Skip to main content

Managing and Troubleshooting Encrypted Volumes in Linux

Course

Intro Video

Photo of David  Thomas

David Thomas

Database Training Architect II

David grew up in rural Kentucky and after spending time in the San Francisco Bay area, he returned home where he started a family. David's fondest memories are of walking the hills of his family farm. In his spare time, he enjoys hiking, camping and spending time with his two daughters.After spending more than 10 years providing support and services around PostgreSQL and other databases, I am very excited to join Linux academy and be able to provide training content that tangibly changes lives.

Length

01:51:44

Difficulty

Intermediate

Videos

11

Hands-on Labs

6

Course Details

This course compares the types of encryption available on Linux and explores when and how to use them. We will also discuss some best practices and how to securely delete data. Finally we’ll put this knowledge to work by creating and mounting different encrypted filesystems and troubleshooting common problems with each.

Syllabus

Managing and Troubleshooting Encrypted Volumes in Linux

Getting Started

About This Course

00:00:57

Lesson Description:

In today's data-driven economy, keeping data secure is of the utmost importance. Thankfully, the GNU/Linux operating system provides several solutions for encrypting your data. In this course we will discuss the following: Encryption Best Practices Why and when should you use encryption? Where do I keep my passphrase/key file? How do I securely delete data? Types of Encryption on Linux Here we will discuss three different options for data encryption on GNU/Linux and how they compare. We will also do a demonstration of each. Troubleshooting What happen when it breaks? This is a Deep Dive course, so prior Linux and DevOps knowledge and concept familiarity is recommended along with AWS or other Cloud administration experience.

About Course Author

00:00:31

Lesson Description:

My name is David Thomas and I've spent the past 13 years administrating PostgreSQL databases on Linux operating systems. Outside of work, I enjoy hiking and camping with my dog, and spending time with my two daughters. In my previous life as a DBA, data security was a frequent concern. Using the data encryption methods available in the GNU/Linux operating system provides an additional layer of security to database access controls. I am excited to share this experience. Thank you for taking this course. Let's start our adventure!

Encryption Best Practices

Why to Use Encryption

00:01:48

Lesson Description:

Encryption can be a costly operation, so why bother with it at all? In this lesson we discuss reasons why you would use encryption, who encryption can protect from, and when data should be encrypted.

Key and Password Management

00:02:17

Lesson Description:

Properly managing your keys and passwords is "key" to ensuring your data is kept secure. In this lesson we'll define what exactly a key is, how it's used, and how to keep it safe. KeePassX - https://www.keepassx.org LastPass - https://www.lastpass.com KMIP

Securely Deleting Encrypted Data

00:04:55

Lesson Description:

Securely deleting, or wiping, data is a method of ensuring the data cannot be recovered. Typically this is done by overwriting the existing data with random data. In this lesson we'll discuss how to wipe a device using the following commands:

sudo shred -x /dev/sdX
If the shred command is not available, you can use the following dd command:
sudo dd if=/dev/urandom of=/dev/sdX bs=4096 status=progress
We also discuss how to wipe a specific file from an existing filesystem. First fill the free space on the device by creating a junkfile. Be sure to double check the path as this command does no error checking, and will overwrite data:
dd if=/dev/urandom of=/path/to/junk status=progress; sync
After this completes you can overwrite the file. The shred command is the simplest method. Specifying -x ensures that the filesize remains unchanged:
shred -x /path/to/file
If the shred command is not available, you can use the following dd command. You will need to specify size of the file in bytes as the block size:
sudo dd if=/dev/urandom of=/path/to/file bs=filesize_in_bytes count=1 iflag=fullblock status=progress

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

00:15:00

Types of Encryption on Linux

Stacked Filesystem Encryption

00:01:05

Lesson Description:

This lesson discusses stacked filesystem encryption. Some examples of stacked filesystem encryption on Linux are: gocryptfs - https://nuetzlich.net/gocryptfs/ Cryptomator - https://cryptomator.org/ securefs - https://github.com/netheril96/securefs CryFS - https://www.cryfs.org/

Block Device Encryption

00:01:27

Lesson Description:

This lesson discusses block device encryption. Some available options for block device encryption on Linux are: dm-crypt - https://gitlab.com/cryptsetup/cryptsetup/-/wikis/DMCrypt VeraCrypt - https://www.veracrypt.fr/en/Home.html

Comparing Stacked Encryption Options

00:01:48

Lesson Description:

In this lesson we compare two options for stacked filesystem encryption on Linux. gocryptfs - https://nuetzlich.net/gocryptfs/ eCryptfs - https://help.ubuntu.com/lts/serverguide/ecryptfs.html

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

00:15:00

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

00:15:00

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

00:15:00

Troubleshooting

Common dm-crypt Issues

00:04:37

Lesson Description:

In this video we discuss some common issues (and solutions) with dm-crypt and LUKS.

Common Stacked Encryption Issues

00:01:42

Lesson Description:

In this lesson we will discuss some common issues with stacked filesystem encryption.

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

00:15:00

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

00:15:00

In Conclusion

Conclusion

00:00:31

Lesson Description:

In this course we have explored why you would want to use encryption, as well as when and how to encrypt your data. We compared the two types of filesystem encryption available on Linux, block device and stacked encryption. Then we discussed several options that implement each. Lastly we discussed troubleshooting common issues for an implementation of each type of encryption. I hope you found the content here useful, and would love to hear any feedback you have. Thank you for watching.

Take this course and learn a new skill today.

Transform your learning with our all access plan.

Start 7-Day Free Trial