This post is part of a series on my top 10 tips for securing Linux home installations. You can find the other posts here.
A bit of a preamble
I’ve learned that IT security is like physical security: we have to know our context, understand the threats in it and secure accordingly. Each person’s security needs are different. No-one can give a one-size-fits-all solution to security, least of all for securing our Linux devices at home.
However some basic concepts are handy. The tips in this series follow some basic security principles I’ve adopted for myself.
This is a big topic, worthy of several posts of its own. Encryption in I.T. is essentially scrambling data using cryptography, so that it cannot be read without the correct decryption keys. A few years ago encryption would have been considered overkill on a home system. Now it is increasingly standard across most I.T. products and solutions.
Most home users will encounter two areas where encryption applies:
- at rest, and
- in transit.
Encryption at rest
Encryption at rest is cryptographic scrambling of data where it is are stored, whether on locally on a system or externally. External storage would include on-premise and cloud-based storage.
My take is that encryption of stored cloud-hosted data is absolutely critical, and I would strongly recommend encryption of your other storage too. You would have to weigh the potential risk (for example, of data loss or data being made public if your physical device is stolen) against the effort involved (and the possible risk of data loss if, for instance, you forget your decryption passphrase!).
Storage encryption is usually easily implemented these days, and much easier done during OS installation rather than retrofitted. On Fedora and Ubuntu, you can choose to encrypt your local devices during partitioning & filesystem layout at installation.
Encryption in transit
Encryption of data during transmission is critically important, with great strides being made in some areas and little in others. Without encryption in transit, data being transferred can be easily read at various points during transmission.
As an example, many emails sent today are in clear text, and easily intercepted and read during transmission. Given this, there is increasing interest in the encryption of emails during transmission. But it’s still awkward for home users to achieve fully end to end. For now my recommendation is to avoid sending private information in clear text by email.
Web traffic is different. Most of us now know to use secure HTTP (https) to connect to websites, and to look for the padlock icon next to a URL to ensure our connection is encrypted. This also is a huge topic as there are many ways of bypassing these measures, or of malicious actors setting up sites masquerading as genuine ones. But I will leave it there for now.
Find out more
That’s it! Stay tuned for tomorrow’s discussion on multi-factor authentication. Meanwhile, like or comment to let me know what you think of this tip!
A glossary of terms is available here.
Once again, ensure you’re familiar with the disclaimer here!
The post references documentation and articles on fedoraproject.org, wikipedia.com, pcmag.com. Sources are linked to within the post’s content above.
Featured image by cottonbro from Pexels.com.