Encrypted Partitions
Introduction
Ever been concerned with physical server security? Basically all your data on the server and the server itself are always vulnerable to physical equipment theft or tampering independent of how secure you make your online business.
A basic scenario for concern could be easy to find:
You store your important data on server, which is located at the server room or data center. You don’t own the server room and thus you rely on the provider to protect the equipment physically, this might not be enough.
In this article I will explain how to create an encrypted partition and mount it for use. The encrypted partition will be a file, located on a file system, but in order to read the contents of that file or mount it you need a password.
The first part you need are the tools. I will be working with debian 4.0 in this example, but it will work with other linux distributions.
First, install kernel headers for your running kernel version
apt-get install kernel-headers-2.6.8-1-386
Then you need to install the tools for encryption:
apt-get install module-assistant loop-aes-source
This will install kernel modules on to your system. As you can see from the package name this is
module-assistant prepare module-assistant build loop-aes apt-get install loop-aes-utils module-assistant install loop-aes
This will build and install the module. If all the above steps succeeded you are ready to go.
dd if=/dev/zero of=volume bs=4k count=1280 losetup -e AES128 /dev/loop1 volume mkfs -t ext3 /dev/loop1 losetup -d /dev/loop1 mkdir /mnt/secure mount volume -o loop=/dev/loop1,encryption=AES128 /mnt/secure/ -t ext3
What this will do is create a small (5MB) secure volume. To make the volume larger increase the
count value in the first line where dd utility is used.
After you do this, you will need to fill in the password and the system will be mounted.
After the system reboot or if a HDD is stolen the thief will not be able to read the contents of
the file unless he knows the password (which you should remember).
This is exceptionally useful for storing sensitive information, for example you could point your database or web server to store data on the secured partition, or you could store important files.