Guenther_Amanita@feddit.de to Linux@lemmy.ml · edit-210 months agoHow safe are my data if my hard drive isn't encrypted?feddit.deexternal-linkmessage-square33fedilinkarrow-up133arrow-down13file-text
arrow-up130arrow-down1external-linkHow safe are my data if my hard drive isn't encrypted?feddit.deGuenther_Amanita@feddit.de to Linux@lemmy.ml · edit-210 months agomessage-square33fedilinkfile-text
minus-squarevsis@feddit.cllinkfedilinkarrow-up15·edit-210 months agoIf the device get stolen, your drive and its files can be easily read. Other attacks like malware or ransomware are almost the same if the drive is encrypted or not. Disk encryption is important for laptops and phones because these devices are frequently stolen. For desktop or servers is still good idea, though.
minus-squareGuenther_Amanita@feddit.deOPlinkfedilinkarrow-up2·10 months agoThanks a lot for your answer. How would you encrypt a server? Typing a password every time it boots isn’t possible for me, since I would need a monitor for my headless server.
minus-squarevsis@feddit.cllinkfedilinkarrow-up5·10 months agoThat’s why it’s not always an option. Some servers have some kind remote console hardware, with their own security issues. Your “threat model” is important too. Do you expect that server to get stolen? If it happens, is there critical data that should not leak? Maybe you need to encrypt a directory, and not the whole drive.
minus-squareGuenther_Amanita@feddit.deOPlinkfedilinkarrow-up2·10 months agoMy threat model isn’t high. Just normal stuff everyone has, but that would be disadvantagely if someone else got them. It’s more if a precautionary measure. It doesn’t have to be super safe, but better than nothing.
minus-squareIng0R@feddit.delinkfedilinkarrow-up4·10 months agoYou can use SSH for unlocking: https://www.cyberciti.biz/security/how-to-unlock-luks-using-dropbear-ssh-keys-remotely-in-linux/
minus-squarewmassingham@lemmy.worldlinkfedilinkarrow-up2·10 months agoEither self-encrypting drives (if you trust the OEM encryption) or auto-unlock with keys in the TPM: https://wiki.archlinux.org/title/Trusted_Platform_Module#Data-at-rest_encryption_with_LUKS
If the device get stolen, your drive and its files can be easily read.
Other attacks like malware or ransomware are almost the same if the drive is encrypted or not.
Disk encryption is important for laptops and phones because these devices are frequently stolen. For desktop or servers is still good idea, though.
Thanks a lot for your answer. How would you encrypt a server? Typing a password every time it boots isn’t possible for me, since I would need a monitor for my headless server.
That’s why it’s not always an option.
Some servers have some kind remote console hardware, with their own security issues.
Your “threat model” is important too. Do you expect that server to get stolen? If it happens, is there critical data that should not leak?
Maybe you need to encrypt a directory, and not the whole drive.
My threat model isn’t high. Just normal stuff everyone has, but that would be disadvantagely if someone else got them.
It’s more if a precautionary measure. It doesn’t have to be super safe, but better than nothing.
You can use SSH for unlocking: https://www.cyberciti.biz/security/how-to-unlock-luks-using-dropbear-ssh-keys-remotely-in-linux/
Either self-encrypting drives (if you trust the OEM encryption) or auto-unlock with keys in the TPM: https://wiki.archlinux.org/title/Trusted_Platform_Module#Data-at-rest_encryption_with_LUKS