Howto create encrypted Container Files for private Photos? REMARKS: EVERY unlocked and active mounted Luks Drive could be read out by attackers! Use long Passwords for Luks! dismount and LOCK unused luks drives/containers if NOT used! Create and mount Script: #!/bin/bash # Script creates 4GB Encrypted File Container, set Password # and mount it to /mnt/photos-private change your username!!! # # check free loop device set as variable loop=`losetup -f` # move existing container to old as BACKUP sudo mv container container.old # create container 4G sudo dd if=/dev/urandom of=container bs=1M count=4096 # bind raw container disk to free a […]
Tag: encryption
Security: Protection Against Cryptware Wannacry
You heard perhaps last day’s about the major problems of Attacks to Systems with the “WannaCry” Crypto Ware Howto protect yourself? Enable the Firewall on Windows Systems!! Always! Update daily the Virus Scanners and Windows Patches! Disable and CLOSE Ports you never need! SMB Protocol is a open unencrypted Transfer Protocol! Use a second Router with Firewall behind your ISP Router or Modem! (openwrt, pfsense) Check with nmap Portscanner Tool the taken Rules and check if the work! For Network Access use ALWAYS SFTP with Authentification over KEYs Logins (Two Factor: Key and Password for unlock the Keyfiles id_rsa) For […]
Android: Get back Privacy and Security
If you use a Android Smartphone (other Mobile-OS same) you should take a minute to get back your privacy and security! This points helps to prevent, but there is no warranty for 100% protection! First every Smartphone offers a Factory Reset, search it on Settings and DO it! This prevent you from Firmware Spam by the Reseller! (Samsung, HTC..) Boot the Phone without inserting a SIM card, create a fake account to get Updates and Software over a PUBLIC WIFI Network (Coffee Shop, Freifunk) Install wanted Apps, then go to Settings now to accounts, PURGE the fake account. Disable / […]
Owncloud: Howto harden owncloud access with a ssh tunnel and squid
If you want to use a private secure owncloud (WebDAV Space Server) as Backup for all your devices you can harden the access thru a openssh Login with key auth and a squid as relay. Install apache2, php5, mysql-Server, openssh, squid3 config Apache2 to listen on https://localhost:443 setup squid3 and config the Proxy to listen only on localhost:3128 install owncloud to /var/WWW with forced “https” settings at the config.php create ssh-keys to auth with password protected key to the SSH Server If done, you can access the private Backup-Server via a Terminal/ Putty with the Tunneling Options $ssh -L 3128:localhost:3128 username@owncloudserver.home Open your Browser on your […]
Debian Ubuntu Laptop mods for SSD HDD and a full encrypted with luks
Major INFO 06-2015: Do not set tmpfs on ubuntu 15.XX or Systems with systemd!!! This block PC boot !! If you want to setup a Ubuntu/Debian Laptop with a full encrypted HDD use a “alternate” CD/DVD. After Setup you have to change some little Parameters to extend the lifecycle of the SSD Chips disable Swap if you have more than 4GB Ram enable a RAMDISK with tmpfs for logs, caches of Browsers install cpufrequtils for CPU freqscaling install laptop-mode-tools to set powersave mode for hardware modules install xbacklight to reduce backlight energy Steps: open a Console and change to root […]