Security

Securing Your Data

There are two fundamental concerns when it comes to securing your data here. The first is that you pick a secure password and do not let it fall into the hands of others. The second is that you properly set the permission bits on any file you create. If you do these two things, your files will be reasonably safe. It is also possible to encrypt your files if need an extra layer of security. We do our best to prevent brute force password guessing. All of our public login systems are protected by fail2ban. A program which bans IP’s that repeatedly fail authentication.

Picking A Secure Password

There are a number of automated password guessing tools. These generally use what are known as dictionary attacks. They try a dictionary of common passwords and various modifications of those. They try things known about the person they are attacking such as their login, name, address, telephone number, and modifications of those things.

Up to 14 characters are significant in our password system. A longer password is more difficult to guess because there are more potential combinations of characters.

Our system allows any printable character in a password. I suggest you use a combination of letters, numbers, and punctuation. The more random a password is, the less likely it will be guessed.

One advantage of keeping your files here is that in the event your computer is stolen or compromised, your files here are still safe, provided that your password is not stolen with your computer or obtained if it is compromised. One important way to reduce this possibility is to avoid using the password save options in browsers, the thin clients, or ssh clients like putty.

Some browsers offer the potential to set a Master Password. This is a good option if you keep that password secure.

File Permissions

There are three sets of permission bits associated with each file. They control the permissions for the owner, those in the same group, and others.

Each group of permission bits consists of a read, write, and execute permission bit. Each of these bits has a value. Read = 1, Write = 2, and Execute = 4. Each group of permission bits is represented by a single octal digit which is a combination of these three bits. You can set the permissions of a file with the “chmod” command. For example, “chmod 644 myfile.txt” gives you the ability to read and write the file but others only the ability to read it. See the man page for chmod for more details.

When you create a new file, the creation mode is determined by the value of umask. Umask is an octal mask that masks off permission bits. Any bits set in umask won’t be set in the file permissions of a newly created file. For example, if you set umask to 022 and create a file, the file will be created with mode 755. This gives everyone else read and execute permissions but not write permissions. If you set umask to 077 and create a file, the file will be created with mode 700 which gives you full access but everyone else no access to your files. The umask command can be placed in a start-up file such as “.bashrc” so that it is run automatically each time you login.

The read and execute bits have special meaning for directories. If the execute bit is set, someone can access a file within your directory provided the file itself permits it. If the read bit is set, they can see the contents of your directory. If both are set then they can see the contents of your directory and access them.

Encryption

No system security is perfect and so if your data is highly sensitive, you may want to encrypt it using various encryption tools available online. The most common and widely available being gpg. See “man gpg” for details.

Recent Posts