It is always a good idea to encrypt your sensitive data and files, so no one can read and access them without your password or other authentication methods. Financial, medical and other personal files are stored on people’s computers carelessly without regard to privacy and consequent risk of leakage, theft or loss. There’s many software applications that can encrypt files and folders, but my choice goes to truecrypt, an open-source and multi-platform application that uses strong, tried and tested algorithms.

Truecryp features:

* Creates a virtual encrypted disk within a file and mounts it as real disk drive. Encrypts an entire hard disk partition or a device, such as USB flash drive or other storage devices ipod,PDA,etc).
*Ciphers supported are AES, Serpent and Twofish. It also allows different combinations of cascaded ciphers (ie AES+Twofish, Serpent+AES, or AES+Twofish+Serpent)
*Supported by Linux, Mac OS X and Windows.

I’ve been using truecrypt for a long time from the command line, But a few weeks ago version 5.0a was released with a great gui for Linux. I’ve dreamed so many times for this day, a real gui that allows you to create virtual encrypted disks and mount them ( xubuntu 7.10 gusty gibbons ) the new version of truecrypt; to begin you can start with going on the truecrypt web site and browse in the download area. You will find the Linux version ubuntu (x86); just download it and decompress, then go in the truecrypt_5.0a directory which is located the .deb package.


type: sudo dpkg -i truecrypt_5.0a-0_i386.deb [sudo] password for
crypto: Selecting previously deselected package truecrypt. (Reading
database … 125274 files and directories currently installed.)
Unpacking truecrypt (from truecrypt_5.0a-0_i386.deb) … Setting up
truecrypt (5.0a-0) …


at this point truecrypt is installed in the system. from the terminal; just type “truecrypt” and the gui will appear.

Happy encryption.

Every month I will publish the upcoming Freesoftware/IT/Security events, the main resources where I’m grabbing the information about the dates and the locations are:

www.itsecurityevents.com

IA/IW and Computer Security Conferences

Any suggestion of new resources/conferences/calendar  will be appreciated .

For this month:

Red Team/Blue Team Conference
When: Tue Feb 26 – Fri Feb 29
Where: Johns Hopkins University Applied Physics Lab, 22289 Exploration
Dr # 100, Lexington Park, MD Gurney for IA/IW and Computer Security Conferences
Fee: Free
Web: www.nsa.gov/ia/events

What: Australia: OWASP Australia AppSec
When:Wed Feb 27 – Fri Feb 29
Where: Australia - Queensland - Gold Coast Convention Center
Web: www.owasp.org
Map

What: IT Underground X edition
When: Wed Feb 27 – Fri Feb 29
Where: Czech Republic - Prague - Hotel STEP
Web: www.itunderground.org
Map

Sometimes we need to allow other users to connect remotely to our servers with ssh. The are many different reason to do that; people that want to read their own email with mutt or using their own favourite irc client or whatever. In this situation the users can easily gain access to sensitive files such as: passwords or other files/directories that are accessible to any person with an unrestricted shell just using the cd command. After searching around, I’ve found ibsh (Iron Bars Shell), that allows you to create a restricted environment where the user can not step out of his home directory (jail), the user can not access any files outside his jail; the user may execute only those commands, which the sysadmin lists in the appropriate configuration file and ibsh automatically logs the activities of the user to syslog.

After downloading the .deb package from ibsh.sourceforge.net , we can proceed with the installation:

debianmaster:~# dpkg -i debian_ibsh.deb

we can add a user just for a test:

debianmaster:~# adduser test

in /etc/password - we must change the default shell for the restricted user from bash to ibsh

example:
test:x:1001:1001:,,,:/home/test:/bin/bash
to
test:x:1001:1001:,,,:/home/test:/bin/ibsh

First we need to add the following command in order to exit and logoff from the session,

in /etc/ibsh/globals.cmds

#globals.cmds
logout
exit

then later we can add other commands like:

mutt,gpg,links,ping,irssi.

Now I’m able to connect to the linux box with the restricted user. After the login I’ll find a command prompt like this ” [/]%” , trying to do some bad things like cd /etc or wget url://exploit, the prompt will warn me:

[/]% cd /etc ibsh: cd: /home/test/etc: No such file or directory and

[/]% wget http://exploit Sorry, can’t let you do that!

Some other useful commands to add to /etc/ibsh/globals.cmds

mkdir,ls,cd,vim etc etc.

IBSH is not the ultimate tool for restricted shells but is a good step to start securing your linux server.

Suggestions and comments are welcome.

Well, not so much to say. I’m just back on the blogsphere to share my thoughts on developments and to keep all of you up to date with the latest news regarding free software (mainly Gnu-linux and Debian, Ubuntu oriented,), network security and privacy. I’m very worried how technology is becoming more and more invasive; wiretapping, security cameras, rfid are changing the world into a kind of big brother where eavesdropping and all forms of spying prevail. Maybe there’s some defence against bugging, with cryptography and a little bit of paranoia, and off course wisdom. In the years ahead, we have to fight other battles, against DRM, proprietary software and net neutrality, is not anymore time to sit on the couch, it’s time to stand up! And protect our rights.

stay tuned.