Is my ZorinOS Lite partition/file system, everything encrypted by default?

General Help
1

Is my ZorinOS Lite partition/file system,storage, everything , encrypted by default?
Or do I need to choose that option? for example LUKS?
What options do i have?

And veracrypt said that it's encryption isnt secure unless the user uses a hard drive, compared to a SSD, SSD's arent secure for encrypting volumes or OS's because of the following five things that USB drives, SD cards, SSHD's & SSD's do(they cause sensitive data to leak outside of the encrypted partition):
1.) Journaling File Systems,

2.) Defragmenting ,

3.) Reallocated Sectors,

4.) Wear-Leveling,

5.) Trim Operation

2

It is not encrypted by default and for good reason.
You would need to choose the "encrypt drive" option during install (LUKS). However, you really would only need this if you work for the CIA or Coca-Cola and must protect the secret recipe or something.
For a daily use machine, you do not really want to go to such extremes...

While Drive Encryption is not enabled by default - Authentication and Protection is through sudoers.

3 Likes
3

For most people, they don't need all the 'security' features we've seen coming with Windows of late... drive encryption and such.

It adds complexity and fragility to the system, and one little slip-up (forgetting your encryption passphrase) means you lose all the data on the drive... it's still there, but you can't access it... it's as good as gone.

Most people have a secure physical location (their home), the machine is in their presence when it's being used and is otherwise either shutdown or in sleep mode with a password required to access it, there's little chance of the machine being stolen or used by unknown persons, and the machine owner doesn't have information that's so security-critical that drive encryption is necessary.

The greatest threat, then, is peripheral... via wired or wireless connections, whether that be bluetooth, WiFi, NFC, etc. One needs perimeter security to keep out malicious code (generally taken care of by the security features built-in to the OS) and malicious actors (generally taken care of via firewalls and passwords).

If you've enabled PPPOE-on-machine on your computer so it's got a WAN (Wide Area Network) IP address, and you've not enabled the software firewall, you're at greatest risk... your machine is wide open to the greater internet.

If you've got a NAT (Network Address Translation) setup where your modem or router contains the PPPOE settings and has the WAN IP address, and the machines behind that router have LAN (Local Area Network) IP addresses, and you've got the hardware firewall on the router enabled and the software firewalls on the machines behind that router enabled, you're far safer than the prior example.

My setup:
Internet <-->(WAN IP Address xxx.xxx.xxx.xxx) Modem (192.168.1.1) <--> (192.168.1.2) Wired Router (192.168.10.1) <--> (192.168.10.2) Wireless Router (192.168.100.1) <--> computers (192.168.100.x)

The modem has a rudimentary firewall to keep out others on the same wire (cable modems are a shared-bandwidth connection), the two routers each have hardware firewalls, and the computers each have software firewalls.

You'll note each device has two IP addresses (except for the computers at the end of the line)... a WAN IP address and a LAN IP address. That's what NAT does, it translates one IP address to another. I've merely given the WAN IP address interfaces on the routers LAN IP addresses in the 192.168.x ranges.

That, combined with a firewall on each device, makes it much more difficult for bad actors to access your machine remotely.

2 Likes
4

@Mr_Magoo , Thank you :slight_smile:

5

@Aravisian , thank you :slight_smile:

6

@Mr_Magoo , @Aravisian , so before we proceed. I need to understand one thing, The current default state that my ZorinOS partition is in, is that I myself or anyone can remove the SSD & plug it in & read all my files? nothing is encrypted?

7

Well, it depends upon the OS used to read the files and what file system the drive is formatted with... plug a ZFS drive into a machine that doesn't have ZFS capability, and it'll show an unmounted (unmountable) drive that can't be read.

But if the drive is formatted ext4 and its plugged into a machine that is capable of reading ext4, then yes, the drive is readable.

What I do is save all my personal files on an external USB stick (formatted to NTFS). The drives for the OS contain only the OS. So I can wipe those drives and reinstall without losing any personal files. And because the USB stick is on a keychain that I carry with me, there's very little chance of the USB stick being stolen.

I do keep compressed backups of that USB stick on external drives just in case the USB stick dies (which it did recently... I was able to go buy another USB stick, uncompress one of the .img.7z files to a .img file, then 'burn' that .img file to the new USB stick with the Disks application, and I was back up and running again).

If I felt that there were a threat of those compressed backups being compromised somehow, I could encrypt them as I compress them, but as I said, the machine's in a physically secure location, no one but myself is going to use the machine, there's little chance of it being stolen, etc.

Some people partition the SD card in their phone, and use that partition to hold their personal files... plug your phone into your computer, and your computer has access to all your personal files. You would, of course, have access to all the personal files all the time via the phone.

Some people also create another partition of ~10 GB on their phone's SD card and put the ZorinOS boot USB on that... plug your phone into a computer, boot it from the phone's SD card partition, and you're running the 'Try Zorin' mode of Zorin OS.

2 Likes
8

This is generally true on Linux and especially true on Windows: A drive formatted to ext4 or to NTFS will be readable to Zorin OS.

The security here is:

If someone is able to physically access the drive - then that is your security issue.

1 Like
9

@Mr_Magoo, @Aravisian,

There is a GUI program for LUKS called "gnome-disks".
I've been told there are other GUI ones too.
Are there any native Zorin programs that are GUI & will
encrypt my drive?
I'm going to encrypt my Zorin Partition. :slight_smile:

Also will encrypting it slow down my OS's speed at all?

Lastly, can you please give me instructions on how to encrypt my Zorin partition? thanks!

10

Zorin OS comes with Gnome-Disks already installed.
It will appear as Disks in the app menu.

You really would be looking to encrypt drive at installation. Using methods to do so after (Other than Gnome ENCFS) is... not the way I would go...

Only at Boot.

1 Like
11

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.