It is a common thought pattern in cybersecurity that, eventually, an attacker will compromise a device. At this point, the only way to protect user information is to encrypt it. The encryption of data while being stored is also known as ‘encryption at rest’(this is versus encryption in transit such as over the internet using SSL). This lab puts you in the position of a systems administrator tasked with encrypting two servers. The first is a Linux server running CentOS 7 that will be encrypted using a tool known as LUKS. The second device is a 2016 Windows Server that will use BitLocker for encryption.
Configure LUKS in Linux:
The first step in encrypting a Linux drive is to decide what partition of the disk you will be encrypting. Remember, Linux does not use drive letters and thus is much more flexible when your options of how to interact with the hard drive. This setup requires you to create a new partition in the /dev/sda directory that will be encrypted.
Important Linux Concepts of Encryption:
- Partitions can be created within the /dev/sda directory, or an existing partition could have been chosen
- LUKS is the standard tool used to encrypt Linux memory systems
- A password should always be used to protect encrypted data
- Configuration on Linux devices is done in the /etc directory
Configure BitLocker in Windows:
Windows devices come with a Microsoft tool known as BitLocker. This tool allows you to choose either to encrypt entire drives, directories, or even single files. BitLocker uses built-in encryption methods to ensure that common attacks that will often break an encryption will not work. In this exercise, you are instructed to encrypt the entire contents of drive C:.
Important Windows Concepts of Encryption:
- Entire Drives, directories or files may be encrypted
- BitLocker is a Microsoft provided tool for drive encryption
- Password and recovery key is provided to the admin
- Setup accomplished in admin panel and from File Explorer
Lab Summary Conclusion:
When a system is attacked the encryption of personal data is the last line of defense. It is imperative that such encryption is used on sensitive files. Linux Servers have a tool named LUKS that will allow you to encrypt any partition of a storage device. The Linux file system provides quite a bit of flexibility on where to store encrypted data using the partition system. Windows also comes with a standard tool known as BitLocker to provide encryption of entire drives, directories, or files. Both encryption systems will require the admin to create a special password to access encrypted files. Windows will also create a recovery key in the event that the password malfunctions or is lost. Encrypting files at rest using these tools is essential for any admin to provide compliance with any cybersecurity standard.