for example, a USB stick or an external drive that is not being used. Click on the bottom of the window (without selecting a file or folder) with the right click the mouse. In the context menu that appears, click Scripts, then Overwrite the free space on this partition.
It is also assumed that, except with a live system, traces of the presence of the hard disk will be kept by the computer. If you want to have a place on the hard disk where the data there are not confidential, but they can be accessed on computers untrustworthy, it is possible to cut the hard drive into two partitions:
An unencrypted partition, where contains non-confidential data, such as music, that can be used from any computer without typing the passphrase; An encrypted partition with confidential data, which opens only on computers that are trusted.
In practice
If the hard disk has been used, it may be necessary to first erase its data for real. If the hard drive does not have free space, format it. Then, if you only want to encrypt one part of the hard drive, you must create a partition. As a result; it remains only to the initiate to contain encrypted data. And finally ready to be used.
1. The latest independent analysis of FileVault has done in 2006. In addition to being sensitive to the same attacks than other system, FileVault has some weaknesses that should be noted: by this encrypt system for a directory, traces will be written clearly on the rest of the hard disk ;The encryption passphrase is the same password for the session, generally low, registering a "master password" opens a new field of attack, the encryption key will be written to the hard drive if Use secure virtual memory was not chosen, or if a computer battery being empty temporally. However, keep in mind that this provides a limited level of protection, especially using FileVault on a computer with Mac OS X: http://crypto.nsa.org/vilefault/23C3-VileFault.pdf 2. TrueCrypt is released under a particular license, the "TrueCrypt Collective License" Development is not open, and only the sources of the latest version is available, making it difficult to verify the changes. In addition, the software is not considered by many free GNU / Linux distributions, including Debian, and does not mean the definition of open source. http://www.opensource.org/docs/osd
Prepare a hard
Below, when we talk about hard drive, it applies to an external hard drive as a USB drive unless it is specified otherwise. The procedure is explained here involves erasing all data located on disk 1. If you already have the un-partitioned space on its hard, we can directly proceed to the encryption.
1. You could also use the software GParted. It is more difficult to use than the Disk Utility, but has the advantage of resize an existing partition while keeping the files in it.
sfill -l -l -v mount_ point ... Then press the Enter key. The process takes a few minutes to several hours depending on the hard drive size and speed (e.g. 2 hours for a 4 GB USB key). Once the command prompt appears again, you can close the Terminal administrator.
Back up data
Making backups is a relatively simple in principle: make a copy of the files you would not want to lose to another storage medium than that in which the data is located. Of course, if our working data on hard disks or USB drives are encrypted, it is necessary that such copies being encrypted, too. Two other points to be considered for setting up a good backup policy:
define a method to perform regular backups, Test it, if backups are always readable from time to time.
The second option should really not to be neglected. Losing the original data is often difficult. Then the backups cannot restore what was lost. In the same vein, it seems also a good idea not to store the backups in the same location as the original data. Otherwise, you will have both risks: data lost and the data destroyed simultaneously...
Making backups
Encrypting our backups will be provided by encrypting external storage device (USB flash drive or hard disk). To make copies regularly and without much time to spend, it is recommended:
to have somewhere a list of files and folders to back up; To make a small days or weeks calendar with boxes that you tick after the backups being made. A good practice is to create a folder with the backup date to copy the data. This allows you to keep multiple backups if desired, and to remove any previous backups so easily.
Restore a backup
In case of original data lost, restoring is as easy as backing up: by copying in the other direction.
Add a space and then you must specify the folder containing the backups, by dragging the folder icon with the mouse and dropping on the terminal. After releasing the button, which appears it should look like: find '/media/external/backups' And finally must enter at the end of the command: find '/media/external/backups'-type f-print0 | xargs -0 cat> / dev /null Reading will start as soon as you pressed Enter. The following line should remain blank until the end of the operation. After a while and return of the $ command prompt, you can close the terminal. If error messages appeared in the meantime, such as "Error I / O" or "Input / output error", this indicates that the backup is corrupt. In general, it is then necessary to get rid of media (CD or DVD, USB key or hard drive), take another one and make a new backup. Note: These two methods share the fault of not checking the data integrity. Establish a mechanism to do this is difficult without using more complex backup software.
Make a backup
Already Dup is opened via Applications System Tools Backup Tool Already Dup. The interface is very simple: we see two huge buttons, one to restore the other to Save. Clicking on the first save, the software starts a wizard to configure the backup: 1. You must first choose the location of the backup. In most cases we will choose Other ... from the dropdown list to specify a folder on an external storage device. We must also ensure that the box Encrypt backups is checked one before clicking the Next button. 2. Already Dup then asked to list the files to include in the backup. Leave the personal file is sufficient for most needs. 3. It also requests the list of folders to exclude from the backup. You can add for example music files and videos to not save. Once the files are chosen, you click next again. 4. A screen gives us a summary of the backup that you just configured. If everything is correct, click on Save will start the backup. 5. If you have already chosen to make encrypted backups, you must enter a passphrase. Because of Small defect in the software, it does not ask for confirmation, so it is crucial not to make mistakes. You can check Show password to see what was typed. 6. Hopefully, the backup starts ... now you have to wait. 7. Once the backup completed successfully, we propose Dup Already to renew the backup automatically at regular intervals. Just check Save automatically on a regular schedule and indicate the frequency in the list below. 8. Now we can close Dup. You can change all settings before restarting Already Dup and opening the Preferences window that is accessible from the Edit menu. When the backup schedule is enabled and the specified time since the previous backup has expired, Dup already displays a message on the desktop to say that you will make the next backup when the external media is connected again to the computer. As soon as after this message, a window will open automatically prompted to enter the passphrase needed to update the backup.
1. If the external media is encrypted, you can optionally decide not to encrypt the saved files. This is a passphrase less to invent and remember. However, you lose the ability to access compartmentalize, if the external drive would be used on other things that backups.
Restore a backup
Already Dup is opened via Applications System Tools Backup Tool Already Dup. The restore operation starts by simply clicking on the Restore button. If this is the first time you use already Dup (e.g. to restore the personnel file after the loss of a hard disk), it asks for the folder where the backups were performed. Otherwise, it uses the file already configured. If backups are encrypted, the software then asks the passphrase used. After a short delay, Already Dup asks us to choose, including the date, the backup to restore. Next step: we must specify the folder where the files will be written from the backup. You can either restore to the original location (which may replace the files with the version that was in the backup), or specify another folder. Finally, a final summary and screen for confirmation appears. After you click Restore, a window opens, if necessary, to request the password for the administrator. This is necessary to restore the file permissions as they were. Once the password provided, writing files from the backup will start in earnest.
Delete Account
For a session with the right to administer, open System Administration Users and Groups. Select the account to delete and click Delete, and then provide the password required. A dialog box asks if you want to delete the personal file of the user account. After confirming the deletion of the correct account, select Delete Files (even if you just did in the previous step, it costs nothing). Keep the window open after the account deleted.
/home : the folder of personal files; /tmp and /var/tmp : temporary files; /var : file an application data; /var/log: file system logs.
However, if these files are on the same partition, it does not make overwrite of the free space several times: it would be useless ... and very long.
Install the necessary software If the package secure-delete is not installed yet, do so.
Run crash Warning: on a SSD (memory-based flash), this does not guarantee that data is actually inaccessible. On this subject see the first part. The following command clears enough. Go to the previously opened terminal and type: df -P /home /tmp /var /var/log /var/tmp \ | tail -n +2 | awk '{ print $6 }' | sort -u \ | xargs --max-args=1 sfill -l -v Then wait, especially if you have a large disk. When finished, it is possible to close the terminal.
Remained Traces
Once this is done, the data should be deleted. But in fact, the traces of the presence of an account on a GNU / Linux are quite numerous and quite unpredictable and depend on programs that have been installed or used. Such a program could have been expected to save itself, as a few files which will be written to the location of the folder (which contains the account name), or write to the metadata of its file format unreadable to a Human login that created the documents. Find all traces of the work is a comprehensive long-term or even insurmountable task, and in a case like this we see the limits of the strategy from the blacklist. Nevertheless, the different cleaning previously done should have cleared much of these tracks, and if there is time and the need to address this research, there are a few tools that can help. For a list of all files and folders whose name contains "Anna" (login account to delete), you can type the following command: find / -mount -name '*Anna*' And for all files that contain the word "Anna" and found in /var or any of these subdirectories, use: rgrep -i /var Anna
However, it should expect a certain number of false positives for the last command. In most cases, it is imperative to remove all traces of the existence of an account; reinstallation of an encrypted system will be the simplest and fastest solution.
Share a secret
Sometimes you want to share a divided secret, without access to the entire secret for every person. It is good; several cryptographic techniques have been invented for it. They allow, but with slightly different mathematical calculations, cut a secret into pieces that can be reconstituted again one.
Share a passphrase
The most convenient is to share a secret passphrase of encrypted media. This step should ideally be made from a live system as not to leave traces of secrecy that we will share. Install the required package To realize the secret sharing, we will use the program ssss-split. For using, it is necessary to install the Debian package ssss. The tools in the package ssss are using the command line. All operations must be performed in a terminal, without the authority of administrator. Generate a random phrase In this case, no one should be able to remember or guess the pass phrase to be used for encryption. So we will generate a completely random passphrase by typing: head -c 32 /dev/random | base64 The computer will answer something like: 7rZwOOu+8v1stea98OuyU1efwNzHaKX9CuZ/TK0bRWY= Select this line using the mouse and copy it to the clipboard (via the menu Edit Copy).
Divide the secret Before cutting the secret, you must decide in how many pieces it will be cut, and how many pieces are needed to reconstruct it. Then, in the terminal, use ssss-split as follows: ssss-split -t number_of_needed_pieces -n total_number_of_pieces The message WARNING: couldn't get memory lock can be safely ignored if you use a live well. When asked the secret, you can paste the clipboard using the menu Edit Paste. Then press the Enter key to confirm the order. Each person sharing the secret must keep one of the lines displayed next. in their entirety, also taking note well the first digit followed by the dash. Here's an example of random key generated previously to share between 6 people and will require to gather only 3 of them to find the passphrase:
$ ssss-split -t 3 -n 6 Generating shares using a (3,6) scheme with dynamic security level. Enter the secret, at most 128 ASCII characters: Using a 352 bit security level. 1-b8d576a1a8091760b18f125e12bb6f2b1f2dd9d93f7072ec69b129b27bb8e97536ea85c7f6dcee7b43 99ea49 2-af83f0af05fc207e3b466caef30ec4d39c060800371feab93594350b7699a8db9594bfc71ed9cd2bf3 14b738 3-4718cb58873dab22d24e526931b061a6ac331613d8fe79b2172213fa767caa57d29a6243ec0e6cf77b 6cbb64 4-143a1efcde7f4f5658415a150fcac6da04f697ebfeb9427b59dca57b50ec755510b0e57ccc594e6b1a 1eeb04 5-fca1250b5cbec40ab14964d2cd7463af34c389f81158d1707b6a838a500977d957be38f83e8eefb792 66e74a 6-ebf7a305f14bf3143b801a222cc1c857b7e8582119374925274f9f335d283677f4c002f8d68bcce722 ebba1f
Create an encrypted media You can then create the encrypted media. When the passphrase indicated, you can copy the contents of the clipboard, as before, or transcribe by the eyes.
Attention, if one of the pieces has been typed wrong, the error that appears is not necessarily very clear:
$ ssss-combine -t 3 Enter 3 shares separated by newlines: Share [1/3]: 4-143a1efcde7f4f5658415a150fcac6da04f697ebfeb9427b59dca57b50ec755510b0e5 7ccc594e6b1a1eeb04 Share [2/3]: 2-af83f0af05fc207e3b466caef30ec4d39c060800371feab93594350b7699a8db9594bf c71ed9cd2bf31ab738 Share [3/3]: 6-ebf7a305f14bf3143b801a222cc1c857b7e8582119374925274f9f335d283677f4c002 f8d68bcce722ebba1f Resulting secret: ......L.fm.....6 _....v..w.a....[....zS..... WARNING: binary data detected, use -x mode instead.
Open encrypted media Once the pass phrase obtained, we can use copy / paste support to unlock the encrypted, then transcribe or by having the eyes.
1. For more details, see the Wikipedia article on the shared secrets. https://secure.wikimedia.org/wikipedia/en/wiki/Secret_r%C3%A9parti
MD5 is safer today and should be avoided; SHA1 is widely used, but is being broken. So we Should ignore it; SHA224, SHA256, SHA384 and SHA512 are still safe for now. We will use SHA256, but the same methods work with other algorithms.
sha256sum file_name To get the SHA1, it will: sha1sum file_name And the same way is used for MD5 (md5sum) or other SHA (sha224sum, sha384sum for example).
Open the gedit text editor in the Applications menu, then Accessories. Write on the blank page that appeared:
#!/bin/bash ALGO=$(zenity --list --title="Calculate a checksum" \ --text="choose the type of checksum" \ --width=400 --height=300 --radiolist \ --column="" --column="Algorithm" \ False MD5 \ False SHA1 \ False SHA224 \ True SHA256 \ False SHA384 \ False SHA512) || exit COMMAND="$(echo "${ALGO}" | tr A-Z a-z)sum" RESULT=$(${COMMAND} "$@" | sed -e 's, \+,\n,' | tee >(zenity --progress --auto-kill --auto-close --pulsate)) echo "$RESULT" | zenity --list --title="${ALGO}" \ --text="checksums ${ALGO} selected files" \ --editable --width=800 --height=300 \ --column="${ALGO}" --column="file" \ --separator="$(printf '\n')"
Save the file by clicking the File menu Save. Rename it to calculating a checksum and store it on the desktop. Exit the text editor.
French user can use following script: #!/bin/bash ALGO=$(zenity --list --title="Calculer une somme de contrle" \ --text="Choisir le type de somme de contrle" \ --width=400 --height=300 --radiolist \ --column="" --column="Algorithme" \ False MD5 \ False SHA1 \ False SHA224 \ True SHA256 \ False SHA384 \ False SHA512) || exit COMMAND="$(echo "${ALGO}" | tr A-Z a-z)sum" RESULT=$(${COMMAND} "$@" | sed -e 's, \+,\n,' | tee >(zenity --progress --auto-kill --auto-close --pulsate)) echo "$RESULT" | zenity --list --title="${ALGO}" \ --text="Sommes de contrle ${ALGO} des fichiers slectionns" \ --editable --width=800 --height=300 \ --column="${ALGO}" --column="Fichier" \ --separator="$(printf '\n')"
Go to the desktop, select the file Calculate_ a_ checksum. Right click the mouse button. In the context menu that appears, click Cut. Open the File Browser, in the menu Applications System Tools. From the menu Go to click on location ... and then type ~/.gnome2/nautilus-scripts/ and press Enter. Paste the file by clicking on the menu Edit click Paste.
Select the file Calculate_ a_ checksum. Right click the mouse button. In the context menu that appears, click Properties. In the dialog box that appears, go to the Permissions tab. Check Allow executing the file as a program. Close the box by clicking Close.
Verify
In the context menu of the File Browser, a submenu Scripts containing the command Calculate_ a_ checksum should appears.
Select files that checksum should be calculated. Right click the mouse button. In the context menu that appears, click Scripts, then Calculate_ a_ checksum. Choose the desired algorithm and confirm. Checksums of the selected files are displayed.
Choose a name for the virtual machine. Choose the type of system from the corresponding Windows versions available. Indicate the size of RAM dedicated to the virtual machine. For Windows, 512 Mb is the minimum recommended. Create a virtual hard disk to hold the virtual operating system: o check hard drive boot and create a new hard drive; o a window opens, click Next; o choose Image size variable (the disk image will extend as needed, until it reaches to a maximum specified size); o in location, name the disk image file (you can also choose a location by clicking the small folder to the right of this line, but it's good to leave the suggested location); o Choose the size of virtual image: to have all Windows features, it must be consistent! 20 GB is good if you have enough space but for small hard drive, try less ... o Click next and finish: the software created and a virtual hard disk selected. Click on finish.
In the main VirtualBox window, the list now contains our new virtual machine. It remains to install the operating system... But first, we'll click on the Configuration: This menu will then configure it. For now we'll just say two things:
1. We must cut off access to the network (for security reasons already mentioned): o go to the Network category; o Uncheck Enable the network card in all the tabs where it is already checked by default (usually in one: the first). 2. It should boot the system from the Windows installation CD / DVD: o go to the Storage submenu; o Storage in tree, select the line with a CD icon, entitled Empty; o Then, in attributes, line CD / DVD; select the host player [...], which corresponds to your CD / DVD. Click OK to save the settings.
top left: a menu bar containing Machine, Devices, Help; Bottom right: icons indicating how the virtual machine uses the equipment. You can for example check that all network connections are disabled by passing the mouse over it.
In the first click window, the software says it will capture the mouse; a first key pressed, it explains that capture the keyboard. We must consider what it says; it allows leaving the virtual machine! Finally, all this is explained by the software. So we have to install the Virtual Windows.
Install Windows
The virtual machine boots from the CD / DVD and started the installation. It will not fit into the details of the process. However, we can specify:
When you format the partition, it is better to choose quick Format with NTFS. Do not put personal information when the name and organization are required. Most of the time putting a simple dot (".") allows the boxes, to continue the installation. When configuring the network, an error message may be displayed. It's a good sign we have disabled the network of the virtual machine.
Back up
Select the virtual disk whose name matches that of the virtual machine, such as Windows 2000.vdi. From the Edit menu choose Copy. Go to the backup folder of clean images. If we followed the advice given above, this is the case of clean Virtual Disks of personal file of the account used. From the Edit menu choose Paste to obtain a copy of the file. Select the copy, and rename from the menu Edit Rename.... Enter a new name, such as clean backup of Windows 2000.vdi .
Choice of name
We will choose a name for the new virtual machine and the files that correspond to it. These files are located on the host system, the name almost inevitably leave traces on it, even after the virtual machine removed. Therefore we should choose the name carefully.
The easiest way to do is to start by typing: VBoxManage clonehd Add a space and then with the mouse, grab the icon of the virtual disk (in the clean Virtual Disks folder) and drop over the terminal. To add the new disk, the operation is repeated with the folder icon virtual disks of VirtualBox created earlier. The display should now look like:
VBoxManage clonehd '/home/LOGIN/clean virtual disk/clean backup of Windows XP.vdi' '/home/LOGIN/virtual disk of VirtualBox'
A space was added automatically with the insertion of the path. We will delete it, and then add the name of the new disk, for example by writing /Project1.vdi.
After all these steps, the command line is complete, and you can start running by pressing the Enter key.
Choose a name for the virtual machine; Choose the type of Windows from the corresponding system proposed; Choose the size of RAM dedicated to the virtual machine, depending on the size needed for the project: if you want to use a big program like Photoshop, it must provide as much as possible (at least 512 MB) . you should know that VirtualBox will refuse attributed more than half of the total memory for the virtual machine; Choose HDD boot and use an existing hard drive. Click on the icon to the right of the window to open the Virtual Media Manager. Click on the Add button and select the image previously explained, and then click choose; Click Next and Finish.
We must now configure the first virtual machine. Click the Setup button, taking care to select from the last list.
We must disable access to the network (for security reasons already mentioned):
Go to the Network section; Uncheck the Enable network card in all the tabs where it is already checked by default (usually in one: the first).
Create a "user" account for the new project As explained earlier, we want to work on a "user" account for each different project. Here's how to do it with Windows XP - it should not be too different to other versions. Start the new virtual machine by clicking Start. Once in the virtualized Windows, open Start Control Panel and select User Accounts and create a new account. Then choose a name for the new account, keep in mind that this name will probably be stored in documents created. Then choose to create an Administrator account on the computer 1 and click Create Account. Then close the session from the Start menu. Care should be taken not to use this project to the newly created account.
1. Since we use a virtual disk for each specific project and we have no access to the network, this is not a big risk and we will make life easier.
From a CD or DVD
This is necessary if you want to install additional software on Virtual Windows
Insert the CD to play in the drive, wait a few seconds, then take control with the host system (Ctrl + or Home) and in the open Window that shows windows, click on Device drives; CD / DVD and select the host [...]. Windows should then detect the CD inserted. If it is not detected, we can go to look for it in Start Menu My Computer. If it does not work the first time, repeat the operation.
It can load software from the CD drive of the computer: it will be permanently installed on the virtual hard disk.
From a folder
It is possible to make a file readable by Windows host system. But make sure that it is not any folder... Create a folder reserved for this purpose in the host system Minimize the window welcome in the guest system. Then choose where you want to put the file exchange. For example: in the personal file right click and create a folder and give it a descriptive name (for example "file readable by Windows,"). Indicate the file location to the virtual machine manager Go to the VirtualBox window that is launched in which the Windows virtual machine and open the menu Devices Shared Folders ... Add a folder by clicking the icon with a "+" at the top right. A box opens:
On folder path , click Other ... to locate the folder to share; On the file name, the name of the file will be inside the virtual machine is displayed, such as "sharing." You can change it, but the name should be short, and should not contain spaces; Check the box Read Only. Thus, the virtual system can only read the contents of the folder, but nothing to write; If and only if, the sharing of this folder must be permanent, select permanent Configuration, otherwise sharing will be activated only for this session.
Warning: before validation, you must be sure that you want to leave Windows to read the entire content of the file that has been asked to share. If it's good, click OK and close the window.
From the menu Start, open My Computer. In the menu Tools, click Map Network Drive. Windows offers a drive name (e.g. Z :) and asks for the file: Click Browse (right) VirtualBox Shared Folders \\Vboxsvr directory_name, then OK. You can choose if you want this whether available only for the duration of the session, or each new session.
Attention: after learning how to use this sharing system, you might be tempted to set it up to give direct access to devices plugged into the host system: it is the worst idea we can have, which alone would destroy the whole security policy.
By burning a CD or DVD
First of all, remove the CD or DVD that may be in the readers and it does not provide access to the virtual machine. If the virtual machine is on, turn it off. Then go to the VirtualBox main window and select from the left list which the virtual machine data are to be burned. Then click the Setup icon. In the Setup dialog box, select Storage in the left list, and in storage tree section, click on the line that starts with a CD icon. In CD / DVD drive; choose the host and select Direct Mode. Confirm by clicking Ok. It is then possible to restart the virtual machine, and write data from the inside.
An empty folder
You can allow Windows to write to a folder on the host system. But make sure that it is not any folder... Attention: by learning to use the system sharing, you might be tempted to set it up to give direct access to devices plugged into the host system: it is the worst idea we can have, which alone would destroy the whole security policy. Create a folder reserved for this purpose in the host system
Minimize the window welcoming the guest system. Choose where you want to put this folder exchange. For example, in the Personal folder, right click and create a folder and give it a descriptive name such as "folder where Windows can write."
If the virtual machine is off, start it. Go to the VirtualBox window that is launched there the Windows virtual machine and open the menu Devices Shared Folders ... Add a folder by clicking the icon with a "+" at the top left. A dialog box opens: o On folder path click Other ... to locate the folder to share; o On the file name, the name of the file will be inside the virtual machine appears. Choose a short name without spaces, such as "output"; o If you want to export a folder permanently (not for this session only) check the configuration permanent; o Do Not check the Read Only.
Warning: before committing, you must be sure that the file in question is empty. Windows will indeed not only to write but also read. If it's good, click OK and close the window with OK. Tell Windows where to connect to find the shared folder
From the menu Start, open My Computer. On the menu Tools, click Map Network Drive. Windows offers a drive name (e.g. Z: ) and asks for the file: Click Browse (right) VirtualBox Shared Folders \\ Vboxsvr directory_name, then OK. You can choose if you want this whether only available for the duration of the session, or each new session.
These new versions can be installed in general with eyes closed", they should not disturb the little habits that we have taken. When the Desktop environment installed, the system will automatically check the availability of new versions in the configured repositories, when connected to the Internet 1. When this happens, a window and an icon will appear in the notification area to offer making the updates. After clicking on the icon, the system asks us to enter administration password. Once done, a window opens with the list of packages that can be updated. They all are selected normally. Just click on the button Install updates to start the procedure.
1. We can also perform these small updates (albeit a little less each day) on a computer that should not have any access to the network. The Debian Project frequently releases new minor versions (or point releases in English) that are advertised on the website of the project. The project then proposes DVD containing all the updated packages, this DVD for example be called debian-update-6.0.1a-amd64-DVD-1.iso . By adding this DVD to updated sources, it is then possible to use the Update Manager without the computer is connected to the network.
Warning: this simplified procedure is less likely to operate when the system was hacked by adding sources of unofficial updates. If so, go to the official release notes of the Debian project: http://www.debian.org/releases/squeeze/i386/release-notes/index.html , including some upgrades from Debian 5.0 (Lenny) and Part Issues to be aware for Squeeze .
Update the Debian Lenny In all above, it is necessary to have an updated Debian Lenny. Otherwise, the upgrade is likely to fail. If these updates were not made daily, it's time to catch up. Make sure you have enough free space on the hard disk Before avoid any unpleasant surprise, you must be at least 4 GB of free space on the hard disk to contain the system. We can check this by opening My Computer from the menu shortcuts. This is followed by rightclicking on the icon of the file system to achieve the Properties. In the window that opens, the information that we seek are at the bottom right of the graph, before the label free. Disable other Debian repositories The update is tested with the official packages from Debian Lenny. So we will disable all other Debian repositories, including deposits backports and volatile. To do this, open the Sources of updates from the menu System Administration. Since you will choose which programs to trust, you must enter the administration password. In the Third-party software tab, uncheck all the repositories listed, and then click Close. At the time, if the software asks to reload the package information available, to confirm click on Reload. Update the Debian repositories used Start by changing the deposits configured to use those dedicated to the new version. It is not yet possible to do this operation through the GUI, it is necessary to open a Terminal administrator and type the following command: gedit /etc/apt/sources.list The text editor opens. In the menu, select Search Replace. In the window that opens, search for lenny "and replace it with" squeeze. Then click the button Replace All, then Close the search window.
If an installation or update has been done before using a CD or DVD, it is a good idea to look for lines that begin with " deb cdrom: 'to remove them. You can then exit the editor to save the changes. You have amended the list of repositories, so you now download the list of packages that are available before you can install, for this, type the command: apt-get update Keep the Terminal open; we will need it in later.
Add the installation DVD to the list of Debian repositories If the computer is not connected to the Internet, or if the connection is slow, you can ask the system to use an installation DVD as a repository of Debian packages. To do this, return to the Administrator Terminal and type the following command: apt-cdrom add You must then insert the DVD and press Enter. Keep the terminal open, it should soon be reused. Disable the screen saver During the update, the screensaver may crash and make the screen locked. It is therefore prudent to disable it for the time of update. To do this, open screen saver from the menu System Preferences. In the window that opens, uncheck Enable the screen saver when the computer is idle. Start updating The update is done in several steps that you will do with a Terminal administrator. Our first command tells the package manager, on the one hand, we prefer that we pose the least possible questions concerning the details of the update, and secondly, that these questions should be asked in a GUI: export DEBIAN_PRIORITY=critical DEBIAN_FRONTEND=gnome The second command performs the first part of the update: apt-get upgrade
Fast enough, the terminal displays would you like to continue [y/n]? After confirming by pressing Enter, you should see a first series of windows asking us how to handle some changes. When you are not trying the choice of Debian, click Next each time is sufficient. After a moment, a number of packages have been updated, and the terminal should return to the command prompt. The third command forces the system update. This ensures that the update will be in your local language already selected otherwise it is in English: apt-get install locales After confirming to continue press Enter, a window opens asking in English "Services to restart ...." Click on Forward. Some changes in the system later, the terminal invites us once again to put the orders. The fourth command will complete the upgrade of the system: apt-get dist-upgrade Let confirmation with Enter, and go. You can see a new set of windows. Unless you want to select other choices than those recommended by Debian, click on next (or forward). A little later in the process, the system will ask us if we move to a startup sequence based on dependencies? Again, it should work just by clicking Next. At this stage of the update, maybe the GNOME desktop displays various error messages, such as "The NetworkManager applet could not find some required resources. It cant continue. "Or" An error occurred while loading or saving configuration information frontend. Some of your configuration settings may not work correctly... It doent particularly matter, since it is being reinstall many system components. These problems should be resolved on their own once the process is complete. It is also a message that the "boot loader configuration of this system was not recognized.The problems highlighted by the warning systems do not affect the encrypted system; you can simply click Next and ignore it. When the prompt reappears, you can enter a fifth and final order to make free disk space: apt-get clean We can now breathe. The biggest is done. However, it remains a few minor adjustments...
New management sudo Prior to adapt our environment to the new administration account management, we must first fix a bug that has remained in Debian. To do this, in the Terminal administrator we run the command below: rm f /etc/dbus-1/system.d/system-tools-backends.conf The rest to do is the system configuration for "sudo", the password to perform administrative tasks is the same as that required to open the session. For the rest, it is necessary to know the name of the current account (login). If in doubt, you can read it on the desktop, under the icon "personal file ... Then type the command should look like: sudo adduser LOGIN(username) Or in french adduser LOGIN sudo For the username "Anna", it would be: sudo adduser Anna Or in French adduser Anna sudo Once done, we will also do: EDITOR=gedit visudo In the window that appears, you must reach the last line which should look like: Anna ALL=(ALL) ALL And we will replace the user name (here Anna) by %sudo . This should give: %sudo ALL=(ALL) ALL Once this is done, you can close the window and saving your changes.
First reboot Now it is the time to reboot the system. It is Necessary among other things, to find a functional network for further operations. To do this, click System Turn off ... and then Restart. Install the new manager login screen The new version of the program that manages sessions (we request a login and password at startup) will not install automatically when it is updated; because its configuration is not compatible with the old version. However, for a laptop or desktop, this should not be a problem. It is therefore necessary to install the package gdm3 . This may requires re-configuration later. The installation will require other packages to uninstall. This is usual to replace the old version. When a window appears that asks us to choose a window manager of default session, simply click Next. Reactivate the screen saver Open Screen Saver from the menu System Preferences. In the window that pops up, recheck Enable the screen saver when the computer is idle. Reactivate the Debian repositories additional If the use of deposits backports or squeeze-updates (formerly volatile) is required, it is now possible to reactivate. Update the boot program (GRUB) This update is to configure the new version of the startup program called GRUB. To do this, open a Root Terminal, then type: export DEBIAN_FRONTEND=gnome After this first order, we will be able to run the update itself via the command: upgrade-from-grub-legacy
For the Linux command line, enter the space entry. For the Devices where to install GRUB, you must check the box that corresponds to the hard disk where is installed the system. In the vast majority of cases this should be the first in the list, named /dev/sda . To be sure, you can check the size of the hard drive in brackets corresponds to what is known about the computer. When in doubt, you can find the hard drive path using the method described previously.
Once the window has closed, you can return the terminal to execute the command proposed to us: rm -f /boot/grub/menu.lst* Ensure that the new system is working properly Finally, restart the computer again and log into the new version of Debian. It may help to ensure that the actions and common commands are functional. It may be necessary to diagnose and solve problems where it is appropriate. It is certainly better to do when making contact with the new system in order to leave for two years with a functional system. The most common problems are often described various documentation on Debian GNU / Linux. Remember also that there are official release notes for the Debian project.
We already have explained what the operating system is and it is discussed in detail how to use and install the Debian in the most secure mode. The operating systems are different in size from only 16 KB (BareMetal: http://www.returninfinity.com/baremetal.html ) to some GB (usual OS). Although all of the operating systems are faced with security bug fixes in their lifetime; however, they do all strive to consistently approach all generic security flaws inherent in their design with new ideas in an attempt to create a secure computing environment. A Trusted operating system provides sufficient support for multilevel security and evidence of correctness to meet a particular set of government requirements. Here are the lists of most secure operating system: 1-BSD: BSD is a family of UNIX variants. There are several BSD variants, with only one being heavily focused on security. http://www.bsd.org/
2-OPENBSD: OpenBSD is an open source BSD operating system that is known to be concerned heavily with security. The project has completed rigorous manual reviews of the code and addressed issues most systems have not. OpenBSD also supplies an executable space protection scheme known as W^X (memory is writable xor executable), as well as a ProPolice compiled executable base. Also, since OpenBSD is exported with cryptography, we are able to take cryptographic approaches towards fixing security problems. http://www.openbsd.org
3-TrustedBSD:TrustedBSD is a sub-project of FreeBSD designed to add trusted operating system extensions, targeting the Common Criteria for Information Technology Security Evaluation (see also Orange Book). Its main focuses are working on access control lists, event auditing, extended attributes, mandatory access controls, and fine-grained capabilities. Since access control lists are known to be confronted with the confused deputy problem, capabilities are a different way to avoid this issue. As part of the TrustedBSD project, there is also a port of the NSA's FLASK/TE implementation to run on FreeBSD. Many of these trusted extensions have been integrated into the main FreeBSD branch starting at 5.x. http://www.trustedbsd.org 4-LINUX: Linux itself is inherently security-focused; however, many distributions and projects attempt to make Linux more secure. Among them, the most popular is Ubuntu. http://www.ubuntu.com http://en.wikipedia.org/wiki/Linux
5-Annvix: Annvix is a free, secure, Linux-based operating system. The Annvix project aims to provide a secure, stable, and fast Linux distribution specifically tailored to servers that provide reliable services such as Email, Web, DNS, FTP, File sharing, and more.Annvix was originally forked from Mandriva to provide a security-focused server distribution that employs ProPolice protection, hardened configuration, and a small footprint... There were plans to include full support for the RSBAC Mandatory access control system. However, Annvix is dormant, with the last version being released December 30, 2007 and it has not been in development since March, 2008 http://linsec.ca/Annvix:Home
6-EnGarde Secure Linux: EnGarde Secure Linux is a secure platform designed for servers. It has boasted a browser-based tool for MAC using SELinux since 2003. Additionally, it can be accompanied with Web, DNS, and Email enterprise applications, specifically focusing on security without any unnecessary software. The community platform of EnGarde Secure Linux is the bleeding-edge version freely available for download. Because there is no X Window System and EnGarde is configured via a graphical interface, it is recommended to configure the operating system using a second computer. The interface, accessible through a web browser, is one of the remarkable features of EnGarde Secure Linux. It was one of the very first Linux server platforms designed solely for security. http://www.engardelinux.org
7-Fedora: Fedora is a free, Red Hat sponsored community developed Linux distribution. It is one of those mainstream Linux distributions, with a concentrated effort to improve system security, as a consequence it boasts a fully integrated SELinux MAC and fine-grained executable memory permission system (Exec Shield) and all binaries compiled with GCC's standard stacksmashing protection, as well as focusing on getting security updates into the system in a timely manner. http://fedoraproject.org/en
8-Hardened Gentoo: Hardened Gentoo is a subproject of the Gentoo Linux project. Hardened Gentoo offers a ProPolice protected and Position Independent Executable base using exactly the same package tree as Gentoo. Executable space protection in Hardened Gentoo is handled by PaX. The Hardened Gentoo project is an extremely modular project, and also provides subprojects to integrate other intrusion-detection and Mandatory access control systems into Gentoo. All of these can be optionally installed in any combination, with or without PaX and a ProPolice base. http://www.gentoo.org
9-Hardened Linux: Hardened Linux is a small distribution for firewalls, intrusion detection systems, VPN-gateways and authentication jobs that is still under heavy development. It includes GRSecurity, PaX and GCC stack smashing protection. http://hardenedlinux.sourceforge.net/
10-Immunix: Immunix is a commercial distribution of Linux focused heavily on security. They supply many systems of their own making, including StackGuard; cryptographic signing of executables; race condition patches; and format string exploit guarding code. Immunix traditionally releases older versions of their distribution free for non-commercial use. Note that the Immunix distribution itself is licensed under two licenses: The Immunix commercial and non-commercial licenses. Many tools within are GPL, however; as is the kernel. http://distrowatch.com/table.php?distribution=immunix 11-Openwall Project: Solar Designer's Openwall Project (Owl) was the first distribution to have a non-executable userspace stack, /tmp race condition protection and access control restrictions to /procdata, by way of a kernel patch. It also features a per-user tmp directory via the pam_mktemp PAM module, and supports Blowfish password encryption.
12-Red Hat Enterprise Linux: Red Hat Enterprise Linux - offers the same security benefits as Fedora with the additional support of back-porting security fixes to the released versions of the packages (particularly the kernel) so the sys-admin does not have to perform a significant (and risky) upgrade to get a security fix. http://en.wikipedia.org/wiki/Red_Hat_Enterprise_Linux http://www.redhat.com/products/enterprise-linux
13-Ubuntu (humanity towards others): Like Fedora and Red Hat Enterprise Linux, Ubuntu provides security fixes for stable releases. It also has AppArmor installed by default and supports SELinux. Ubuntu locks the root account by default. But use user password for root tasks. Ubuntu and Kubuntu can be booted and run from a USB Flash drive (as long as the BIOS supports booting from USB), with the option of saving settings to the flashdrive. This allows a portable installation that can be run on any PC which is capable of booting from a USB drive.[49] In newer versions of Ubuntu, the USB creator program is available to install Ubuntu on a USB drive (with or without a LiveCD disc). https://launchpad.net/usb-creator http://www.ubuntu.com
14-Solaris: Solaris is a UNIX variant created by Sun Microsystems. Solaris itself is not inherently security-focused. Majority of Solaris source code has been released via the
OpenSolaris project, mostly under the Common Development and Distribution License. Enhancements to OpenSolaris, both securities related and others are backported to the official Solaris when Sun certifies their quality. http://en.wikipedia.org/wiki/Solaris_(operating_system) ; http://www.oracle.com/us/products/servers-storage/solaris/overview
15-Trusted Solaris: Trusted Solaris is a security-focused version of the Solaris UNIX operating system. Aimed primarily at the government computing sector, Trusted Solaris adds detailed auditing of all tasks, pluggable authentication, mandatory access control, additional physical authentication devices, and fine-grained access control
16- Security-Enhanced Linux: SELinux: is a secure, stable and full-featured OS for professional enterprise servers. Secure-Slinux is based on the Linux kernel and GNU glibc as well as GRSecurity and PAX. NSA Security-enhanced Linux is a set of patches to the Linux kernel and some utilities to incorporate a strong, flexible mandatory access control (MAC) architecture into the major subsystems of the kernel. It provides an enhanced mechanism to enforce the separation of information based on confidentiality and integrity requirements, which allows threats of tampering and bypassing of application security mechanisms to be addressed and enables the confinement of damage that can be caused by malicious or flawed applications. http://en.wikipedia.org/wiki/Security-Enhanced_Linux http://wiki.debian.org/SELinux, http://selinuxproject.org/page/SEAndroid; http://www.secure-slinux.org/ 16-Object-Capability systems: These operating systems are all engineered around a different paradigm of security, object-capabilities: http://en.wikipedia.org/wiki/Object-capability_model , where instead of having the system deciding if an access request should be granted (usually through one or several access control lists), the bundling of authority and designation makes it impossible to request anything not legitimate. KeyKOS: http://en.wikipedia.org/wiki/KeyKOS EROS: http://en.wikipedia.org/wiki/EROS_(microkernel) CapROS: http://en.wikipedia.org/wiki/CapROS seL4: http://en.wikipedia.org/wiki/L4_microkernel_family
In spite of all information presented here there are people who insist to use non-secure operating system such as windows. Or you may change your digital security policy to secure your communication with Ubuntu: Now it is a question; how to install and use them? So before we start talking about the communication security, that is good idea to learn, how to use Terminal and installing most popular operating systems: windows and Ubuntu
Terminal
The Command Line
Before continuing with the rest of the book it is good to review how the command line works. If you are not familiar with the command line and you have made your decision to use safe Os: GNU/Linux, the following is intended to get you up to date in the basics quickly .
The basics
Although interactions on a computer happen so fast you don't think about it, each click or keystroke is a command to the computer, which it reacts to. Using the command line is the same thing, but more deliberate. You type a command and press the Return or Enter key. For instance, in my terminal I type: date And the computer replies with: Fri Feb 25 14:28:09 CET 2011
The command line can do much better The date command, as seen so far, compares poorly with the alternative of glancing at a calendar or clock. The main problem is not the unappetizing appearance of the output, mentioned already, but the inability to do anything of value with the output. For instance, if I'm looking at the date in order to insert it into a document I'm writing or update an event on my online calendar, I have to do some retyping. The command line can do much better than this. After you learn basic commands and some useful ways to save yourself time, you'll find out more in this book about feeding the output of commands into other commands, automating activities, and saving commands for later use. What do we mean by a command? in the context of this book, a command has a very specific meaning. It's a file on your computer that can be executed, or in some cases; an action that is built into the shell program. Except for the built-in commands, the computer runs each command by finding the file that bears its name and executing that file. We'll give you more details as they become useful.
Ways to enter commands To follow along on this book, you need to open a command-line interpreter or command-line interface (called a shell or terminal in GNU/Linux) on your computer. Pre-graphical computer screens presented people with this interpreter as soon as they logged in. Nowadays almost everybody except professional system administrators uses a graphical interface, although the pregraphical one is still easier and quicker to use for many purposes. So we'll show you how to pull up a shell.
Finding a terminal You can get a terminal interface from the desktop, but it may be easier to leave the desktop and use the original text-only terminal. To do that, use the < ctrl + alt + F1 > key combination. You get a nearly blank screen with an invitation to log in. Give it your username and password. You can go to other terminals with < alt + F2 > and so on, and set up sessions with different (or the same) users for whatever tasks you want to do. At any time, switch from one to another by using the < alt + F# > keystroke for the one you want. One of these, probably F7 or F8, will get you back to the desktop. In text terminals you can use the mouse (assuming your system has gpm running) to select a word, line or range of lines. You can then paste that text somewhere else in that or any other terminal. GNU/Linux distributions come with different graphical user interfaces (GUI) offering different aesthetics and semantic metaphors. Those running on top of the operating system are known as desktop environments. GNOME, KDE and Xfce are among the most widely used. Virtually every desktop environment provides a program that mimics the old text-only terminals that computers used to offer as interfaces. On your desktop, try looking through the menus of applications for a program called Terminal. Often it's on a menu named something such as Accessories, which is not really appropriate because once you read this book you'll be spending a lot of time in the terminal every day. In GNOME you select Applications > Accessories > Terminal.
In KDE, select K Menu -> System -> Terminal. In Xfce, select Xfce Menu -> System -> Terminal. Wherever it's located, you can almost certainly find a terminal program. When you run the terminal program, it just shows a blank window; there's not much in the way of help. You're expected to know what to do and we'll show you. The following figure shows the Terminal window opened on the desktop in GNOME.
Running an individual command Many graphical interfaces also provide a small dialog box called something like "Run command". It presents a small text area where you can type in a command and press the Return or Enter key.
To invoke this dialog box, try typing the < alt + F2 > key combination, or searching through the menus of applications. You can use this box as a shortcut to quickly start up a terminal program, as long as you know the name of a terminal program installed on your computer. If you are working on an unfamiliar computer and don't know the name of the default terminal program, try typing xterm to start up a no-frills terminal program (no fancy menus allowing choice of color themes or fonts). If you desperately need these fancy menus,
in GNOME the default terminal program should be gnome-terminal in KDE it should be konsole in Xfce try Terminal or version specific terminal names, for example in Xfce 4 you should find xfce4-terminal.
Terminal startup
When you start up a terminal, you see a little message indicating that the terminal is ready to accept your command. This message is called a prompt, and it may be as simple as: $ After you type your command and press the Return or Enter key, the terminal displays the command's output (if there is any) followed by another prompt. So my earlier interaction would be shown in the book like this: $ date Thu Mar 12 17:15:09 EDT 2009 $
You have to know how to interpret examples like the preceding one. All you type here is date. Then press the Return key. The word date in the example is printed in bold to indicate that it's something you type. The rest is output on the terminal. The Parts of a Command The first word you type on a line is the command you wish to run. In the "Getting Started" section we saw a call to the date command, which returned the current date and time.
Arguments Another command we could use is echo, which displays the specified information back to the user. This isn't very useful if we don't actually specify information to display. Fortunately, we can add more information to a command to modify its behavior; this information consists of arguments. Luckily, the echo command doesn't argue back; it just repeats what we ask it: $ echo foo foo In this case, the argument was foo, but there is no need to limit the number of arguments to one. Every word of the text entered, excluding the first word, will be considered an additional argument passed to the command. If we wanted echo to respond with multiple words, such as foo bar, we could give it multiple arguments: $ echo foo bar foo bar Arguments are normally separated by "white space" (blanks and tabs -- things that show up white on paper). It doesn't matter how many spaces you type, so long as there is at least one. For instance, if you type: $ echo foo foo bar bar
With a lot of spaces between the two arguments, the "extra" spaces are ignored, and the output shows the two arguments separated by a single space. To tell the command line that the spaces are part of a single argument, you have to delimit in some way that argument. You can do it by quoting the entire content of the argument inside double-quote (") characters: $ echo "foo foo bar bar"
As we'll see later, there is more than a way to quote text, and those ways may (or may not) differ in the result, depending on the content of the quoted text. Options Revisiting the date command, suppose you actually wanted the UTC date/time information displayed. For this, date provides the --utc option. Notice the two initial hyphens. These indicate arguments that a command checks when it starts and that control its behavior. The date command checks specially for the --utc option and says, "OK, I know you're asking for UTC time". This is different from arguments we invented, as when we issued echo with the arguments foo bar. Other than the dashes preceding the word, --utc is entered just like an argument: $ date --utc Tue Mar 24 18:12:44 UTC 2009 Usually, you can shorten these options to a shorter value such as date -u (the shorter version often has only one hyphen). Short options are quicker to type (use them when you are typing at the shell), whereas long options are easier to read (use them in scripts). Now let's say we wanted to look at yesterday's date instead of today's date. For this we would want to specify the --date argument (or shortly -d), which takes an argument of its own. The argument for an option is simply the word following that option. In this case, the command would be date --date yesterday. Since options are just arguments, you can combine options together to create more sophisticated behavior. For instance, to combine the previous two options and get yesterday's date in UTC you would type: $ date --date yesterday -u Mon Mar 23 18:16:58 UTC 2009 As you see, there are options that expect to be followed by an argument (-d, --date) and others that don't take any one (-u, --utc). Passing a little bit more complex argument to the --date option allows you to obtain some interesting information, for example whether this year is a leap year (in which the last day of February is 29). You need to know what day immediately precedes the 1st of March: $ date --date "1march yesterday" -u Sat Feb 28 00:00:00 UTC 2009 The question you posed to date is: if today were the 1st of March of the current year, what date would it be yesterday? So no, 2009 is not a leap year. It may be useful to get the weekday of a given date, say the 2009 New Year's Eve:
$ date -d 31dec +%A Thursday Which is the same as: $ date --date 31december2009 +%A Thursday In this case we passed to date the option -d (--date) followed by the New Year's Eve date, and then a special argument (that is specific to the date command). Commands may once in a while have strange esoteric arguments... The date command can accept a format argument starting with a plus (+). The format %A asks to print the weekday name of the given date (while %a would have asked to print the abbreviated weekday: try it!). For now don't worry about these hermetic details: we'll see how to obtain help from the command line in learning command details. Let's only nibble a more savory morsel that combines the echo and date commands: $ echo "This New Year's Eve falls on a $( date -d 31dec +%A )" This New Year's Eve falls on a Thursday
Repeating and editing commands Use the Up-arrow key to retrieve a command you issued before. You can move up and down using arrow keys to get earlier and later commands. The Left-arrow and Right-arrow keys let you move around inside a single command. Combined with the Backspace key, these let you change parts of the command and turn it into a new one. Each time you press the Enter key, you submit the modified command to the terminal and it runs exactly as if you had typed it from scratch. Moving Around Anyone who has used a graphical interface has moved between folders. A typical view of folders appears where someone has opened a home directory, then a folder named "my-stuff" under that, and a folder named "music" under that. When you use the command line, folders are called directories. That's just an older term used commonly in computing to refer to collections of things. (Try making an icon that suggests "directory"). Anything you do in a folder on the desktop is reflected in the directory when you're on the command line, and vice versa. The desktop and the command line provide different ways of viewing a directory/folder, and each has advantages and disadvantages. Files contain your information--whether pictures, text, music, spreadsheet data, or something else--while the directories are containers for files. Directories can also store other directories. You'll be much more comfortable with the command line once you can move around directories, view them, create and remove them, and so on.
Directories are organized, in turn, into filesystems. Your hard disk has one type of filesystem, a CD-ROM or DVD has another, a USB mass storage device has yet another, and so on. That's why a CD-ROM, DVD, or USB device shows up as something special on the desktop when you insert it. Luckily, you don't have to worry much about the differences because both the desktop and the terminal can hide the differences. But sometimes in this book we'll talk about the information a filesystem has about your files. The "first" directory is called the root and is represented by the name / (just a forward slash). You can think of all the directories and files on the system as a tree that grows upside-down from this root (Figure below):
Root Directory
Absolute and relative paths Every file and directory in the system has an "address" called its absolute path or sometimes just its path. It describes the route you have to follow starting from the root that would take you to that particular file or directory.
For example, suppose you like the vim editor that we'll introduce in a later chapter, and are told you can start it by running the command /usr/bin/vim. This point underlines what we said in an earlier chapter: commands are just executable files. So the vim editor is a file with the path /usr/bin/vim, and if you run that command /usr/bin/vim you will execute the editor. As you can see from these examples, the slash / is also used as a separator between directories.
Can you find /usr/bin/vim in Figure above? The pathname can be interpreted as follows: 1. Start at the root (/) directory. 2. Move from / down to a directory named usr. 2. Move from usr down to a directory named bin. 2. vim is located in that directory. Note that you can't tell whether something is a file or a directory just by looking at its path. When you work with the command line you will be always working "in" a directory. You can find the path of this directory using the command pwd (print working directory), like this: $ pwd /home/ben You can see that pwd prints an absolute path. If you want to switch your working directory you can use the command cd (change directory) followed by an argument which points to the target directory: $ cd / You just changed your working directory to the root of the filesystem! If you want to return to the previous directory, you can enter the command: $ cd /home/ben As an alternative, you can "work your way" back to /home/ben using relative paths. They are called that because they are specified "in relation" to your current working directory. If you go back to the root directory, you could enter the following commands: $ cd / $ cd home $ cd ben
$ pwd /home/ben The first command changes your current working directory to the root. The second changes to home, relative to /, making your current working directory /home. The third command changes it to ben, relative to /home, landing you in /home/ben. Good to be back home Every user in the system has a directory assigned to him or her, called the home directory. No matter what your current working directory is, you can quickly return to your home directory like this: $ cd That is, enter the cd command without any arguments. All your files and preferences are stored in your home directory (or its subdirectories). Every user of your system with a login account gets her own home directory. Home directories are usually named the same as users' login names, and are usually found in /home, although a few systems have them in /usr/home. When you start your terminal, it will place you in your home directory. There's a special shortcut to refer to your home directory, namely the symbol ~ (usually called a tilde, and found near the very left top of most keyboards). You can use it as part of more complex path expressions, and it will always refer to your home directory. For example, ~/Desktop refers to the directory called Desktop that usually exists within your home directory.
The . and .. directories The entries . and .. are special and they exist in every directory, even the root directory itself (/). The first one is a shorthand for "this directory" while the latter is a shorthand for "the parent directory of this directory." You can use them as a relative path, and you can try and see what happens when you do this: $ pwd /usr/bin $ cd . $ pwd /usr/bin If vim is in /usr/bin, at this point you could run it by typing the relative path: $ ./vim
Continuing from the previous example, you can do this: $ cd .. $ pwd /usr Since they are actual entries in the filesystem, you can use them as part of more complex paths, for example: $ cd /usr/bin $ pwd /usr/bin $ cd ../lib $ pwd /usr/lib $ cd ../.. $ pwd / $ cd home $ pwd /home $ cd ../usr/bin $ pwd /usr/bin The parent directory of the root directory, /.., is root itself.Try moving around your computer on the command line and you will soon get used to it!
Basic commands
By now you have some basic knowledge about directories and files and you can interact with the command line interface. We can learn some of the commands you'll be using many times each day. ls The first thing you likely need to know before you can start creating and making changes to files is what's already there? With a graphical interface you'd do this by opening a folder and inspecting its contents. From the command line you use the program ls instead to list a folder's contents. $ ls
Desktop Documents Music Photos By default, ls will use a very compact output format. Many terminals show the files and subdirectories in different colors that represent different file types. Regular files don't have special coloring applied to their names. Some file types, like JPEG or PNG images, or tar and ZIP files, are usually colored differently, and the same is true for programs that you can run and for directories. Try ls for yourself and compare the icons and emblems your graphical file manager uses with the colors that ls applies on the command line. If the output isn't colored, you can call ls with the option --color: $ ls --color
man, info & apropos You can learn about options and arguments using another program called man (man is short for manual) like this: $ man ls Here, man is being asked to bring up the manual page for ls. You can use the arrow keys to scroll up and down in the screen that appears and you can close it using the q key (for quit). An alternative to obtain a comprehensive user documentation for a given program is to invoke info instead of man: $ info ls This is particularly effective to learn how to use complex GNU programs. You can also browse the info documentation inside the editor Emacs, which greatly improves its readability. But you should be ready to take your first step into the larger world of Emacs. You may do so by invoking:
$ emacs -f info-standalone that should display the Info main menu inside Emacs (if this does not work, try invoking emacs without arguments and then type Alt + x info, i.e. by depressing the Alt key, then pressing the x key, then releasing both keys and finally typing info followed by the Return or Enter key). If you type then m ls, the interactive Info documentation for ls will be loaded inside Emacs. In the standalone mode, the q key will quit the documentation, as usual with man and info.
Ok, now you know how to learn about using programs yourself. If you don't know what something is or how to use it, the first place to look is its manual and information pages. If you don't know the name of what you want to do, the apropos command can help. Let's say you want to rename files but you don't know what command does that. Try apropos with some word that is related to what you want, like this: $ apropos rename ... mv (1) - move (rename) files prename (1) - renames multiple files rename (2) - change the name or location of a file ... Here, apropos searches the manual pages that man knows about and prints commands it thinks are related to renaming. On your computer this command might (and probably will) display more information but it's very likely to include the entries shown. Note how the program names include a number besides them. That number is called their section, and most programs that you can use from the command line will be in section 1. You can pass apropos an option to display results from section 1 manuals only, like this: $ apropos -s 1 rename ... mv (1) - move (rename) files prename (1) - renames multiple files ... At this stage, the section number isn't terribly important. Just know that section 1 manual pages are the ones that apply to programs you use on the command line. To see a list of the other sections, look up the manual page for man using man man.
mv Looking at the results from apropos, that mv program looks interesting. You can use it like this: $ mv oldname newname Depending on your system configuration, you may not be warned when renaming a file will overwrite an existing file whose name happens to be newname. So, as a safe-guard, always use `i' option when issuing mv like this: $ mv -i oldname newname
Just as the description provided by apropos suggests, this program moves files. If the last argument happens to be an existing directory, mv will move the file to that directory instead of renaming it. Because of this, you can provide mv more than two arguments: $ mv one_file another_file a_third_file ~/stuff If ~/stuff exists, then mv will move the files there. If it doesn't exist, it will produce an error message, like this: $ mv one_file another_file a_third_file stuff mv: target 'stuff' is not a directory
mkdir How do you create a directory, anyway? Use the mkdir command: $ mkdir ~/stuff And how do you remove it? With the rmdir command: $ rmdir ~/stuff If you wish to create a subdirectory (say the directory bar) inside another directory (say the directory foo) but you are not sure whether this one exists or not, you can ensure to create the subdirectory and (if needed) its parent directory without raising errors by typing: $ mkdir -p ~/foo/bar This will work even for nested sub-sub-...-directories. If the directory you wish to remove is not empty, rmdir will produce an error message and will not remove it. If you want to remove a directory that contains files, you have to empty it first. To see how this is done, we will need to create a directory and put some files in it first. These files we can remove safely later. Let's start by creating a directory called practice in your home and change the current working directory there: $ mkdir ~/practice $ cd ~/practice
cp, rm & rmdir Now let's copy some files there using the program cp. We are going to use some files that are very likely to exist on your computer, so the following commands should work for you: $ cp /etc/fstab /etc/hosts /etc/issue /etc/motd . $ ls fstab hosts issue motd Don't forget the dot at the end of the line! Remember it means "this directory" and being the last argument passed to cp after a list of files, it represents the directory in which to copy them. If that list is very long, you'd better learn using globbing (expanding file name patterns containing wildcard characters into sets of existing file names) or some other tricky ways to avoid wasting your time in typing file names. One trick can help when dealing with the copy of an entire directory content. Passing to cp the option -R you can recursively copy all the files and subdirectories from a given directory to the destination: $ cp -R . ~/foo $ ls ~/foo bar fstab hosts issue motd $ cp -R . ~/foo/bar $ ls -R ~/ ~/foo: bar fstab hosts issue motd ~/foo/bar: fstab hosts issue motd In this case the current directory has no subdirectories so only files were copied. As you can see, the option -R can be passed even to ls to list recursively the content of a given directory and of its subdirectories. Now, if you go back to your home and try to remove the directory called practice, rmdir will produce an error message: $ cd .. $ rmdir practice rmdir: failed to remove 'practice': Directory not empty You can use the program rm to remove the files first, like this: $ rm practice/fstab practice/hosts practice/issue practice/motd And now you can try removing the directory again:
$ rmdir practice And now it works, without showing any output. But what happens if your directories have directories inside that also have files, you could be there for weeks making sure each folder is empty! The rm command solves this problem through the amazing option -R, which as usual stands for "recursive". In the following example, the command fails because foo is not a plain file: $ rm ~/foo/ rm: cannot remove `~/foo/`: Is a directory So maybe you try rmdir, but that fails because foo has something else under it: $ rmdir ~/foo rmdir: ~/foo: Directory not empty So you use rm -R, which succeeds and does not produce a message. $ rm -R ~/foo/ So when you have a big directory, you don't have to go and empty every subdirectory. But be warned that -R is a very powerful argument and you may lose data you wanted to keep!
cat & less You don't need an editor to view the contents of a file. What you need is just to display it. The cat program fits the bill here: $ cat myspeech.txt Friends, Romans, Countrymen! Lend me your ears! Here, cat just opens the file myspeech.txt and prints the entire file to your screen, as fast as it can. However if the file is really long, the contents will go by very quickly, and when cat is done, all you will see are the last few lines of the file. To just view the contents of a long file (or any text file) you can use the less program: $ less myspeech.txt Just as with using man, use the arrow keys to navigate, and press q to quit.
The sudo Command On many modern systems, whenever you want to enter a superuser command, you just precede it with sudo: $ sudo rm -r /junk_directory You are then prompted for your password, so nobody walking up casually to your system could execute a dangerous command. The system keeps your password around for a while, so you can enter further superuser commands without the bother of re-entering the password. Systems also provide a su command that logs you in as superuser and gives you a new shell prompt. Not all systems allow users to use it, though, because you can get carried away, start doing everyday work as superuser --and suddenly realize you've trashed your system through a typo. It is much safer to do your home system administration using sudo. If other people share your system and you want to give someone superuser privileges, for this you need to know a little more about System Administration.
Using the command line To launch the command line console (the black console box thingy), perform the following steps Open the Start menu and Click the Run... option
Then Type cmd /d or only cmd into the text box and hit enter to launch the command console
1. Ipconfig: This is the top most command for seeing the ip address, subnet mask and default gateway also
includes display and flush DNS cache, re-register the system name in DNS.. This will most useful tool for viewing and troubleshooting TCP/IP problem.
To view ip ,subnet mask address : ipconfig To view all TCP/IP information, use: ipconfig /all To view the local DNS cache, use: ipconfig /displaydns To delete the contents in the local DNS cache, use: ipconfig /flushdns
2.systeminfo Have a need to display operating system configuration information for a local or remote machine, including service pack levels? Then systeminfo is the tool to use. When I need to connect to a system that I am not familiar with, this is the first tool I run. The output of this command gives me all the info I need including: host name, OS type, version, product ID, install date, boot time and hardware info (processor and memory). Also knowing what hot fixes are installed can be a big help when troubleshooting problems. This tool can be used to connect to a machine remotely using the following syntax: SYSTEMINFO /S system /U user
3. Hidden text There is a feature in windows to create hidden notepad file to save your usual password. But this way is not useful for important password. To use this simply go: RUN>type CMD>type notepad (file name).text:hidden For example go to CMD and type: notepad anna.txt:hidden Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. then press enter
C:\Documents and Settings\ASRock>notepad anna.text:hidden An empty notepad file will open and ask you to save>click yes. Type what you want there and save changes and close. To reveal your hidden file repeat above command and see file again.
4.net command Although this tool is more known as a command, the net command is really like a power drill with different bits and is used to update, fix, or view the network or network settings. It is mostly used for viewing (only services that are started), stopping and starting services:
o o o
net stop server net start server net start (display running services)
And for connecting (mapping) and disconnecting with shared network drives:
o o
Other commands used with net command are, accounts (manage user accounts), net print (manage print jobs), and net share (manage shares). Below are all the options that can be used with the net command. [ ACCOUNTS | COMPUTER | CONFIG | CONTINUE | FILE | GROUP | HELP |HELPMSG | LOCALGROUP | PAUSE | PRINT | SESSION | SHARE | START |STATISTICS | STOP | TIME | USE | USER | VIEW ]
5. Hidden files in each other Here I show you a simple unique method to hide a bundle of files to another one. An example is hiding some software and text in a jpg file. In practice you can use this method to hide files in other format such as pdf, png,.doc( word file) and so on. In order to accomplish this task, you will need to have either WinZip or WinRAR installed on your computer. In following example you are learning how to hide portable Joundo (JonDoSetup.paf), FreeGate and secrect notepad text in one jpg file! To do this; copy the picture and other files to the one of your main drive such as C or D.It is better to move them into a folder with name test
-rename your picture as 1 -select your files, you need to hide, then right click>add to archive and rename it as 2
-open cmd and type d: and then press enter to run your command on drive D( if your files are in drive D)
In the example above the files are in C drive. So the command should be as follow in windows xp:
Note: After every command you should press enter. Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. C:\Documents and Settings\ASRock>cd\ C:\>cd test C:\test>copy 1.jpg 2.rar 1file<s> copied C:\test>copy / In example above; files over 50 MB were hidden in one small jpg file. Output jpg file is then ready to send to picture uploading websites or even can be embedded to pdf file. Note: Pdf file doesnt allow you to run .exe or rar file in usual manner, except you changed their security policy from registry. With embedding above picture, you can do that easily. 6. Tasklist and taskkill If you work with Task Manager (ctrl+alt+del), you can easily understand this. Task list is list of task which is running on windows currently. If you open any application,it will be added to task. To List the Tasks type in cmd as : tasklist This will show the list of task which are running as shown in the picture /b 1.jpg + 2.rar 1.jpg
To stop the Process or task ,there is two methods : Using Image Name: We can kill the task using its Image Name as follows:
tasklist /im notepad.exe
Using Process Id: we can stop the process using its process id as follows : tasklist /pid 1852
7. Type type is used to read the text document in command prompt. You can read multiple text in continuously type filename.txt
8.netstat Need to know who (or what) is making a connection to your computer? Then netstat is the tool you want to run. The output provides valuable information of all connections and listening ports, including the executable used in the connections. In additon to the above info, you can view Ethernet statistics, and resolve connecting host IP Addresses to a fully qualified domain name. Note: Some useful applications for the average PC user are considered, including checking for malware connections.
Syntax and switches The command syntax is netstat [-a] [-b] [-e] [-f] [-n] [-o] [-p proto] [-r] [-s] [-t] [-v] [interval] A brief description of the switches is given in Table below. Some switches are only in certain Windows versions, as noted in the table..Note that switches for Netstat use the dash symbol "-" rather than the slash "/".
Switches for Netstat command Switch -a Description Displays all connections and listening ports Displays the executable involved in creating each connection or listening port. (Added in XP SP2.) Displays Ethernet statistics Displays Fully Qualified Domain Names for foreign addresses. (In Windows Vista/7 only) Displays addresses and port numbers in numerical form Displays the owning process ID associated with each connection Shows connections for the protocol specified by proto; proto may be any of: TCP, UDP, TCPv6, or UDPv6. Displays the routing table Displays per-protocol statistics Displays the current connection offload state, (Windows Vista/7) When used in conjunction with -b, will display sequence of components involved in creating the connection or listening port for all executables. (Windows XP SP2, SP3) An integer used to display results multiple times with specified number of seconds between displays. Continues until stopped by command ctrl+c. Default setting is to display once,
-b
-e
-f
-n -o
-p proto
-r -s -t
-v
[interval]
Applications of Netstat Netstat is one of a number of command-line tools available to check the functioning of a network. It provides a way to check if various aspects of TCP/IP are working and what connections are present. In Windows XP SP2, a new switch "-B" was added that allows the actual executable file that has opened a connection to be displayed. This newer capability provides a chance to catch malware that may be phoning home or using your computer in unwanted ways on the Internet. There are various ways that a system administrator might use the assortment of switches but I will give two examples that might be useful to home PC users. Checking TCP/IP connections TCP and UDP connections and their IP and port addresses can be seen by entering a command combining two switches: netstat -an An example of the output that is obtained is shown in below.
Example output for command "netstat -an" The information that is displayed includes the protocol, the local address, the remote (foreign) address, and the connection state. Note that the various IP addresses include port information as well. An explanation of the different connection states is given in Table here:
Description of various connection states State Description Indicates that the server has received an ACK signal from the client and the connection is closed Indicates that the server has received the first FIN signal from the client and the connection is in the process of being closed Indicates that the server received the SYN signal from the client and the session is established Indicates that the connection is still active but not currently being used Indicates that the client just received acknowledgment of the first FIN signal from the server Indicates that the server is in the process of sending its own FIN signal Indicates that the server is ready to accept a connection
CLOSED
CLOSE_WAIT
ESTABLISHED
FIN_WAIT_1
FIN_WAIT_2
LAST_ACK LISTENING
SYN_RECEIVED Indicates that the server just received a SYN signal from the client SYN_SEND Indicates that this particular connection is open and active Indicates that the client recognizes the connection as still active but not currently being used
TIME_WAIT
Checking for malware by looking at which programs initiate connections To find out which programs are making connections with the outside world, we can use the command netstat -b (Note that for Windows Vista/7, this particular switch requires that the command prompt have elevated privileges.) Actually, it is better to check over a period of time and we can add a number that sets the command to run at fixed intervals. Also, it is best to create
a written record of the connections that are made over some period of time. The command can then be written netstat -b 5 >> C:\connections.txt Note that as written, this command will run with five-second intervals until stopped by entering "Ctrl+c", which is a general command to exit. (Some reports say that this can be fairly CPU intensive so it may cause a slower, single-core machine to run sluggishly. It was not noticeable on my dual-core machine.) A simple example of the type of output is shown in Figure below. Note that the Process ID (PID) is given when using Windows XP. In Windows Vista/7, the switch "o' has to be added to display PIDs. This command can be combined with other tools such as Task Manager to analyze what executable files and processes are active and are trying to make Internet connections.
Windows XP batch program to check connections and terminate automatically The previous example of using "netstat -b" to check connections at intervals has the disadvantage that it requires manual termination. It is also possible to use a batch file that runs a specified number of times with a given time interval and then terminates automatically. In Windows XP we can make use of a command from the Windows 2003 Server Tools called "Sleep". A possible batch file is:
@echo off echo Checking connections for /L %%X in (1,1,100) do (netstat -b >> C:\connections.txt)&&(sleep 5)
Copy and paste above command in a notepad and then save it as for example sleep.bat to make corresponding batch file. This particular example does 100 iterations of the netstat command at 30 second intervals and writes the results to a file C:\connections.txt. By using different combinations of the switches in firstTable, the type of output can be varied.
Batch program to check connections in Windows Vista and Windows 7 Windows Vista and Windows 7 do not require installing the "Sleep" file. A command " timeout" has been added to these operating systems that serves a similar purpose. A possible batch file for Windows Vista/7 is: @echo off echo Checking connections for /L %%X in (1,1,100) do (netstat -b >> "%USERPROFILE%\connections.txt")&& ((timeout /t 5 /nobreak)>nul) Copy and paste above code in a notepad file and then save it as for example timeout.bat. This batch file has to be run with administrator privileges.
9 - nslookup With the Internet, DNS (Domain Name Service) is the key for allowing us to use friendly names when surfing the web instead of needing to remember IP Addresses. But when there are problems, nslookup can be a valuable tool for testing and troubleshooting DNS servers. Nslookup can be run in two modes: interactive and noninteractive. Noninteractive mode is useful when only a single piece of data needs to be returned. For example, to resolve google.com:
To use the interactive mode, just type nslookup at the prompt. To see all available options, type help while in interactive mode.
Don't let the help results intimidate you. Nslookup is easy to use. Some of the options I use when troubleshooting are: set ds (displays detailed debugging information of behind the scenes communication when resolving a host or IP Address). set domain (sets the default domain to use when resolving, so you don't need to type the fully qualified name each time). set type (sets the query record type that will be returned, such as A, MX, NS) server NAME (allows you to point nslookup to use other DNS servers than what is configured on your computer) To exit out of interactive mode, type exit .
10- Ping and tracert - These tools can be helpful with connectivity to other systems. Ping will test whether a particular host is reachable across an IP network, while tracert (traceroute) is used to determine the route taken by packets across an IP network. To ping a system just type at the prompt: ping www.google.com. By default, ping will send three ICMP request to the host and listen for ICMP echo response replies. Ping also includes switches to control the number of echo requests to send (-n ), and to resolve IP addresses to hostname (-a ). To use tracert, type at the prompt: tracert www.google.com. You can force tracert to not resolve address to hostnames by using the -d switch, or set the desired timeout (milliseconds) for each reply using -w switch.
11 - gpresult - Used mostly in environments that implement group poicies, gpresults (Group Policy Results) verifies all policy settings in effect for a specific user or computer. The command is simple to use, just enter gpresults at the prompt. It can also be used to connect to computers remotely using the /S and /U switches.
12 - netsh - Without a doubt the most powerful command line tool available in Windows. Netsh is like the swiss army knife for configuring and monitoring Windows computers from the command prompt. It capabilities include:
Configure interfaces Configure routing protocols Configure filters Configure routes Configure remote access behavior for Windows-based remote access routers that are running the Routing and Remote Access Server (RRAS) Service Display the configuration of a currently running router on any computer
netsh firewall set opmode disable netsh firewall set opmode disable
Enable or disable ICMP Echo Request (for pinging) in Windows firewall: netsh firewall set icmpsetting 8 enable netsh firewall set icmpsetting 8 disable
netsh interface ip set address "Local Area Connection" dhcp (For the above command, if your NIC is named something else, use netsh interface ip show config and replace the name at Local Area Connection). As you can see netsh can do alot. Instead of re-inventing the wheel, check out the following Microsoft article for more info on netsh.
Note: For further information about CMD and Terminal, please refer to the following link: 1. http://ss64.com 2. http://linux.about.com/od/commands/Linux_Commands_and_Shell_Commands.htm
Linux
To ensure a secure communications platform, its recommended to install Linux. Follow Installing Ubuntu Linux to create a secure communications platform or for additional information.
What is Linux?
Linux typically refers to the collection of software that runs on top of the Linux Kernel. While in colloquial use, Linux often refers to a compiled selection of software packaged to run together as an operating system, the name Linux specifically refers to the kernel, which is the interface between the hardware and all the other software that runs on a computer. For the sake of brevity, Linux is a mature, secure operating system that includes a wide collection of powerful software that is usually both free as in beer (cost) and free as in speech (freedom). It offers powerful free tools that enable one to computer and communicate securely and privately.
Download and prepare for installation The link below also contains information on how to prepare the Ubuntu image you download for installation on your computer from whatever operating system youre using.: http://www.ubuntu.com/download/ubuntu/download
Once youve prepared your install medium and booted your computer into Ubuntu, try it out first to make sure everything is working with your hardware. Ubuntu supports a wide variety of hardware, but lots of cutting edge hardware and certain classes of hardware (wireless cards, video cards, and sound cards usually pose the most problems) are currently unsupported or not fully supported. This is because the drivers for the hardware are usually written by volunteers who lack the documentation to the hardware. Also, make sure that you have backup copies of all the files you need before making any modifications to your hard drive (you have to complete all the installation steps in Ubuntu and click Install before it modifies your hard drive). Try Ubuntu on your computer first to make sure all your hardware is compatible.
After testing Ubuntu go ahead and reboot and start the install Select your timezone. In Step 3, select the keymap used by your keyboard. If uncertain that the current selection is correct, try typing in the input box. In Step 4 of the Ubuntu installer, you choose whether or not you want to install Ubuntu by itself on your computer, or side-by-side with another operating system (Windows or OS X, probably). This guide recommends installing Ubuntu by itself (if nothing else there are just fewer places for you to keep sensitive information and thus a lower probability of keeping it somewhere thats easier to compromise), however if you really need a different operating system for some reason, its better to have a secured Linux
install with an encrypted home directory and using it for secure communication than attempting to secure windows or OS X. You shouldnt need to use the Advanced options.
Step 5 includes the creation of a username, password, and enabling encrypted home directories. The ubuntu installer indicates the relative strength of a password (strong in the case of this screenshot); strong should be the minimum. Weak passwords severely compromise all other security measures. Unless you have a specific reason to use your real name (especially your full name), its recommended to use an unrelated alias for yourself in order to give as little personal information as necessary. Click the Require my password to log in and to decrypt my home folder
The ubuntu installer seems to skip step 6 every time Ive used it. Review the installation details and install Ubuntu. This step should take about 10-30 minutes depending on the speed of your computer (maybe more for older machines), after which it will ask you to remove the boot installation media and reboot the computer into your new Ubuntu install!
There is a script and instructions attached to this document can guide you through installing common software that isnt installed in Ubuntu by default, usually for space reasons or because of legal uncertainties in some countries (like restricted codecspatent licenses), and making various customizations that people often want upon a new install of ubuntu. The script adds extra repositories: Ubuntu restricted, extras,Medibuntu Getdeb, Dropbox, and install from repository softwares like The GIMP, Pidgin, WINE, Chromium browser, Gnome Do, Guake, VLC media player, Mplayer, SMplayer, Thunderbird, Dropbox, Codecs and more. This script is actually available just for only Ubuntu 10.04 lucid Lynx. Features: - Zenity for a GUI - Adds extra repositories: Ubuntu restricted, extras, Medibuntu, Getdeb, Dropbox (only if you select to install Dropbox)
- Installs from repositories: The GIMP, Pidgin, WINE, Chromium browser, Gnome Do, Guake, VLC media player, Mplayer, SMplayer, Thunderbird, Dropbox, Codecs (multimedia, java, flash), additional archives support, DVD support and fonts, Ubuntu Tweak, Deluge Torrent, CompizConfig Settings Manager, Development tools (from build-essential to Subversion, GIT and so on). - Downloads and installs the following: Google Chrome browser (will download the build for 32 or 64 bit, depending on your Ubuntu version), official smiley themes for Pidgin (for all the protocols), the latest Flash Player for 64bit via Adobes website, Skype (32 or 64bit, depending on your Ubuntu version). - Tweaks: o Move window buttons to the right (Karmic style) Change Update Manager behavior to the one in Jaunty o Remove mounted drive icons from desktop o Disable the GDM login sound o Enable the icons in menus and buttons o Disable the GDM login user list o Remove the Ubuntu-docs package (frees up 252MB) o Change Gnome Calendar first day of the week from Sunday to Monday o Downloads, installs and configure sharp fonts o Fix apt-get update delay for Google repository o Automatically mount NTFS drives on startup - Automatically accepts the JAVA license so you dont have to - The Medibuntu server is currently down which made me develop a new feature: the script now tests the main Medibuntu server and 2 other mirrors and adds whichever of these 3 is working. - Lots of checks to make sure you run the script properly: will check if the script is ran as root, if Synaptic, apt-get, dpkg or Software Center is running and will ask you to close it before running the script, checks the internet connection to make sure you can actually install the packages, etc.
Download and Install Ubuntu Start script from the document Installation: Because this script need Zenity installed to work properly, first install it: sudo apt-get install zenity - Now download Ubuntu start from the link above and cd the directory where you downloaded the script, in my case cd /home/zinovsky/Downloads/ubuntu-10.04-start/ - Now make the script executable using this commad: chmod +x ubuntu-10.04-script Now run the script : sudo ./ubuntu-10.04-script You will got this screen as step one, choose what you want to do then click ok
After you will got a screen with step2, just check in the software you want to install and click OK
Then, the Ubuntu boot menu will appear, select the first option 'Install Ubuntu' and hit Enter...
On the following screen, choose 'Yes' if you want to let the installer auto-detect your keyboard layout or choose 'No' to select a default layout from the next screen(s) (e.g. for a US English keyboard, select 'No', hit Enter, then on the second screen select 'U.S. English', hit Enter and on the third screen select 'U.S. English' again and hit Enter to continue)...
It will then detect some of your hardware components and configure the network with DHCP...
Disk partitioning will start. Select the third option: Guided - use entire disk and set up encrypted LVM...
Note: Please provide an MASTER (not SLAVE) empty hard drive for this installation, because all the data will be erased after you confirm the changes and in order to prevent the overwriting of the MBR (boot sector) in case you have another operating system
You'll be asked to enter a passphrase (a strong password; the longer, the better)...
Note: Please write down the passphrase in case it's too long and you can't remember it! Now, the partitioning tool will format the hard drive and create the default partitioning scheme. Confirm the changes...
You will be asked to enter a proxy for the package manager. If you use a proxy, please enter it now. If not, just hit Enter on this screen...
Then the GRUB boot loader will be automatically configured and installed...
The installation is complete now, hit 'Continue' to eject the CD and reboot the system...
When the system starts, you will be asked to input the passphrase that you've setup during the system's installation...
Please use a "heavy" passphrase, possibly spread some @${[]}$#%& or other signs between, it is possible make double words like this: "haPpy$horse jUmpingfences" (without the double quotes) - DO NOT use words from dictionaries - possibly use some childrens funny words phrase - use your phantasy - the longer passphrase is safer. Please keep the passphrase in a safe place, far away - do not ever tell anybody.
You can now use ubuntu in a normal way, and will not feel much difference from using an unencrypted ubuntu, except when making a backup. Here are packages, which is important to be installed (below is a quick way to install them). Open a terminal, and select one line at a time with the left mouse cursor - then paste the line into the terminal with the middle mouse wheel - enter: sudo apt-get install alien amarok amsn apt-doc apt-howto-en audacious audacity sudo apt-get install auto-apt avidemux ayttm camorama camstream checkinstall sudo apt-get install cheese codeine cryptkeeper debian-policy dpkg-dev sudo apt-get install effectv encfs etherape fdupes festival festvox-kallpc8k sudo apt-get install ffmpeg ffmpeg2theora filelight findimagedupes firestarter sudo apt-get install flashplugin-nonfree geany gimageview gocr gparted gqview sudo apt-get install graphicsmagick grokking-the-gimp gspca-source gstreamer0.10-fluendo-mp3 sudo apt-get install gxine htop idanish imagemagick inkscape istanbul k3b kde kdirstat sudo apt-get install kino koffice kompozer krename kvm lame-extras liblame-dev sudo apt-get install linux-source-2.6.24 lkl lynx mencoder menu menu-xdg mjpegtools sudo apt-get install mp3splt mp3wrap mplayer ocrad ogle openssh-server outguess sudo apt-get install pinfo pterm putty pwgen pysdm qemu recoll recordmydesktop sane sudo apt-get install sane-utils scrot secure-delete smartmontools soundconverter sox
sudo apt-get install squashfs-tools ssh stegdetect subversion sun-java6-jre sysv-rc-conf sudo apt-get install tor transcode ubuntu-restricted-extras usbmount vcdimager vlc wipe sudo apt-get install xawtv xine-ui xmms2 yakuake sudo apt-get install qc-usb-utils qc-usb-source motv gqcam luvcview streamer dspam sudo apt-get install pyvnc2swf xvidcap wink wengophone esound gwenview kipi-plugins sudo apt-get install bzr bazaar-doc sudo apt-get install virtualbox-ose virtualbox-ose-guest-modules-generic sudo apt-get install virtualbox-ose-modules-2.6.24-16-generic sudo apt-get install virtualbox-ose virtualbox-ose-guest-modules-2.6.24-16-generic sudo apt-get install virtualbox-ose-modules-2.6.24-17-generic sudo apt-get install virtualbox-ose-guest-modules-2.6.24-17-generic Comments: Modern hard disks have sufficient space, so sometimes it is better to install too many -than to few packages.
Warning: when you are logged in and using your encrypted Ubuntu, everybody can see what you are doing - so you have to log out and switch your computer off, in order to make your hard disk encrypted - also note, that you have to let the computer stay switched off for at least 10 minutes, in order to empty the RAM (random access memory) completely it is possible to copy your ram in 10 minutes period, with specialized software, before cooling the ram completely. You could still have an encrypted directory on this encrypted hard disk, using e.g. encfs - and encrypt single files, using e.g. GNUpg .
How to make a lvm snapshot (on a 80 GB hard disk): Open a terminal, and run the following commands: sudo lvcreate -L25G -s -n snapshot /dev/vg01/sysroot (Creates a logical volume (LG) by the name snapshot - could be any name you choose - and copies all folders -and files from the sysroot logical volume (your Ubuntu 8.04), which existed just on the time of pressing the "Enter" button). sudo mkdir -p /mnt/snap (Creates a directory by the name /mnt/snap to be used for mounting the snapshot volume). sudo mount /dev/vg01/snapshot /mnt/snap (Mounts the "snapshot" logical volume onto /mnt/snap)
ls -l /mnt/snap (Lists all the folders existing in the "snapshot" logical volume - an exact copy of the directories in "sysroot" logical volume, which is your ubuntu 8.04 system) sudo tar -pczf snapshot.tar.gz /mnt/snap (Creates a tar archive file of the whole contents of the "snapshot" logical volume by the name "snapshot.tar.gz" - you could use another name - the size of the "snapshot.tar.gz" file might be aproximately 3.8 GB at this stage). Please note that a Linux system consists of only files (ONLY). You could encrypt this "snapshot.tar.gz" file using gpg (gnupg-agent package) - into "snapshot tar.gz.gpg" - and then copy this encrypted file onto an external harddisk - you will need to have gnupg-agent active with your secret -and public keys - (gnupg-agent is installed by default in ubuntu 8.04). If you created the gpg keys using the e-mail address "somename@hotmail.com" you could encrypt the file using following command: gpg -r somename@hotmail.com -e snapshot.tar.gz (would create an encryptet file by the name "snapshot.tar.gz.gpg"). You could then copy the "snapshot.tar.gz.gpg" onto an external harddrive, and keep it there as an encrypted backup file. If you later might need it, you just copy it back from the external harddisk into the /home/yourusername directory and decrypt it with the following command: gpg -o snapshot.tar.gz -d snapshot.tar.gz.gpg (will recreate the "snapshot.tar.gz" file) In order to empty the snapshot logical volume run: sudo rm -R /mnt/snap/* To restore the "snapshot.tar.gz" file into the snapshot logical volume run the following two commands: cd /home/yourusername (change directory, so you are standing in /home/yourusername directory - "snapshot.tar.gz" should be placed here).
sudo tar -pxzf snapshot.tar.gz -C / (restores the contents of "snapshot.tar.gz" file into the "snapshot" logical volume which is mounted on the /mnt/snap directory). You can now copy the contents of the "snapshot" logical volume back into the "sysroot" directory: sudo cp /mnt/snap/* / (This will copy the whole contents of the "snapshot" logical volume onto the "sysroot" directory). You could also open the Konqueror File Manager and drag and drop with the left mouse cursor: sudo konqueror (Opens Konqueror as sudo). In order to always have /mnt/snap mounted, add the following line in the /etc/fstab file: /dev/vg01/snap /mnt/snap ext3 relatime 0 0
You can open the /etc/fstab file using the kate editor with the following command: sudo kate /etc/fstab (Please remember to save the file after you have added the new line) Here follow som further lvm commands: sudo lvdisplay (Displays your logical volumes). sudo vgdisplay (Displays your volume group). sudo pvdisplay (Displays your physical volumes). sudo lvremove -f /dev/vg01/snapshot (Removes the "snapshot" logical volume).
You have to open it to run the installer. You will find the detailed instructions below. If you need further help, the various support options are listed at the bottom of this page. If you are using Internet Explorer, you'll be asked whether you want to run or save the file. Choose 'Run' to launch the installer.
Most other browsers, like Firefox, will only ask you to save the file. Click 'Save' and then double-click the downloaded file to launch the installer.
Install If a security message like this appears, click 'Continue' to proceed with the installation. To install Ubuntu, all you need to do is choose your username and password. Please note that you have to enter your password twice to make sure you typed it correctly.
After choosing your password, click 'Install'. The files will be downloaded and installed automatically.
Wait until Ubuntu is downloaded and installed. Please note that the whole process can take a while the downloaded file size is 700MB
When the installation is complete, you will be prompted to restart your computer. Click 'Finish' to restart.
After your computer restarts, choose 'Ubuntu' from the boot menu.
To uninstall Ubuntu, go to Add/Remove applet from the Control Panel and select to remove.
Thats all to it. Your Windows system to return back to where it was before installing Ubuntu
WUBI pre-installed on Windows HP USB Disk Storage Format Tool 2.2.3 USB flash drive or external hard drive (capacity must be greater than the local Ubuntu folder)-Ubuntu and WUBI are products of Canonical Ltd-The USB Format Tool is a product of Hirens
How to Move WUBI to a USB Flash Drive 1. Download: http://freesoftwarefinder.com/downloads/HPUSBDisk.exe the HP USB Format tool, and format your USB Flash Drive using the NTFS file system 2. Copy the following folders and files from your C: drive to the root of your USB device ubuntu wubildr wubildr.mbr 1. Download: http://download.gna.org/grubutil/grubinst-1.1-bin-w32-2008-01-01.zip and extract grubinst then run grubinst_gui.exe (right click run as administrator in Vista/Win7) 2. From the Grub4DOS Installer: (1) Select your USB Disk from the drop down (2) Click Refresh Part List (3) Select Whole disk [MBR] from the drop down (4) Type wubildr for the Boot File
3. Reboot your PC with your BIOS set to Boot from the USB Device 4. Highlight the first entry in the Grub2 Menu and Press E to edit
(1) Delete all lines before line linux /boot/vmlinuz-2.6.31 (2) Change root=/dev/sda2 to root=/dev/sdb1
6. Your WUBI install should now be booting from your USB device 7. Once booted, open a terminal and type update-grub 8. Reboot and try out your USB WUBI Install Notes: update-grub automagically configures the new grub.conf file based on what it has detected from the running environment. * Once you have verified that your portable WUBI boots, you can uninstall the local WUBI install from your PC. Just make sure to remove the USB device before uninstalling. Additionally, to gain about 691MB of space, you can delete the "install" and "winboot" folders and the "uninstall-wubi.exe" file from the "ubuntu" folder on your USB device. Troubleshooting Tips: If Grub cant find your USB Wubi install, you can try a different root=/dev/sdx# during step 7 above: Example, if your computer contains no other SATA devices:
root=/dev/sda1
Working CD Drive and an Ubuntu Live CD 1GB or larger USB flash drive (I recommend a 4GB if using persistence)
Persistent Feature: Yes Installing Ubuntu to a Flash Drive via Startup Disk Creator: Note: Back up ALL data from your Flash Drive before proceeding! 1. Insert your Ubuntu CD and restart your computer, booting from the Live CD 2. Insert a 1GB or larger USB flash drive 3. Navigate to System > Administration > Startup Disk Creator: 4. Next, (1) Select your Flash Drive from Disk to use (2) Choose to Erase Disk (Make sure you have backed up any important data first)
5. Now, (1) Select the partition related to your Flash Drive, (2) For Persistence, select the option Stored in reserved extra space and adjust the slider to desired capacity (4) Click the Make Startup Disk button: 6. A bar appears to indicate the progress of the install. Once the installation is complete, remove the CD, restart your computer and set your Boot Menu or System BIOS to boot from your USB device. You should now be booting from your Ubuntu Startup Disk
Debian Live 5.0 Desktop Debian and Debian Logos: Trademarks of Software in the Public Interest, Inc.: http://www.spiinc.org/ Win32Disk Imager: win32-image-writer: https://launchpad.net/win32-image-writer/ Distribution Home Page: debian-live.alioth.debian.org: http://debian-live.alioth.debian.org/ Minimum Flash Drive Capacity: 1GB Persistent Feature: Yes
Installing Debian Live to USB using Windows Warning: The contents on your Flash Drive will be wiped out. Backup anything you want to save before proceeding. 1. Insert a 2GB or larger Flash Drive (for Debian Live with Persistence) 2. Download a Debain-Live Gnome, Xfce, KDE or lxde img (and save it to your desktop) http://cdimage.debian.org/cdimage/release/current-live/i386/usb-hdd 3. Download the Win32 DiskImager (and extract it's content to a folder on your desktop) http://launchpad.net/win32-image-writer/0.2/0.2/+download/win32diskimager-RELEASE-0.2r23-win32.zip 4. Navigate to where you extracted the contents of the Win32DiskImager and run Win32DiskImager.exe Note: you may notice a window saying: An error occurred when attempting to get the device information. Error 8: - simply click OK to continue
5. (1) Browse to and select your Debian-Live .img file (2) Select your USB Device (3) Click
Write to write the image to the device 6. A progress bar will indicate the progress of the write. Once it has finished, simply reboot your PC and set your BIOS or Boot Menu to boot from the USB Device
If all goes well, you should now be booting from your own Portable USB Debian Live Flash Drive. How to make the Debian Live install Persistent: The following information was suggested by Leong Yu Siang. After youre up and running from your Debian Live created Flash Drive, do the following: 1. Navigate to System > Administration > Partition Editor
2. (1) Select your USB device from the drop down in the upper right corner (2) Right Click the Unallocated Space and select New
3. (1) Set the Filesystem to Ext2 (2) type live-rw for the label (3) Click Add
4. Once the process has finished, reboot your Debian Live system 5. At the splash boot screen, hit the Tab key 6. Add the word persistent to the string and then hit Enter If all goes well, you should now be booting into your Debian Live with persistence. In order to save and restore any changes you make, you need to perform steps 5 and 6 during each boot. Another option is to replace the live.cfg file in the syslinux directory on your Flash Drive with this (right click save as) live.cfg file which will add a default persistent boot option to the boot menu.If you would like to return your Flash Drive to its previous state, you can use http://www.ipauly.com/bootice/bootice_0.9.rar and Choose USB-FDD Mode and FAT32 format.
Downloading and installing Live-Helper: 1. Open a terminal and type sudo gedit /etc/apt/sources.list Add deb http://live.debian.net/debian/ etch main to the list and save the file. 2. Back at the terminal, type sudo apt-get update 3. Type sudo apt-get install debian-unofficial-archive-keyring 4. Type sudo apt-get install live-helper Configuring the settings for your Debian based Live CD: 1. Login as root and open a terminal (must be done as root user) 2. From the terminal, type lh_config Now we can edit the configuration files that have been created in (root's Home) debianlive/config/ directory
Open debian-live/config/chroot, Set the interactive parameter LIVE_INTERACTIVE="enabled" (this allows you to chroot to the filesystem and make changes before it is compressed) You should also set the live package to install. For example: LIVE_PACKAGES_LISTS="gnome" (will install the gnome desktop) Save changes and close the chroot file
Note: To create a USB Image instead of an ISO, open debian-live/config/binary and change the image type parameter from iso to usb-hdd LIVE_BINARY_IMAGES="usb-hdd" Building the Debian based Live Linux ISO or IMG: Now that we have made a couple of basic configuration changes we can proceed with the build process. 1. Back at the terminal type cd debian-live (moves us to debian-live, where our live distro is going to be built) 2. Type lh_build (starts the build process based on our live configuration settings) During the build process, live-helper will create a directory named chroot containing the Linux filesystem that will later be compressed. Once live-helper has finished installing the core components, it will start an interactive shell (change root directory to chroot) pausing the build and allow you to install additional packages and make changes or adjustments before it compresses the filesystem and builds the final Live Linux ISO.
3. At the terminal, when the script responds with the following: Pausing build: starting interactive shell
Make your changes, if any and then type exit to allow live-helper to continue.
Burn the ISO and test your new creation: Once live-helper has finished, you'll find your completed ISO in the debian-live directory. 1. Burn the ISO to a CD or DVD 2. Test your new creation by rebooting from the CD/DVD. Or to Copy the IMG to the USB device: 1. From the terminal type fdisk -l and locate your USB device. Example: dev/sdX (where X represents your USB device) 2. Type dd if=binary.img of=/dev/sdX 3. Reboot your PC, booting from the USB device Note: With your CD/DVD or USB build, you can save your changes back to a USB device via the persistent feature. Simply create a partition on the device labeled casper-rw and type live persistent at boot to enable saving and restoring of settings/changes. Example: mkfs.ext2 -L casper-rw /dev/sdx2
The system resides on a non-writable CD, i.e. it is in the original state after every reboot and cannot be modified afterwards. Spyware and other mailicious software cannot be installed permanently. All alterable user data reside on encrypted removable media like USB flash drives.
The system kernel is modified so that it ignores any network hardware. UPR therefore is an isolated system which can not be attacked via LAN/WLAN/Bleutooth/Infrared etc. UPR mounts removable media and TrueCrypt volumes with the 'noexec' option. This prevents executing malicious programs that were imported accidentally into the UPR-System via removable media. Therewith it is secured, that the running UPR-System can not be infected this way.
The system is based on free software which can be verified in source code. The system completely ignores any local hard disks. Neither can they be used by malicious software to save sensitive data outside the encrypted removable media - unencrypted and unnoticed for later attacks - , nor could this happen accidentally by the users inattention. Malicious software can also not be loaded from already compromised hard disks into UPR.
To ease working with a non-modifiable system, UPR introduces "extended TrueCryptVolumes", which can store program configuration like GnuPG settings, OpenOffice dictionaries etc. permanently and securely within an encrypted volume. These settings are automatically made available after opening such an "extended TrueCrypt-Volume". This method is only an optional alternative to using standard TrueCrypt volumes NOTE: Ubuntu Privacy Remix is NOT for anonymous internet surfing since its modified kernel ensures that no network hardware.
No hard drive installation Read-only filesystem No Internet connection TrueCrypt encryption software: you will learn more about it later Extended TC-Volumes GNOME 2.22 desktop environment Ubuntu Privacy Remix is based on the Ubuntu 8.04 LTS (Hardy Heron), it is dubbed Hardened Heron and includes some of the best cryptographic applications available today: GnuPG and TrueCrypt.
For more information about how to use and its features please refer to: https://www.privacy-cd.org/en/tutorials https://www.privacy-cd.org/en/features-mainmenu-35 Download: https://www.privacy-cd.org/index.php?option=com_content&view=article&id=66&Itemid=89
Windows
It is not recommended to use Windows as a secure communication platform. While Windows can be locked down to provide a more secure environment than is provided by default, the tendencies in Windows lean towards very lax security. There is also a multitude of pre-built exploits for windows that make it easier for attackers to compromise. Here are some bullet points against using windows for secure communications:
widespread distribution of malware/Trojans/viruses that could log key strokes, bypassing encryption schemes and/or logging other information targeted hacking and malware installation is actively used by governmental agencies with Windows being most susceptible Usually uses an unencrypted file system, main encryption tool is proprietary and cannot be scrutinized for exploits, back doors, or other weaknesses. User accounts are administrators by default Since Windows is proprietary and closed-source, there is no outside scrutiny for defects, back doors, or anything that phones home. Youre trusting Microsoft completely with whatever secrets you choose to put on your computer.
Step 2 - At this stage it will ask you to press F6 if you want to install a third party Raid or SCSI driver. If you are using an IDE Hard Drive then you do not need to press F6. If you are using a SCSI or SATA Hard drive then you must press F6 otherwise Windows will not detect your Hard Drive during the installation. Please make sure you have the Raid drivers on a floppy disk. Normally the drivers are supplied on a CD which you can copy to a floppy disk ready to be installed. If you are not sure how to do this then please read your motherboard manuals for more information. Step 3 - Press S to specify that you want to install additional device.
Step 4 - You will be asked to insert the floppy disk with the Raid or SCSI drivers. Press enter after you have inserted the disk. Step 5 - You will see a list of Raid drivers for your HDD. Select the correct driver for your device and press enter.
Step 6 - You will then get a Windows XP Professional Setup screen. You have the option to do a new Windows install, Repair previous install or quit. Since we are doing a new install we just press Enter to continue. Step 7 - You will be presented with the End User Licensing Agreement. Press F8 to accept and continue
Step 8 - This step is very important. Here we will create the partition where Windows will be installed. If you have a brand new unformatted drive you will get a screen similar to below. In our case the drive size is 8190MB. We can choose to install Windows in this drive without creating a partition, hence use the entire size of the drive. If you wish to do this you can just press enter and Windows will automatically partition and format the drive as one large drive. However for this demonstration I will create two partitions. The first partition will be 6000MB (C: drive) and second partition would be 2180MB (E: drive). By creating two partitions we can have one which stores Windows and Applications and the other which stores our data. So in the future if anything goes wrong with our Windows install such as virus or spyware we can reinstall Windows on C: drive and our data on E: drive will not be touched. Please note you can choose whatever size partition you like. For example if you have 500GB hard drive you can have two partitions of 250GB each.Press C to create a partition.
Step 8 - Windows will show the total size of the hard drive and ask you how much you want to allocate for the partition you are about to create. I will choose 6000MB. You will then get the screen below. Notice it shows C: Partition 1 followed by the size 6000 MB. This indicates the partition has been created. We still have an unpartitioned space of 2189MB. Next highlight the
unpartitioned space by pressing down the arrow key. Then press C to create another partition. You will see the total space available for the new partition. Just choose all the space left over, in our case 2180MB.
Step 9 - Now you will see both partition listed. Partition 1 (C: Drive) 6000MB and Partition 2 (E: Drive) 2180MB. You will also have 8MB of unpartitioned space. Don't worry about that. Just leave it how it is. Windows normally has some unpartitioned space. You might wonder what happened to D: drive. Windows has automatically allocated D: drive to CD/DVD-ROM. Select Partition 1 (C: Drive) and press Enter.
Step 10 - Choose format the partition using NTFS file system. This is the recommended file system. If the hard drive has been formatted before then you can choose quick NTFS format. We chose NTFS because it offers many security features, supports larger drive size, and bigger size files.
Windows will now start formatting drive C: and start copying setup files as shown on the two images below:
Step 11 - After the setup has completed copying the files the computer will restart. Leave the XP CD in the drive but this time DO NOT press any key when the message "Press any key to boot from CD" is displayed. In few seconds setup will continue. Windows XP Setup wizard will guide you through the setup process of gathering information about your computer. Step 12 - Choose your region and language.
Step 13 - Type in your name and organization. Step 14- Enter your product key.
Step 15 - Name the computer, and enter an Administrator password. Don't forget to write down your Administrator password.
Step 16 - Enter the correct date, time and choose your time zone.
Step 17 - For the network setting choose typical and press next. Step 18 - Choose workgroup or domain name. If you are not a member of a domain then leave the default settings and press next. Windows will restart again and adjust the display.
Step 19 - Finally Windows will start and present you with a Welcome screen. Click next to continue. Step 20 - Choose 'help protect my PC by turning on autoatic updates now' and press next.
Step 21 - Will this computer connect to the internet directly, or through a network? If you are connected to a router or LAN then choose: 'Yes, this computer will connect through a local area network or home network'. If you have dial up modem choose: 'No, this computer will connect directly to the internet'. Then click Next.
Step 22 - Ready to activate Windows? Choose yes if you wish to active Windows over the internet now. Choose no if you want to activate Windows at a later stage. Step 23 - Add users that will sign on to this computer and click next.
Step 24 - You will get a Thank you screen to confirm setup is complete. Click finish. Step 25- Log in, to your PC for the first time.
Step 26 - You now need to check the device manager to confirm that all the drivers has been loaded or if there are any conflicts. From the start menu select Start -> Settings -> Control
Panel. Click on the System icon and then from the System Properties window select the Hardware tab, then click on Device Manager.
If there are any yellow exclamation mark "!" next to any of the listed device, it means that no drivers or incorrect drivers has been loaded for that device. In our case we have a Video Controller (VGA card) which has no drivers installed. Your hardware should come with manufacturer supplied drivers. You need to install these drivers using the automatic setup program provided by the manufacturer or you need to manually install these drivers. If you do not have the drivers, check the manufacturers website to download them. To install a driver manually use the following procedure: (a) From the device manager double click on the device containing the exclamation mark. (b) This would open a device properties window. (c) Click on the Driver tab. (d) Click Update Driver button. The Wizard for updating device driver pops up as shown below:
You now get two options. The first option provides an automatic search for the required driver. The second option allows you to specify the location of the driver. If you don't know the location of the driver; choose the automatic search which would find the required driver from the manufacturer supplied CD or Floppy disk. Windows would install the required driver and may ask you to restart the system for the changes to take effect. Use this procedure to install drivers for all the devices that contain an exclamation mark. Windows is completely setup when there are no more exclamation marks in the device manager.
Step 2 - The next screen allows you to setup your language, time and currency format, keyboard or input method. Choose your required settings and click next to continue.
Step 3 - The next screen allows you to install or repair Windows 7. Since we are doing a clean install we will click on "install now".
Step 4 - Read the license terms and tick I accept license terms. Then click next to continue.
Step 5 - You will now be presented with two options. Upgrade or Custom (Advanced). Since we are doing a clean install we will select Custom (Advanced).
Step 6 - Choose where you would like to install Windows 7. If you have one hard drive you will click next to continue. If you have more than one drive or partition then you need to select the appropriate drive and click next. If you need to format or partition a drive then click Drive options (advance) before clicking next.
If you have multiple hard drives and/or multiple partitions on those drive(s), take great care in confirming that you're deleting the correct partition(s). Many people, for example, have second hard drives or partitions that act as backup drives. That's certainly not a drive you want to be deleting. To Delete Other Operating System Related Partitions. If there are any other partitions that need to be deleted, you can do so at this time and then confirm Additional Partition Deletions.
Step 7 after choosing the location, Windows 7 starts the installation process and starts copying all the necessary files to your hard drive as shown on the image below.
Step 8 - It will go through various stages of the setup and will reboot your system few times.
Step 9 - When your PC reboots it attempts to boot from DVD as its the first boot device. Do not press any key during the boot prompt so Windows 7 will continue with the installation by booting from the hard drive.
Step 10 - After the reboot your computer will be prepared for first use.
Windows 7 is now loading drivers, checking to make sure everything has been setup properly, removing temporary files, etc. You don't need to do anything here.
Step 11 - At this stage you need to choose a user name and computer name. Click next to continue. The user account you create here is the Administrator account which is the main account for your Windows 7 that has all the privileges.
Step 12 - Choose your password and password hint just in case you forget your password and need to jog your memory.
Step 13 - You can now type the product key that came with Windows 7 and click next. If you do not enter the product key you can still proceed to the next stage. However Windows 7 will run in trial mode for 30 days. You must therefore activate Windows within 30 days otherwise you cant access your computer after 30 days.
Step 14 - Help protect your computer and improve Windows automatically. Choose Use recommended setting. Those who use cracked version of windows should select ask me later But it is not secure!
Step 15 - Review your time and date settings. Select your time zone, correct the date and time and click next to continue.
Step 16 - Select your computer's current location. If you are a home user then choose Home network otherwise select the appropriate option.
Step 17 - Windows will now finalize the settings for your computer and restart. Step 18 - After the final restart Windows 7 will start to boot up.
Step 19 - Finally you have the logon screen. Just type your password and press enter or click on the arrow to logon to Windows 7 for the first time.
Step 20 - After you have logged on to Windows 7 for the first time, you will see similar desktop to the image below. At this point you can start using your computer. However it may not be fully
configured. You need to make sure that all the hardware is detected correctly and the necessary device drivers are installed. This can be done from the device manager.
Step 21 - To go to device manager click - Start Menu -> Control Panel -> System and Security > System -> Device Manager. You will see all your hardware listed as shown on the image below. You need to check if you have any yellow exclamation marks next to the name of the devices, similar to "Multimedia Audio Controller" on the image below. This indicates that the driver has not been installed for this device. At this stage you can install the driver for this device. To do so, Right Mouse click on Multimedia Audio Controller -> Update Driver Software...
Step 22 - You can choose to "Search automatically for updated driver software" or "Browse my computer for driver software". If you have the driver CD or if the driver is on a USB drive then choose "browse my computer for driver software". Window 7 will search and install the driver from the CD or you can locate the driver manually. Once you have removed all the yellow exclamation marks from the device manager your Windows 7 configuration would be fully complete.
Step 23 - Finally check if you have successfully activated Windows 7. Click Start Menu -> Control Panel -> System and Security -> System. You will get a window similar to the image below. Towards the bottom you will see Windows is activated followed by your product ID. This shows that your copy of Windows 7 is fully activated.
If your system doesnt support Hardware Virtualization, unfortunately you wont be able to run XP Mode.
Windows Virtual PC: It is the latest Microsoft virtualization technology for Windows 7. It is the runtime engine for Windows XP Mode to provide a virtual Windows environment for Windows 7. With Windows Virtual PC, Windows XP mode applications can be seen and accessed from a Windows 7-based PC. Tips:
To Uninstall Windows XP Mode o Open Control Panel (All items view), click on Programs and Features, and select Windows XP Mode. To Uninstall Windows Virtual PC o Open Control Panel (All items view), click on Programs and Features, click on the View installed updates link in the left pane, and then select Windows Virtual PC (KB958559).
1 GHz 32-bit / 64-bit processor required Memory (RAM) o 1.25 GB required, 2 GB memory recommended Recommended 15 GB hard disk space per virtual Windows environment Supported host (your computer) operating system: NOTE: Windows XP Mode can only be installed on Windows 7 Enterprise, Windows 7 Professional, and Windows 7 Ultimate. o Windows 7 Home Premium (32-bit or 64-bit) o Windows 7 Professional (32-bit and 64-bit) o Windows 7 Ultimate (32-bit and 64-bit) o Windows 7 Enterprise (32-bit and 64-bit) Supported guest (virtual machine) 32-bit only operating system: o Windows XP Virtual Applications feature is supported only on Windows XP Service Pack 3 (SP3) Professional o Windows Vista Virtual Applications feature is supported only on Windows Vista Enterprise and Windows Vista Ultimate o Windows 7 Virtual Applications feature is supported only on Windows 7 Enterprise and Windows 7 Ultimate
Procedure: 1. Go to the Windows Virtual PC website: http://www.microsoft.com/windows/virtualpc/download.aspx , select your 32-bit or 64-bit Windows 7 version and language.
2. Afterwards, click on the Windows XP Mode download button in step 3 at that site.
3. Click on Continue for Windows validation. When validation is completed, click on Continue to start the download process. NOTE: You will need to have cookies enabled to be able to do this.
4. Download and Install Windows XP Mode A) Click on Save, and then save the WindowsXPMode_en-us.exe file to your desktop. .
B) Double click on the downloaded WindowsXPMode_en-us.exe installation file to start installing it. NOTE: The part of the name in red will vary for you depending on what language you selected (step 1). C) Click on the Next button.
E) If prompted by UAC, click on Yes. F) When Windows XP Mode is finished installing, click on the Finish button.
5. Download and Install Windows Virtual PC A) At the Windows Virtual PC website, click on the Windows Virtual PC download button in step 3 at that site.
B) Click on Save, and then save the Windows6.1-KB958559-x86-RefreshPkg.msu or Windows6.1-KB958559-x64-RefreshPkg.msu file to your desktop.
C) Double click on the downloaded Windows6.1-KB958559-x86-RefreshPkg.msu or Windows6.1-KB958559-x64-RefreshPkg.msu file to start installing it. D) If prompted by UAC, click on Yes. E) Click on Yes.
G) When it is finished, click on the Restart Now button. WARNING: This will restart your computer immediately. Be sure to save and close anything that you have open first.
H) When the computer is finished restarting, continue on to step 6 below. 6. Download and Install Windows XP Mode Update NOTE: Enables Windows XP Mode for PCs without Hardware Assisted Virtualization Technology. While the Windows XP Mode Update download may be optional for PCs with Hardware Assisted Virtualization Technology, it will not hurt anything to install it to be safe if you are not sure if you do or not. You will not need to download and install the Windows XP Mode Update if you have the Windows 7 SP1 installed since the SP1 already contains it. You can open winver to see if you are running Windows 7 SP1 or not. Open the Start Menu. In the Search box, type in winver and press Enter.
A) At the Windows Virtual PC website, click on the Windows XP Mode Update download button in step 3 at that site.
B) Click on Save, and then save the Windows6.1-KB8977206-x86.msu or Windows6.1KB8977206-x64.msu file to your desktop.
C) Double click on the downloaded Windows6.1-KB8977206-x86.msu or Windows6.1KB8977206-x64.msu file to start installing it. D) If prompted by UAC, click on Yes. E) Click on Yes.
F) When it is finished, click on the Restart Now button. WARNING: This will restart your computer immediately. Be sure to save and close anything that you have open first.
G) When the computer is finished restarting, continue on to step 7 below. 7. To Open and Run Windows XP Mode A) Open the Start Menu, then click on All Programs, expand the Windows Virtual PC folder, and double click on the Windows XP Mode shortcut. 8. Check the I accept box, then click on the Next button.
9. Type in a password and type it in again to confirm it, and then click on the Next button. NOTE: If you would like to be logged on automatically whenever you open Windows XP Mode (step 7), then check the Remember credentials box.
10. Select (dot) the Help protect my computer by turning on Automatic Updates now box, and then click on the Next button. 11. Click on the Start Setup button.
12. You will now see this for a few moments while Windows XP Mode is being setup.
13. When setup is finished and you did not check the Remember credentials box in step 9 above, then you will need to enter your password entered and click on OK. If you did, then skip this and continue on to step 14. 14. The Windows XP Mode - Windows Virtual PC window will now open. You are now in Windows XP Mode.
1. Next, be sure to install Integration Components and enable Integration Features. NOTE: Sometimes this will be enabled for you automatically during installation. To Install Integration Components Click on Tools on the virtual machine menu bar, and click on Install Integration Components. NOTE: You may need to press CTRL+ALT+Left Arrow to move the mouse pointer out of the virtual machine to click on the menu bar. B) Click on Continue.
E) If prompted by UAC, then click on Yes. F) When it's finished installing, click on Finish. G) Click on Yes to restart the virtual machine
H) Log on to the virtual machine by typing in your password for the virtual machine and pressing enter.
I) you will now need to enable the integration features. To Enable Integration Features NOTE: You will only be able to enable the integration features if you had already installed the integration components (step 1). After the first time you do this, you will usually only need to do step 3A to enable the integration features. A) Click on Tools on the virtual machine menu bar, and click on Enable Integration Features. NOTE: You may need to press CTRL+ALT+Left Arrow to move the mouse pointer out of the virtual machine to click on the menu bar. B) Check the Remember my credentials box, and click on Use another account.
C) Type in your user name and password for this virtual machine, then click on OK.
D) Integration features will now be enabled. To Disable Integration Features A) Click on Tools on the virtual machine menu bar, and click on Disable Integration Features. NOTE: You may need to press CTRL+ALT+Left Arrow to move the mouse pointer out of the virtual machine to click on the menu bar. B) Log on to the virtual machine by typing in your password for the virtual machine and pressing enter.
C) Integration features will now be disabled. 16. Set Windows XP Mode Settings A) In the Windows XP Mode window, click on Tools (menu bar) and Settings. B) In the left pane, select Close/Shut Down. C) In the right pane, select (dot) automatically close with the following
action, then select Shut Down and click on OK. 17. To Close Windows XP Mode A) Click on the X in the upper right corner of the Windows XP Mode window like you would any other window in Windows 7or .. B) In the Windows XP Mode window click on Action (menu bar) and Close. 19. Installing a Program in Windows XP Mode NOTE: You would install a program in Virtual Windows XP just like you would in Windows 7 with the same access to everything in Windows 7. For example, hard drives, DVD drives, USB drives, Windows 7 folders and files, etc..... A) After you have installed any program (ex: CCleaner) in Windows XP Mode, you will notice that there will now also be a shortcut to it in the Windows 7 Start Menu in the Windows XP Mode Applications folder under Windows Virtual PC and Windows XP Mode. NOTE: Double clicking on the program's shortcut (ex: CCleaner) in the Windows 7 Start Menu when Windows XP Mode is closed will open and run the program in Windows 7 but as if it you were running it in Windows XP Mode. You could also move or copy this Windows XP Mode Applications shortcut where you like in Windows 7 for easy use.
The version of Windows is XP Professional SP3. You can easily send the Ctrl+Alt+Del command. To completely turn off the machine the first time you will need to shut it down from this screen.
You can use USB drives as well, just click USB on the toolbar and choose the drive you want XP Mode to recognize. While playing around in XP on your Windows 7 machine is cool, the main reason for XP Mode is to run applications that only work with XP on the new OS. You need to install the XP compatible program on the virtual machine first, just like you normally would. In this example the old school MusicMatch
Player version 7.5 on the XP VM is installed. To run the apps in XP Mode you need to close out of the VM first. Then go to the Start menu and Windows Virtual PC \ XP Mode Applications and the app you want to run.
The virtual machine process starts up but you dont see the whole OS, just the application you want to run. You can use it just like you would if it were installed on Window 7. You can also go into the VM settings and change things like allocating more memory, hard drives, networking settingsetc.
Then, download and install VMware player. The download is free, but requires registration. You may see some prompts about installing drivers; simply approve them. It is not usual but happens sometimes. When you are finished installing VMware Player, you will have to restart your computer.
Add XP Mode to VMware Player Now that your computer is rebooted, run VMware Player. We can import XP Mode by clicking File, and then click Import Windows XP Mode VM.
VMware Player will simply start importing your XP Mode. Converting XP mode to VMware format may take a couple minutes depending on your hardware, so just be patient.
When this is done, you should see a new virtual machine in VMware Player called XP Mode! Click Play Virtual Machine to run XP Mode. XP will run through its first-run setup process.
While it is loading, you may be prompted to install or update VMware Tools. This is required to integrate XP Mode into your computer, so click Update Tools or Install Tools depending on your situation.
The tools will automatically download and install, though you may have to approve an UAC prompt.
Now you can proceed with your XP setup. Accept the license agreement, and choose your locale and keyboard settings.
And enter the correct date, time, and timezone. It usually gets the correct time and date from your computer itself, but the time zone is often incorrect. XP will now finalize your changes, and then reboot.
When XP Mode restarts, choose your settings for updates. Then Windows may ask to search for drivers. Simply press cancel, as VMware Tools will contain everything we need.
After a short delay, you should see your XP desktop in VMware Player! Theres one last thing that needs to be installed VMware Tools. This should automatically open in XP Mode; if not, click Start, then My Computer, and finally double-click on the CD drive which should say VMware Tools.
Now, simply run the Tools installer with the typical setup type, and reboot the XP Mode when its finished. Now VMWare is setup and were ready to start integrating it with Windows 7.
Integrate XP Mode in VMware Player with Windows 7 The real advantage of the default XP Mode in Windows 7 is that the XP programs are fully integrated with their Windows 7 counterparts. You can run them seamlessly with other programs, copy between them, and even open and save files to the same folders. Lets set this up in VMware. Copy and paste from Windows 7 to XP Mode in VMware is activated by default. To use your XP programs seamlessly with Windows 7, click VM on the top of the VMware window, and click Enter Unity.
You can easily access any program or file in XP mode through a dedicated XP Mode Start Menu. When you hover over your Windows 7 Start button, a new button called Windows XP Mode will above it. Click there to access a full start menu from XP Mode right in Windows 7.
By default, the virtualized windows will have a border and the VMware logo on their edge. To remove this logo, click VM in the VMware player window, then settings. Click on the Options tab, and choose Unity on the left. Now uncheck the boxes that say Show borders and Show badges. Without having the VMWare borders and badges give everything a more authentic XP Mode look and feel. Without having the VMWare borders and badges give everything a more authentic XP Mode look and feel.
You can even use removable devices, such as flash drives, in XP Mode in VMware Player. Whenever you connect a new device to your computer, VMware will remind you that you can add it to XP Mode.
Simply click VM, then Removable Devices. Select your device name, and click Connect.
Save Files in XP Mode to My Documents in Windows 7 By default, files created in XP Mode in VMware Player will be saved inside the virtual machine. Its more convenient if theyre saved directly to the My Documents folder in Windows 7, so lets change this. Click VM, then Settings. Click the Options tab, and then choose Shared Folders on the left. Now click the bullet for Always enabled and check the box for Map as a network drive in Windows guests.
Now click Add at the bottom of that window. This will let us add a shared folder. Lets add the My Documents folder from Windows 7. Click Browse, and then select your My Documents folder. Click Ok, and then click Next.
Make sure the box is checked that says Enable this share and then click Finish. You can now close the settings window as well. Then Back in XP Mode, click Start, then right click on My Documents, and select Properties.
Click Move to find the new My Documents folder and find the folder we just shared from Windows 7 by clicking My Computer, then the drive that says Shared Folders on vmwarehost or something similar. Now select the folder we shared, Documents, and click Ok.
Click Ok in the main properties window. It may offer to copy the files from your old My Documents folder to the new one; choose Yes to make sure you have all of your documents in Windows 7. Now, whenever you go to save a file in XP Mode, it will automatically save in your My Documents folder on Windows 7. You can repeat the same process for any folder you wish, such as your My Pictures and My Music folders. Now you have your full XP Mode running on your computer without hardware virtualization. Almost all the same features are there; the only thing youre missing is the Start Menu integration, but VMwares menu is the next best thing. In our tests using VMware worked as good or better as actual XP Mode on a machine that supports hardware virtualization.
Nation states have responded to new communications technology by pursuing an infrastructure that can easily be re-purposed for total social control. Unlike earlier communication eras, the nature of current technology requires that our information is either secure in a way that frustrates governments, or is totally insecure in a way that makes possible the widespread and detailed monitoring of an entire populous.
Corporations have discovered that the gathering and analysis of massive amounts of personal data is necessary if they want to remain competitive in an information-rich world. In particular, nearly all advertising is shifting toward surveillance-based tracking of our personal behavior. In this context, secure communication has become vitally important.
State surveillance has a long history of resulting in the repression of social movements. Even indirectly, rampant surveillance has a chilling effect on social movements. Corporate surveillance is just as serious as state surveillance. Not only can the massive amounts of data kept on internet users be easily re-purposed for direct state repression, but corporations are now on the verge of obtaining unprecedented power over consumers.
When people start to learn about the rise in surveillance they start to feel overwhelmed. Some decide that it is impossible to be secure, so they resign themselves to live under perpetual surveillance or to forsake all forms of digital communication. Here, we believe there is a third way: our goal is to make a high degree of security easy and accessible for everyone. Much of the fight against surveillance takes place through the legal system and we applaud those who work in this arena. In contrast, our focus is on technology. When laws are unjust, we believe that a new technical reality is necessary in order to alter the legal and political possibilities.
Security overview
Type of security Human Device What is it? Simple changes you can make to your behavior. Steps to make your computer or phone less vulnerable to attack. Ways to encrypt individual messages you send and receive. Blocking sites that track you and encrypting your internet traffic. When is it useful? Helps prevent human error from being the weak leak in any security system. Useful whenever your device might physically fall into the hands of an attacker. Required if you want to ensure the confidentiality of a particular message while stored and transmitted. Helps protect against behavioral tracking, account hijacking, censorship, social network mapping, eavesdropping, and advertising.
Message
Network
Because network surveillance is so pervasive, it is a social problem that affects everyone all the time. In contrast, device and message security are important for people who are being individually targeted by repressive authorities. Improving your network security is fairly easy, in comparison to device or message security.
Having said that, it is important for people facing the prospect of targeted repression to employ device and message security, although this can take some time to learn. These help pages will aid in that journey.
Human Security
Simple behaviors to greatly improve your security
These security help pages include a lot of fancy talk about encryption. Ultimately, however, all this crypto-alchemy will be totally useless if you have insecure behavior. A few simple practices will go a long way toward increasing your security.
Dont pick a dictionary word or a proper noun! Passwords are often easy to crack because most people pick a password that is a variation on a word in the dictionary. There are simply not that many words in human languages: it is trivial for a computer to try them all! This includes words where you have replaced some letters with numbers. For example, L0V3 is just as easy to crack as LOVE. Dont use the same password for all your accounts. (insert here talk about password management tools). Also, it can be better to write down your passwords in a secure place rather than use the same one everywhere. Dont forget to change your password. You should change your password at least once a year. Never tell anyone your password, especially if they ask for it.
How do you create a password that is strong and yet easy to remember? This can be really tough. The general trick is to start with multiple words you can easily remember, convert them into non-words, and add a few uppercase letters and symbols for good luck. Here are some ideas:
Although you should not use a single dictionary word, multiple words strung together can make a great password. For example, 9meLonrain. Consider mixing words from different languages. For example: Them Eat 1e gateaU au ch()colaT' Create a non-sense acronym from a phrase that is easy for you to remember. For example, you could turn The Revolution Will Not Be Televised into trwNbt or even better trwNbt!4. Incorporating certain symbols, such as: 'c@t(heR1nthery3' 'To be or not to be? That is the question' becomes '2Bon2B?TitQ' 'Are you happy today?' becomes 'rU:-)2d@y?'
Risks evaluations
-watch communication channels you use and how you use them. Such as paper letters, faxes, landline phones, mobile phones, emails and Skype messages. -Consider how you store important information. Computer hard drives, email and web servers, USB memory sticks, external USB hard drives, CDs and DVDs, mobile phones, printed paper and hand-written notes are all likely possibilities. -information could be in the office, at home, in a trash bin out back or, increasingly, 'somewhere on the Internet.
-There are a few settings in your computer's BIOS that are relevant to physical security. First, you should configure your computer so that it will not boot from its floppy, CD-ROM or DVD drives. Second, you should set a password on the BIOS itself, so that an intruder cannot simply undo the previous setting. - To store your Windows or BIOS passwords for a particular computer; make sure that you do not keep your only copy of the database on that computer. -Get in the habit of locking your account whenever you step away from your computer. On Windows, you can do this quickly by holding down the Windows logo key and pressing the L key. This will only work if you have created a password for your account, as described above. -Encrypt sensitive information on computers and storage devices in your office
- make sure they have adequate ventilation, or they might overheat - Computer equipment should not be housed near radiators, heating vents, air conditioners or other ductwork.
Security policy
Have good alarm systems and take care of keys and know how take them and which parts of the office should be restricted to authorized visitors. Securely dispose of paper rubbish that contains sensitive information. Have a contact phone in the event of a fire, flood, or other natural disaster and companies or organizations that provide services such as electrical power, water and Internet access.
Record passwords
There is a feature in windows to create hidden notepad file to save your usual password. But this way is not useful for important password. To use this simply go: RUN>type CMD>type notepad (file name).text:hidden For example go to CMD and type: notepad anna.txt:hidden A new notepad file will open and ask you to save>click yes. Type what you want there and save changes and close. To reveal your hidden file repeat above command and see file again. But to record your password safely, portable keepass is a great tool with a master password, you shouldnt forget at all; otherwise, there is no way to recover that.
All Windows versions KeePass is also available for GNU Linux and Mac OS (in the KeePassX version http://www.keepassx.org ). You can find versions of KeePass for other platforms like iPhone, BlackBerry, Android, PocketPC, etc. If you however wish to try other similar programs we recommend: Password Safe available for Microsoft Windows and GNU Linux : http://passwordsafe.sourceforge.net 1Password available for Mac OS, Microsoft Windows, iPhone and iPad : http://agilewebsolutions.com/products/1Password
Portable KeePass is a secure and easy-to-use password management tool. Differences between Installed and Portable Versions of KeePass Given that portable tools are not installed on a local computer, their existence and use may remain undetected. However, keep in mind that your external device or USB memory stick, and portable tools are only as safe as the computer you are using, and may risk being exposed to adware, malware, spyware and viruses. There are no other differences between Portable KeePass and the version designed to be installed. How to Download and Extract KeePass Step 1. Click http://keepass.info/download.html to be directed to the appropriate download site.
Portable KeePass 2.17 (ZIP Package) to activate the Source Forge download
http://downloads.sourceforge.net/keepass/KeePass-2.17.zip
Step 4. Right click to activate the pop-up menu and then select the Extract files... item to activate the following screen:
The Extraction path and options window Step 5. Navigate to the removable drive or USB memory stick as shown in Figure below, and then click to create a new folder in which to extract the .
The Extraction path and options window document tree (resized) Note: Choosing a different name for the Portable KeePass folder may make its existence, and the fact that you are using it less obvious.
Step 7. Click
Step 8. Navigate to your external drive or USB memory stick, then open it to view the Portable KeePass folder.
The destination removable drive window displaying the newly extracted Portable KeePass folder Step 9. Double click In installation version Check the below: to begin using Portable KeePass. option as shown in figure
How to Create a New Password Database In the sections that follow, you will be taught how to create a master password, save your newlycreated database, generate a random password for a particular program, create a backup copy of the database and extract the passwords from KeePass when needed. To open KeePass, perform the following steps: Step 1. Select Start > Programs > KeePass Password Safe > KeePass or click the on your desktop to activate the KeePass main screen as follows: icon
How to Create a New Password Database Creating a new password database involves two steps: You must come up with a single, unique and strong master password that you will use to lock and unlock your database of passwords. Then, you must save that password database. To create a new password database, follow these steps:
Step 1. Select File > New as follows: This will activate the Create New Password Database screen as follows:
Step 2. Type in the master password you have invented into the Master Password field.
You will see an orange-green progress bar underneath the password entry. As you type in a password, the amount of green in the bar will increase if the complexity or strength of your password increases with the number of characters used. Tip: You should aim to have at least half the bar filled with green when you've done typing in your password.
Step 4. Type in the same password as before, then click Step 5. Click to see if you are typing in your password correctly. Warning: This is not advisable if you fear that someone may be looking over your shoulder. Once you have successfully typed in the master password twice, the KeePass console is activated as follows:
After you have created the password database, you need to save it. To save the password database, follow these steps: Step 1. Select File > Save As as follows:
Step 2. Type in a name for your new password database file. Step 3. Click your database. to save
Tip: Remember the location and file name of your database! It will come in very handy when you are creating a backup of it. Congratulations! You have successfully created and saved your secure password database. Now you can begin to fill it up with all your current and future passwords. How to Add an Entry The Add Entry screen lets you add account information, passwords and other important details into your newly-created database. In the example that follows, you will be adding entries to store passwords and user names for different websites and email accounts.
Step 1. Select Edit > Add Entry in the KeePass Password Safe screen to activate the Add Entry screen as follows:
Note: The Add Entry screen presents you with a number of fields to be completed. None of these fields are mandatory; information submitted here is largely for your own convenience. It may prove useful in situations where you are searching for a particular entry. A brief explanation of these different text boxes is presented as follows:
Group: KeePass lets you sort your passwords into pre-defined groups. For example: 'Internet' would be a good place to store passwords that relate to website accounts. Title: A name to describe the particular password entry. For example: Gmail password User name: The user name associated with the password entry. For example: securitybox@gmail.com URL: The internet site associated with the password entry. For example: https://mail.google.com Password: This feature automatically generates a random password when the Add Entry screen is activated. If you are registering a new email account, you can use the 'default' password in this field. You can also use this feature if you want to change an existing password for one generated by KeePass. Since KeePass will always remember it for you, there is no need to even see the password. A randomly generated password is considered strong (that is, difficult for an intruder to guess or break). Generating a random password on request will be described in the following section. You can, of course, replace the default password with one of your own. For instance, if you are creating an entry for an account that already exists you will want to enter the correct password here.
Repeat Password: The confirmation of the password. Quality: A progress bar that measures password strength according to length and randomness. The more green there is on the scale, the stronger your chosen password. Notes: Here is where you type in descriptive or general information about the account or site for which you are storing information. For example: Mail server settings: POP3 SSL, pop.gmail.com, Port 995; SMTP TLS, smtp.gmail.com, Port: 465 Note: Creating or modifying the password entries in KeePass does not change your actual passwords! Think of KeePass as a secure electronic address book for your passwords. It only stores what you write in it, nothing more. If you select Internet from the Group drop-down list, your password entry might resemble the following:
Step 2. Click
Note: The bottom panel of this window displays information about the entry selected. This includes creation, editing and expiry time as well as notes you may have recorded in the entry. It does not reveal the password.
Expires: Check this item to activate text boxes in which you can specify an expiry date. By doing this, you could add a reminder for yourself to change the password at a specific time (every 3 months, for example). When a password has expired, it will appear with a red cross next to its name, with a red cross next to its name as shown in the example below:
How to Edit an Entry You may edit an existing entry in KeePass at any time. You can change your password (it is generally considered good security practice to change a password every three to six months), or modify other details stored in the password entry. To edit an entry, perform the following steps: Step 1. Select the correct Group in the left-hand side to activate the entries associated with it. Step 2. Select the relevant entry, then right click on that selected entry to activate the following window:
To change an existing password (that you previously created yourself) for one generated and recommended by KeePass, please read the following section.
How to Generate Random Passwords Long, random passwords are considered strong in the world of security. Their randomness is based on mathematical principles and cannot simply be 'guessed' by someone who is trying to break into one of your accounts. KeePass supplies a Password Generator, to help you with this process. As you have seen above, a random password is automatically generated when you add a new entry. This section will describe how to generate one you. Note: The Password Generator can be activated from within the Add Entry and Edit/View Entry screens. Alternatively, select: Tools > Password Generator. Step 1. Click from within either the Add Entry or Edit/View Entry screen, to activate the Password Generator screen as follows:
The Password Generator screen presents a variety of choices for generating a password. You can specify the length of the desired password, the pool of characters from which it will be created and much else. For our purposes, we can use the default options presented. This means that the generated password will be 20 characters long and made up of lower and upper case letters, as well as numbers.
Step 2. Click to begin the process. When complete, KeePass will present the generated password to you.
Note: You can view the generated password by clicking . However, this creates a security risk as we discussed above. In essence, you will never need to see the generated password. We will explain more about it in section Using KeePass Passwords.
Step 3. Click
to accept the password and return to the Add Entry screen as follows:
Step 4. Click
Step 5. Select File > Save to save your updated password database.
How to Exit, Minimize and Restore KeePass You can minimise or exit the KeePass program at any time. When you open or restore it again, you will be prompted to enter your Master Password. KeePass minimises itself, appearing in your system tray (at the bottom right corner of the screen) as follows: . KeePass also lets you lock the program by performing the following steps: Step 1. Select File > Lock Workspace to activate the following screen:
Step 2. Click to save your information and disable the KeePass console and the following icon will appear in your System Tray: Step 3. Double click this icon to restore KeePass to its normal size, and activate the following screen:
To close KeePass perform the following step: Step 1. Select File > Exit to close the KeePass program completely. If you have any unsaved changes in the database, KeePass will prompt you to save them.
How to Create a Backup of the Password Database file The KeePass database file on your computer is denoted by its .kdb file extension. You can copy this file to a USB memory stick. No one else will be able to open the database without the master password. Step 1. Select File > Save As from the main screen, and save a copy of the database to another location. You can run the entire KeePass program from a USB memory stick. Please refer to the Portable KeePass page.
How to Reset your Master Password You can change the Master Password at any time. This can be done once you have opened the password database. Step 1. Select File > Change Master Key
Step 2. Type in the new Master Password twice when prompted to do so.
Using KeePass Passwords Given that a secure password is not easily memorized, KeePass lets you copy it from the database and paste it onto whatever account or website requires it. For greater security, a copied password will only remain on the clipboard for about 10 seconds, so it will save time to have your account or website already open and running, so that you can paste the relevant password there as required. Step 1. Right click on the required password entry to activate a drop-down list,
Step 2. Select Copy Password as follows: The KeePass Password Safe screen
Step 3. Go to related account site and paste password into appropriate field:
Tip: For efficient copying, pasting and switching windows, use the keyboard shortcuts. Press and hold the Ctrl key, then press C to copy a password. Press and hold the Ctrl key, then press V to paste that password. Press and hold the Alt key, then press the tab key to switch between open programs and windows. A Gmail Account displaying a pasted password
Note: By using KeePass all the time, you never actually have to see or know what your password is. The copy/paste functions take care of moving it from the database to the required window. If you use the Random Generator feature and then transfer this password to a new email account registration process, you will be using a password that you have never seen in plain view. And it still works!
Type KeePass in the search field at the top right and the application KeePassX should automatically appear in the listing.
Highlight the item (it may already be highlighted by default) and then press 'Install'. You will be asked to Authorise the installation process:
Enter your password and press 'Authenticate' the installation process will then begin.
Ubuntu does not offer very good feedback to show the software is installed. If the green progress indicator on the left has gone and the progress bar on the right has gone then you can assumed the software is installed. To check you can open the program from the menu Applications>Accessories->KeyPassX
Encrypting Passwords with KeePassX on Ubuntu First open KeePassX from the Applications->Accessories -> KeePassX menu.
The first time you use KeePassX you need to set up a new database to store your passwords. Click on File->New Database
Choose a strong password for this field - refer to the chapter about passwords if you would like some tips on how to do this. Enter the password and press 'OK'. You then are asked to enter the password again. Do so and press 'OK'. If the passwords are the same you will see a new KeePassX 'database' ready for you to use.
Now you have a place to store all your passwords and protect them by the 'master' password you just set. You will see two default categories 'Internet' and 'Email' - you can store passwords just under these two categories, you can delete categories, add sub-groups, or create new categories. For now we just want to stay with these two and add a password for our email to the email group. Right click on the email category and choose 'Add New Entry...':
So now fill this form out with the details so you can correctly identify which email account the passwords are associated with. You need to fill out the fields 'Title' and the password fields. All else is optional.
KeePassX gives some indication if the passwords you are using are 'strong' or 'weak'...you should try and make passwords stronger and for advice on this read the chapter about creating good passwords. Press 'OK' when you are done and you will see something like this:
To recover the passwords (see them) you must double click on the enter and you will see the same window you used for recording the information. If you click on the 'eye' icon to the right of the passwords they will be converted from stars (***) to the plain text so you can read it. Now you you can use KeePassX to store your passwords. However before getting too excited you must do one last thing. When you close KeePassX (choose File->Quit) it asks you if you would like to save the changes you have made.
Press 'Yes'. If it is the first time you used KeePassX (or you have just created a new database) you must choose a place to store your passwords. Otherwise it will save the updated information in the file you have previously created. When you want to access the passwords you must then open KeePassX and you will be asked for the master key. After typing this in you can add all your passwords to the database and see all your entries. It is not a good idea to open KeePassX and have it open permanently as then anyone could see your passwords if they can access your computer. Instead get into the practice of just opening it when you need it and then closing it again.
You can double click any of the items in the Keychain to view it's details and tick 'Show password:' to see the password associated with the item.
You will note that it will ask you for your master or login password to view the item.
You can access modify any of the items and also use the Keychain to securely save any bits and pieces of text using the notes. To do this click on notes and then choose 'New secure Note item' from the file menu.
Device Security
Disk Encryption
Difficulty: Easy to Hard Why: Prevent access of information stored on your computers hard disk. Easiest: LUKS encrypion of partitions at fresh installation. Easy: formatting new partition with LUKS, move existent data there and scrub the old location of data: http://code.google.com/p/diskscrub/ Medium: LUKS encryption on LVM. Medium: ecryptfs over specific files/directories. Hard: encryption of whole disk, with key file placed in another device (like a pendrive). Hardest: Steganographic methods. In first section we discussed how to work with LUKS and dm-crypt in detail.
Personal Firewall
Firewall Difficulty: Easy Why: Make your computer less vulnerable to outside attack from the network.
Following instructions are condensed adaptations of articles 1.https://help.ubuntu.com/community/EncryptedFilesystemsOnRemovableStorage 2.https://help.ubuntu.com/community/EncryptedFilesystemHowto You can Set up your drives using these instructions on Ubuntu 8.10 but you are be able to successfully mount and access the drives using Ubuntu 8.04 Hardy Heron. The process may have been faster using eSATA and the method can also be easily adapted for creating a handy, encrypted USB thumb drive. Necessary Software In order to start, you must have the cryptsetup package already installed: sudo apt-get install cryptsetup Finding the drive After powering on the drive and hooking it up to the computer you need to identify the device: dmesg | tail -20 [33884.688746] usb 4-1: new high speed USB device using ehci_hcd ... [33884.764079] usb 4-1: configuration #1 chosen from 1 choice [33884.764868] scsi8 : SCSI emulation for USB Mass Storage devices [33884.765316] usb-storage: device found at 9 [33884.765321] usb-storage: waiting for device to settle before scan... [33888.042416] usb-storage: device scan complete [33888.043707] scsi 8:0:0:0: Direct-Access HDS72505 0KLA360 ... [33888.047550] sd 8:0:0:0: [sdb] 976773168 512-byte hardware sectors [33888.048292] sd 8:0:0:0: [sdb] Write Protect is off [33888.048300] sd 8:0:0:0: [sdb] Mode Sense: 00 38 00 00 [33888.048305] sd 8:0:0:0: [sdb] Assuming drive cache: write through [33888.049648] sd 8:0:0:0: [sdb] 976773168 512-byte hardware sectors [33888.050421] sd 8:0:0:0: [sdb] Write Protect is off [33888.050428] sd 8:0:0:0: [sdb] Mode Sense: 00 38 00 00 [33888.050432] sd 8:0:0:0: [sdb] Assuming drive cache: write through [33888.050438] sdb: unknown partition table
[33888.066470] sd 8:0:0:0: [sdb] Attached SCSI disk [33888.066545] sd 8:0:0:0: Attached scsi generic sg2 type 0 In the example above (from the first article) you can see that the drive has been recognized as /dev/sdb. Your drives may show up differently (mine appeared as /dev/sdd and /dev/sde.) Ill continue to use /dev/sdb to refer to the drive we are working with, but you should replace it with whatever your result is.
Create the partition Before you can actually set up encryption or format the drive, you must create a partition. This is simply a portion of the drive you intend to store data on. A single physical drive may contain multiple partitions (as is usually the case with a Linux boot drive) or just one. At this point you could easily choose to set up both an encrypted and a non-encrypted partition on your drive. You dont have a need for this, so continue with a single partition. While it can be accomplished via the command line, choose the graphical GParted program, available under the System -> Administration -> Partition Editor menu. Choose your device via the drop-down menu in the upper right-hand corner. Then, select the unallocated space and create a new partition that encompasses the entire available space. We do not want to format the partition, only create it, so select unformatted as the filesystem.
Click Apply and your new partition will be created. You should now have a partition named something like /dev/sdb1 (notice theres now a number added.) Once you have created the partition successfully, close GParted.
Setting up encryption The next section is copied verbatim from the aforementioned article: The dm-crypt, sha256 and aes kernel modules will need to be loaded prior to encrypting the partition:
sudo modprobe dm-crypt sudo modprobe sha256 sudo modprobe aes If the following error messages appear when loading sha256 and aes: sudo modprobe sha256 WARNING: Error inserting padlock_sha ... No such device sudo modprobe aes WARNING: Error inserting padlock_aes ... No such device It is an indication that the system does not have a hardware cryptographic device.See https://bugs.launchpad.net/ubuntu/+source/linux/+bug/206129 The workaround is to add the following lines (using your favorite editor) to the bottom of /etc/modprobe.d/aliases and re-run the modprobe commands for the sha256 and aes kernel modules: alias sha256 sha256_generic alias aes aes_generic Note that this is only necessary when we are setting up the drive. Later we will access them through Gnome and wont need these modules. Encrypting the partition Finally, we can run the command to encrypt the /dev/sdb1 partition. While there are other ways of securing your encrypted drive (such as key file stored locally or on a USB flash drive). Choose a strong passphrase; any password 12 characters or longer not consisting of dictionaryfindable words should suffice. Use the following command: sudo cryptsetup --verify-passphrase luksFormat /dev/sdb1 -c aes -s 256 -h sha256
verify-passphrase ensures the passphrase is entered twice to avoid an incorrect passphrase being used -c aes specifies the use of AES encryption (c for cipher): http://en.wikipedia.org/wiki/Advanced_Encryption_Standard -s 256 specifies a 256-bit key size -h sha256 use 256-bit SHA for password hashing: http://en.wikipedia.org/wiki/SHA
To reducing some computational overhead use 128-bit AES encryption instead. Therefore, command instead looks something like: sudo cryptsetup --verify-passphrase luksFormat /dev/sdb1 -c aes -s 128 -h sha256
Creating the filesystem After setting up the encrypted partition, you must open and map it in order to set up the filesystem and begin using it. Start with: sudo cryptsetup luksOpen /dev/sdb1 secureUSB it should prompt you for your passphrase and map the drive to /dev/mapper/secureUSB. Now you can format the encrypted partition with a filesystem using whatever method you prefer. Such as using GParted to format in ext3, I have already mentioned. Like before, select the device you want to create the filesystem on in this case /dev/mapper/secureUSB. You should again see a block of unallocated space, which you should select and create a new partition within. You may be presented with a big, scary message about setting a disklabel tell it to create (since you have no data to lose on the drive at this point anyway!) The create new partition screen will look just the same as before, only this time you will want to specify the filesystem type you want to use. Apply all the pending operations and wait for the formatting process it can take quite a while, especially for large drives.
Mounting the encrypted drive Having successfully set up encryption and created a filesystem, were almost ready to to mount the drive and begin using it! (Of course, this is still assuming youre using USB. If youre using eSATA then this wont work easily.
Shut down the computer, disconnect the drive, and reboot. Once youre back up and logged in, reconnect the drive and Gnome should prompt you for the passphrase and then mount automatically.
If you want the drive to unlock automatically on this computer, select remember forever. After youre unlocked and mounted, the final step is to take ownership of the drives root folder with a user other than your sudo/root user: sudo chown youruser:youruser /media/disk Where youruser is the user you want to have ownership and /media/disk is where gnome automounted the drive. For more information see: http://www.g-loaded.eu/2005/11/10/encrypt-devices-using-dm-crypt-and-luks/ http://www.emcken.dk/weblog/archives/164-encrypted-usb-drive-in-ubuntu.html
eCryptfs
eCryptfs is a POSIX-compliant enterprise-class stacked cryptographic filesystem for Linux. Layering on top of the filesystem layer eCryptfs protects files no matter the underlying filesystem, partition type, etc. During installation there is an option to encrypt the /home partition. This will automatically configure everything needed to encrypt and mount the partition. As an example, this section will cover configuring /srv to be encrypted using eCryptfs.
Using eCryptfs First, install the necessary packages. From a terminal prompt enter: sudo apt-get install ecryptfs-utils Now mount the partition to be encrypted: sudo mount -t ecryptfs /srv /srv You will then be prompted for some details on how ecryptfs should encrypt the data. To test that files placed in /srv are indeed encrypted copy the /etc/default folder to /srv: sudo cp -r /etc/default /srv Now unmount /srv, and try to view a file: sudo umount /srv cat /srv/default/cron Remounting /srv using ecryptfs will make the data viewable once again.
Automatically Mounting Encrypted Partitions There are a couple of ways to automatically mount an ecryptfs encrypted filesystem at boot. This example will use a /root/.ecryptfsrc file containing mount options, along with a passphrase file residing on a USB key. First, create /root/.ecryptfsrc containing:
key=passphrase:passphrase_passwd_file=/mnt/usb/passwd_file.txt ecryptfs_sig=5826dd62cf81c615 ecryptfs_cipher=aes ecryptfs_key_bytes=16 ecryptfs_passthrough=n ecryptfs_enable_filename_crypto=n Adjust the ecryptfs_sig to the signature in /root/.ecryptfs/sig-cache.txt. Next, create the /mnt/usb/passwd_file.txt passphrase file: passphrase_passwd=[secrets] Now add the necessary lines to /etc/fstab: /dev/sdb1 /mnt/usb ext3 /srv /srv ecryptfs defaults 0 0 ro 00
Make sure the USB drive is mounted before the encrypted partition. Finally, reboot and the /srv should be mounted using eCryptfs.
Other Utilities The ecryptfs-utils package includes several other useful utilities:
ecryptfs-setup-private: creates a ~/Private directory to contain encrypted information. This utility can be run by unprivileged users to keep data private from other users on the system. ecryptfs-mount-private and ecryptfs-umount-private: will mount and unmount respectively, a users ~/Private directory. ecryptfs-add-passphrase: adds a new passphrase to the kernel keyring. ecryptfs-manager: manages eCryptfs objects such as keys. ecryptfs-stat: allows you to view the ecryptfs meta information for a file.
You can encrypt your files, making them unreadable to anyone but you or you can hide them in the hope that an intruder will be unable to find your sensitive information. TrueCrypt or DiskCryptor can both encrypt and hide your file. While other software can provide encryption that is equally strong, TrueCrypt was designed specifically to make this kind of secure file storage as simple as possible. When your TrueCrypt volume is 'mounted' (whenever you can access the contents yourself), your data may be vulnerable, so you should keep it closed except when you are actually reading or modifying the files inside it.
- Disconnect encrypted volumes mounted when you walk away from your computer for any length of time. - Disconnect them before putting your computer to sleep. - Disconnect them before allowing someone else to handle your computer. - Disconnect them before inserting an untrusted USB memory stick or other external storage device, including those belonging to friends and colleagues. - If you keep an encrypted volume on a USB memory stick, remember that just removing the device may not immediately disconnect the volume. Even if you need to secure your files in a hurry, you have to dismount the volume properly, then disconnect the external drive or memory stick, then remove the device. You might want to practice until you find the quickest way to do all of these things.
If you decide to keep your TrueCrypt volume on a USB memory stick, you can also keep a copy of the TrueCrypt program with it. TrueCrypt's deniability feature is one of the ways in which it goes beyond what is typically offered by file encryption tools. This feature can be thought of as a peculiar form of steganography that disguises your most sensitive information as other, less sensitive, hidden data. it works by storing a 'hidden volume' inside your regular encrypted volume. You open this hidden volume by providing an alternate password that is different from the one you would normally use.
Windows 2000/XP/2003/Vista/7 Administrator rights required for installation or to create volumes but not to access existing volumes
GNU Linux, Mac OS and other Microsoft Windows Compatible Programs: Note: it is possible to use TrueCrypt for GNU Linux and Mac OS. Many GNU Linux distributions, for instance Ubuntu: http://www.ubuntu.com, support on-the-fly encryption-decryption for the entire disk as a standard feature. You can decide to use it when you install the system. You can also add the encryption functionality to your Linux system by using an integration of dm-crypt : http://www.saout.de/misc/dm-crypt and cryptsetup and LUKS: http://code.google.com/p/cryptsetup . Another approach is to use ScramDisk for Linux SD4L: http://sd4l.sourceforge.net , a free and open source on-the-fly encryption-decryption program.
For the Mac OS you can use FileVault, which is part of the operating system, to provide on-thefly encryption and decryption for the content of your home folder, and all the sub-folders. You may also find the free and open source program Encrypt This : http://www.nathansheldon.com/files. It can encrypt selected files into .DMG disk image. There are many encryption programs for Microsoft Windows. We recommend a few of them below:
http://www.ce-infosys.com/english/free_compusec/free_compusec.aspx It is free, proprietary, on-the-fly encryption/decryption program. It can either encrypt a portion of or the entire computer disk, USB drives or a CD. The DataCrypt module of CompuSec can be used to encrypt individual files as well.
CryptoExpert 2009 Lite: http://www.cryptoexpert.com/lite is free, proprietary, on-thefly encryption-decryption program that creates container encryption files, similar to TrueCrypt. AxCrypt: http://www.axantum.com/AxCrypt is a free and open source program that can encrypt separate files. Steganos LockNote: https://www.steganos.com/us/products/for-free/locknote/overview is a free and open source program. You can use it to encrypt or decrypt any text. The text will be stored in the LockNote application: The mechanism to encrypt or decrypt a note is part of it. LockNote is portable, and installation is not required.
How to Install TrueCrypt Step 1. Double click appear. If it does, click ; the Open File - Security Warning dialog box may to activate the TrueCrypt License screen.
Step 2. Check the I accept and agree to be bound by the license terms option to enable the Accept button; click to activate the following screen:
Install mode: This option is for users who do not wish to hide the very fact that they use TrueCrypt on their computer. Extract mode: This option is for users who wish to carry a portable version of TrueCrypt on a USB memory stick and do not wish to have TrueCrypt installed on their computer. Note: Some of the options (for example, entire partition and disk encryption) will not work when TrueCrypt is extracted only. Note: Although the default Install mode is recommended here, you may still use TrueCrypt in portable mode later on. To learn more about using the TrueCrypt Traveller mode, please refer to Portable TrueCrypt .
Step 3. Click
The Setup Options window Step 4. Click system. Step 5. Click to activate the Installing screen to begin installing TrueCrypt on your
The TrueCrypt Setup confirmation dialog box Step 6. Click to launch the TrueCrypt web site, and complete the TrueCrypt .
Note: All users are strongly encouraged to consult the help documentation available from TrueCrypt after completing this tutorial.
How to Create a Standard Volume TrueCrypt lets you create two kinds of volumes: Hidden and Standard. In this section, you will learn how to create a Standard Volume in which to store your files. To begin using TrueCrypt to create a Standard Volume, perform the following steps: Step 1. Double click or Select Start > Programs > TrueCrypt > TrueCrypt to open TrueCrypt. Step 2. Select a drive from the list in the TrueCrypt pane as follows:
The TrueCrypt console Step 3. Click to activate the TrueCrypt Volume Creation Wizard as follows:
There are three options for encrypting a Standard Volume. We will use the Create an encrypted file container option. Step 4. Click to activate the following screen:
The Volume Type window The TrueCrypt Volume Creation Wizard Volume Type window lets you specify whether you would prefer to create a Standard or Hidden TrueCrypt volume. Step 5. Check the Standard TrueCrypt Volume option. Step 6. Click to activate the following screen:
The Volume Creation Wizard - Volume Location pane You can specify where you would like to store your Standard Volume in the Volume Creation Wizard - Volume Location screen. This file can be stored like any other file.
Step 7. Either type in the name of the file into the text field, or click the following screen:
to activate
The Specify Path and File Name navigation window Note: A TrueCrypt Volume is contained inside a normal file. This means that it can be moved, copied or even deleted! You need to remember both the location and name of the file. However, you must choose new file name for the volume you create (also refer to section How to Create a Standard Volume on a USB Memory Stick). There, we will create our Standard Volume in the My Documents folder, and name the file My Volume as shown in figure above. Tip: You can use any file name and file extension. For example, you can name your Standard Volume recipes.doc, so that it will look like a Word document, or holidays.mpg, so it will look like a movie file. This is one way you can help disguise the existence of your Standard Volume. Step 8. Click to close the Specify Path and File Name window and return to the Volume Creation Wizard window as follows:
The TrueCrypt Volume Creation Wizard displaying the Volume Location pane Step 9. Click to activate following figure.
How to Create a Standard Volume on a USB Memory Stick To create a TrueCrypt Standard Volume on a USB memory stick, perform steps 1 to 7 in section How to Create a Standard Volume, where you activate the Select a TrueCrypt Volume screen. Instead of choosing My Documents as your file location, navigate to and then choose your USB memory stick. Then, enter a file name and create the Standard Volume there. How to Create a Standard Volume At this stage, you are ready to choose a specific encryption method (or algorithm as it is referred to on the screen) to encode the data that will be stored in your Standard Volume.
The Volume Creation Wizard Encryption Options pane Note: You may leave the default options here as they appear. All algorithms presented in the two options here are considered secure.
The Volume Creation Wizard displaying the Volume Size pane The Volume Size pane lets you specify the size of the Standard Volume. In this example, it is set at 10 megabytes. However, you may specify a different size. Consider the size of the documents and file types you would like to store, and then set an appropriate volume size for them. Tip: If you would like to backup your Standard Volume to a CD later on, then you should set the size to 700MB or less. Step 11. Type in your specific volume size into the text field, and then click activate the following screen: to
The TrueCrypt Volume Creation Wizard featuring the Volume Password pane Important: Choosing a secure and strong password is among the most important tasks you will perform when creating a Standard Volume. A good password will protect your encrypted volume
and the stronger the password you choose, the better. You don't have to create your own passwords, or even remember them, if you use a password generation program like KeePass. Step 12. Type your password and then re-type your password into the Confirm text fields. Important: The Next button will remain disabled until passwords in both text fields match. If your password is not particularly safe or secure, you will see a warning advising you of this. Consider changing it! Although TrueCrypt will still work with any password you have chosen, your data may not be very secure. Step 13. Click to activate the following screen:
The TrueCrypt Volume Creation Wizard featuring the Volume Format pane TrueCrypt is now ready to create a Standard Volume. Move your mouse randomly within the TrueCrypt Volume Creation Wizard window for few seconds. The longer you move the mouse, the better the quality of the encryption key. Step 14. Click to begin creating your standard volume.
TrueCrypt will now create a file named My Volume in the My Documents folder as earlier specified. This file will contain a TrueCrypt Standard Volume, 10 Megabytes in size that you can use to securely store your files. After a Standard Volume has been successfully created, the following dialog box will appear:
The TrueCrypt volume has been successfully created message screen Step 15. Click TrueCrypt console. Step 16. Click to complete creating your Standard Volume and return to the
Portable TrueCrypt
Differences between the Installed and Portable versions of TrueCrypt Given that portable tools are not installed on a local computer, their existence and use may remain undetected. However, keep in mind that your external device or USB memory stick, and portable tools are only as safe as the computer you are using, and may risk being exposed to adware, malware, spyware and viruses. Portable TrueCrypt allows you to use a powerful and simple file encryption tool without being detected. Having Portable TrueCrypt on removable device or USB memory stick lets you use it from different workstations. There are very few differences between both the installed and portable versions of Portable TrueCrypt, the main one being that Portable TrueCrypt does not permit the encryption of the entire disk or system disk. For more information regarding the differences between TrueCrypt and Portable TrueCrypt, please refer to the following page: http://www.truecrypt.org
Downloading, Extracting and Using Portable TrueCrypt Note: The folder into which Portable TrueCrypt is to be extracted must be created manually on the removable device or USB memory stick before the extraction process. Step 1. Navigate to your removable device or USB memory stick in which to extract the Portable TrueCrypt program, and then right-click to activate its associated menu. Step 2. Select the New item to activate its sub-folder, and then select the Folder sub-menu item, as shown in Figure below:
The Windows explorer folder and sub-folder Step 3. Enter the name of the folder. Note: You may give this folder a less obvious name to conceal the existence of the Portable TrueCrypt program. Portable TrueCrypt can be extracted from the same archive as installation version. To download Portable TrueCrypt, perform the almost similar following steps: Step 1. Open www.truecrypt.org/downloads Step 2. Click following screen: beneath the section to activate the
The Opening TrueCrypt Setup 7.0a.exe installation prompt Step 3. Click then navigate to it. Step 4. Double click appear; if it does, click to save the installation file to your computer, and
; the Open File - Security Warning dialog box may to activate the TrueCrypt installation wizard.
Step 5. Check the Extract option to extract TrueCrypt portable to a removable drive or USB device as shown in Figure below:
Step 6. Click
The Extraction Options window Step 7. Click to activate the Browse for Folders window as follows:
The Browse for Folder window Step 8. Navigate to your destination folder on either the external drive or USB memory stick, and then click , to return the Extraction Options window as follows:
The Extraction Options window displaying the destination folder Step 9. Click to begin extracting TrueCrypt to your removable drive or USB memory stick; a few seconds later, the following windows will appear:
The TrueCrypt pop-up confirmation dialog box and Extraction Complete window Step 10. Click and then click to complete the installation process. option was enabled (as it usually is by default), the
An example of Portable TrueCrypt extracted to a removable drive Step 11. Navigate to and then double click to run Portable TrueCrypt.
Please refer to the Truecrypt chapter in the Hands-on Guide section from this point onwards, for instructions on how to use TrueCrypt. How to Eliminate All Traces of Having Extracted Portable TrueCrypt Important: After you have successfully extracted Portable TrueCrypt to your external/removable device, you must delete the installation file from your computer to further eliminate any traces of you having downloaded and installed Portable TrueCrypt. Step 1. Navigate to the folder in which Portable TrueCrypt was downloaded, and then right click the installation file to activate the Windows pop-up menu; then, select the Delete command to move it to your Recycle Bin. Step 2. Double click to open its associated window, and then select and delete the file.
Note: If you have either CCleaner or Eraser installed, you can use either of them to eliminate all traces of your having ever downloaded and installed Portable TrueCrypt.
How to Mount a Standard Volume In TrueCrypt, to mount a Standard Volume refers to making the standard volume available for use. In this section, you will learn how to mount your newly created standard volume. To begin mounting your standard volume, perform the following steps: Step 1. Double click TrueCrypt. or Select Start > Programs > TrueCrypt > TrueCrypt to open
The TrueCrypt console In this example the Standard Volume will be mounted as the M: drive. Note: In the following figure, the M: drive has been selected for mounting the standard volume; however, you may choose another listed drive. Step 3. Click The Select a TrueCrypt Volume screen will appear as follows:
The Select a TrueCrypt Volume screen Step 4. Select the standard volume file that you created, then click and return to the TrueCrypt console. Step 5. Click to close figure 2
The Enter password prompt screen Step 6. Type the password in the Password: text field. Step 7. Click to begin mounting the Standard Volume.
Note: If the password you typed is incorrect, TrueCrypt will prompt you to re-type your password and click mounted as follows: . If the password is correct, the Standard Volume will be
The TrueCrypt console displaying the newly mounted Standard Volume Step 8. Double click the highlighted entry in TrueCrypt or double click the corresponding drive letter in the My Computer screen to access the Standard Volume (now mounted on drive M: on your computer).
Accessing the Standard Volume through the My Computer screen Note: We have just successfully mounted the My Volume standard volume on a virtual disk M: This virtual disk behaves like a real disk, except that it is entirely encrypted. Any files will be automatically encrypted when you copy, move or save them to this virtual disk (a process known as on-the-fly encryption). You can copy files to and from the Standard Volume just as you would copy them to any normal disk (for example, by dragging-and-dropping them). When you move a file out of the Standard Volume, it is automatically decrypted. Conversely if you move a file onto the Standard Volume, TrueCrypt automatically encrypts it. If your computer crashes or is suddenly switched off, TrueCrypt will immediately close the Standard Volume. Important: After transferring files to the TrueCrypt volume, make sure that no traces of the files are left behind on the computer or USB memory stick that they came from.
How to Dismount the Standard Volume In TrueCrypt, to dismount a Standard Volume simply means to make a volume unavailable for use.To close or dismount a Standard Volume and make its files accessible only to someone with a password, perform the following steps: Step 1. Select the volume from the list of mounted volumes in the main TrueCrypt window as follows:
Selecting the Standard Volume to be dismounted Step 2. Click to dismount or close your TrueCrypt standard volume.
Important: Make sure to dismount your TrueCrypt volume before putting your computer to Standby or Hibernate mode. Better yet, always shut-down your computer or laptop if you plan on leaving it unattended. This will prevent anyone from being able to gain your volume password. To retrieve a file stored in your standard volume once you have closed or dismounted it, you will have to mount it again.
The My Documents window displaying the My Volume file Step 2. Save the file to an external memory device, like a CD, DVD or a USB memory stick. Tip: If you have large amounts of data that you want to encrypt and archive repeatedly, why not create a new Standard Volume which is the same size as a CD or DVD? This could be used as a secure storage technique. Before you back up the standard volume to a removable device, make sure that the device size corresponds to the size of your volume. Backup Medium CD DVD
USB memory Suggested 25% of total capacity (e.g. For 128MB USB stick, use 30MB for your Standard Volume) stick
About Hidden Volumes In TrueCrypt, a Hidden Volume is stored within your encrypted Standard Volume, but its existence is concealed. Even when you 'mount' or open your standard volume, it is not possible either to find or to prove the existence of the hidden volume. If you are forced to reveal your password and the location of your standard volume, then its content may be revealed, but not the existence of the hidden volume within. Imagine a briefcase with a secret compartment. You keep files that you do not mind having confiscated or losing in the normal section of your briefcase, and you keep the important and private files in the secret compartment. The point of the secret compartment (especially a welldesigned one), is to hide its own existence and therefore, the documents within it. How to a Create a Hidden Volume The creation of a TrueCrypt Hidden Volume is similar to creating a TrueCrypt Standard Volume: Some of the panes, screens and windows are even the same. Step 1. Open TrueCrypt. Step 2. Click Step 3. Click to activate the TrueCrypt Volume Creation Wizard. to accept the default Create an encrypted file container option.
The TrueCrypt Volume Creation Wizard with the Hidden TrueCrypt volume option enabled Step 5. Click to activate the following screen:
The TrueCrypt Volume Creation Wizard - Mode window Direct mode: This option lets you create the Hidden Volume within an existing Standard Volume.
Normal mode: This option lets you create a completely new Standard Volume in which to store the Hidden Volume.In this example, we will use the Direct mode.
Note: If you would rather start a new Standard Volume, please repeat the process from the section How to Create a Standard Volume. Step 6. Check the Direct Mode option and then click Volume Creation - Volume Location window. to activate the TrueCrypt
Note: Make sure the Standard Volume is unmounted before selecting it. Step 7. Click to activate the following screen:
Step 8. Locate the volume file using the Select a TrueCrypt Volume window as shown in the figure. Step 9. Click Step 10. Click to return to the TrueCrypt Volume Creation Wizard. to activate the Enter password screen.
Step 11. Type in password you used when creating the Standard Volume into the Password text field to activate the following screen:
The TrueCrypt Volume Creation Wizard - Hidden Volume Message pane Step 12. Click after you have read the message to activate the Hidden Volume Encryptions Options screen. Note: Leave both the default Encryption Algorithm and Hash Algorithm settings for the Hidden Volume as they are. Step 13. Click to activate the following screen:
The TrueCrypt Volume Creation Wizard - Hidden Volume Size window You will be prompted to specify the size of the Hidden Volume. Note: Consider the kind of documents, their quantity and size that need to be stored. Do leave some space for the Standard Volume. If you select the maximum size available for the Hidden Volume, you will not be able to put any more new files into the original Standard Volume.
If your Standard Volume is 10 Megabytes(MB) in size and you specify a Hidden Volume size of 5MB (as shown in figure above), you will have two volumes (one hidden and one standard volume) of approximately 5MB each. Ensure that the information you store in the Standard Volume does not exceed the 5MB you have set. This is because the TrueCrypt program itself does not automatically detect the existence of the Hidden Volume, and it could accidentally overwrite it. You may risk losing all files stored in the hidden volume if you exceed your previously established size. Step 14. Type in the desired hidden volume size into the corresponding text box as its shown in figure above. Step 15. Click to activate the Hidden Volume Password window.
You must now create a different password for the hidden volume from the one used to protect your standard volume. Again, remember to choose a strong password. Please refer to the KeePass chapter to learn more about creating strong passwords. Tip: If you anticipate being forced to reveal the contents of your TrueCrypt volumes, then store your password for the standard volume in KeePass, and create a strong password that you only have to remember for hidden volume. This will help you to conceal your hidden volume, as you will not leave any trace of its existence. Step 16. Create a password and type it in twice, and then click following screen: to activate the
Leave the default File System and Cluster options as they are. Step 17. Move the mouse cursor around the screen to increase the cryptographic strength of the encryption and then click to format the hidden volume.
After the hidden volume has been formatted, the following screen appears:
The TrueCrypt Volume Creation Wizard message screen Note: Figure 8 both confirms that you have successfully created a hidden volume, as well as warning you against the dangers of overwriting files in the hidden volume when storing files in the standard volume. Step 18. Click to activate the Hidden Volume Created window and then click
and return to the TrueCrypt console. The hidden volume has now been created inside your standard volume. You may now store documents in the hidden volume, which remain invisible even to someone who has obtained the password for that particular standard volume. How to Mount the Hidden Volume The method for mounting or making a Hidden Volume accessible for use is exactly the same as that for a Standard Volume; the only difference is you will use the password that you have just created for the Hidden Volume. To mount or open the Hidden Volume, perform the following steps: Step 1. Select a drive from the list (in this example, drive K):
A mount drive selected in the TrueCrypt Volume screen Step 2. Click to activate the Select a TrueCrypt Volume window.
Step 3. Navigate to and then select your TrueCrypt volume file (same file as for the standard volume). Step 4. Click Step 5. Click to return to the TrueCrypt console. to activate the Enter Password for prompt screen as follows:
The Enter Password screen Step 6. Type the password you used to create the hidden volume, and then click Your hidden volume is now mounted (or opened) as follows: .
The TrueCrypt main screen displaying the newly mounted Hidden Volume Step 7. Double click on above entry or access it through the My Computer window.
Tips on How to Use the Hidden Disk Feature Securely The purpose of the hidden disk feature is to escape a potentially dangerous situation by appearing to hand over your encrypted files, when someone in a position of power demands to see them, without actually being forced to reveal your most sensitive information. In addition to
protecting your data, this may allow you to avoid further jeopardizing your own safety or exposing your colleagues and partners. For this technique to be effective, you must create a situation where the person demanding to see your files will be satisfied by what you show them and let you go. To do this, you may want to implement some of the following suggestions:
Put some confidential documents that you do not mind having exposed in the standard volume. This information must be sensitive enough that it would make sense for you to keep it in an encrypted volume. Be aware that someone demanding to see your files may know about hidden volumes. If you are using TrueCrypt correctly, however, this person will not be able to prove that your hidden volume exists, which will make your denial more believable. Update the files in the standard volume on a weekly basis. This will create the impression that you really are using those files. Whenever you mount a TrueCrypt volume, you can choose enable the Protect hidden volume against damage caused by writing to outer volume feature. A very important feature, it lets you add new 'decoy' files to your standard volume without the risk of you accidentally deleting or overwriting the encrypted contents of your hidden volume. As mentioned earlier, exceeding the storage limit on your standard volume may otherwise destroy your hidden files. Do not enable the Protect hidden volume feature when forced to mount a TrueCrypt volume, because doing so requires you to enter the secret password to your hidden volume and will clearly reveal that volume's existence. When you are updating your decoy files in private, however, you should always enable this option. To use the Protect hidden volume feature, perform the following steps: Step 1. Click on the Enter Password prompt shown in figure 10, above. This will activate the Mount Options window as follows:
The Mount Options window Step 2. Check the Protect hidden volume against damage caused by writing to outer volume option. Step 3. Type in your Hidden Volume password, and then click .
Step 4. Click to mount your standard volume. After you have successfully mounted it, you will be able to add decoy files without damaging your hidden volume. Step 5. Click to dismount or your make your standard volume unavailable for use, when you have finished modifying its contents. Remember: You only need to do this when you are updating the files in your standard volume. If forced to reveal your standard volume to someone else, you should not use the Protect hidden volume feature.
From the '(Select a package)' drop down menu you can choose from four options:
This is a little technical - the console version is the one you choose if you are either very technical and don't like Graphical User Interfaces or you wish to run this on a machine that you have only a terminal (command line or 'shell') access to (like a remote server for example). Assume you are running this in your laptop its best to choose the easy 'standard' option - this will give you a nice user interface to use. From these two options you need to choose the one most suitable for the architecture of your machine. Don't know what this means? Well, it basically comes down to the type of hardware (processor) running on your computer, the options are 32bit or 64-bit. Unfortunately Ubuntu does not make it easy for you to find this information if you don't already know it. You need to open a 'terminal' from the Applications->Accessories menu and type the following, followed by the [enter] key uname -a The output will be something like 'Linux bigsy 2.6.32-30-generic #59-Ubuntu SMP Tue Mar 1 21:30:46 UTC 2011 x86_64 GNU/Linux'. In this instance you can see the architecture is 64-bit ('x86_64'). In this example I would choose the 'Standard - 64-bit (x64)' option. If you see 'i686' somewhere in the output of the uname command then you would choose the other standard option to download. Once selected press the 'download' button and save the file to somewhere on your computer. So the installation process is still not over. The file you downloaded is a compressed file (to make downloading it is faster) and you need to first de-compress the file before you install it.
Fortunately Ubuntu makes this easy - simply browse to the file on your computer and right click on it and choose 'Extract Here'.
You will see a new file appear next to the compressed file:
Nearly done! Now right click on the new file and choose 'open' :
Now we are getting somewhere...press 'Install TrueCrypt'. You will be displayed a user agreement. At the bottom press 'I accept and agree to be bound by the license terms' (sounds serious). You will then be shown another info screen telling you can uninstall TrueCrypt. Press 'OK' then you will be asked for your password to install software on your computer. Enter your password and then you will finally see a screen like this:
TrueCrypt is installed and you can access it from the Applications->accessories menu...close the setup window.
2. Download this to your computer find the .dmg file and open it to acces the installation package.
3. Open the installation package, and click away through the dialogues.
4. Choose the standard installation. (You can choose to do a customized installation and deselect FUSE, but why would you? You need it!)
6. After the installation finishes you can find the program in your Applications folder
Steganography
Steganography is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message, a form of security through obscurity. The word steganography is of Greek origin and means "concealed writing" from the Greek words steganos () meaning "covered or protected", and graphei () meaning "writing". The first recorded use of the term was in 1499 by Johannes Trithemius in his Steganographia, a treatise on cryptography and steganography disguised as a book on magic. Generally, messages will appear to be something else: images, articles, shopping lists, or some other covertext and, classically, the hidden message may be in invisible ink between the visible lines of a private letter. The advantage of steganography, over cryptography alone, is that messages do not attract attention to themselves. Plainly visible encrypted messagesno matter how unbreakablewill arouse suspicion, and may in themselves be incriminating in countries where encryption is illegal. Therefore, whereas cryptography protects the contents of a message, steganography can be said to protect both messages and communicating parties. Steganography includes the concealment of information within computer files. In digital steganography, electronic communications may include steganographic coding inside of a transport layer, such as a document file, image file, program or protocol. Media files are ideal for steganographic transmission because of their large size. As a simple example, a sender might start with an innocuous image file and adjust the color of every 100th pixel to correspond to a letter in the alphabet, a change so subtle that someone not specifically looking for it is unlikely to notice it.
Techniques
Physical Steganography has been widely used, including in recent historical times and the present day. Possible permutations are endless and known examples include:
Hidden messages within wax tablets in ancient Greece, people wrote messages on the wood, then covered it with wax upon which an innocent covering message was written. Hidden messages on messenger's body also used in ancient Greece. Herodotus tells the story of a message tattooed on the shaved head of a slave of Histiaeus, hidden by the hair that afterwards grew over it, and exposed by shaving the head again. The message allegedly carried a warning to Greece about Persian invasion plans. This method has obvious drawbacks, such as delayed transmission while waiting for the slave's hair to grow, and the restrictions on the number and size of messages that can be encoded on one person's scalp.
During World War II, the French Resistance sent some messages written on the backs of couriers using invisible ink. http://en.wikipedia.org/wiki/Invisible_ink Hidden messages on paper written in secret inks, under other messages or on the blank parts of other messages. Messages written in Morse code on knitting yarn and then knitted into a piece of clothing worn by a courier. Messages written on envelopes in the area covered by postage stamps. During and after World War II, espionage agents used photographically produced microdots to send information back and forth. Microdots were typically minute, approximately less than the size of the period produced by a typewriter. World War II microdots needed to be embedded in the paper and covered with an adhesive, such as collodion. This was reflective and thus detectable by viewing against glancing light. Alternative techniques included inserting microdots into slits cut into the edge of post cards. http://en.wikipedia.org/wiki/Microdot During World War II, a spy for Japan in New York City, Velvalee Dickinson, sent information to accommodation addresses in neutral South America. She was a dealer in dolls, and her letters discussed the quantity and type of doll to ship. The stegotext was the doll orders, while the concealed "plaintext" was itself encoded and gave information about ship movements, etc. Her case became somewhat famous and she became known as the Doll Woman. Cold War counter-propaganda. In 1968, crew members of the USS Pueblo intelligence ship held as prisoners by North Korea, communicated in sign language during staged photo opportunities, informing the United States they were not defectors, but rather were being held captive by the North Koreans. In other photos presented to the U.S., crew members gave "the finger" to the unsuspecting North Koreans, in an attempt to discredit photos that showed them smiling and comfortable.
Digital Modern steganography entered the world in 1985 with the advent of the personal computer being applied to classical steganography problems. Development following that was slow, but has since taken off, going by the number of "stego" programs available:
Concealing messages within the lowest bits of noisy images or sound files. Concealing data within encrypted data or within random data. The data to be concealed is first encrypted before being used to overwrite part of a much larger block of encrypted data or a block of random data (an unbreakable cipher like the one-time pad generates ciphertexts that look perfectly random if you do not have the private key). Chaffing and winnowing: http://en.wikipedia.org/wiki/Chaffing_and_winnowing
Mimic functions convert one file to have the statistical profile of another. This can thwart statistical methods that help brute-force attacks identify the right solution in a ciphertextonly attack: http://en.wikipedia.org/wiki/Ciphertext-only_attack Concealed messages in tampered executable files, exploiting redundancy in the targeted instruction set. http://en.wikipedia.org/wiki/Instruction_set Pictures embedded in video material (optionally played at slower or faster speed). Injecting imperceptible delays to packets sent over the network from the keyboard. Delays in keypresses in some applications (telnet or remote desktop software) can mean a delay in packets, and the delays in the packets can be used to encode data. Changing the order of elements in a set. Content-Aware Steganography hides information in the semantics a human user assigns to a datagram. These systems offer security against a non-human adversary/warden. Blog-Steganography. Messages are fractionalized and the (encrypted) pieces are added as comments of orphaned web-logs (or pin boards on social network platforms). In this case the selection of blogs is the symmetric key that sender and recipient are using; the carrier of the hidden message is the whole blogosphere: http://en.wikipedia.org/wiki/Blogosphere Modifying the echo of a sound file (Echo Steganography). Secure Steganography for Audio Signals. Image bit-plane complexity segmentation steganography: http://en.wikipedia.org/wiki/BPCS-Steganography
Network All information hiding techniques that may be used to exchange steganograms in telecommunication networks can be classified under the general term of network steganography. This nomenclature was originally introduced by Krzysztof Szczypiorski in 2003. Contrary to the typical steganographic methods which utilize digital media (images, audio and video files) as a cover for hidden data, network steganography utilizes communication protocols' control elements and their basic intrinsic functionality. As a result, such methods are harder to detect and eliminate. Typical network steganography methods involve modification of the properties of a single network protocol. Such modification can be applied to the PDU (Protocol Data Unit),to the time relations between the exchanged PDUs,or both (hybrid methods). Moreover, it is feasible to utilize the relation between two or more different network protocols to enable secret communication. These applications fall under the term inter-protocol steganography. Network steganography covers a broad spectrum of techniques, which include, among others:
Steganophony - the concealment of messages in Voice-over-IP conversations, e.g. the employment of delayed or corrupted packets that would normally be ignored by the receiver (this method is called LACK - Lost Audio Packets Steganography), or, alternatively, hiding information in unused header fields.
WLAN Steganography the utilization of methods that may be exercised to transmit steganograms in Wireless Local Area Networks. A practical example of WLAN Steganography is the HICCUPS system (Hidden Communication System for Corrupted Networks)
Printed Digital steganography output may be in the form of printed documents. A message, the plaintext: http://en.wikipedia.org/wiki/Plaintext , may be first encrypted by traditional means, producing a ciphertext: http://en.wikipedia.org/wiki/Ciphertext . Then, an innocuous covertext is modified in some way so as to contain the ciphertext, resulting in the stegotext. For example, the letter size, spacing, typeface: http://en.wikipedia.org/wiki/Typeface , or other characteristics of a covertext can be manipulated to carry the hidden message. Only a recipient who knows the technique used can recover the message and then decrypt it. Francis Bacon developed Bacon's cipher as such a technique. The ciphertext produced by most digital steganography methods, however, is not printable. Traditional digital methods rely on perturbing noise in the channel file to hide the message, as such, the channel file must be transmitted to the recipient with no additional noise from the transmission. Printing introduces much noise in the ciphertext, generally rendering the message unrecoverable. There are techniques that address this limitation, one notable example is ASCII Art Steganography. Audio In steganography, the message used to hide the secret message is called the host message or cover message. Once the contents of the host message or cover message are modified, the resultant message is known as a stego message. In other words, a stego message is a combination of a host message and a secret message. Audio steganography requires a text or audio secret message to be embedded within a cover audio message. Due to availability of redundancy, the cover audio message before steganography and the stego message after steganography remains the same. Text Steganography can be applied to different types of media including text, audio, image, video, etc. However, text steganography is considered to be the most difficult kind of steganography due to the lack of redundancy in text as compared to image or audio. However, it requires less memory and provides for simpler communication. One method that could be used for text steganography is data compression. Data compression encodes information in one representation, into another representation. The new representation of data is smaller in size. One of the possible schemes to achieve data compression is Huffman coding. Huffman coding assigns smaller length codewords to more frequently occurring source symbols and longer length codewords to less frequently occurring source symbols.
Unicode stegangraphy uses lookalike characters of the usual ASCII set to look normal, while really carrying extra bits of information. If the text is displayed correctly, there should be no visual difference from ordinary text. Some systems, however, may display the fonts differently, and the extra information would be easily spotted. Using Sudoku puzzles This is the art of concealing data in an image using Sudoku which is used like a key to hide the data within an image. Steganography using sudoku puzzles has as many keys as there are . This is equivalent to around 70 possible solutions of a Sudoku puzzle, which is bits, making it much stronger than the DES method which uses a 56 bit key
Application Note: Steganography is used by some modern printers, including HP and Xerox brand color laser printers. Tiny yellow dots are added to each page. The dots are barely visible and contain encoded printer serial numbers, as well as date and time stamps. Example from modern practice The larger the cover message is (in data content termsnumber of bits) relative to the hidden message, the easier it is to hide the latter. For this reason, digital pictures (which contain large amounts of data) are used to hide messages on the Internet and on other communication media. It is not clear how commonly this is actually done. For example: a 24-bit bitmap will have 8 bits representing each of the three color values (red, green, and blue) at each pixel. If we consider just the blue there will be 2 8 different values of blue. The difference between 11111111 and 11111110 in the value for blue intensity is likely to be undetectable by the human eye. Therefore, the least significant bit can be used (more or less undetectably) for something else other than color information. If we do it with the green and the red as well we can get one letter of ASCII text for every three pixels. Stated somewhat more formally, the objective for making steganographic encoding difficult to detect is to ensure that the changes to the carrier (the original signal) due to the injection of the payload (the signal to covertly embed) are visually (and ideally, statistically) negligible; that is to say, the changes are indistinguishable from the noise floor of the carrier. Any medium can be a carrier, but media with a large amount of redundant or compressible information are better suited. From an information theoretical point of view, this means that the channel must have more capacity than the "surface" signal requires; that is, there must be redundancy. For a digital image, this may be noise from the imaging element; for digital audio, it may be noise from recording techniques or amplification equipment. In general, electronics that digitize an analog signal suffer from several noise sources such as thermal noise, flicker noise, and shot noise. This noise
provides enough variation in the captured digital information that it can be exploited as a noise cover for hidden data. In addition, lossy compression schemes (such as JPEG) always introduce some error into the decompressed data; it is possible to exploit this for steganographic use as well. Steganography can be used for digital watermarking: http://en.wikipedia.org/wiki/Digital_watermark , where a message (being simply an identifier) is hidden in an image so that its source can be tracked or verified (for example, Coded AntiPiracy), or even just to identify an image (as in the EURion constellation).
Using by terrorists The Federal Plan for Cyber Security and Information Assurance Research and Development, published in April 2006 makes the following statements:
"...immediate concerns also include the use of cyberspace for covert communications, particularly by terrorists but also by foreign intelligence services; espionage against sensitive but poorly defended data in government and industry systems; subversion by insiders, including vendors and contractors; criminal activity, primarily involving fraud and theft of financial or identity information, by hackers and organized crime groups..." (p. 910) "International interest in R&D for steganography technologies and their commercialization and application has exploded in recent years. These technologies pose a potential threat to national security. Because steganography secretly embeds additional, and nearly undetectable, information content in digital products, the potential for covert dissemination of malicious software, mobile code, or information is great." (p. 4142) "The threat posed by steganography has been documented in numerous intelligence reports." (p. 42)
Moreover, an online "terrorist training manual", the "Technical Mujahid, a Training Manual for Jihadis" contained a section entitled "Covert Communications and Hiding Secrets Inside Images. By early 2002, a Cranfield University MSc thesis developed the first practical implementation of an online real-time Counter Terrorist Steganography Search Engine. This was designed to detect the most likely image steganography in transit and thereby provide UK Ministry of Defence Intelligence Staff a realistic approach to "narrowing the field", suggesting that interception capacity was never the difficulty but rather prioritising the target media. Despite this, there are no publicly reported instances of terrorists using computer steganography. Al Qaeda's use of steganography is somewhat simpler: In 2008 a British man, Rangzieb Ahmed, was alleged to have a contact book with Al-Qaeda telephone numbers, written in invisible ink. He was convicted of terrorism.
It is claimed that In 2010, the Federal Bureau of Investigation revealed that the Russian foreign intelligence service uses customized steganography software for embedding encrypted text messages inside image files for certain communications with "illegal agents" (agents under nondiplomatic cover) stationed abroad . Note: although along with growing Steganography technologies, many monitoring software are invented, but to overcome them is possible by mixing modern and old Steganography techniques.
In practice Steganography applications conceal information in other, seemingly innocent media. Steganographic results may masquerade as other file for data types, be concealed within various media, or even hidden in network traffic or disk space. We are only limited by our imagination in the many ways information and data can be exploited to conceal additional information. The following provides a list of stegangraphy and related products. NOTE: Some of the programs listed here contain strong encryption components, and the export of them from the US is restricted by the EAR regulations.
Last
known
addresses:
ma7jpc@bath.ac.uk
2. BMP Secrets by Parallel Worlds. Parallel Worlds is a company based in Kiev, capital of Ukraine. Tel.: +380 (44) 442 6077 Tel./Fax.: +380 (44) 442 0516 Pager: +380 (44) 461 0146 ab# 100252 GSM SMS: chekh@sms.umc.com.ua e-mail: chekh@pworlds.com General Information: Info_PW@kbi.kiev.ua Services: Services_PW@kbi.kiev.ua Customer and Product Support: Support_PW@kbi.kiev.ua Products Sales: Sales_PW@kbi.kiev.ua Web design: webmaster_PW@kbi.kiev.ua Other questions: admin_PW@kbi.kiev.ua Visit Parallel Worlds page at http://www.pworlds.com Visit our steganography page at http://www.pworlds.com/techn/steganography.phtml Visit BMP Secrets page at http://www.pworlds.com/products/bmp-secrets.phtml http://www.pworlds.com 3. BMPEmbed v1.54 (DEMO) Data Embed by Brook Sandford and Ted Handel (LANL.gov) IMAGES: (BMP ) 4. BMPTable v2.16 (DEMO) Data Embed by Brook Sandford and Ted Handel (LANL.gov) Brook Sandford mts@lanl.gov Ted Handel thandel@lanl.gov IMAGES: (BMP ) 5. Camouflage 2.0 by Frederic Peters. Last known contact information for the author: Frdric Pters, rue Chantraine, 38 4420 Montegne Belgique e-mail :
fpeters@chanae.alphanet.ch fpeters@mygale.org IMAGES: (TGA (24-bit uncompressed, 640x480, minimum of 921618 bytes). Author recommends using PNG. ) 6. Contraband Hell Edition (CHE) by Julius B. Thyssen & Hens Zimmerman of Immortalware / JTHZ Productions based in Amsterdam, The Netherlands. Last known urls: http://come.to/us or http://www.jthz.com/puter/ CHE runs on Win9x and process 24bit BMP images 7. Contraband, Contraband 9g by Julius B. Thyssen & Hens Zimmerman of Immortalware / JTHZ Productions based in Amsterdam, The Netherlands. Last known urls: http://come.to/us or http://www.jthz.com/puter/ CHE runs on Win9x and process 24-bit BMP images 8. Courier v1.0 by Kelce Wilson. Last known address: http://pages.prodigy.net/robyn.wilson/ runs on Win32 systems and embeds in IMAGES: (BMP (24-bit - will convert lower resolutions to 24-bit) ) 9. Covert.tcp C source code for Covert Channels in the TCP/IP Protocol Suite by Craig H. d Rowland. Published in fsT - mo @ (First Monday), Vol.2 No.5 - 5 May 1997. The article and source code are available from http://www.firstmonday.dk/issues/issue2_5/rowland/ 10. Data Stash v1.1, v1.1a Lim, Chooi Guan Previous addresses: webmaster@famousguy.net http://www.skyjuicesoftware.com/software/ds_info.html Claims to embed in the following media: IMAGES: (any binary ) AUDIO: (any binary ) TEXT: (yes, but suggest avoiding ) FILE/DISK: (any binary ) OTHER: (any binary ) 11. dc-Steganograph The application is also known as: DC-Stego and DiSi-Steganograph. A DOS program that hides data in 320x200 256 color PCX-files. Author's last known address: http://members.tripod.com/~Nikola_Injac/stegano/ 12. DCT-Steg (aka DCT-Jpeg) by Stefan Katzenbeisser embeds in JPEG images by manipulating the DCT coefficients 13. Digital Picture Envelope by the Digital Picture Enveloping Research Group. Product is based on the BPCS Steganography research. Previous addresses: bpcs@know.comp.kyutech.ac.jp http://www.know.comp.kyutech.ac.jp/BPCSe/Dpenve/DPENVe-home.html The application runs on Win32. IMAGES: (BMP (adaptive) ) 14. Diskhide by MTC Medincom (Russia). DOS application that hides data on disks 15. Dmagic by erek de Oliveira (Russia) Previous addresses: dede11@hotmail.com and BigD99860@juno.com Hides files and folders on Windows systems 16. DPT (Data Privacy Tool) by Bernard Last known URL: http://www.xs4all.nl/~bernard/home_e.html Hides in BMP images. The author recommends 24-bit BMPs
17. EasyPrivacy Pro v2.1.1 by D4F Corp Last known addresses: Landstrasse 25, 9490 Vaduz, Liechtenstein ( Europe ) Mail@digi4fun.com or webmaster@digi4fun.com http://www.digi4fun.com/EasyPrivacy.html The application runs on Win32 systems and embeds in BMP images 18. EIKONAmark by I. Pitas is now a series of watermarking products that embed in a variety of media types. The original EIKONAmark processed images: (input: BMP, JPG, TIF, TGA, GIF output: TIF, TGA, JPG) 19. Empty Pic by Robert Wallingford. Previous addresses: wallingford@usa.net, prof.engineer@usa.net, and robertw@crtelco.com URL: http://www.crtelco.com/~robertw/ Empty Pic is a command line tool for Windows that "hides" a GIF image by replacing the palette with a single color. The original may be restored with the software. 20. Encrypt Pic by Fredric Collin. Previous addresses: Frederic.Collin@advalvas.be, http://members.nbci.com/_XMCM/fredc/index2.html http://members.nbci.com/_XMCM/fredc/encryptpic.html http://members.xoom.com/fredc/encryptpic.html The application runs on Win32 systems. Data is embedded in BMP images. 21. Encrypted Magic Folders (EMF) (also Magic Folders) by PC Magic Software Addresses: info@pc-magic.com http://www.pc-magic.com/ This application hides and encrypts files and folders 22. EzStego by Romana Machado, author of Stego1a2 for the Mac. EzStego is "steganography made easy" - previously available at http://www.stego.com. EzStego is an implementation of Stego in Java. Stego is available at http://www.nic.funet.fi/pub/crypt/steganography/ 23. F5 by Andreas Westfeld (Dresden, Germany) Previous addresses: westfeld@inf.tudresden.de http://www.inf.tu-dresden.de/~aw4 The application hides in JPEG images by manipulating the DCT coefficients 24. FatMacPGP 2.6.3 Previous address: http://www.math.ohio-state.edu/~fiedorow/PGP This application is for MAC computers 25. FFEncode Hides data in a Morse code of null characters. The file maybe downloaded from http://www.rugeley.demon.co.uk/security/encrypt.htm (UK). 26. Folder Guard Jr. (also see Folder Guard) by WinAbility (Andrei Belogortseff). Previous address: WinAbility, P.O.Box 5534 Buffalo Grove, IL 60089-5534 U.S.A. http://www.winability.com WIN: (9x/Me/NT/2000 ) FILE/DISK: (hide files & folders ) 27. Folder Guard by WinAbility (Andrei Belogortseff). WinAbility? P.O.Box 5534 Buffalo Grove, IL 60089-5534 U.S.A. http://www.winability.com This product has more features than Folder Guard Jr. WIN: (Win 9x/Me/@K/XP/Vista ) FILE/DISK: (hide files & folders )
28. Ghost Host by Kelce Wilson. Previous address: http://pages.prodigy.net/robyn.wilson/ WIN: (Win ) FILE/DISK: (Hides (appends) "ghost" files at the end for other files. ) 29. Gif-It-Up by Lee Nelson. Win32 application that hides in GIF images. 30. Gifshuffle by Matthew Kwan (Darkside Technologies) - Australia. Previous addresses: mkwan@darkside.com.au http://www.darkside.com.au/gifshuffle/ WIN: (Win (DOS) ) IMAGES: (GIF (palette manipulation) ) 31. Giovanni by BlueSpike, Inc (Scott Moskowitz). http://www.bluespike.com Bluespike offers watermarking products for various media formats 32. Gzsteg by Andy Brown and Ken Pizzini hides in GZ compressed files and is available at http://www.nic.funet.fi/pub/crypt/steganography/ 33. Hermetic Stego by Peter Meyer, Hermetic Systems This program is capable of hiding in a BMP image or across multiple BMP images. More information and download from http://www.hermetic.ch/hst/hst.htm 34. Hidden by Evgeny Vasjuk Previous addresses: evgenyww@bashnet.ru evgenyww@windoms.sitek.net http://www.bashnet.ru/~evgenyww/ FILE/DISK: (hide files and folders ) 35. Hide and Seek by Colin Maroney Hide and Seek 4.1 http://www.nic.funet.fi/pub/crypt/steganography/ (Finland) and Hide and Seek 5.0 is significant update to hideseek v4.1 which includes a lot of new features. Available at www.rugeley.demon.co.uk (UK) Hide and Seek for Windows 95 is also available 36. Hide In Picture by Davi Tassinari de Figueiredo. Previous addresses: davitf@usa.net http://www.brasil.terravista.pt/Jenipabu/2571 PORTUGAL http://www.brasil.terravista.pt/Jenipabu/2571/e_hip.htm WIN: (9x/Win32) IMAGES: (BMP ) 37. Hide Unhide (Hide) by GRYPHON Microproducts (no longer exists). Previous address: PO BOX 10087, Silver Spring, MD 20914, USA DOS command line IMAGES: (TIFF) 38. Hide by Toby Sharp. Previous addresses: Secret Software TSharp@Serif.com http://www.geocities.com/toby.sharp/hidev2.zip WIN32 IMAGES: (24-bit color, 8-bit grayscale ) 39. Hide4PGP by Heinz Repp hides data in BMP, WAV, and VOC files. Available from the author's website: http://www.heinz-repp.onlinehome.de/Hide4PGP.htm (Germany) 40. Hideme (Hide Me) for Windows (encryption tool) by Terry Mechan Olympic Communications Previous address: Olympic@Netwales.co.uk http://www.fis.lv/olympic Hides files & directories by encrypting them and placing them in a "hide me" file
41. In Plain View (IPV) by 9-Yards Computing. Previous addresses: jweiler@9-Yards.com http://www.9-Yards.com Win32 IMAGES: (BMP (24-bit) ) 42. InThePicture (ITP) 2.01, 2.02 by INTAR Technologies. Previous addresses: 23 Sapphire Drive Barons Wood Royal Leamington Spa Warwickshire, CV31 3LB ENGLAND Administrative Contact, Billing Contact: Hogg, Ash (AH2184) ash@INTAR.COM Intar Technologies Limited 12 Penfold Close Bishops Tachbrook Leamington Spa CV33 9SF UK +44-(0)1926-426621 (FAX) +44-(0)1926-426621 http://www.intar.com/ITP/itpinfo.htm WIN: (9x ) IMAGES: (BMP (4-bit, 8-bit, 24-bit) ) 43. Invisible Encryption by Bernd Binder Fractal Iteration of Information (FITIN) Germany http://www.fitin.com (down for some time) Written in JAva IMAGES: (GIF ) 44. Invisible Files 2000 (IF2000), Pro v5.0 (IF2000 Pro) by ANNA Ltd. Previous addresses: if2000@anna.zaporizhzhe.ua Technical Support: support@softsecurity.com Any other questions: contact@softsecurity.com FAX: (508) 355-8507 http://www.softsecurity.com WIN: (9x ) FILE/DISK: (hides files and folders ) 45. Invisible Secrets (numberous versions - also marketed as 1-2-Free Steganography) originally by NeoByte? Solutions. Headquarters: Aleea Rogerius 12 Bloc H1, Ap. 11 Oradea Romania Previous addresses: Corporate WWW: http://www.neobytesolutions.com Invisible Secrets homepage : http://www.invisiblesecrets.com WIN: Win32 Claims to hide in: IMAGES: (BMP, PNG, JPG) AUDIO: (WAV) TEXT: (HTML) 46. jpeg-jsteg DOS hides information in the DCT coefficients of JPEG's JFIF image format. FTP-Server: http://www.nic.funet.fi/pub/crypt/steganography/ (Finland) 47. JPHS (aka JPHide JPSeek, JP hide and seek) by Allan Latham Previous address: http://linux01.gwdg.de/~alatham/stego.html Windows Command line and linux versions IMAGES: (JPG ) 48. JPHSWin by Allan Latham. A Windows OS graphical implementation of JPHS. WIN: (9x ) IMAGES: (JPG ) 49. Jsteg Shell by John Korejwa Previous address: http://www.tiac.net/users/korejwa/jsteg.htm GUI front end for jpeg-jsteg. WIN: (9x/NT ) IMAGES: ( JPG - LSB of DCT coefficients ) 50. Magic Folders (MF) (also see Encrypted Magic Folders) by RSE Software Inc.(PC Magic Software). http://www.pc-magic.com/ FILE/DISK: (Hide files and folders ) 51. Makes Files Invisible (MFI) by PC Magic Software Previous address: MFI Registration 1157 57th Drive SE Auburn, WA 98092 (253) 939-4105 http://pc-magic.com WIN: (3.x/9x ) FILE/DISK: (hide files ) 52. Mandelsteg by Henry Hastur DOS Command line product. Generates GIF images of Mandelbrot Fractal graphics for hiding data.
53. Mimic by Peter Wayner. Generates text using context free grammar 54. MP3Stego, MP3Stego_GUI by Fabien Petitcolas. http://www.petitcolas.net/fabien/steganography/mp3stego/index.html AUDIO: (MP3 ) 55. MP3Stegz, by Achmad Zaenuri claims to hide a file (of any type) inside mp3 without changing it's size and sound quality. http://achmadz.blogspot.com/2008/05/hide-any-fileinside-mp3-file.html AUDIO: (MP3 ) 56. Nicetext by George Davida and Mark T. Chapman Previous addresses: markc@ctgi.net http://www.nicetext.com/ http://www.ctgi.net/nicetext/ Pseudo-random text-based stego using context-free grammer and customizable dictionaries 57. Outguess by Niels Provos http://www.outguess.org/ Another tool for hiding in DCT coefficients of JPEG images. 58. Paranoid by Nathan Mariels. Paranoid is primarily an encryption program that allows you to encrypt files with IDEA, triple DES, and an algorithm written by the author Nathan Mariels. It is a steganography program in that it allows you to hide files in sounds. FTP-Server: ftp://ftp.hacktic.nl/pub/crypto/macintosh/ (The Netherlands) 59. PGE - Pretty Good Envelope Hides data file into a GIF or JPG file of any size or resolution using a very simple method of appending the message to the file, and then appending a 4 byte little endian number which points to the start of the message. The encryption used is considered "weak" by the author, using another encryption method prior to applying PGE is recommended. Download from Version 1.0 (includes encryption) http://www.rugeley.demon.co.uk/security/encrypt.htm (UK) or version 2.0 (does not include encryption)http://www.afn.org/~afn21533/rgdprogs.htm (US). Stealth by Timo Rinne and Cirion oy Available 60. PGM http://www.nic.funet.fi/pub/crypt/steganography/ (Finland) IMAGES: (PGM ) at
61. PGPn123 A Windows front-end to PGP, which will hide a text file inside text. Basically a PGP shell tool that also includes a steganography option. Two versions are available: pn123-05.zip (freeware) and an enhanced version pn123e18.zip (shareware). Both may be available at http://www.stegoarchive.com (US) 62. PicSecret by Andrew Lee (Cortic Software). PicSecret allows users to hide text messages in images. Available for Mac OS X (free) and as a web-interface online at http://www.picsecret.com 63. PIILO, PILO by Tuomas Aura (now with Microsoft Research). Hides in PGM images 64. PixelTag by Joshua Smith and Barrett Comiskey (previously with MIT Media Lab). Previous address: http://www.media.mit.edu/pixeltag 65. Puff v1.01, 2.00 and OpenPuff v2.00, v3.01 by Cosimo Oliboni (Italy): Puff/OpenPuff is a significant rewrite and uses multiple encryption algorithms. Puff 2.X is not compatible
with v 1.01. Due to a cryptography rewrite, v3.X is not compatible with v2.X. V3.00 was removed due to a bug in the unhiding routine - this is fixed in v3.01. Carriers for steganogrphic content includes: Images: (BMP, JPG, PCX, PNG, TGA), Audio: (AIFF, MP3, NEXT/SUN, WAV), Video: (3GP, FLV, MP4, MPG, SWF, VOB) in unused space, Files: (WIN PE MODULES). http://members.fortunecity.it/blackvisionit/PUFFV200.HTM 66. S-Mail by Security Software Development (SSD) Ltd. Previous addresses: Nassau BAHAMAS http://www.ssdltd.com http://www.privacysoftware.com/ Versions for DOS 5.0+ and Win32 Hides in EXE and DLL files 67. S-Tools by Andrew Brown - S-Tools hides in a variety of cover media. This software is a good illustration of different versions hiding in different media. These versions cover hiding in BMP, GIF, WAV, and even on unused floppy disk space. Download: S-Tools 1.0 S-Tools 2.0 S-Tools 3.0 S-Tools 4.0 FTP-Server: ftp://ftp.funet.fi/pub/crypt/mirrors/idea.sec.dsi.unimi.it/code/ (Finland) 68. Safer v2.0 (kill v1.2, unkill v2.0) by C. Petermann (CpH). Versions available for DOS 5.0+, OpenDOS, Win32, and Amiga operating sytems Hides data on floppies 69. SandMark watermarking software by Christian Collberg and Gregg Townsend. Previous address: http://www.cs.arizona.edu/sandmark/ Unix/Linux: ( ) Watermarks Java code 70. ScramDisk by Anonymous (AMAN) Author of the program wishes to remain anonymous. ScramDisk support could once be obtained through the alt.security.scramdisk newsgroup. The author uses the pseudonym AMAN. Information about Scramdisk is hosted by Sam Simpson. (scramdisk@samsimpson.com) Previous address: http://www.scramdisk.clara.net/ Several products have been derived from Scramdisk. A sourceforge project is also avilable providing Scramdisk 4 Linux (SD4L) based on this product. Win32 AUDIO: (WAV ) 71. Scytale by Patrick Buseine is a Windows PGP interface that includes an option to hide data in .PCX files. Previous website http://scytale.rever.fr/main.html (France) 72. SGPO (SteganoGifPaletteOrder) by David Glaude and Didier Barzin. Previous contact information: David GLAUDE: glu@who.net http://www.geocities.com/SiliconValley/Heights/2099/index.htm. Didier BARZIN: didier@unforgettable.com http://student.ulb.ac.be/~dbarzin/. Written in Java IMAGES: (GIF (palette) ) 73. SilentEye by Anselme Chorein. SilentEye is a cross-platform application with binaries and source code available for Windows and Linux with MAC OSX version coming soon. Steganographic processing supports BMP images and WAV audio files. http://www.silenteye.org. 74. Snow (also variants include !SnowDOS, SnowJava, JSnow By Matthew Kwan is available in both DOS and JAVA executable formats. "snow exploits the steganographic nature of whitespace. Locating trailing whitespace in text is like finding a polar bear in a
snowstorm. And it uses the ICE encryption algorithm, so the name is thematically consistent." Information and software is available at http://www.darkside.com.au/snow/index.html (Australia) 75. Snowdisk by Scott G. Miller. Previous address: scgmille@indiana.edu Linux software for hiding on unused diskspace. Fills the disk space with the encrypted contents of and random data. 76. Spam Mimic (spammimic) by David Mckellar. See: http://www.spammimic.com/ for more information Generates spam-like text and fake PGP blocks to hide data 77. Spyder by Lucas (Luke) Natraj. Command line tool IMAGES: (BMP 8-bit ) 78. Stash (Stash-It) by Chris Losinger, Smaller Animals Software, Inc. Previous Contact information: Administrative Contact, Billing Contact: Losinger, Chris (CL4280) chrisdl@PAGESZ.NET Smaller Animals Software, Inc. 8701 Walkelin Ct Raleigh, NC 27615 919-844-7951 (FAX) 9198447951 http://www.smalleranimals.com Win32 IMAGES: (256-color PCX, BMP / 24-bit BMP, TIFF, PNG, PCX) 79. Stealth A PGP tool for steganography which strips any standard headers off of a PGP encrypted message to make the result look like random noise. Download from Adam Back's site http://cypherspace.org/adam/stealth/ (UK) Version 2.01b is avilable at ftp://ftp.hacktic.nl/pub/crypto/steganographic/ (The Netherlands) Versions are also available at: http://www.nic.funet.fi/pub/crypt/steganography/ (Finland) 80. Stealthencrypt Internet Security Suite by Herb Kraft or Amy Seeberger, Sublimated Software. Previous contact information: 703 Pier Avenue B330 Hermosa Beach, CA 90254 http://www.stealthencrypt.com/ Windows IMAGES: (BMP, TIF ) 81. Stegano (also WinStegano and steg_win) by Thomas Biel DOS and Windows applications for hiding data in BMP images 82. Steganos - Steganos Security Suite by Fabian Hansmann (Steganos.com) hides data in BMP, VOC, WAV and ASCII files. See http://www.steganos.com for the latest information. (Germany) Earlier versions of steganos are available at: ftp://ftp.funet.fi/pub/crypt/mirrors/idea.sec.dsi.unimi.it/code/ (Finland) Steganos 1.4 is a small DOS program Steganos for Windows 95 is an upgrade version 1.4 The Steganos Security Suite was introduced in version 2.0 Version 3r5 is avilable at ftp://ftp.hacktic.nl/pub/crypto/steganographic/ (The Netherlands) 83. StegFS (Steganographic File System) by Andrew D. McDonald. Previous addresses: http://www.mcdonald.org.uk/andrew/ http://ban.joh.cam.ac.uk/~adm36/StegFS Linux 84. Steghide by Stefan Hetzl. http://steghide.sourceforge.net/ Source code is aviailable and several ports are available for different operating systems. IMAGES: (BMP) AUDIO: (WAV, AU )
85. StegMark (also StegComm and StegSign) by DataMark Technologies (Singapore). Contact information: DataMark Technologies Pte Ltd Suite 106, Innovation Centre, Block 1, 16 Nanyang Drive Republic of Singapore 637722 Tel: (65)-793-7725 (65)-7937726 Fax: (65)-793-7790 Email: support@datamark-tech.com http://www.datamarktech.com/index.htm Claims to embed in multiple file formats and media types IMAGES: (BMP, JPG, GIF, TGA, TIFF, PNG ) AUDIO: (MIDI, WAV, AVI, MPEG ) 86. Stego - Steganosaurus, Stegosaurus by John Walker - Text-based steganography program to send encrypted messages and files. For more information and syntax see: http://www.fourmilab.ch/nav/topics/crypto.html (Switzerland) public domain. 87. Stego (Stego v1.0a2) by Romana Machado is a steganography tool that enables you to embed data in Macintosh PICT format files, without changing the appearance or size of the PICT file. Thus, Stego can be used as an "envelope" to hide a previously encrypted data file in a PICT file, making it much less likely to be detected. Available at: http://www.nic.funet.fi/pub/crypt/steganography/(Italy) and ftp://ftp.hacktic.nl/pub/crypto/macintosh/ (The Netherlands) 88. Stegodos also known as Black Wolf's Picture Encoder by Black Wolf. This is a command line tool (actually several) that hide in 256-color screen captures. The screen captures are 320x200. Available at http://www.nic.funet.fi/pub/crypt/steganography/ (Finland) and ftp://idea.sec.dsi.unimi.it/security/crypt/cypherpunks/steganography/ (Italy) 89. Stegotif by Giovambattista Pulcini. Previous addresses: http://www.verrando.com/pulcini http://www.geocities.com/SiliconValley/9210 Win32 command line IMAGES: (TIFF, TGA (LSB 24-bit RGB) ) 90. Stegowav by Giovambattista Pulcini Previous addresses: http://www.verrando.com/pulcini http://www.geocities.com/SiliconValley/9210 Command line tool (WinDOS) AUDIO: (RIFF (8/16 bits) PCM wave (.WAV) ) 91. Stegowav by Peter Heist. Previous addresses: heistp@rpi.edu and heistp@voicenet.com Java code AUDIO: (Microsoft WAV ) 92. StegParty by Steven E. Hugg. Previous Contact Info: Hamco Software (COMETBUSTERS-DOM) 1249 Turkey Point Rd Edgewater, MD 21037 USS Previous e-mail hugg@POBOX.COM http://www.cometbusters.com/hugg/projects/stegparty.html Unix/Linux Generates text to hide data (not random gibberish) 93. Stext by Ulrich Kuehn. Previous address: ulrich.kuehn@t-online.de Command line application that generates text to hide information 94. SubiText also TextSign Watermark by Compris.com Previous contact information: Compris.com Opelstr. 10 D-67661 Kaiserslautern-Siegelbach Germany phone: (+49) 06301 - 703340 fax: (+49) 06301 - 703119 E-Mail:mailto:TextSign@compris.com http://www.textsign.com/
95. Suresign (Signum) by Signum Technologies http://www.signumtech.com Windows and MAC versions of the watermarking application. Claims: IMAGES: (Invisible watermark and visible logo with Photoshop Plug-in ) AUDIO: (WAV files with the Cool Edit Audio Plug-in ) 96. SysCop by MediaSec Technologies LLC Previous contact information: MediaSec Technologies LLC 321 South Main Street, Suite 2 Providence, RI 02903 USA Tel: (401) 453 6363 x 108 Fax: (401) 453 0444 Email: info@mediasec.com http://www.mediasec.com Digital watermarking products for for Windows, Mac, and Linux Carriers: Images, MPEG-1, MPEG-2 97. Textego by Chirs Huson. Previouis address: http://www.soltec.net/~huson/ TEXT: substituion cipher that makes text files look like a cross between mad libs and bad poetry 98. TextHide (see SubiText) 99. Texto Texto by Kevin Maher is a text steganography program which transforms uuencoded or PGP ascii-armoured ascii data into English sentences. Texto text files look like something between mad libs and bad poetry, (although they do sometimes contain deep cosmic truths) and should be close enough to normal english to get past simpleminded mail scanners. FTP-Server: http://www.nic.funet.fi/pub/crypt/steganography/ (Finland) 100. Virtual Steganographic Laboratory (VSL) by Michal Wegrzyn is a graphical block diagramming tool that allows complex using, testing and adjusting of methods both for image steganography and steganalysis. VSL provides friendly GUI along with modular, plug-in architecture. Available at Sourceforge: http://sourceforge.net/projects/vsl/ 101. VisualCrypto (Visual Cryptography) by Jouko Holopainen . Previous contact information: Purjehtijantie 4 A 10 FIN-90560 Oulu FINLAND jhol@gnosis.pp.fi as of 1996-05-14 Versions for Windows, MAc, and Linux IMAGES: (Input from PGM (B&W) images and output to Postscript (PS). ) 102. Vodka-tonic by lordlsd is a cryptography-steganography hybrid tool. It can hide data into different filetypes and encrypt the information. Available at http://www.astalavista.com/index.php?section=directory&cmd=detail&id=3181 103. wbStego by Werner Bailer is a steganography to hide data in bitmaps, text files and HTML files. Available at http://www.8ung.at/wbailer/wbstego/ (Austria) 104. WitnesSoft No longer available. Used to be offered by Aliroo. WitnesSoft contained DocSec - Invisible, scannable label for organizational document security. PrintAuthentic Invisible, programmable background for official document authentication. SoftProtect Built in marking mechanism for software protection. CopyRight - invisible page marking of for copyright protection of printed intellectual property.
105. Wnstorm - White Noise Storm Wnstorm (White Noise Storm) is a cryptography and steganography software package which you can use to encrypt and hide files within PCX images. Available at http://www.nic.funet.fi/pub/crypt/steganography/ (Finland) 106. Xidie Security Suite Xidie is one of the most complete, innovative and complex application in steganography branch. Offer over 50 carrier types including many new technologies like ADS, Microsoft Office carrier, Registry keys etc. Most of carrier types implemented in Xidie are unique:Tiff and Word, Excel workbooks, Access databases Registry keys, Microsoft console documents, Event log files Cookies, subtitles, dictionary and PDF documents, Alternate data streams and attaching method with multiple files Technical specifications: carrier. Commercial site: http://www.stegano.ro http://web.clicknet.ro/xidie/index.html 107. Z-File (Zfile Camouflage and Encryption System) by INFOSEC Information Security Company, Ltd. (Taiwan) Previous addresses: http://www.in4sec.com (no longer) http://www.infosec.com.tw (no longer) Win32 application IMAGES: (BMP) 108. http://sourceforge.net/projects/camerashy/?_test=b 109. http://wbstego.wbailer.com/
An example: SilentEye SilentEye is a cross-platform application design for an easy use of steganography, in this case hiding messages into pictures or sounds. It provides a pretty nice interface and an easy integration of new steganography algorithm and cryptography process by using a plug-ins system. SilentEye is free to use (under GNU GPL v3). Main Features
Hide information into images and sounds (LSB) o JPEG o BMP o WAVE Encrypte data o AES128 o AES256 Capacity to hide text or file zlib compression of message Drag & Drop
Format Plug-in : o Image format plug-ins (ex: BMP, JPEG), which allow you to save informations into output files (ex: .jpeg). o Audio format plug-ins (ex: WAVE), provided output for .wav files Cryptography plug-ins: o Allow application to encrypte data before hidding them (ex: AES 256)
Using this architecture provides easy integration of new steganography algorithm and cryptography process.
Preview
Worms, macroviruses, trojans and backdoors are some of the more well-known viruses. Spread over the Internet, using email, malicious webpages or other means to infect unprotected computers. Others spread through removable media, particularly devices like USB memory sticks. They can also take control of your computer both software and hardware! Antivirus: Avast is a free excellent anti-virus for windows and needs to register once every 14 months, although it is a little big and need more CPU than some other useful program such as Kaspersky or NOD32. In most cases you should use more programs to stop infections, for example NOD32 only detects 70-75% of threats, and so you have to use malware byte or spybot as a supplement. -To avoid crashing your system, dont run two antivirus programs at the same time. -allow your program to receive updates -Enable your anti-virus -Scan on your computer regularly. -do not open any attachment received from an unknown source. -disable your operating system's 'AutoPlay' feature. Under Windows XP, right-clicking on your CD or DVD drive, selecting Properties and clicking on the AutoPlay tab. For each content type, select the Take no action or Prompt me each time to choose an action options then click OK.
Avast! - Anti-Virus
Avast! is a full-featured anti-virus program that detects and removes malware and viruses from your computer. Although Avast! Is free for non-commercial use on a home or personal computer, your free copy must be registered after installation, otherwise it will expire in 30 days. Registration also ensures that you will automatically receive the latest Avast! And Program versions and virus definitions as they become available. There are two basic parts to dealing with malware and other assorted viruses when using Avast!. The first is scanning your computer to identify such threats. The second involves either deleting or moving such threats to the Avast! Virus Chest. Deleting and/or moving malware and viruses to the Virus Chest effectively prevents them from interacting with different computer systems, for instance, the file system or email programs. it may seem unusual to store such malware or viruses. However, if they have attached themselves to important or sensitive information, you may want to recover or save that infected document, file or program as far as possible. In rare instances, Avast! may misidentify legitimate code or programs as being malware or a virus. Generally referred to as 'false positives', that code or those programs might be important to your system, and you may want to recover them.
A Short Guide to Dealing with Virus Outbreaks There are a number of precautions you can take to limit hostile or malicious threats to your computer system; for instance, avoiding dubious or problematic web sites, or regularly using anti-virus or anti-spyware programs like Avast! or Spybot. However, we also sometimes find ourselves having to share a local-area network (LAN) and/or Internet connection. The following points are offered for consideration when dealing with a virus attack in a community setting or while at work:
Disconnect your computer from the Internet or the local network - physically. If you have a wireless connection, disconnect your computer from the wireless network itself. If possible, switch off and/or remove your wireless card. If your computer is on a network, you should immediately disconnect all computers on that network from the Internet, and then disconnect them from the local network. Every user should stop using the network and begin running Avast! or similar trusted anti-virus software to detect and delete the virus. This may seem like an exhausting process, but it is imperative in maintaining individual system and network integrity. Schedule a boot-time scan for all computers on the network. Write down the names of any viruses that you find, so that you can research them - and then delete them, or move
them to the Avast! Virus Chest. To learn how to perform a boot-time scan, please refer to section 4.6 How to Perform a Boot-time Scan. Even if a virus has been either deleted or repaired, repeat the previous step, and run boottime scans on all computers, until Avast! no longer displays any warning messages. Depending on the severity of the malware or virus attack, you may not have to perform a boot-time scan more than once.
All Windows Versions Although we recommend Avast! Free Antivirus in this chapter, there are other free antimalware programs compatible with Microsoft Windows that are worth recommending as well:
After installing Avast, Click (through MAINTENANCE and Registration menu items) to activate the following two screens in quick succession:
The Free Antivirus Registration screen The Avast! Free Antivirus Registration pops-up window advises you that information is being retrieved. It is followed by another screen warning you that Avast! will expire in 30 days if you do not register your software by then. (It also displays information about commercial software products and promotions currently available.)
The Your Registration Status screen Step 3. Click to activate again, followed by this screen:
The Antivirus Free Registration - Registration Form Note: The Name and Email are the only mandatory text fields. They are identified by asterisks and outlined in small red squares. The other fields are not mandatory in the registration process. Step 4. Type your name and email address into the corresponding text fields, and then click to activate the following screen:
Thank You for Registering pop-up screen Step 5. Click follows: to access the YOUR REGISTRATION pane in the main user interface as
The YOUR REGISTRATION pane registration confirmation You have now completed registering of your copy of Avast!,
The Maintenance UPDATE pane is used to update the program and virus definitions manually. Click to begin updating the engine and virus definitions.
Click after the engine and virus definition process has been completed, to return to the Maintenance UPDATE screen. Updating the Avast! program upgrade follows a similar procedure to updating the engine and virus definitions. Click upgrade process. to start the update process, and start the Program
Click after the program upgrade process has been completed, to return to the Maintenance UPDATE pane.
The Avast! program upgrade and virus definition updates can be performed through the Avast! pop-up menu. The pop-up menu can be used to directly access the Maintenance UPDATE screen. To manually update the Avast! Engine and virus definitions using the pop-up menu perform the following steps: Step 1. Right click in the System Tray to activate the following pop-up menu:
How to Perform a Boot-time Scan The Avast! boot-time scan lets you perform a full scan of your hard drive before the Microsoft Windows Operating System starts running. At the moment the boot-time scan is performed, the majority of malware programs and viruses are still dormant, that is, they have not had the opportunity to activate themselves, or interact with other system processes yet. As such, they are usually quite easily exposed and removed. The boot-time scan also directly accesses the disk, and bypasses the drivers for the Windows file system, a favourite target of most computer threats. This will display even the most persistent 'rootkits' - the name for a particularly malignant form of malware. It is strongly recommended that you run a boot-time scan even if there is only a remote suspicion that your computer system may be compromised or infected. The Boot-time Scan option is recommended for a complete and thorough scan of your computer system. It may require some time, depending on your computer speed and the amount of data and number of hard drives you may have. The Boot-time Scan is always scheduled for the next time you start your computer.
To scan your system at boot time, perform the following steps: Step 1. Click Step 2. Click computer. Step 3. Click to activate the BOOT-TIME SCAN pane. to schedule a boot-time scan the next time you start your
Note: A boot-time scan starts before the operating system and interface are loaded; as such, only a blue screen appears, displaying the progress of the scan as follows:
The Avast! Boot-time scheduled scan Avast! will prompt you for a response every time a virus is detected, and to Delete, Ignore, Move or Repair any or all identified viruses, but it is recommended that you do not ignore them under any circumstances. A list of these commands only appears if a virus is detected on your system.
During the Avast! installation process, the Avast! Virus Chest was created on your hard drive. The Virus Chest is simply a folder isolated from the rest of your computer system, and used to store malware and viruses detected during the scan, as well as infected or threatened documents, files or folders. If you have already updated your program upgrade and virus definitions, you will be familiar with the MAINTENANCE tab - which is also how you access the Avast! Virus Chest. To begin dealing with any malware or viruses detected during a scan, perform the following steps:
Step 1. Click
The SCAN RESULTS window displaying THREAT DETECTED! warning Step 2. Click to display the drop-down list of possible actions to be applied to the detected threats as shown in Figure above.
Note: In this exercise, we are concerned with moving infected files to the Virus Chest. However, the drop-down list displays three other options and they are described below: Repair: This action will attempt to repair the infected file. Delete: This action will delete - permanently - the infected file. Do nothing: This action means exactly what it says, and is definitely not recommended for treating potentially harmful malware or virus threats. Step 3. Select the Move to Chest item, and then click screen: to activate the following
How to Use the Virus Chest The Avast! Virus Chest is an electronic 'dead zone' or 'quarantine', where you can examine the virus and determine its potential threat by either researching it on the Internet, or submitting it to a virus laboratory - an option available in Avast! when you right-click a virus listed in the Virus Chest. Double clicking a virus in the Virus Chest will not activate or run the malware or virus because the Virus Chest keeps it isolated from the rest of your system. Tip: Alternatively, you can transfer important or sensitive information to the Avast! Virus Chest to keep it safe during a virus attack. You are now free to decide how to deal with the virus once it has been safely moved to the Avast! Virus Chest.
Step 1. Click
and click
The Virus Chest displaying two viruses Step 2: Right click either virus to display the menu of actions that can be applied to a selected virus as follows:
The pop-up menu of actions for viruses in the Virus Chest Note: Double clicking a virus in the Virus Chest will not activate or run it. It will only display the virus properties, or basically the same information you would obtain by selecting Properties from the pop-up menu. The following list describes the actions used to deal with viruses in the pop-up menu as follows: Delete: This item will delete the virus irreversibly. Restore: This item will restore the virus to its original location. Extract: This item will copy the file or virus to a folder you have specified. Scan: This item will resubmit the virus to another scan.
Submit to virus lab...: This item will let you submit a virus for further analysis against a database of known viruses. Selecting this item will activate a virus submission form for you to fill out and submit. Properties: This item will reveal more details about the virus selected. Add...: This item lets you browse your system for other files you would like to add to the Virus Chest. This is potentially very useful if you have files you would like to protect during a virus outbreak. Refresh all files: This item will update your files, so that you will be able to view the latest files.
Advanced Virus Removal Methods Sometimes the protection offered by Avast!, Comodo Firewall and Spybot is simply not sufficient; despite our best efforts, our personal and work systems do become infected by malware and other viruses. In section A Short Guide to Dealing with Virus Outbreaks, a few methods were offered for dealing with persistent malware and viruses. However, there is more that can be done to eliminate such threats from your computer. Method A: Using Anti-malware Rescue CDs/DVDs Some anti-malware software companies also offer a free anti-virus 'rescue' CD/DVD. These can be downloaded in ISO image format (that is, a format that can be easily burned onto a CD or DVD). To begin using these anti-malware CDs/DVDs, perform the following tasks: 1. 2. Download and burn the anti-malware program to a CD. You can use free program like http://www.imgburn.com to burn the image to the disk. Insert the disk to infected computers, CD/DVD player and then restart your computer from this CD/DVD. Often you can do this by pressing key F10 or F12 on your keyboard just after switching on the computer. Pay special attention to the instruction on the screen of your computer while it starts to learn how to do this on your computer.
3.
Re-connect your system to the Internet so that the anti-malware program will automatically update its virus definitions if necessary, after which it will begin scanning your computer hard drives to remove any detected software threats.
Method B: Re Installing the Microsoft Windows Operating System Note: Before you begin, make sure you have all the appropriate license or serial numbers, and installation copies for the Windows OS and other programs you require. This procedure may be time consuming but worth the effort if you can't eliminate malware and virus threats the other way. In rare instances, a virus infection can be so destructive that the software tools recommended earlier may be rendered useless. In situations like this, we recommend that you perform the following tasks: 1. Create a backup or copy of all your personal files on the computer. 2. Reinstall the Microsoft Windows operating system formatting the entire disk. 3. Update the Microsoft Windows operating system after the installation has been completed. 4. Install avast! (or your preferred anti-virus program) and update it. 5. Install whatever programs you require and remember to download the latest versions and all the updates for each program. Note: Under no circumstances should you connect your backup disk to your computer before you have successfully performed these tasks. You might risk infecting your computer again. 1. Connect your backup disk to your computer and scan it thoroughly to detect and eliminate any existing problems. 2. After you have detected and deleted any problems, you may copy your files from the backup disk to the computer hard drive.
Spyware
It is malicious software that can track the work you do and send your information to unauthorized person and they reveal confidential information about you. As Malicious WebPages are a major source of spyware infection, you should pay extra attention to the websites you visit and make sure that your browser settings are secure. Watch for browser windows that appear automatically, and read them carefully instead of just clicking yes or OK. When in doubt, you should close 'pop up windows' by clicking the X in the upper right-hand corner, rather than by clicking Cancel. -in Mozilla Firefox, you can install the NoScript add-on to prevent auto play potentially dangerous programs. -Never accept content from unknown websites.
Portable Spybot
Portable Spybot - Search & Destroy is used to detect and remove different kinds of adware, malware and spyware from your computer. It offers free updates and lets you immunise your Internet browser against future infection by known malware. There are no other differences between Portable Spybot and the version designed to be installed on a local computer.
Differences between the Installed and Portable Versions of Spybot - Search & Destroy Given that portable tools are not installed on a local computer, their existence and use may remain undetected. However, keep in mind that your external device or USB memory stick, and portable tools are only as safe as the computer you are using, and may risk being exposed to adware, malware, spyware and viruses.
There are no other differences between Portable Spybot and the version designed to be installed on a local computer.
How to Download and Extract Portable Spybot - Search & Destroy To begin downloading and extracting Portable Spybot - Search & Destroy, perform the following steps: Step 1. Click http://portableapps.com/apps/security/spybot_portable appropriate download site. to be directed to the
Step 2. Click page; Step 3. Click to save the computer, and then navigate to it. Step 4. Double click box may appear; if it does, click
; the Open File - Security Warning dialog to activate the following screen:
The Language Installer window Step 5. Click Step 6. Click to activate the following screen: to activate the License Agreement window. option after you have read the to activate the following screen:
Step 8. Click
Step 9. Navigate to your destination external drive or USB memory stick, as shown in Figure above, then click to confirm the location of the Spybot - Search & Destroy Portable file, and return to the Choose Install Location window.
to complete the installation process, and then navigate to the removable then click drive or USB memory stick which the Portable Spybot - Search & Destroy program was saved.
The newly installed Portable Spybot program with its folder highlighted in blue Step 11. Open the Portable Spybot - Search & Destroy folder, and then double click to begin launch Portable Spybot - Search & Destroy.
Firewalls
Like a security guard that sees incoming/outgoing data communication between your computer and network. It is critical that you defend yourself against untrusted connections from the Internet and from local networks. When one of these programs tries to contact the outside world, your firewall will block the attempt and give you a warning unless it recognizes the program and verifies that you have given it permission to make that sort of connection. COMODO and Zone Alarm are both free excellent firewall. Get Zone Alarm-Free Firewall from its official website: http://www.zonealarm.com Or CNET: http://download.cnet.com/ZoneAlarm-Free-Firewall/3000-10435_4-10039884.html After downloading, simply install it .Program installation was largely a smooth experience, taking about 5 minutes. Users will have to reboot their computers after its done. The e-mail checker built into the toolbar is compatible with Hotmail, Gmail, Yahoo, RR, Univision, and POP3 accounts. Unfortunately, there's no IMAP support.
Comodo Firewall
COMODO Firewall is a full featured and renowned firewall, free for personal use. It helps to protect your computer from unauthorized connections to and from the Internet. Homepage www.personalfirewall.comodo.com Alternatively you can grab Comodo free Firewall from CNET here: http://download.cnet.com/Comodo-Firewall/3000-10435_4-75181464.html Computer Requirements
GNU Linux, Mac OS and other Microsoft Windows Compatible Programs: GNU/Linux comes with a built-in firewall (netfilter/iptables: http://www.netfilter.org ) and very good network security setup. There are various user-friendly interfaces to the built-in firewall, we particularly recommend GUFW (Graphical Uncomplicated Firewall): https://help.ubuntu.com/community/Gufw
How to Install COMODO Firewall Overview of the COMODO Firewall Installation Installing COMODO Firewall is a relatively easy and quick procedure, divided into two stages: the first involves manually disabling the Windows Firewall, and the second is the actual COMODO Firewall software installation. Ideally, you should only use one firewall program for your computer system at any given time. If you are currently using another firewall on your computer, it must be uninstalled before you install COMODO Firewall, so as to eliminate potential software conflicts between similar types of programs.
How to Disable the Windows Firewall To disable the Windows Firewall program, perform the following steps: Step 1: Select Start > Control Panel > Windows Firewall to activate the Windows Firewall screen. Step 2. Check the Off (not recommended) option to disable the Windows Firewall as shown in Figure 1 below:
The Windows Firewall with the Off option enabled Step 3. Click to complete disabling the Windows Firewall.
How to Install COMODO Firewall Note: COMODO Firewall does not automatically uninstall older or previously existing versions of its software. It must be manually uninstalled it before you begin installing the latest version. To begin installing COMODO Firewall, perform the following steps: Step 1. Double click to begin the installation process. The Open File to activate the following
Security Warning dialog box may appear. If it does, click confirmation dialog box:
The Select the language confirmation dialog box Step 2. Click to activate the End User License Agreement. Please read the End User License Agreement before proceeding with the rest of the installation process, and then click to activate the Free Registration screen. Step 3: Do not enter your email address into the Enter your email address (optional) text field; simply click to activate the Extracting the Packages screen.
After the extraction process has been completed, the Firewall Setup Destination Folder appears. Step 4. Click to accept the default path and activate the Firewall security level selection screen, and then check the Firewall Only option as follows:
Definition of Firewall Security Level Options Each firewall security level option caters to users of different levels. Each option balances different kinds of protection with complexity of usage, as well as the number of security alerts you may receive. A brief description of each security level is provided as follows: Firewall Only mode: This option lets you run COMODO Firewall without the Defense + feature enabled. It readily identifies popular applications which are relatively safe (like web browsers and email clients); reducing the number of security alerts you may receive. It offers general explanations of why a particular alert screen has appeared. In addition, the actions to be undertaken are relatively simple. Firewall with Optimum Proactive Defense mode: This option combines the solid protection of the Firewall Only mode with the Defense+ feature enabled. Defense+ offers active protection against malware designed to circumvent different firewalls. The COMODO Firewall Alerts offer more in-depth explanations of why a certain application or request is being blocked and you have the option of partially isolating or 'sandboxing' a suspicious file or program. Firewall with Maximum Proactive Defense mode: This option combines the security of the Firewall with Optimum Proactive Defense option with 'anti-leak' protection against more 'passive' security threats, for instance details about open ports on your computer being sent over the Internet. The sandbox feature is fully automated. Step 6. Click to activate the COMODO Secure DNS Configuration screen, with the I would like to use COMODO Secure DNS Servers option enabled as follows:
Important: Although no Domain Name System (DNS) server is ever completely secure, the advantages of using the COMODO Secure DNS Servers outweigh the disadvantages. It offers additional protection from pharming and phishing, which are two popular methods used by malicious forces to 'hijack' or redirect your computer to a dangerous or hostile site. COMODO Secure DNS Servers may also protect you from government interference, while being easy to set up during the installation process, and by facilitating safer access to web sites which are registered with COMODO. For instance, accidentally typing in the wrong URL will activate a message from the COMODO Secure DNS Servers resembling the following:
A typical example of a COMODO Secure DNS Server notification Step 7. Click to activate the Ready to Install COMODO Firewall screen, and then
click to begin the installation process, and activate the Installing COMODO Firewall screen. After the installation process has been completed, it will activate the Completed the COMODO Firewall Setup Wizard screen. Step 8. Click to activate the Done confirmation screen, and then click activate the following confirmation dialog box: to
The Firewall Installer confirmation dialog box Step 9. Click installation procedure. to restart your computer, and complete the COMODO Firewall
After your computer restarts itself, the The New Private Network Detected! Screen appears as follows:
The COMODO Firewall New Private Network Detected! Screen Tip: If you are working in a LAN environment, simply check the I would like to be fully accessible to other PCs in this network option to enable file/folder/printer and/or Internet connection sharing. Step 10. Either type in a name in the Give a name to this network for your network text field or simply accept the default name offered as shown in Figure above. Leave the options listed under Step 2 - Decide if you want to trust the other PCs in this network unchecked, and then click to complete the installation. The COMODO Firewall desktop icon and the COMODO Firewall connectivity icon simultaneously appear with figure above. Before you connect to the Internet, the connectivity icon appears in the System Tray as follows:
The COMODO Firewall connectivity icon outlined in black in the System Tray Going online or launching on-line related programs (for instance, web browsers) will trigger a series of light orange downwards-pointing arrowheads and/or light green upwards-pointing arrowheads, indicating incoming and outgoing Internet connection requests, and are depicted as follows:
After COMODO Firewall has been running for a few moments, the COMODO Message Center pop-up message appears as follows:
The COMODO Message Center pop-up screen Note: Click the Learn more hyperlink to be directed to the COMODO forums community-based help. Tip: Right-click the COMODO Firewall connectivity icon in the System Tray (as displayed in figure 8) to activate the following pop-up menu and its associated sub-menus as follows:
The connectivity icon Configuration menu and sub-menu The connectivity icon menu lets you change the COMODO Firewall products you are using. Selecting the Configuration item activates the Manage My Configurations sub-menu where you can select either COMODO - Proactive Security or COMODO - Internet Security to enable the sandboxing feature. In addition, each product may have its security level adjusted from within the connectivity icon pop-up menu as follows: The connectivity icon Firewall Security Level sub-menu
How to Allow and Block Access Using COMODO Firewall Every time Comodo Firewall receives a connection request, it activates a pop-up Firewall Alert prompting you to either Allow or Block access to your system to and from the Internet. First try with a safe program such as Firefox: Remember my answer, will automatically allow or block connection requests from this program the next time it attempts to connect to your computer, based on whatever choice you have specified here. Enable the Remember my answer option if and only if you are completely sure of your decision. If you have either determined a request is unsafeclick to direct COMODO Firewall to deny access to your system.To open the COMODO Firewall main user interface. Select Start > Programs > Comodo > Firewall > Comodo Firewall. You may right-click the COMODO Firewall icon to activate its pop-up menu, and then select Open as follows:
The Comodo Firewall user interface in the default Summary mode Click to activate the corresponding detailed summary of the outbound requests at a given moment as follows:
Click to activate a similar Active Connections window for the inbound requests at a given moment.
Tip: Click to stop all inbound and outbound requests, if your Internet service suddenly slows down or stalls, and you have reason to suspect a malicious process or program is either downloading itself or in operation. Doing so immediately sets the Firewall operational mode to . Review the detailed summary in the Active Connections window to identify the possible source of the problem. After you are certain you have resolved the issue successfully, click processing inbound and outbound requests to COMODO Firewall and return to usual. to begin as
The Firewall Behavior Settings window lets you customize firewall security by using a variety of features and options, including the firewall security level, the number and type of security alerts received and packet analysis and monitoring.
Safe Mode: This mode is the default setting for the COMODO Firewall, including the Optimum Proactive Defense and Maximum Proactive Defense installations. Block All: This mode stops all Internet-related traffic and overrides any firewall configurations and rules you have specified. It will neither generate traffic rules for applications, nor record or 'learn' their behaviors.
Custom Policy: This mode applies only the user-defined COMODO Firewall security policies and network traffic policies that you have previously defined in the Firewall Tasks > Network Security Policy and the Defense+ Tasks > Computer Security Policy windows. The Defense+ system constantly monitors the activities of all executable files currently residing on your computer. An executable file is simply an application or program, or a part of it, and typically but not exclusively, is identified by the following file extensions: .bat, .exe, .dll, .sys, and others.
To manually enable the Defense+ system and activate the Defense+ Settings window, perform the following steps: Step 1. Click the Defense+ tab in the COMODO Firewall main user interface and then click
Paranoid Mode: This mode is the highest available level of security, and monitors all and any executable files apart from those you have specified as safe, including those on the Trusted Software Vendor list.
Information recovery
When losing information happens to you, it is extremely important that you already have an upto-date backup and a well-tested means of restoring it. First of all you should prevent to lose your information and make sure they are in safe place, free of malware and protected by a good firewall and strong passwords, but sometimes virus attacks, hackers, electrical short circuits, power spikes, water spills, theft, confiscation, demagnetization, operating system crashes and hardware failure, to name just a few. Preparing for disaster is just as important as defending against it. To make a backup policy, fist you should know where your information are located; home, office, or on the web such as your mail. The master copy is generally the most up-to-date version of a particular file or collection of files, and corresponds to copy that you would actually edit if you needed to update the content. Obviously, this distinction does not apply to files of which you have only one copy, but it is extremely important for certain types of information. One common disaster scenario occurs when only duplicates of an important document are backed up, and the master copy itself gets lost or destroyed before those duplicates can be updated. Imagine, for example, that you have been travelling for a week while updating the copy of a particular spreadsheet that you keep on your USB memory stick. At this point, you should begin thinking of that copy as your master copy, because the periodic, automated backups of the outdated version on your office computer are no longer useful. Write down the physical location of all master and duplicate copies of the information identified above. This will help you clarify your needs and begin to define an appropriate backup policy.
Defining your backup strategy Essentially, you need to make sure that each data type is stored in at least two separate locations. Electronic documents - Create a full backup of the documents on your computer using a program like Cobian Backup, which is described in more detail below and protect your electronic document backups using encryption
Program databases - Once you have determined the location of your program databases, you can back them up in the same way as electronic documents.
Email - Rather than accessing your email only through a web browser, install an email client like portable Thunderbird and configure it to work with your account. Most webmail services will
provide instructions on how to use such programs and, often, how to import your email addresses into them. You can learn more about this in the Further Reading section, below. Make sure that you leave a copy of your messages on the mail server, rather than just moving them over to your computer.
Mobile phone contents - To back up the phone numbers and text messages on your mobile phone, you can connect it to your computer using the appropriate software, which is generally available from the website of the company that manufactured your phone. You may need to buy a special USB cable to do this, however. As an alternative, you can use the phone to copy your text messages and contact information from your SIM card onto the phone itself, and then copy them onto a backup SIM card. This method can be particularly useful as an emergency backup solution, but remember to keep the extra SIM card safe. The ability to copy contact information and text messages between a mobile phone and its SIM card is a standard feature, but if your phone allows you to store this kind of information on a removable flash memory card instead, then backing it up may be even easier.
Printed documents - Where possible, you should scan all of your important papers, and then back them up along with your other electronic documents, as discussed above.
Creating a digital backup When backing up your electronic documents, you should remember to back up your program databases, as well as text files, word processing documents, presentations, PDFs and spreadsheets and multimedia files. Email stored by an application such as Thunderbird is a special example of a program database.
Storage devices
Compact Discs (CDs) CDs store around 700 Megabytes (MB) of data. These discs may begin to deteriorate after five or ten years. To create a backup you will need a CD burner and blank disc. Disc can be CD-RW to erase and updating files.
Digital Video Discs (DVDs) - DVDs store up to 4.7 Gigabytes (GB) of data and they can use with a DVD-RW burner and they have a lifespan similar to what is mentioned above for CDs.
USB memory sticks - A USB memory stick holds as much information as the capacity of the device allows. They are inexpensive widely available with more advantages than CDs or DVDs with life around 10 years.
Upload to remote server encryption of data before uploading to any remote server is mandatory and it but the speed and stability of your own Internet connection.
XP, 2003, Vista, 2008, Windows 7 Windows 95, 98 and ME are compatible with Cobian version 7 When archiving greater numbers of documents and files, you will benefit from using either a specialized program to backup files (like Cobian Backup) or a file synchronization tool. There are many tools for helping you like below: Freebyte Backup is a freeware backup program designed for Microsoft Windows; http://www.freebyte.com/fbbackup Unison File Synchronizer is a free and open source program for Microsoft Windows, Mac OS, and GNU/Linux; http://www.cis.upenn.edu/~bcpierce/unison
Allway Sync is a freeware Microsoft Windows files synchronization tool; http://allwaysync.com . It has a portable version too. FreeFileSync: http://freefilesync.sourceforge.net is a free and open source files synchronization tool for GNU/Linux and Microsoft Windows; Time Machine is a backup utility developed by Apple, included with Mac OS (version 10.5 and up); https://secure.wikimedia.org/wikipedia/en/wiki/Time_Machine_%28Mac_OS%29 Ubuntu GNU/Linux users please read Backup Your System guide describing tools you may use. https://help.ubuntu.com/community/BackupYourSystem
How to Install Cobian Backup Installation Note: Before you begin the installation process, verify that you have both the latest versions of the Microsoft Windows Installer and the Microsoft.NET Framework. Installing Cobian Backup is a relatively easy and quick procedure. To begin installing Cobian Backup, perform the following steps: Step 1. Double click ; the Open File - Security Warning dialog box may appear. If it
to activate the light blue Extracting the resource progress status bar, does, click followed a few moments later by the following screen:
Step 2. Click
to activate the Please read and accept the license agreement screen; again to activate the following screen:
The Select an installation directory window Step 3. Click to activate the following screen:
The Installation type and Service options window Step 4. Check the Use Local System account option in the Service options pane, so that your own resembles Figure above.
Important: This option ensures that Cobian Backup will be running silently in the background all the time, so that your backups will occur as scheduled. Step 5. Click to activate the following message prompt:
The Cobian Backup 10 message prompt Step 6. Click to activate the next installation screen, and then click continue with the installation process. to
Step 7. Click to complete the installation process. After the installation process has been completed, the Cobian Backup icon will appear in the Windows System Tray as follows:
How to Backup Your Directories and Files In this section you will learn how to perform a simple backup or archive of a specified files and/or folders. Cobian Backup uses a backup task which can be configured to include a specified group of files and/or folders. A backup task can be set to run on a specified day and time. To create a new backup task, perform the following step: Step 1. Click to create a new backup task, and activate the New task window as follows:
The New task pane The left sidebar lists a number of tabs and their associated screens - used to set different backup options and parameters - are displayed in the pane at right. All the options in the General tab are described below: Option Descriptions Task Name: This Task Name text field lets you enter a name for the backup task. Use a name that identifies the nature of the backup. For example, if the backup is going to contain video files, you could name it Video Backup. Disabled: This option must be left unchecked. Warning: Enabling the Disabled option will override the rest of the options, and prevent the backup task from running. Include Subdirectories: This option lets you include all the subdirectories/folders within a selected directory/folder for the backup task. This is an efficient method for backing up a large number of folders and/or files. As an example, if you select the My Documents folder and check this option, then all files and folders in My Documents will be included in the backup task.
Create separated backups using timestamps: This option lets you specify that the date and time of the backup task will be automatically included in the folder name containing your backup file. This is a good idea because it means that you will easily be able to identify when the backup was performed. Use file attribute logic: This option is only relevant when you choose to perform an incremental or differential backup (see below). File attributes contain information about the file. Note: The following option is only available for Windows OS versions more recent than and including Windows XP. Use Volume Shadow Copy: This option lets you backup files which are locked. Cobian Backup verifies this information to determine whether there has been a change in the source file from the last time a backup was performed. If you then run a Differential or Incremental backup, the file will be updated. Note: You will only be able to run a full or 'dummy backup' if you disable this option (the dummy backup option is explained below). Backup type Descriptions Full: This option means that every single file in the source location will be copied to your backup directory. If you have enabled the Create separated backups using timestamp option, you will have several copies of the same source (identified by the time and date of the backup in the folder title). Otherwise, Cobian Backup will overwrite the previous version (if any). Incremental: This option means the program will verify if the files selected for backup have been changed since the last backup was performed. If there has been no change, it will be skipped over during the backup process, saving backup time. The Use file attribute logic option needs to be checked in order to perform this backup. Differential: The program will check if the source has been changed from the last full backup. If there is no need to copy that file, it will be skipped, saving backup time. If you have run a full backup before on the same set of files, then you can continue backing it up, using the Differential method. Dummy task: You can use this option to get your computer to run or shut down programs at certain times. This is a more advanced option which is not really relevant to our basic backup procedure.
Step 2. Click
to confirm your search options and parameters for your backup task.
How to Create a Backup File To begin creating a backup file, perform the following steps: Step 1. Click in the left sidebar of the New task window to display a blank version of the following screen:
The New task (MyBackup) window displaying the Source and Destination panes Step 2. Select the files you want to back up. (In Figure above, the My Documents folder is selected.) Step 3. Click in the Source pane to activate the following menu:
The Source pane - Add button menu Step 4. Select Directory if you want to back up an entire directory, and Files to back up individual files. To specify individual files or directories to be backed up, select Manually, and type in the file path or directory for your backup.
Note: You can add as many files or directories as you like. If you wish to back up files currently on your FTP server, choose the FTP site option (you will need to have the appropriate server login details). When you have selected the files and/or folders, they will appear in the Source area. As you can see in Figure above, the My Documents folder is displayed there, meaning this folder will now be included in the backup task. The Destination pane specifies where the backup will be stored. Step 5. Click in the Destination pane to activate the following menu:
Step 6. Select Directory to open a browser window where you select the destination folder for your backup file. Note: If you want to create several versions of the backup file, you may specify several folders here. If you selected the Manually option, you must type in the full path to the folder where you want to keep the backup. To use a remote Internet server to store your archive, select the FTP site option (you will need to have the appropriate server login details). The screen should now resemble the example above example with file(s) and/or folder(s) in the source area and folder(s) in the destination area. However, don't click OK just yet! You still need to set a schedule for your backup. How to Schedule Your Backup Task For your automatic backup to work, you need to fill in the Schedule section. This section lets you specify when you want the backup to be performed. To set the schedule options, perform the following steps: Step 1. Select from the left sidebar, to activate the following pane:
The Properties for myBackup displaying the Schedule type pane The Schedule type options are listed in the drop-down menu, and described below: Once: The backup will be done once only at the date and time specified in the Date/Time area. Daily: The backup will be done every day at the time specified in the Date/Time area. Weekly: The backup will be done on the days of the week selected. In the example above, the backup will be done on Fridays. You may select other days also. The backup will be done on all days selected at the time specified in the Date/Time area. Monthly: The backup will be done on the days typed into the days of the month box at the time specified in the Date/Time area. Yearly: The backup will be done on the days typed into the days of the month box, during the month specified, and at the time specified in the Date/Time area. Timer: The backup will be done repeatedly at intervals specified in the Timer text box in the Date/Time area. Manually: You will have to run the backup yourself from the main program window.
The New task window displaying a configured Schedule type pane Once you have decided on a backup schedule, you have completed the final step. The backup will now run on the folders specified according to the schedule you have chosen. How to Compress Your Backup File Step 1. Create a backup task as documented in section How to Create a Backup File containing the backup files you want to archive. Step 2. Select follows: from the left sidebar to activate the New task screen as
The New task screen displaying the Compression and Strong Encryption panes The Compression pane is used to specify the method for compressing your backup. Note: Compression is used to reduce the amount of space for file storage. If you have a bunch of old files that you use only occasionally, but you still want to keep, it would make sense to store them in a format where they take up as little space as possible. Compression works by removing a lot of unnecessary coding out of your documents, while leaving important information intact. Compression does not damage your original data. The files are not viewable when compressed. The process must be reversed and your files 'decompressed' when you want to view the files again. The three sub-options in the Compression type drop-down list are: No Compression: This option does not perform any compression, as you would expect. Zip Compression: This option is the standard compression technique for Windows systems, and the most convenient. Archives once created can be opened with standard Windows tools (or you can download the ZipGenius: http://www.zipgenius.it program to access them). Selecting a compression type listed automatically enables the Split options section, and its corresponding drop-down list.
The Split options apply to storage on removable media, for example CDs, DVDs, floppy disks and USB memory sticks. The various split options will subdivide the archive into sizes that will fit onto your storage device of choice. Example: Let's say that you are archiving a large number of files, and you want to burn them to a CD. However, your archive size turns out to be larger than 700MB (the size of a CD). The splitting function will split the archive into pieces smaller than or equal to 700MB, which you can then burn onto your CDs. If you are planning to back up onto your computer's hard disk, or the files that you want to back up are smaller than the device you plan to store them on, you can skip this section. The following options are available to you when you click on the Split options drop-down list. Your choice will depend on the type of removable storage device available to you.
The Split Options drop-down list 3, 5" - Floppy disk. This option is big enough to perform backup of a small number of documents Zip - Zip Disk (check the capacity of the one you are using). You will need a special Zip Drive in your computer and the custom-made disks CD-R - CD disk (check the capacity of the one you are using). You will need a CD Writer in your computer and a CD writing program (see DeepBurner Free: http://www.zipgenius.it version or other disk burning tools: http://www.thefreecountry.com/utilities/dvdcdburning.shtml ). DVD - DVD disk (check the capacity of the one you are using). You will need a DVD Writer in your computer and a DVD writing program (see DeepBurner Free version or other disk burning tools). If you are backing up onto several USB memory sticks you may want to set a custom size. To do this, perform the following steps:
Step 1. Select the Custom size (bytes) option, then type the size of the archive in bytes into the text field as follows:
1KB (kilobyte) = 1024 bytes - a one-page text document made in Open Office is approximately 20kb 1MB (megabyte) = 1024 KB - a photo taken on a digital camera is usually between 1 - 3 MB 1GB (gigabyte) = 1024 MB - approximately half hour of a DVD quality movie Note: When choosing a custom size to split your backup for a CD or DVD disk, Cobian Backup will not copy the backup to your removable device automatically. Rather, it will create your archive in those files on the computer and you will need to burn them to the CD or DVD disk yourself. Password Protect: This option lets you enter a password to protect the archive. Simply type, and then re-type a password into the two boxes provided. When you try to decompress the archive, you will be asked for the password before the task commences. Note: If you want to secure your archive, you should think about using another method than a password. Cobian Backup lets you encrypt your archive. This will be covered in section, How to encrypt the Backup File. Alternatively, you may also refer to the Truecrypt Hands-on Guide to find out how to create an encrypted storage space on your computer or removable device. Comment: This option lets you write something descriptive about the archive, but it is not a requirement. How to Decompress Your Backup File To decompress your backup, perform the following steps: Step 1. Select > Tools > Decompressor as shown below;
The Tools menu displaying the Decompressor option The Decompressor window appears as follows:
The Cobian 10 Backup - Decompressor window Step 2. Click decompress. to open a browse window to enable you to select the archive you want to
Step 3. Select the archive (.zip or .7x file) and then click
Step 4. Select a directory into which you will unpack (output) the archived file. Step 5. Click archive. to open another window that lets you choose the folder in which to unpack the
About Encryption Encryption may be a necessity for those wishing to keep their backup secure from unauthorized access. Encryption is the process of encoding, or scrambling, data in such a way that it appears unintelligible to anyone who does not have the specific key needed to decode the message.
How to Encrypt Your Backup File The Strong encryption pane is used to specify the encryption method to be used. Step 1. Click the Encryption type drop-down box to activate its list of different encryption methods as follows:
To keep things simple, we recommend that you choose from either the Blowfish or the Rijndael (128 bits) methods. These will provide excellent security for your archive, and let you access the encrypted data with a chosen password. Step 2. Select the Encryption type you want to use. Note: Rijndael and Blowfish both offer approximately the same level of security. DES is weaker but the encryption process is faster. Step 3. Type and re-type the password into the two boxes provided as below.
The The Encryption type and Passphrase text fields The strength of the password is indicated by the bar marked 'Passphrase quality'. The further the bar moves to the right, the stronger the passphrase.
Step 4. Click .
How to Decrypt Your Backup File Decrypting your backup file is easy and quick. To decrypt your backup file, perform the following steps: Step 1. Select > Tools > Decrypter and Keys:The Tools menu with Decrypter and Keys item selected This will activate the Decrypter and Keys window as follows:
to select the archive you want to decrypt. to select the folder in which to store the decrypted archive.
Step 4. Select the same encryption type you selected in section How to Encrypt Your Backup File, in the Methods drop-down list.
The New Methods drop-down list Step 4. Select the appropriate encryption method (the one you used to encrypt your backup file). Step 5. Type your passphrase into the Passphrase text fields.
Step 6. Click
Recuva is an easy-to-use data recovery tool. It lets you scan for and retrieve previously deleted documents, files, folders and other information, including emails, images and video formats. Recuva also uses secure overwriting techniques for erasing important, private or sensitive information. A file deleed using the standard Windows operating system Delete function, even after the Recycle Bin has been emptied, might still exist on the computer. Recuva cannot recover files after programs like CCleaner or Eraser have been used to wipe free disk space. Homepage www.piriform.com/recuva Computer Requirements
All Windows Versions (Note: Support for Windows 98 has been discontinued.)
GNU Linux, Mac OS and other Microsoft Windows Compatible Programs: For GNU Linux users, we recommend R-Linux: http://www.r-tt.com/data_recovery_linux Mac OS users will appreciate TestDisk and PhotoRec: http://www.cgsecurity.org , which are also compatible with Microsoft Windows and GNU Linux. In addition to Recuva, there are other free file recovery programs compatible with Microsoft Windows that are well worth recommending:
NTFS Undelete : http://ntfsundelete.com Disk Digger : http://diskdigger.org PCInspector File Recovery : http://www.pcinspector.de/Default.htm?language=1 FileRestorePlus : http://undeleteplus.com
How to Download and Extract Recuva Portable To begin downloading and extracting Recuva Portable, perform the following steps: Step 1. Click http://www.piriform.com/recuva/download/portable to be directed to the appropriate download site, and automatically activate the following screen: Step 2. Click navigate to it. to save the installation file to your computer; and then
Make a folder with name Recuva Portable in your removable disk and extract portable version to activate the Portable Recuva wizard. there. Double click
Step 1. Click or select Start > Programs > Recuva > Recuva to launch the program, and activate the following screen:
The Welcome to the Recuva Wizard screen Tip: If you know the exact or even partial name of a file you would like to recover, click to go to the Piriform Recuva main user interface, and then follow the steps in section 3.2 How to Perform a Scan without Using the Recuva Wizard. Step 2. Click to activate the following screen:
The Recuva Wizard File type displays a list of different file types, and describes what files might be recovered when each option is enabled. Step 3. Check the Other option as shown in Figure above, and then click the following screen: to activate
Note: The default setting for the Recuva Wizard File Location screen is the I'm not sure option. This option will extend the scan to all drives as well as removable media, except CDs, DVDs and optical media. It may, therefore, require a longer time to generate results.Files are most frequently deleted from Recycle Bin in the Windows operating systems, to minimize the chance of your accidentally deleting private or sensitive information. Step 4. Check the In the Recycle Bin option as shown in Figure above, and then click to activate the following screen:
Note: For this exercise, do not enable the Deep Scan option. This scanning technique will be discussed in section How to Perform a Deep Scan. Step 5. Click to begin recovering your deleted files.
During the file recovery process, two progress status bars appear in quick succession. The Scanning the drive for deleted files progress bar lists the deleted files. The Analyzing the file contents progress bar groups and sorts the deleted files into file types and degree of recoverability. They also display the duration of the scanning and analysis processes. Your Piriform Recuva main user interface may then resemble the following screen:
The Piriform Recuva main user interface with deleted files The Piriform Recuva main user interface lists information about each deleted file, arranged in six columns. Each column is described as follows: Filename: This displays the name and file extension of the deleted file. Click the Filename title to arrange the deleted files in alphabetical order. Path: This displays where the deleted file was found. Given that the In the Recycle Bin option was enabled in this example, the file path is C:RECYCLER for all the deleted files. Click the Path title to view all the files listed under a particular directory or file path.
Last modified: This displays the last time the file was modified before it was deleted, and can be useful in helping to identify the file you would like to recover. Click Last modified to list the deleted files according to the oldest or most recent. Size: This displays the size of the file. Click Size to list the deleted files beginning with the largest or smallest deleted file. Status: This displays the extent to which the file is recoverable, and corresponds to the file status icons discussed in Figure 6 below. Click Status to sort the deleted files into the three basic categories, and list them from Excellent to Unrecoverable. Comment: This displays why a given file may or may not be recoverable, and the extent to which a deleted file has been overwritten in the Windows Master File Table. Click Comment to view the extent to which a file or group of files have been overwritten. Each file is associated with a colored status icon which indicates the extent to which each file can be successfully recovered:
The file status icons The following list describes each status icon:
Green: The chances for a full recovery are excellent. Orange: The chances for recovery are acceptable. Red: The chances for recovery are unlikely.
How to Perform a Scan without Using the Recuva Wizard To access the Recuva main user interface directly, (that is, not use the Recuva Wizard), perform the following steps:
Step 1. Click
or select Start > Programs > Recuva > Recuva to activate Figure 1.
Step 2. Check the Do not show this Wizard on startup option, and then click activate the following screen:
to
The Recuva main user interface The Piriform Recuva main user interface is divided into the results pane on the left and the Preview, Info and Header tabs in which to sort and view information about a specific deleted file. It lets you set certain scan options, similar to those in the Recuva Wizard. Step 3. Click to activate the drop-down list and select the drive to be scanned; the Local Disk (C:) is the default and used in this example as follows:
The hard drive drop-down list The Filename or path drop-down list lets you specify the kind of file you are looking for, and loosely corresponds to the Recuva Wizard File type screen displayed in the second Figure.
The File name or path drop-down list The Filename or path feature is a combination of a text box and drop-down list. It has two main uses: To let you directly search for a specific file, and/or to sort through a list of deleted files, according to file type. Alternatively, the Filename or path feature can be used to search for files of a specific type, or to sort through a general list of deleted files in the results pane. To begin scanning for a file of which all or part of the name is known, perform the following steps: Step 1. Type in the name or partial name of a file you would like to recover as follows (in this example, the file triangle.png is being scanned):
The File name or path drop-down list displaying triangle.png Tip: Click to reset the File name and path (which appear greyed out).
Step 2. Click to begin scanning for your deleted file(s); shortly thereafter, a screen will appear resembling the following:
The Recuva user interface displaying the triangle.png file in the Preview tab
How to Perform a Deep Scan Using Recuva The Enable Deep Scan option lets you conduct a more thorough scan; naturally, a deep scan takes a longer time, depending on your computer speed and the number of files you have. This option might prove useful if your initial scan does not display the files you would have liked to recover. Although a deep scan may even take hours depending on the amount of data stored on your computer, it may improve your chances of recovering the files you require. The Recuva Deep Scan option can be enabled either through checking the Enable Deep Scan option in the Recuva Wizard . Step 1. Click to activate the Options screen, then click the Actions tab as follows:
The Options screen displaying the Actions tab Step 2. Check the Deep Scan (increases scan time) option, then click Step 3. Click to begin scanning for deleted files using the Deep Scan option. As mentioned earlier, a deep scan can potentially take a few hours, depending on the size of your hard disk and computer speed: .
The Scan displaying the estimated number of hours required for a deep scan
An Introduction to the Options Screen In this section, you will learn how to use the different settings to successfully recover and overwrite your private or sensitive information in the Options screen. To configure these settings, perform the following steps: Step 1: Click to activate the following screen:
The Options screen displaying the General tab in default mode The Options screen is divided into the General, Actions and About tabs. The General tab lets you define a number of important settings, including Language (Recuva supports a spectacular 37 languages seamlessly), View mode and disabling or enabling the Recuva Wizard.
The View mode drop-down list The View Mode lets you select how you would like to view the deleted files, and can also be enabled whenever you right click a file in the Piriform Recuva.
List: This option lets you view the deleted files in a list as shown before. Tree: This option lets you view the directory path of deleted files in the form of an expandable tree.
Thumbnails: This option lets you view the deleted files as graphics or images where possible. Most importantly perhaps, the Advanced section of the General tab lets you set the number of times your data can be overwritten by random data to protect it from recovery by hostile or malicious parties. The Secure overwriting drop-down list displays four options for overwriting your private information. Its default mode is Simple Overwrite (1 pass) displayed in Figure above. A pass refers to the number of times your document, file or folder will be overwritten with random data to render it completely unreadable. Step 2: Select the DOD 5220.22-M (3 passes) option as follows:
The Secure overwriting drop-down list with the DOD 5220.22-M (3 passes) selected A single pass may prove quite effective in overwriting a given document, file or folder; however, there are parties with the resources and skills to recover a relatively light secure overwrite. Three passes is a solid balance between the time required to perform a secure overwrite, and the ability to recover that document, file or folder. Step 3. Click to save your General tab configuration options.
Show files found in hidden system directories: This option lets you display files in hidden system directories.
Show zero-byte files: This option lets you show you files that have little to no content, and which are basically irrecoverable. Show securely deleted files: This option lets you display files that have been securely deleted in the results pane. Note: If you have already used CCleaner or a similar program, it changes the filename to ZZZZZZZ.ZZZ when it securely deletes a file, for security reasons.
Deep Scan: This option lets you scan the entire drive for the deleted document or file; if previous scans have proven ineffective in locating your file, the Deep Scan may prove useful. However, it does require more time. Please refer to section How to Perform a Deep Scan Using Recuva. Scan for non-deleted files (for recovery from damaged or reformatted disks): This option lets you attempt to recover files from disks that may have sustained physical damage or software-related corruption.
Step 4. Select a destination and then click to create your recovery folder as shown in Figure below.
The Browse For Folder dialog box displaying the newly created folder on a removable device
Note: In this example, the folder for storing your recovered documents and files has been given an obvious label. However, keeping your digital privacy and security in mind, we encourage you to be more careful in labelling your own folder. Step 5. Click follows: to begin the file recovery process; a progress status screen appears as
The Recovering files progress status screen After the files have been recovered, a confirmation will appear resembling the following screen:
The Operation Completed screen Note: Recuva supports multiple file recovery. Simply check the check boxes of the files you would like to recover and perform steps 3 to 5. Now that you are comfortable with recovering a previously deleted file, you are ready to learn how to use the pop-up menu to perform multiple file recoveries and secure overwriting of files. How to Use the Pop-up Menu Recuva offers different options for selecting the documents, files or folders you would like to delete or securely overwrite.
Checking is generally used to quickly select several non-contiguous or separate files for recovery or secure overwriting. Highlighting is generally used to quickly select contiguous multiple files in a block or group for recovery or secure overwriting.
Right click on a deleted file displayed in the Recuva main to activate the following pop-up menu:
The pop-up menu Recover Highlighted: This item lets you recover all or any highlighted deleted file(s). Recover Checked: This item lets you recover a checked deleted file. Check Highlighted: This item lets you check a highlighted deleted file. Uncheck Highlighted: This item lets you uncheck a highlighted deleted file. As you recall, the View Mode can also be set in the General tab in the Options screen. This item lets you select how you would like to view the deleted files.
List: This option lets you view the deleted files in a list as in following Figure. Tree: This option lets you view the directory path of deleted files in the form of an expandable tree. Thumbnails: This option lets you view the deleted files as graphics or images where possible. Highlight Folder: This option lets you select multiple deleted files according to their directory path, and lets you perform the actions listed in the pop-up menu on them. Secure Overwrite Highlighted: This option lets you securely overwrite a highlighted deleted file. Secure Overwrite Checked: This option lets you securely overwrite a checked deleted file, changing its status icon to red.
How to Securely Overwrite a Deleted File To securely overwrite a deleted file, perform the following steps: Step 1. Check the individual file you would like to have securely overwritten, and then right click the check box it to activate the pop-up menu. Step 2. Select to activate the following confirmation dialog box:
The Secure overwrite confirmation dialog box Step 3. Click to begin the overwriting process; depending on the size and status of the file as well as the Secure overwriting option you selected in the General tab in the Options screen, this could take some time. After the overwriting process has been completed, a screen resembling the following appears:
The Operation complete screen You have successfully completed recovering and securely overwriting files using Recuva previously deleted files.
Deleting information
From a purely technical perspective, there is no such thing as a delete function on your computer. Of course, you can drag a file to the Recycle Bin and empty the bin, but all this really does is clear the icon, remove the file's name from a hidden index of everything on your computer, and tell Windows that it can use the space for something else. Until it actually does use that space, however, the space will be occupied by the contents of the deleted information, much like a filing cabinet that has had all of its labels removed but still contains the original files. This is why, if you have the right software and act quickly enough, you can restore information that you've deleted by accident, as discussed before. You should also keep in mind that files are created and insecurely deleted, without your knowledge, every time you use your computer. Suppose, for example, that you are writing a large report. It may take you a week, working several hours each day, and every time the document is saved, Windows will create a new copy of the document and store it on your hard drive. After a few days of editing, you may have unknowingly saved several versions of the document, all at different stages of completion. Windows generally deletes the old versions of a file, of course, but it does not look for the exact location of the original in order to overwrite it securely when a new copy is made. Instead, it simply puts the latest version into a new section of the metaphorical filing cabinet mentioned above, moves the label from the old section to the new one, and leaves the previous draft where it was until some other program needs to use that space. Clearly, if you have a good reason to destroy all traces of that document from your filing cabinet, removing the latest copy is not going to be enough, and simply throwing away the label would be even worse.
Remember, too, that computer hard drives are not the only devices that store digital information. CDs, DVDs, USB memory sticks, floppy disks, flash memory cards from mobile phones and removable hard drives all have the same issues and you should not trust a simple delete or rewrite operation to clear sensitive information from any of them.
Eraser is a free and open-source secure deletion tool that is extremely easy to use. You can wipe files with Eraser in three different ways: by selecting a single file, by selecting the contents of the Recycle Bin, or by wiping all unallocated space on the drive. Eraser can also wipe the contents of the Windows swap file, which is discussed further below. Always make sure you have a secure backup before wiping large amounts of data from your computer. Wiping temporary data The feature that allows Eraser to wipe all unallocated space on a drive is not as risky as it might sound, because it only wipes previously-deleted content. Normal, visible files will be unaffected. On the other hand, this very fact serves to highlight a separate issue: Eraser cant help you clean up sensitive information that has not been deleted, but that may be extremely well-hidden. Files containing such data may be tucked away in obscure folders, for example, or stored with meaningless filenames. This is not a major issue for electronic documents, but can be very important for information that is collected automatically whenever you use your computer. Examples include:
Temporary data recorded by your browser while displaying WebPages, including text, images, cookies, account information, personal data used to complete online forms and the history of which websites you have visited. Temporary files saved by various applications in order to help you recover should your computer crash before you can save your work. These files might contain text, images, spreadsheet data and the names of other files, along with other potentially sensitive information. Files and links stored by Windows for the sake of convenience, such as shortcuts to applications you have used recently, obvious links to folders that you might prefer to keep hidden and, of course, the contents of your Recycle Bin should you forget to empty it. The Windows swap file. When your computer's memory is full, for example when you have been running several programs at the same time on an older computer, Windows will sometimes copy the data you are using into a single large file called the swap file. As a result, this file might contain almost anything, including WebPages, document content, passwords or encryption keys. Even when you shut down your computer, the swap file is not removed, so you must wipe it manually. In order to remove common temporary files from your computer, you can use a freeware tool called CCleaner, which was designed to clean up after software like Internet Explorer, Mozilla Firefox and Microsoft Office applications (all of which are known to expose potentially sensitive information), as well as cleaning Windows itself. CCleaner has the ability to delete files securely, which saves you from having to wipe unallocated drive space, using Eraser, after each time you run it.
Create an encrypted backup of your important files, as discussed before. Close down all unnecessary programs and disconnect from the Internet. Delete all unnecessary files, from all storage devices, and empty the Recycle Bin Wipe temporary files using CCleaner. Wipe the Windows swap file using Eraser. Wipe all of the free space on your computer and other storage devices using Eraser. You might need to let this procedure run overnight, as it can be quite slow.
Periodically using CCleaner to wipe temporary files Wiping sensitive electronic documents using Eraser, instead of using the Recycle Bin or the Windows delete function Periodically using Eraser to wipe the Windows swap file Periodically using Eraser to wipe all unallocated space on your hard drives, USB memory sticks, and any other storage devices that may have had sensitive information deleted from them recently. This might include floppy disks, rewritable CDs, rewritable DVDs and removable flash memory cards from cameras, mobile phones or portable music players.
Portable Eraser
Portable Eraser is used to permanently delete sensitive data. It can also wipe a digital storage device of all recoverable data.
Differences between Installed and Portable Versions of Eraser Given that portable tools are not installed on a local computer, their existence and use may remain undetected. However, keep in mind that your external device or USB memory stick, and portable tools are only as safe as the computer you are using, and may risk being exposed to adware, malware, spyware and viruses. Portable Eraser does not require the .Net Framework in order to run, and the extraction and installation time required is minimal. Aside from that, there are no other differences between Portable Eraser and the version designed to be installed on a local computer.
How to Download and Extract Portable Eraser To begin downloading and extracting Portable Eraser, perform the following steps: Step 1. Click http://portableapps.com/apps/utilities/eraser_portable to be directed to the appropriate download site.
Step 2. Click Step 3. Click to save the computer; then navigate to it.
Step 4. set your destination to removable disk and install the content there like below:
How to Configure Eraser Note: It is recommended that you overwrite the data at least three times. Tip: Each overwrite or pass takes time and therefore, the more passes you make, the longer the erasing process will take. This will be especially noticeable when erasing large files, or wiping free space. The number of passes can be set by accessing the Preferences: Erasing menu. Step 1. Select > Edit > Preferences > Erasing... as follows:
The Eraser [On-Demand] screen displaying the Edit menu options The Preferences: Erasing window appears as follows:
The Eraser Preferences: Erasing window The Preferences: Erasing screen describes how the files are to be overwritten. Description: This column lists the name of the overwrite procedure.
Passes: This column lists how many times the data will be overwritten. In this example, we will overwrite our data using the Pseudorandom Data method. By default, only one pass is made when using this option. However, for extra security we will increase the number of passes. Step 2. Select the # 4 Pseudorandom Data option as shown in Figure above. Step 3. Click to activate the Passes screen as follows:
The Eraser Passes screen Step 4. Set the number of passes to between three and seven (remember the time/security tradeoff). Step 5. Click to return to the Passes screen.
The Eraser Erase screen with pane showing item 4 selected Tip: Make sure the check boxes labeled Cluster Tip Area and Alternate Data Streams are checked as follows (they are checked by default):
The Eraser Cluster Tip Area and Alternate Data Streams check boxes in default mode
Cluster Tip Area: A computer hard disk is divided into small segments called 'clusters'. Usually, a file spans several clusters, and often a file will not completely fill the last cluster. The unused space on this last cluster is called the cluster tip area. This cluster tip area may contain sensitive information from the other file that was written over this cluster before and occupied more of the cluster. Information from a cluster tip may be readable by a data recovery specialist. So, check the Cluster Tip Area check box for greater security. Alternate Data Streams: When a file is stored on your computer, it may come in different parts. For example, this text contains both text and images. These would be stored on your computer in different locations or 'streams'. So, check the Alternate Data Streams check box to ensure that all data associated with the file is deleted. Step 6. Click .
You have now set the overwrite method for Eraser to wipe files. You should also set the same options for the Unused Disk Space feature that appears on the next tab in the Preferences: Erasing screen. However, you may set the number of passes to a reasonable figure -- taking into consideration that a free-space wipe will take around two hours per pass.
How to use Eraser in Windows Explorer It is common for people to use Eraser through the My Computer Windows Explorer programs, rather than through the Eraser program itself. Step 1. Open a folder containing a file you want to delete permanently. Step 2. Right-click on this file. Two new options appear on the pop-up menu, Erase and Eraser Secure Move as follows:
We are going to use the Erase option to permanently delete this file. Step 3. Select the Erase item from the menu, as shown in Figure above. The Confirm Erasing pop up dialog box will appear as follows:
The Confirm Erasing pop up dialog box If the file displayed in the pop up dialog box is the one you want to delete permanently, perform the following step: Step 4. Click to permanently erase or wipe the file from your computer.
Warning: Any file deleted in this manner with be irretrievably and permanently deleted. Therefore, you must be completely sure that you really want to erase a particular file, or group of files. To securely move a file/s from one location to another (for example, from your computer to a USB memory stick): Step 5. Select You will need to answer the same warning prompt, as above, to continue.
How to Wipe Unused Disk Space Erasing unused disk space involves wiping all traces of previously existing files from the 'empty space' of your hard drive/portable storage device. This empty space usually contains files that were not deleted properly . Step 1. Select Start > Programs > Eraser > Eraser Tip: You can perform the wiping task on demand or you can schedule it to occur at a specified time. Important: This process could take between 2 and 5 hours to complete and will slow your computer down while it operates. It is a good idea to run or schedule the free space wipe when you are not using your computer (or have gone home/to bed for the night).
How to use the On-Demand Task To create an On-Demand task for wiping unused disk space, perform the following steps: Step 1. Click Step 2. Select File > New Task as follows:
Selecting a New Task in the File menu The Unused space on drive option should be selected. Step 3. Choose the drive you want to clear the free space on. (In this example, the Local Disk (C:) has been selected. This is usually the primary hard drive on most computers.)
The Eraser Task Properties screen Step 4. Click interface. to create, and then run the task which will appear in the Eraser user
Step 6. Select Run to activate the Eraser pop up dialog box as follows:
The Eraser progress status window displays the wiping process on the unused disk space as follows:
How to Use the Scheduler Feature Since we may not always remember to do this kind of computer 'housekeeping', Eraser has an option that lets you schedule a wiping task so that it runs at an appointed time every day, or one day per week. Step 1. Click in the Eraser main screen.
Step 2. Select File > New Task as follows: Selecting a New Task in the File menu
Step 3. Set these options as outlined in section How to Use the on-Demand Tasks Option.
The Eraser Task Properties screen displaying the Schedule tab Step 4. Click the Schedule tab to activate its associated pane with two configurable settings:
The Eraser Schedule tab Step 5. Select day or event item that best suits your needs from the Every drop-down list.
Step 6. Enter the time that best suits your needs in the At timer, which can only be entered in a 24-hour format. Step 7. After you have set a time and day, click The scheduled task will appear as follows: .
The Eraser Scheduled task list Note: The computer must be switched on for the scheduled task to run.
How to Remove a Task After you have run either an on-demand task or a scheduled task, you may want to remove it from your task list.To remove an on-demand task, perform the following steps: Step 1. Click to display its corresponding task list as follows:
Step 2. Select the task you want to remove, as shown in Figure above. Step 3. Right-click to activate the pop-up menu and select the Delete item to remove the task from the task list. (Alternatively, you may click located beneath the Eraser menu bar.
The process for removing a Scheduled Task is almost identical. To remove a scheduled task, perform the following step: Step 1. Click , and then repeat steps 2 and 3, as described in this section.
How to Erase the Windows Recycle Bin Eraser also allows you to erase any traces of documents you may have deleted from the Windows Desktop Recycle Bin.To access this feature, perform the following steps: Step 1. Right click anywhere on the Recycle Bin icon to activate the Eraser pop-up menu as follows:
The Eraser pop-up menu for the Recycle Bin Step 2. Select the appropriate item from the pop-up menu to begin erasing your Recycle Bin.
After confirming, there your file goes. Depending on the size of the file this can take a while
GNU Linux, Mac OS and other Microsoft Windows Compatible Programs: On the GNU/Linux, the secure-delete package can be used from the terminal: securely-delete to either securely delete files and folders, or wipe free space on the disk. Secure-delete can also be integrated with a graphical file manager: secure-delete option to nautilus file manager in Linux. ****************************************** Installation secure-delete for Linux Installation of secure-delete is easy. Since this tool is a command-line only tool, I will show you how to install it from the command line. Here are the steps. 1. Open up a terminal window. 2. Issue the command sudo apt-get install secure-delete. 3. Type your sudo password (thats your user password, in case you werent aware) and hit Enter. 4. Allow the installation to complete. You now have secure-delete installed on your machine and ready to start trashing those files and folders. Deleting a file Lets say you have a file in your home directory (~/) called secret_stuff.txt. To delete this with secure-delete you would use the srm command (secure remove). To do that you would issue the command like so:
srm ~/secret_stuff.txt That file is now VERY gone. Dont expect the removal of the file to be as fast as it would with the rm command. Why does it take longer? When you issue the srm command on a file, securedelete does the following: 1. 2. 3. 4. 5. 1 Pass with 0xff. 5 Random passes. 27 Passes with special values defined by Peter Gutmann (a leading cryptographer). Rename the file to random value. Truncate the new file.
Between each pass the file is also opened by O_SYNC mode and then an fsync() call is made.
Deleting a folder Deleting a folder is as simple as deleting a file. Lets say you have the folder ~/secret_stuff that needs to be deleted for good. To do this with srm you would use the -r (recursive) switch like so: srm -r ~/secret_stuff Depending upon the size and the amount of the directory contents, the deletion will take some time. Clearing free space If you have installed and re-installed OSes on your computer, you could very easily have residual files remaining in the free space of your current installation. You can ensure that space is free of any traces of files or folders with the command sfill. There are two things about this command you need to know: You have to have admin rights (so you have to use sudo) and you have to know the mount point of the free space. This command is very slow, so make sure you give it plenty of time to run. Lets say you have a drive attached to your machine that has been used a number of times and is mounted to /media/external. To completely clean out the free space on this drive you would issue the command: sudo sfill /media/external After some time the free space on that particular drive would be completely free of any trace of directories or files. http://www.ubuntugeek.com/tools-to-delete-files-securely-in-ubuntu-linux.html
*********************************
Once installed, you can configure the new menu option. Configure the new menu option Now you should have an option in the Preferences menu called Nautilus Actions Configuration. This will allow you to specify the new option for securely deleting files from the file manager. Click the define new action button (or select it from the file menu). Specify the information as shown below (feel free to use whatever text you want as the label and tooltip; this is up to you!):
Next, click the Command tab. This is where youll specify what the new menu item will actually do when its clicked. As you see below, I am using the shred program as my securedelete method, which is located at /usr/bin/shred. For the parameters, I need to specify -u in order to have shred delete the file once its been overwritten.
Clicking the legend button shows that the option to pass a list of files to the command line is %M. So my full parameters string becomes -u %M. You should feel free to customize the command however you like, by reading the manager for the command you are using, and by referencing the legend to figure out which substitution strings to use. For example, you might want to use the -z option for shred, which will use a final pass of zeros, to hide that the file has been shredded, or the -n option to specify the number of passes to use. Finally, youll want to set the conditions under which the menu item appears. In the Conditions tab, Ive selected for the secure delete option to appear only when files are selected, and to allow it to be used on multiple files at once. Here is how my Conditions tab looks:
With that, double-check that youve entered everything correctly, and click Save in the file menu. Test it out Thats all you need to do the only thing left is to test that it works. Find some files you want to shred, or create a few dummy files (obviously dont use this on data you need to keep!). you
can use a bash for loop to create a few test files, and then opened Nautilus to the directory where you put them.
Selecting them all and right-clicking, I see the secure deletion option. Clicking it and watching in top shows that it is working correctly. Those files are gone! You can use this for anything! The nautilus-actions utility can be used for more than just adding secure-deletion options to the file manager; you can use it to execute any command-line operation you want
Basic Syntax The for loop is useful when you want to repeat an operation multiple times, for example, on multiple files, or for multiple inputs. The basic syntax of the for loop is as follows; you can type each line into your shell one line at a time: for x in $y do some_command done Lets examine this a little more closely. On the first line, we the for statement, which says that, for every item in variable $y, which presumably is a list of items, make the variable x equal to that item in $y. The for loop will then execute all the commands between do and done, once for each item in $y. To see what this actually does, you can build a very simple for loop:
for x in 1 2 3 4 5 do echo Hello, world, ${x} times done The output of this will be simply, Hello, world, 1 times Hello, world, 2 times Hello, world, 3 times Hello, world, 4 times Hello, world, 5 times In reality, this is how it should appear in your terminal:
Not a very useful loop, but now you can see how the basics work.
A more useful loop Once you understand the fundamental structure of the for loop, it is easier to build a useful command. For example, lets say that you want to rename a bunch of files in some predictable manner; perhaps, you want to move all the .txt files to .txt.old. It would take a very long time to do this with the GUI, and probably just about as long with the command line if you didnt use a loop. But the for loop makes it trivial: for eachTxtFile in *.txt do mv ${eachTxtFile} ${eachTxtFile}.old done The above snippet will rename all files that are in the current directory, and end with .txt, to their current name, with .old appended. Now what would have taken a significant amount of tedious labor in the GUI is done in just a few seconds, because youve used a simple for loop. For loop ranges Sometimes you want to repeat a certain command several times, like in the above hello world example, but more times than youd like to type out. Bash has a built-in function for this, which
allows you to specify a range to act on. For example, the above Hello World example can be simplified, using a range: for eachNumber in {1..5} do echo Hello, world, ${x} times done Or, perhaps you want to create a thousand files. This might take all day by hand, but automating it with a for loop can complete the task in just a second: for eachNumber in {1..1000} do touch $eachNumber done These are all very basic loops, but you can probably see how they can quickly become huge time-savers.
Shred is installed in Ubuntu by default and can delete single files. Wipe is not installed by default but can easily be installed with using Ubuntu Software Center or if you understand the command line you can install it with apt-get install wipe. Wipe is a little more secure and has nicer options. It is possible make access to these program's easy by adding it as an extra menu option To add the securely wipe option, it's required to install these two programs wipe and nautilusactions If the two programs are installed follow the following steps. If they are not installed use the Ubuntu Software Center to install them or on the command line simply type apt-get install nautilus-actions wipe Open the "Nautilus Actions Configuration" from the System -> Preferences menu
We have to add a new action. To do this, start clicking on the "create new action button", the first option in the toolbar
Next is describing the new action. You can give the action every name you wish. Fill out this title in the "Context label" field. In this example we used "Delete file securely"
Click on the second tab ("Command"), here is how we specify the action we want. In the field "Path", type "wipe" In the field parameters type "-rf %M" Please be sure about the capitalization of all characters here, this is very important.
Next is specifying the conditions, click on the conditions tab and choose the option "Both" in the "Appears if selection contains..." box. With this option you can wipe both files and folders
securely. If done, click the save button (second item on the icon bottom toolbar) or use the menu File->Save
Now close the Nautilus Actions Configuration tool. Unfortunately, after this, you have to relogin into your system, so ether reboot or logout/login.
Now browse to the file you want to securely delete and right click:
Choose 'Delete File Securely'. The file will then be wiped 'quietly' - you do not get any feedback or notice that the process has started or stopped. However the process is underway. It takes some time to securely delete data and the bigger the file the longer it takes. When it is complete the icon for the file to be wiped will disappear. If you would like to add some feedback you can change the parameters field in Nautilius Actions Configuration tool to this: -rf %M | zenity --info --text "your wipe is underway please be patient. The icon of the file to be wiped will disappear shortly." The above line will tell you the process is underway but you will not know the file is deleted until the icon disappears.
3. Three options will appear, from top to bottom more secure, but also they take much more time to complete. Read the descriptions on each one of them to get an idea from what will happen if
you use them and then choose which one might suite your needs the best and click 'Erase free Space'. If time is no issue, then use the most secure method and enjoy your free time to get a good coffee while you Mac crunches away on this task. If the crooks are already knocking on your front-door you might want to use the fastest way.
Securely Erasing Files Now that your previously deleted data is once and for ever securely erased you should make sure that you don't create any new data that might be recovered at a later date. 1. To do this open the finder preferences under the Finder Menu.
2. Go to the advanced tab and tick 'Empty trash securely'. This will make sure that every time you empty your trash all the items in it will be securely deleted and are really gone!
Note: Deleting your files securely will take longer than just deleting them. If you have to erase big portions of unimportant data (say your movie and mp3 collection) you may want to uncheck this option before doing so.
All Windows Versions GNU Linux, Mac OS and other Microsoft Windows Compatible Programs Another excellent temporary file removal and shredder tool compatible with GNU Linux and Microsoft Windows is BleachBit: http://bleachbit.sourceforge.net . BleachBit lets you wipe temporary files in 70 of the most popular applications, operating system temporary files and free hard disk space. An open-source program with a portable version, BleachBit is available in 32 languages. Ubuntu Linux users can also refer to the Cleaning up all those unnecessary junk files http://ubuntuforums.org/showthread.php?t=140920 guide to learn about cleaning your system. Mac OS users will appreciate free tools from Titaniums Software, OnyX and Maintenance: http://www.titanium.free.fr to erase traces of your work session. To securely wipe your Trash, open the Finder menu and then select Finder > Secure Empty Trash.... To always securely wipe your Trash, select Finder > Preferences and then click the Advanced tab. Next, check the Empty Trash securely option. To wipe free space on the disk, run the Disk Utility system application, select the disk partition, choose Erase tab, and then click the Erase Free Space.. button.
Things you should know about this tool before you start The default settings on your computer system or an Internet browser automatically collect and create a data trail that a knowledgeable hostile or malicious party can follow - not unlike a hunter with its prey. Every time you use an Internet browser or word processor, or program, temporary data and files are generated and stored on your computer system. It could also generate lists of recently viewed documents or web pages. For example, whenever you type a web address into your Internet browser, a list of those addresses beginning with that/those letter(s) may be displayed as follows:
An Internet browser address bar displaying different URLs. Although browser histories may be convenient, they also let someone identify the web sites you have visited. Moreover, your recent activities may be exposed by temporary data collected from images that appear on those web sites, including email messages or information typed into Internet forms. To remove temporary data created every time you use a program, you would have to open each individual program directory, identify and then manually delete its temporary program files from there. CCleaner simply displays a list of programs and lets you choose the program(s) from which all temporary files should be deleted. Important: Although CCleaner only erases temporary files, and not the actual documents saved on your computer
Portable CCleaner
There are no other differences between Portable CCleaner and the version designed to be installed on a local computer. Step 1. Click http://www.piriform.com/ccleaner/download/portable to be directed to the appropriate download site. Step 2. Click to save the installation file to your computer
Step 3. Set your destination to removable disk and install the content there like below:
The CCleaner program extracted to the destination folder on a designated external hard drive Step 9. Double click to launch Portable CCleaner.
How to Configure CCleaner To configure CCleaner, perform the following steps: Step 1. Either click CCleaner console. or select Start > Programs > CCleaner to activate the Piriform
Step 2. Click
The Options window displaying the default About pane Step 3. Click to activate the Settings pane. The Settings pane lets you choose the language you are most comfortable working in, and determine how CCleaner will delete temporary files and wipes drives. Note: The Secure Deletion section appears with the Normal file deletion option enabled. Step 4. Click the Secure file deletion (Slower) option to enable the drop-down list. Step 5. Expand drop-down list and select the DOD 5220.22 M item from the Secure file deletion (Slower) option to resemble the following screen:
After you have set this option, CCleaner will overwrite the files and folders you have selected for deletion with random data, effectively wiping them from your hard disk. The passes in the Secure deletion drop-down list, refer to the number of times your data will be overwritten by random data. The greater the number of passes selected, the more times your document, file or folder will be overwritten with random data. This reduces the recoverability of that document, file or folder, but increases the length of time required by the wiping process.
to activate
The Cleaner window is divided into two panes, the left pane displaying the Windows and Application tabs and the right pane featuring an empty space to display information or results from a given cleaning operation. The Analyze and Run Cleaner buttons are located beneath that space.
The Windows and Applications tabs with all options checked Note: By using the following steps, you will delete temporary files for the items you have checked in both the Windows and Applications tabs. Given that different users have different programs installed on their computer, your own list of applications may vary somewhat from the example in Figure above.
Step 3. Scroll down the Windows and Applications tabs and check all the options in the Advanced section too. As you check some of the options, a warning confirmation dialog box appears, explaining what each option will affect:
An example of a Warning confirmation dialog box Note: Check all the options in the Windows and Applications tabs to enable a full and thorough cleaning of the temporary files. However, it is essential that you understand what kind of configurations and settings are being deleted. Warning: By checking the Wipe Free Space option, you will significantly extend the amount of time required for the cleaning process; as such, ensure you have at least an hour or more for this. Step 4. Click available for deletion. to generate and view a list of the different temporary files
Tip: Close all other programs before you begin the cleaning process. If you leave them open, CCleaner may not remove all the temporary files associated with those programs, and you may receive pop-up notices resembling figure below.
An example of a notice to close Firefox/Mozilla Step 5. Click to continue listing the files for deletion.
An example of a list of temporary files for deletion Note: CCleaner only deletes the temporary files generated whenever you use an application and not the application itself. In Figure above for example, the Applications Office 2003 program suite remains installed on the computer, but its temporary files have been deleted. However, to use CCleaner to uninstall a program, please refer to Advanced Options, FAQ and Review, section How to Uninstall Programs Using CCleaner. Step 6. Click following screen: to begin deleting these temporary files, and activate the
Step 7. Click to delete these temporary files as follows; after the deletion has been completed, the results displayed may resemble the following screen:
You have now successfully deleted your temporary files from both the Windows and Applications tabs using CCleaner.
Before You Begin CCleaner also lets you clean the Windows Registry, a database which stores configuration information, and hardware and software settings on your system. Every time you alter basic system configuration information, install software or perform other routine tasks, these changes are reflected and stored in the Windows Registry. Over time; however, the Windows Registry accumulates outdated configuration information and settings, including traces of obsolete programs. The CCleaner Registry option lets you scan and remove such information, improving the overall function and speed of your system, as well as protecting your digital privacy and security. Tip: A scan of the Windows Registry should be performed on a monthly basis.
Step 1. Click
The CCleaner Registry window is divided into a Registry Cleaner list, and a pane used to display information about any problems identified. Step 2. Check all the items in the Registry Cleaner list, and then click to begin scanning for registry-related problems to be fixed; after some time, your results may resemble the following:
The results pane displaying a list of problems to be fixed As a precautionary measure before you begin fixing the Windows Registry, you will be prompted to save a backup file of your registry. If a problem occurs after the Windows Registry has been cleaned, you may restore the Windows Registry to its original state using this backup file. Step 3. Click to activate the following confirmation dialog box as follows:
The confirmation dialog box Note: If you forget where you have stored your backup registry file, simply perform a search for a .reg file extension.
Step 4. Click
The Save As location browser Step 5. Click following dialog box: after you have chosen a location for your backup file, to activate the
The Fix Issue/Fix All Selected Issues dialog box Advanced or expert level users will appreciate the ability to fix some problems and ignore others, depending on their requirements. Average users and beginners are recommended to simply fix all the selected issues.
or
The Windows Registry has now been successfully cleaned. Tip: Repeat steps 3 to 6 until you no longer see any problems to be fixed.
How to Recover Your Registry Backup File If you suspect that cleaning the Windows Registry has caused a problem with the functioning of your system, the registry backup file you already created can be used to restore the original registry and reduce interference with your system. To restore the original registry, perform the following steps: Step 1. Select Start > Run to activate the Run confirmation dialog box and then type in regedit as follows:
The Run confirmation dialog box Step 2. Click to activate the following screen:
The Registry Editor Step 3. Select File > Import from the menu bar to activate the Import Registry File screen, and . then select Step 4. Click to activate the following confirmation dialog box:
Another Registry Editor dialog box confirming the registry backup file has been restored Step 5. Click to complete the restoration of the registry backup file.
Advanced Options Two CCleaner features which could improve the overall efficiency of your computer system are the Uninstall and Startup features are described in the sections that follow. Also, you will learn how to permanently delete or wipe any free space on a specified drive.
How to Uninstall Programs Using CCleaner Important: Make sure the program to be deleted or uninstalled is not essential to the proper functioning of your computer system before you begin doing so. By deleting unused or unwanted previously installed software before running CCleaner, you may also remove their temporary files and folders. This may reduce the number of temporary files and folders to be deleted, as well as the length of time for the cleaning process. The CCleaner Uninstall feature is the equivalent of the Microsoft Windows Add or Remove Programs feature. The Uninstall feature lists the programs more clearly and quickly. To begin uninstalling obsolete programs, perform the following steps: Step 1. Either click CCleaner console. or select Start > Programs > CCleaner to activate the Piriform
Step 2. Click
The Tools option displaying the Uninstall pane Step 3. Select a program from the Programs to Remove list, and then click uninstall the selected program. to
Tip: Advanced or experienced users will find the Rename Entry and Delete Entry features useful in keeping the existence of certain software private. Either feature ensures only you know about the existence of this program, keeping it safe from hostile or malicious parties which may use the Microsoft Windows Add/Remove Programs feature or CCleaner to view them. Step 4. Click to rename that program. Alternatively, click delete a program from that list, but without actually uninstalling it. How to Disable Auto-Start Programs in CCleaner An auto-start program is configured to automatically start itself whenever you turn your computer on. Auto-start programs may start making demands on finite system resources, and slow down your computer at start-up time. to
Step 2. Click
The Tools option displaying the Startup pane Step 3. Select a program from those listed in the Startup pane and then click to disable the program so it does not automatically start running when you turn on your computer.
How to Wipe Free Disk Space Using CCleaner In the Windows operating system, deleting a file merely removes a reference to that file, but may not remove its actual data. Although the area of that drive will eventually be overwritten with new files over time, a knowledgeable individual could rebuild either all or sections of that file. However, you can prevent this from happening by wiping the free space on your hard disk. CCleaner also lets you wipe the Master File Table. The Master File Table (MFT) is an index of all file names, their locations, and other information. When Microsoft Windows deletes a file it only marks the index entry for that file as deleted for reasons of efficiency. The MFT entry for the file and the content of the file continue to reside on the hard disk. Note: Performing a hard disk and Master File Table wipe consumes a considerable amount of time, and the amount of time required depends on the number of passes set. Before you can begin wiping the empty spaces on your hard disk and Master File Table, certain options must be set in both the Options > Settings and Cleaner panes.
To set the drive you would like to wipe, perform the following steps: Step 1. Scroll down the list to check both the Secure Deletion and Secure file deletion (Slower) options, and then select if you have not already done so.
Step 2. Click
Step 3. Check the Wipe Free Space drives and Wipe MFT Free Space options as follows:
Step 4. Click
Note: The next step is optional if you have already enabled this section when performing a routine cleaning your temporary files. Tip: Remember to close all the other programs before you begin the wiping process. If you leave them open, CCleaner may not remove all the temporary files associated with those programs. Step 5. Scroll down the Windows tab to the Advanced section and then check the Wipe Free Space option to activate the following warning:
The Warning confirmation dialog box Step 6. Click and then click to activate the following screen:
The confirmation dialog box Step 7. Click Table. to begin wiping the empty spaces on your hard disk and Master File
On Microsoft Windows apart from Eraser described in this chapter one can also use CCleaner to securely delete files and folders from Recycle Bin. CCleaner can also wipe free space on the disk. Another recommended tool that can be used to securely delete files is Freeraser. On Microsoft Windows apart from Eraser described in this chapter one can also use CCleaner to securely delete files and folders from Recycle Bin. CCleaner can also wipe free space on the disk. Another recommended tool that can be used to securely delete files is Freeraser. http://www.freeraser.com We would also like to recommend the following multiplatform tool: DBAN - Darik's Boot And Nuke: http://www.dban.org . It is a package which you burn onto a CD and start your computer from. DBAN allows you securely delete the whole content of any hard disk that it detects, which makes it the ideal utility for bulk or emergency data destruction.
Windows PC to perform conversion dban-2.2.6_i586.iso 32MB+ USB flash drive (fat32 formatted) Universal USB-Installer (does the conversion) Download:http://www.pendrivelinux.com/downloads/Universal-USB-Installer/UniversalUSB-Installer-1.8.8.0.exe and run Universal USB Installer, select DBAN 2.2.6 from the drop down list and follow the onscreen instructions Once the installation to USB is complete, restart your PC and set your BIOS or Boot Menu to boot from the USB device, save your changes and reboot
Notes: The DBAN autonuke feature may also Nuke the Flash Drive (and as usual, any other drive it detects). To prevent DBAN's autonuke feature from wiping the thumb drive, "Remove your thumb drive after DBAN has loaded, but before it has started wiping drives."
Wiping procedure
To start, boot from a bootable CD. This may involve changing the BIOS options to make the computer boot from CD. Use the menus to select Hard Disk Tools, then Wiping Tools, then Darik's Boot and Nuke. Turn on the computer that you would like to clean. You must set the system BIOS to use the CD\DVD drive or USB drives ahead of the Hard disk to boot. Verify the computer is booting to the CDROM drive before the HD,then insert the DBAN CD. PC's vary in the exact requirements to enter the BIOS settings, but usually you press F1, F2 or F12 while the computer is booting.
Once DBAN has booted, you will be presented with the following screen:
Autonuke The easiest option is to type autonuke, and then press ENTER. This will wipe any fitted hard drives, using the default options. The progress of each hard drive will be displayed in the main, lower part of the screen. The time taken, and an estimate of the time remaining, is displayed in the Statistics box. The screenshot below shows DBAN wiping two hard drives:
When DBAN is finished, it will display a message similar to the one below:
Interactive Mode Interactive mode allows greater control. To start DBAN in interactive mode, just press ENTER at the DBAN start screen. When DBAN has started, you will be presented with the following screen:
At the above screen, click the letter M for method and select RCMP TSSIT OPS-II by pressing ENTER. This method is recommended for sensitive data, and is recommended by the Canadian Government for material up to and including Secret material. Now press the Space key. This will select your IDE drive that you would like to wipe clean. If you would like to choose a different drive to clean, then use your Arrow keys to select the drive and press the Space key to select the drive. Warning: All data will be lost including the operating system and all programs. This is not a reversible process! After selecting your drive, your screen should say 'wipe'-Since you just selected the disk to wipe clean, now it is time to start the cleaning process. At this time press the 'F10' key. This is the point of no return and will start the cleaning process. Both the 'DoD' and 'RCMP TSSIT OPS-II' process will take a while to finish. Please plan on allocating at least 12 hours for this process until succeeded.
Who is speaking?
We let the cops, experts in the field to devote their time while we have better things to do. Although it is so hard to explain into the words all details related to offline security. We know very well the operation of operating systems, and particularly that of Debian GNU / Linux. We have a strong foundation in cryptography, but are very far from being able to claim any expertise in this area. Although we have done this project to support digital privacy:
But
Depend on the political positions and the invasion to our privacy, we can shift from: Good to Evil