Disk Encryption With LUKS

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
21 hours 25 minutes
Difficulty
Intermediate
CEU/CPE
21
Video Transcription
00:00
>> Hi, there's cyberians and welcome back to
00:00
the Linux plus course, here at Cybrary.
00:00
I'm your instructor, Rob Gills,
00:00
and in today's lesson we're going to
00:00
be covering Disk Encryption.
00:00
Upon completion of today's lesson,
00:00
you're going to be able to understand
00:00
the importance of disk encryption,
00:00
we're going to learn how we can utilize
00:00
LUKS to encrypt system disks,
00:00
and then we're going to explain how dm-crypt,
00:00
cryptmount and cryptsetup work with LUKS.
00:00
Physical data loss has become
00:00
a major problem for a lot of different organizations.
00:00
It seems like there isn't a week or a month that
00:00
goes by where we don't hear about a data breach.
00:00
The fact is, a lot of work is now
00:00
done on laptops or mobile devices,
00:00
especially with more people working remotely.
00:00
Because travel or working in
00:00
public locations makes them an easy target for theft,
00:00
this has led a lot of
00:00
companies and individuals to start using encryption.
00:00
Some have gone a step further and
00:00
implemented disk or block device encryption.
00:00
You might also hear this referred to
00:00
as whole disk encryption.
00:00
That's generally a little bit easier
00:00
or less cumbersome to use than
00:00
encrypting individual disk and
00:00
set the entire drives encrypted.
00:00
This can work at the kernel level in Linux,
00:00
and it does protect the entire disk partition and
00:00
any content on that disk in case the device is stolen.
00:00
In Linux, disk encryption is handled by
00:00
the Linux Unified Key Setup or LUKS application.
00:00
LUKS uses a kernel module that's called dm-crypt.
00:00
Now, dm-crypt performs
00:00
the actual encryption and decryption operations.
00:00
We'll see that there are some other tools that actually
00:00
talked to dm-crypt later in this lesson.
00:00
Now, dm-crypt provides the kernel with an interface
00:00
between a virtual map drive and a physical drive.
00:00
This is another use of dev mapper,
00:00
which we talked about back in module 13.
00:00
Remember, dev mapper is where you map like
00:00
logical or virtual drives to
00:00
a actual physical location on disk.
00:00
The second part of LUKS is
00:00
actually creating the virtual drive.
00:00
There are a few ways that you can do this.
00:00
The first is to use something called cryptmount.
00:00
Cryptmount creates a virtual map drive,
00:00
and then it interfaces it to
00:00
the physical drive using that dm-crypt module.
00:00
Again, remember that's what the kernel
00:00
uses to talk to the virtual mapped drive.
00:00
It also provides an interactive setup script
00:00
that's called cryptmount-setup.
00:00
You can certainly look into that a little bit more.
00:00
Cryptmount is an alternative to
00:00
another older tool that's called cryptsetup.
00:00
The difference is that cryptmount
00:00
doesn't require sudo rights,
00:00
so you could just run it and encrypt something,
00:00
encrypt the file system as a regular user.
00:00
Whereas with cryptsetup,
00:00
you had to be like a root user,
00:00
you had to have sudo access in order to run that.
00:00
Cryptsetup is still commonly used
00:00
for people who are doing System Administration,
00:00
and encrypting entire devices.
00:00
With that, in this lesson, we covered the importance of
00:00
disk encryption and why is being used more regularly.
00:00
We also talked about utilizing
00:00
LUKS to encrypt system disk.
00:00
Then we talked about the components of LUKS,
00:00
dm-crypt, cryptmount and cryptsetup.
00:00
Thanks so much for being here, and I look
00:00
forward to seeing you in the next lesson.
Up Next