Information Security For Travelers - Re-Thinking Drive Encryption


I'm installing a slightly larger drive in my netbook to accomodate digital photos and other files during my travels.  At the same time, I've been trying out Ubuntu 12.04 on my desktop.  Most of the software I use is open-source so this experiment has gone quite well.

I live-booted Ubuntu on my laptop and found that everything but the right-mouse button is compatible with the available drivers.  This is enough encouragement for me so I'm making the switch and rebuilding my encrypted laptop to run Linux.

Since TrueCrypt doesn't support whole-disk encryption for Linux, I'm turning to dm-crypt.  Linux and dm-crypt provide a lot of flexibility for partitioning and booting, so I'm going to get creative and add a Windows 7 honeypot.

Should my laptop be stolen, my data will still be safely protected by the encrypted Linux volumes, just as it was in my previous setup.  The Windows 7 partition will have no password (to encourage use) along with Prey (to track my gear down).

This gives me a new capability - physical recovery from theft.


Drive Layout



Windows Install


I could have used the recovery discs from HP but I'm looking for a very stripped down installation.  I used a Home Premium disc, imaged to a USB stick, along with the OEM license key stuck to the bottom of my netbook.

I manually created a 32GB primary partition at install time.  This should be just enough space for Windows 7 64-bit along with some storage for Prey data.

Windows Configuration


After the installation, I followed these tips to disable system restore and trim down the page file  and these instructions to uninstall the Windows Search service along with a few other Windows features.

My 32GB partition now has 22.2GB of free space with Windows 7 installed.  I could have made it smaller but this is safer.  The last thing I want is for the thief to format & reinstall because Windows is acting up or for Prey to run out of storage.

The last steps will be to install & configure Prey and to set Windows to autologon to a standard user account.

Ubuntu Install


For Ubuntu I'm using the Logical Volume Manager with an encrypted physical volume.  I've avoided setting up LVM in the past because my simple setup didn't justify it.  Now I have the perfect excuse.

I modeled my LVM layout after  this excellent article on LinuxBSDos.  I won't include screenshots here as they are mostly the same in Ubuntu 12.04 as what you see in that article.  I chose to keep /home on the root partition, however.  I sized my partitions and volumes according to this table.


Grub Configuration

I want Grub to default to Windows 7, auto-booting after a few seconds.  I also want the Ubuntu options to be obscured with different labels.

I started off going through the Grub 2 1.99 manual and following myriad posts and HOW-TO docs with mixed results.  In the end I installed the Grub 2 Customizer from the software center and justed used that.



Grub 2 boot screen with custom background image,
Windows honeypot set to default and Linux entries renamed.



2 comments:

  1. This comment has been removed by the author.

    ReplyDelete
  2. This was a great setup and I would have continued with it but I had a few driver issues that I couldn't get past.

    - built-in wifi had intermittent issues connecting to some networks.

    - usb wifi was bulky and prevented shutdowns.

    - right-mouse button on clickpad didn't work. workarounds unwieldy.

    - unpredictable suspend/hibernate/resume operations

    I'm going back to Windows 7, which means TrueCrypt for disk encryption.

    I like the Prey honeypot concept, however, so my next article will show how to build a Windows 7 dual-boot laptop with honeypot & encrypted operating systems.

    ReplyDelete