Secure Linux to use in workplace [closed]
Clash Royale CLAN TAG#URR8PPP
up vote
3
down vote
favorite
I was going to ask this in workplace.stackexchange.com but finally I decided to ask this question here as it's more appropriate.
I'm going to a new office and we can't use our own laptops therefore I should use a PC in office. Of course it's private and no one uses it except me but I'm a little skeptic and I want to secure it as much as I can.
For example I save all my passwords on my Firefox and I don't want to transfer them to another Password Manager application like LastPass, Sticky Password, etc. I log in to my Firefox account in the mornings and sign out in the afternoon and remove all my passwords from Firefox, but yesterday I accidentally removed half of my passwords before signing out and because of that I lost half of my passwords.
I've seen encrypt home directory at the installation of my Linux but I don't know how does that work.
Can I be sure that if I reinstall my OS and encrypt my home directory I can be safe even if someone detachs my hard-drive and connects it to his/her PC?
Is there something else I can do so I know for sure that my /home directory is safe and no one can access my firefox or my ssh keys without my password?
My OS is Fedora.
linux fedora security home
asked May 17 at 7:04
Amin Vakil
184
closed as too broad by Michael Homer, Kusalananda, vonbrand, Romeo Ninov, Archemar May 18 at 9:13
Please edit the question to limit it to a specific problem with enough detail to identify an adequate answer. Avoid asking multiple distinct questions at once. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.
 |Â
show 1 more comment
up vote
3
down vote
favorite
I was going to ask this in workplace.stackexchange.com but finally I decided to ask this question here as it's more appropriate.
I'm going to a new office and we can't use our own laptops therefore I should use a PC in office. Of course it's private and no one uses it except me but I'm a little skeptic and I want to secure it as much as I can.
For example I save all my passwords on my Firefox and I don't want to transfer them to another Password Manager application like LastPass, Sticky Password, etc. I log in to my Firefox account in the mornings and sign out in the afternoon and remove all my passwords from Firefox, but yesterday I accidentally removed half of my passwords before signing out and because of that I lost half of my passwords.
I've seen encrypt home directory at the installation of my Linux but I don't know how does that work.
Can I be sure that if I reinstall my OS and encrypt my home directory I can be safe even if someone detachs my hard-drive and connects it to his/her PC?
Is there something else I can do so I know for sure that my /home directory is safe and no one can access my firefox or my ssh keys without my password?
My OS is Fedora.
linux fedora security home
asked May 17 at 7:04
Amin Vakil
184
closed as too broad by Michael Homer, Kusalananda, vonbrand, Romeo Ninov, Archemar May 18 at 9:13
Please edit the question to limit it to a specific problem with enough detail to identify an adequate answer. Avoid asking multiple distinct questions at once. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.
No, there is nothing you can do.
– Michael Homer
May 17 at 7:10
@MichaelHomer What if I change my OS to CentOS or Ubuntu?
– Amin Vakil
May 17 at 7:18
@AminVakil Same answer.
– dr01
May 17 at 7:22
3
The question is "can I be sure that x on hardware that is not in my physical control is safe", and the answer is always no. (You may have a threat model that makes some level of guarantee possible, but it doesn't sound like it here.)
– Michael Homer
May 17 at 7:23
Is your employer going to own this office PC, or will you?
– mattdm
May 17 at 20:48
 |Â
show 1 more comment
up vote
3
down vote
favorite
up vote
3
down vote
favorite
I was going to ask this in workplace.stackexchange.com but finally I decided to ask this question here as it's more appropriate.
I'm going to a new office and we can't use our own laptops therefore I should use a PC in office. Of course it's private and no one uses it except me but I'm a little skeptic and I want to secure it as much as I can.
For example I save all my passwords on my Firefox and I don't want to transfer them to another Password Manager application like LastPass, Sticky Password, etc. I log in to my Firefox account in the mornings and sign out in the afternoon and remove all my passwords from Firefox, but yesterday I accidentally removed half of my passwords before signing out and because of that I lost half of my passwords.
I've seen encrypt home directory at the installation of my Linux but I don't know how does that work.
Can I be sure that if I reinstall my OS and encrypt my home directory I can be safe even if someone detachs my hard-drive and connects it to his/her PC?
Is there something else I can do so I know for sure that my /home directory is safe and no one can access my firefox or my ssh keys without my password?
My OS is Fedora.
linux fedora security home
asked May 17 at 7:04
Amin Vakil
184
I was going to ask this in workplace.stackexchange.com but finally I decided to ask this question here as it's more appropriate.
I'm going to a new office and we can't use our own laptops therefore I should use a PC in office. Of course it's private and no one uses it except me but I'm a little skeptic and I want to secure it as much as I can.
For example I save all my passwords on my Firefox and I don't want to transfer them to another Password Manager application like LastPass, Sticky Password, etc. I log in to my Firefox account in the mornings and sign out in the afternoon and remove all my passwords from Firefox, but yesterday I accidentally removed half of my passwords before signing out and because of that I lost half of my passwords.
I've seen encrypt home directory at the installation of my Linux but I don't know how does that work.
Can I be sure that if I reinstall my OS and encrypt my home directory I can be safe even if someone detachs my hard-drive and connects it to his/her PC?
Is there something else I can do so I know for sure that my /home directory is safe and no one can access my firefox or my ssh keys without my password?
My OS is Fedora.
linux fedora security home
asked May 17 at 7:04
Amin Vakil
184
asked May 17 at 7:04
Amin Vakil
184
asked May 17 at 7:04
Amin Vakil
184
asked May 17 at 7:04
Amin Vakil
184
184
closed as too broad by Michael Homer, Kusalananda, vonbrand, Romeo Ninov, Archemar May 18 at 9:13
Please edit the question to limit it to a specific problem with enough detail to identify an adequate answer. Avoid asking multiple distinct questions at once. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.
closed as too broad by Michael Homer, Kusalananda, vonbrand, Romeo Ninov, Archemar May 18 at 9:13
Please edit the question to limit it to a specific problem with enough detail to identify an adequate answer. Avoid asking multiple distinct questions at once. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.
No, there is nothing you can do.
– Michael Homer
May 17 at 7:10
@MichaelHomer What if I change my OS to CentOS or Ubuntu?
– Amin Vakil
May 17 at 7:18
@AminVakil Same answer.
– dr01
May 17 at 7:22
3
The question is "can I be sure that x on hardware that is not in my physical control is safe", and the answer is always no. (You may have a threat model that makes some level of guarantee possible, but it doesn't sound like it here.)
– Michael Homer
May 17 at 7:23
Is your employer going to own this office PC, or will you?
– mattdm
May 17 at 20:48
 |Â
show 1 more comment
No, there is nothing you can do.
– Michael Homer
May 17 at 7:10
@MichaelHomer What if I change my OS to CentOS or Ubuntu?
– Amin Vakil
May 17 at 7:18
@AminVakil Same answer.
– dr01
May 17 at 7:22
3
The question is "can I be sure that x on hardware that is not in my physical control is safe", and the answer is always no. (You may have a threat model that makes some level of guarantee possible, but it doesn't sound like it here.)
– Michael Homer
May 17 at 7:23
Is your employer going to own this office PC, or will you?
– mattdm
May 17 at 20:48
No, there is nothing you can do.
– Michael Homer
May 17 at 7:10
No, there is nothing you can do.
– Michael Homer
May 17 at 7:10
@MichaelHomer What if I change my OS to CentOS or Ubuntu?
– Amin Vakil
May 17 at 7:18
@MichaelHomer What if I change my OS to CentOS or Ubuntu?
– Amin Vakil
May 17 at 7:18
@AminVakil Same answer.
– dr01
May 17 at 7:22
@AminVakil Same answer.
– dr01
May 17 at 7:22
3
3
The question is "can I be sure that x on hardware that is not in my physical control is safe", and the answer is always no. (You may have a threat model that makes some level of guarantee possible, but it doesn't sound like it here.)
– Michael Homer
May 17 at 7:23
The question is "can I be sure that x on hardware that is not in my physical control is safe", and the answer is always no. (You may have a threat model that makes some level of guarantee possible, but it doesn't sound like it here.)
– Michael Homer
May 17 at 7:23
Is your employer going to own this office PC, or will you?
– mattdm
May 17 at 20:48
Is your employer going to own this office PC, or will you?
– mattdm
May 17 at 20:48
 |Â
show 1 more comment
1 Answer
1
active
oldest
votes
up vote
2
down vote
accepted
Can I be sure that if I reinstall my OS and encrypt my home directory I can be safe even if someone detachs my hard-drive and connects it to his/her PC?
Mostly, yes (I am assuming that your attackers wouldn't be sophisticated enough). But since you're reinstalling the OS you should encrypt the whole disk. LUKS makes this easy to do, just select the appropriate option during the install.
Note that your network administrator will still be able to see which sites you visit, the emails you send, etc. I'd recommend avoid leaving any non-work related password and content on your computer.
answered May 17 at 7:21
dr01
15.2k114768
take into account your statement departs from the premise that Amin Vakil (the user) will be the only holder for the root password. Anyway, an encrypted HD should not be decriptable without the password even when using single user mode, so encrypting the whole HD would be a safe way to keep your data secure. If you also are the only root password holder, then you should just log off your PC (no need to clean up inside but always good to do so to leave no traces)
– Kramer
May 17 at 7:55
What if someone restores root password and ...?
– Amin Vakil
May 17 at 9:14
I just reinstalled my OS and enabled LUKS on my all partitions, now if anyone who has access to my hard can only erase my partition and can't read my home or root directory
– Amin Vakil
May 17 at 9:51
@AminVakil If someone has access to remove the hard drive they also have access to install hardware keyloggers to catch your decryption password or to doctor the system otherwise.
– Michael Homer
May 17 at 19:18
@MichaelHomer Agreed, but this seems unlikely in an office unless there's a sophisticated attacker with a specific target.
– dr01
May 18 at 6:51
 |Â
show 1 more comment
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
2
down vote
accepted
Can I be sure that if I reinstall my OS and encrypt my home directory I can be safe even if someone detachs my hard-drive and connects it to his/her PC?
Mostly, yes (I am assuming that your attackers wouldn't be sophisticated enough). But since you're reinstalling the OS you should encrypt the whole disk. LUKS makes this easy to do, just select the appropriate option during the install.
Note that your network administrator will still be able to see which sites you visit, the emails you send, etc. I'd recommend avoid leaving any non-work related password and content on your computer.
answered May 17 at 7:21
dr01
15.2k114768
take into account your statement departs from the premise that Amin Vakil (the user) will be the only holder for the root password. Anyway, an encrypted HD should not be decriptable without the password even when using single user mode, so encrypting the whole HD would be a safe way to keep your data secure. If you also are the only root password holder, then you should just log off your PC (no need to clean up inside but always good to do so to leave no traces)
– Kramer
May 17 at 7:55
What if someone restores root password and ...?
– Amin Vakil
May 17 at 9:14
I just reinstalled my OS and enabled LUKS on my all partitions, now if anyone who has access to my hard can only erase my partition and can't read my home or root directory
– Amin Vakil
May 17 at 9:51
@AminVakil If someone has access to remove the hard drive they also have access to install hardware keyloggers to catch your decryption password or to doctor the system otherwise.
– Michael Homer
May 17 at 19:18
@MichaelHomer Agreed, but this seems unlikely in an office unless there's a sophisticated attacker with a specific target.
– dr01
May 18 at 6:51
 |Â
show 1 more comment
up vote
2
down vote
accepted
Can I be sure that if I reinstall my OS and encrypt my home directory I can be safe even if someone detachs my hard-drive and connects it to his/her PC?
Mostly, yes (I am assuming that your attackers wouldn't be sophisticated enough). But since you're reinstalling the OS you should encrypt the whole disk. LUKS makes this easy to do, just select the appropriate option during the install.
Note that your network administrator will still be able to see which sites you visit, the emails you send, etc. I'd recommend avoid leaving any non-work related password and content on your computer.
answered May 17 at 7:21
dr01
15.2k114768
take into account your statement departs from the premise that Amin Vakil (the user) will be the only holder for the root password. Anyway, an encrypted HD should not be decriptable without the password even when using single user mode, so encrypting the whole HD would be a safe way to keep your data secure. If you also are the only root password holder, then you should just log off your PC (no need to clean up inside but always good to do so to leave no traces)
– Kramer
May 17 at 7:55
What if someone restores root password and ...?
– Amin Vakil
May 17 at 9:14
I just reinstalled my OS and enabled LUKS on my all partitions, now if anyone who has access to my hard can only erase my partition and can't read my home or root directory
– Amin Vakil
May 17 at 9:51
@AminVakil If someone has access to remove the hard drive they also have access to install hardware keyloggers to catch your decryption password or to doctor the system otherwise.
– Michael Homer
May 17 at 19:18
@MichaelHomer Agreed, but this seems unlikely in an office unless there's a sophisticated attacker with a specific target.
– dr01
May 18 at 6:51
 |Â
show 1 more comment
up vote
2
down vote
accepted
up vote
2
down vote
accepted
Can I be sure that if I reinstall my OS and encrypt my home directory I can be safe even if someone detachs my hard-drive and connects it to his/her PC?
Mostly, yes (I am assuming that your attackers wouldn't be sophisticated enough). But since you're reinstalling the OS you should encrypt the whole disk. LUKS makes this easy to do, just select the appropriate option during the install.
Note that your network administrator will still be able to see which sites you visit, the emails you send, etc. I'd recommend avoid leaving any non-work related password and content on your computer.
answered May 17 at 7:21
dr01
15.2k114768
Can I be sure that if I reinstall my OS and encrypt my home directory I can be safe even if someone detachs my hard-drive and connects it to his/her PC?
Mostly, yes (I am assuming that your attackers wouldn't be sophisticated enough). But since you're reinstalling the OS you should encrypt the whole disk. LUKS makes this easy to do, just select the appropriate option during the install.
Note that your network administrator will still be able to see which sites you visit, the emails you send, etc. I'd recommend avoid leaving any non-work related password and content on your computer.
answered May 17 at 7:21
dr01
15.2k114768
answered May 17 at 7:21
dr01
15.2k114768
answered May 17 at 7:21
dr01
15.2k114768
answered May 17 at 7:21
dr01
15.2k114768
15.2k114768
take into account your statement departs from the premise that Amin Vakil (the user) will be the only holder for the root password. Anyway, an encrypted HD should not be decriptable without the password even when using single user mode, so encrypting the whole HD would be a safe way to keep your data secure. If you also are the only root password holder, then you should just log off your PC (no need to clean up inside but always good to do so to leave no traces)
– Kramer
May 17 at 7:55
What if someone restores root password and ...?
– Amin Vakil
May 17 at 9:14
I just reinstalled my OS and enabled LUKS on my all partitions, now if anyone who has access to my hard can only erase my partition and can't read my home or root directory
– Amin Vakil
May 17 at 9:51
@AminVakil If someone has access to remove the hard drive they also have access to install hardware keyloggers to catch your decryption password or to doctor the system otherwise.
– Michael Homer
May 17 at 19:18
@MichaelHomer Agreed, but this seems unlikely in an office unless there's a sophisticated attacker with a specific target.
– dr01
May 18 at 6:51
 |Â
show 1 more comment
take into account your statement departs from the premise that Amin Vakil (the user) will be the only holder for the root password. Anyway, an encrypted HD should not be decriptable without the password even when using single user mode, so encrypting the whole HD would be a safe way to keep your data secure. If you also are the only root password holder, then you should just log off your PC (no need to clean up inside but always good to do so to leave no traces)
– Kramer
May 17 at 7:55
What if someone restores root password and ...?
– Amin Vakil
May 17 at 9:14
I just reinstalled my OS and enabled LUKS on my all partitions, now if anyone who has access to my hard can only erase my partition and can't read my home or root directory
– Amin Vakil
May 17 at 9:51
@AminVakil If someone has access to remove the hard drive they also have access to install hardware keyloggers to catch your decryption password or to doctor the system otherwise.
– Michael Homer
May 17 at 19:18
@MichaelHomer Agreed, but this seems unlikely in an office unless there's a sophisticated attacker with a specific target.
– dr01
May 18 at 6:51
take into account your statement departs from the premise that Amin Vakil (the user) will be the only holder for the root password. Anyway, an encrypted HD should not be decriptable without the password even when using single user mode, so encrypting the whole HD would be a safe way to keep your data secure. If you also are the only root password holder, then you should just log off your PC (no need to clean up inside but always good to do so to leave no traces)
– Kramer
May 17 at 7:55
take into account your statement departs from the premise that Amin Vakil (the user) will be the only holder for the root password. Anyway, an encrypted HD should not be decriptable without the password even when using single user mode, so encrypting the whole HD would be a safe way to keep your data secure. If you also are the only root password holder, then you should just log off your PC (no need to clean up inside but always good to do so to leave no traces)
– Kramer
May 17 at 7:55
What if someone restores root password and ...?
– Amin Vakil
May 17 at 9:14
What if someone restores root password and ...?
– Amin Vakil
May 17 at 9:14
I just reinstalled my OS and enabled LUKS on my all partitions, now if anyone who has access to my hard can only erase my partition and can't read my home or root directory
– Amin Vakil
May 17 at 9:51
I just reinstalled my OS and enabled LUKS on my all partitions, now if anyone who has access to my hard can only erase my partition and can't read my home or root directory
– Amin Vakil
May 17 at 9:51
@AminVakil If someone has access to remove the hard drive they also have access to install hardware keyloggers to catch your decryption password or to doctor the system otherwise.
– Michael Homer
May 17 at 19:18
@AminVakil If someone has access to remove the hard drive they also have access to install hardware keyloggers to catch your decryption password or to doctor the system otherwise.
– Michael Homer
May 17 at 19:18
@MichaelHomer Agreed, but this seems unlikely in an office unless there's a sophisticated attacker with a specific target.
– dr01
May 18 at 6:51
@MichaelHomer Agreed, but this seems unlikely in an office unless there's a sophisticated attacker with a specific target.
– dr01
May 18 at 6:51
 |Â
show 1 more comment
No, there is nothing you can do.
– Michael Homer
May 17 at 7:10
@MichaelHomer What if I change my OS to CentOS or Ubuntu?
– Amin Vakil
May 17 at 7:18
@AminVakil Same answer.
– dr01
May 17 at 7:22
3
The question is "can I be sure that x on hardware that is not in my physical control is safe", and the answer is always no. (You may have a threat model that makes some level of guarantee possible, but it doesn't sound like it here.)
– Michael Homer
May 17 at 7:23
Is your employer going to own this office PC, or will you?
– mattdm
May 17 at 20:48