Full Disk Encryption for Ubuntu Linux: How?

Lee, Gun-Woon, Just to pitch in my two cents... You may not be able to achieve what you want with a solution other than TrueCrypt. The only reason I say that is because you made it very clear that you want...

Lee, Gun-Woon wrote:

"...every (or almost every) bit persisted in storage is encrypted and unreadable to unauthorized users."

However, you very likely already know that there are elements on the disk that cannot be encrypted (ie: boot partition). There is one additional element that cannot be encrypted using any FDE software that boots from the same disk (or any that I am aware of) - the partition definitions (ie: start and stop LBAs). The reason TrueCrypt is excellent in a situation like this is because it can create an altogether hidden operating system[^]. Their methods are rather tactful and if your situation requires security that can thwart others' attempts at getting to your data *even after you give them the pre-boot authentication password*, than this is what you want. Now, about your BitLocker setup. The reason BitLocker isn't requesting a password for it's pre-boot authentication is because your motherboard has something called a Trusted Platform Module (TPM) installed on it. You probably already know that since you likely had to activate the thing before the encryption process could start. Anyway, the TPM holds the en/decryption keys to your encrypted partition. When the system boots, the system partition (Windows' 100MB boot partition) authenticates with the TPM, exchanges keys, and boots the encrypted partition by decrypting it on-the-fly. When the TPM is locked or the disk configuration changed, or the disk is booted on a different system, or any number of things - this will cause Windows to start the BitLocker bootloader in a recovery mode. You will be prompted for a password if and when this occurs. I'm also new to Linux myself (I've been aspiring to the genius required to understand Unix's simplicity[^] for some time now...). Anyway, I think you'll be hard pressed to find an Open Source Software (OSS) implementation of a FDE package that supports hardware en/decryption components. The only one I've seen tha

jrahma, I can't really answer your question because I truthfully don't know a thing about ADSL routers. However, I'd like to provide an alternative solution. I would steer away from putting money into hardware for something like a ADSL router. Instead, just get one that can connect you to the internet and leave all of the routing, NATing, internet access control, and reporting features to a capable platform like Untangle[^]. I use Untangle at my work. We have 3 offices and I have setup an Untangle box at each site - and I love it. It can handle internet access like you mentioned, but that is a paid feature (most of the platform is free). Hope you find something that suites your needs. -David

overloaded, I'm not exactly sure if this is what's happening - but it sounds as though you are visiting a website that uses SSL security. If that's the case, the likely cause of the security message in Firefox is because it doesn't have the SSL certificate listed in it's Trusted certificate store. Since Firefox does not use the certificate store that exists in Windows, the SSL certificate will need to be manually added in Firefox. Internet Explorer, on the other hand, uses Windows' certificate store to authenticate websites. The reason for any SSL warning is one or more of the following: 1.) The certificate for the site has expired. 2.) The certification path cannot be completed or is not trusted all the way through. 3.) The certificate has been revoked by the issuer (same as 1, but for different reasons). However, in this case it is the second reason. This leads me to believe that the site is safe, you just need to import the site's certificate into Firefox before Firefox can trust it. SSL is SSL - to my knowledge there aren't different vendor implimentations. For that reason, if Internet Explorer trusts the site then it's a good bet that it is a trustworthy site. It's probably safe to import the certificate into Firefox and continue browsing. -David PS - If someone knows I'm wrong, I'm open for correction. I'd rather not be spreading false information around :)

Brad, WebPI 2.0 will cache the installer files during the download process in the following folder: "%UserProfile%\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\". You will have to search this directory, though, because the file will actually be located in another directory whose name is generated by the application (ex: 2DSQKWD7). The application installer will be in there, but only if the temporary internet files haven't been deleted yet.

If you are looking at a SAN based solution - it probably means you have a lot of data and need lots of features (like iSCSI with pass-through write capability). Otherwise, you could use a NAS device with SATA disks. First of all (as mentioned in an earlier response) do NOT use a software based RAID solution. Secondly, if high-availability is important, go with RAID6 and not RAID5. If there will be a lot of I/O on the array, you need a performance boost. My overall advice: don't build one yourself. Purchase a NetApp (with their really cool RAID DP) or HP StorageWorks unit. We purchased an HP StorageWorks MSA2012i. Our configuration has 2.7TB usable space and uses a RAID6 array with dual controllers. I think it cost just over $7000 (with an account manager).

William, Your best bet is to go to the mfg's website and look at the recommended system configuration for the application. You may find that it is much harder to build a fully qualified system than you think. Just to give you an idea - I once built a system specifically designed for AVID video editing. For the real time editing components (renderless), it needed a firewire controller that had to use the Texas Insturments chipset. On top of that, the card itself had to have a dedicated bus segment to the system's chipset controller, and it could be the only device on that bus segment. What am I trying to say? Building a system for specialized application handeling is not a simple task. If you have never done it before, I would shy away from doing so. However, if you decide you do want to try and tackle it, you need to know that this type of system building is kind of like installing Gentoo Linux - no one can do it for you. Here are a few things to keep in mind though: you need to pair everything for best possible performance - but this isn't always what you think. For example - when specifying RAM to include into the machine, you want the motherboard's front-side bus (FSB) to match the RAM's FSB and the chipset's FSB. This will insure there are no bottle necks on the processing side of the system (the GPU will have it's own thing going on for it's memory speed). You also want to make sure that the RAM is rated ECC and fully buffered (ECC stands for "Error Corection Codes", it simply means that the unit is error correcting). ECC RAM will make your renders out of any 3D application more reliable (they won't get to 90% and fail). I know from personal experience that 3DS Max and Maya are very particular about the hardware installed in the system (more so Maya than 3DS). Hardware compatibility issues at the application layer are very difficult to troubleshoot. You might bump up the lumens on a light in a scene or turn on Global Illumination and get all kinds of errors dumping to the output window. Some other things you want to include in your research are operating system compatibility, architecture support (x86 vs. x64), video hardware support (don't use ATI, Nvidia will have much better support for your application), processor type (single core - single socket all the way through multi core - multi socket) and supported instruction sets (MMX, SSE, SSE2, etc.). The plot thickens when you start adding other primary applications into the mix, like Photoshop, After Effects, AVID, etc. These programs ha

Jan, I think this will help out a lot. It helped me, because sometimes WMI can be a nightmare... WMI Code Creator v1.0[^] -David

Your best bet is to use WMI. The following code was pulled from Microsoft's WMI Code Creator (you can download it from their website): strComputer = "." Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2") Set colItems = objWMIService.ExecQuery( _ "SELECT * FROM Win32_DiskDrive",,48) For Each objItem in colItems Wscript.Echo "-----------------------------------" Wscript.Echo "Win32_DiskDrive instance" Wscript.Echo "-----------------------------------" Wscript.Echo "DeviceID: " & objItem.DeviceID Next This is a .vbs script, but the WMI Code Creator will output to VB.NET and C# as well. Hope this helps...

Ok, if you are still having trouble understanding what a quad core processor is then let me break it down for you (just keep in mind that this is on a very high level): Q::What is a quad core processor? A::A quad core processor is 4 processors on one chip. Q::What is the purpose of a quad core processor? A::If you are familiar with servers, you know that they often use more than one processor on the motherboard (or mainboard, system board, etc.). Many times they will use 2 and 4 processors. Compaq, among others, even makes a server with 8 processors on the motherboard. As you may know, these type of setups are very expensive. This is where quad core processors shine; they bring the same power of the high end servers to your desktop, and are much less expensive. Q::What can a quad core processor do for me? A::Let's pretend that you have a computer equiped with a quad core processor. Let's also pretend that you have 2 video cards each with dual monitor output, so we can drive 4 displays at the same time. Now we want to watch a movie in full HD on one monitor, surf the internet in another, do some serious photo editing with Adobe Photoshop in another monitor, and run a virtual machine of Windows Server 2003 hosting a website using IIS in another monitor. It sounds like a lot of stuff happening at one time, but with a quad core processor and enough RAM to keep up with it, this is possible. If you are still confused, try to give some details as to exactly what it is you are still confused about.

No file attribute or flag was changed. Cross-linked files occur when a cluster appears to belong to a file, but the volume bitmap does not show it as such. If you are using Windows XP or Vista, click Start then type "cmd" now press Ctrl+Shift+Enter to grant Admin rights to the prompt. Now run the following: chkdsk c: /f /v This will run the check disk program and attempt to fix any errors found on the c: partition (if you are checking a different partition, change the drive letter). It will also echo all the files it will be working on. If Partition Magic didn't already do this, it may be good to defragment the drive when you are done, just to help the disk work faster after a partition resize.

Why don't you have access to Wikipedia?

This would really surprise me if the problem was related to Fedora. Try this: On IDE 0 (the first controller), connect your new HDD as the master drive and set the jumper to master. Then connect your old HDD as the secondary device on the same cable and set the jumper to slave. Also, make sure that the cable is 80 pin and/or ATA133, you don't want two HDD operating off of a low cable rating, like ATA66. Now, on IDE 1 (the second controller), connect your DVD drive as master and set the jumper as such. If you think that the BIOS is the culprit, then reset it now. Now, go into your BIOS and set the boot order like this: 1 - Floppy Drive (if you have one) 2 - Secondary Master CD/DVD Drive 3 - Primary Master Hard Disk 4 - Primary Slave Hard Disk Now try booting the Fedora installation DVD.

If the drives are both on the same cable, try changing the jumper setting on the new drive to "Slave" instead of the default "CS" (cable select) if you havn't already. If the drives are on different cables (1 disk/controller), then make sure they are both set to master.

A processor is a very difficult thing to understand all in one sitting. You will have to do some research about it yourself. If you don't know English all that well, Wikipedia.org[^] has several language translations. But a link to an English article about multi-core microprocessors is here[^]. To give you a light overview of the core: You are right, on a high level the "core", technically known as a die, is a physical aspect of the processor; but it is actually just a name for a group of specialized components. This is the main area of computing and largely includes the Arithmetic and Logic Unit (ALU)[^], a series of registers[^] (or boolean gates), and some tri-state[^] buffers whose functions are essentially "on", "off", and "disconnect". This is a gross understatement of the core, so to get a better idea of what it looks like, check out this picture[^] of the core, or die, of an x86 Pentium processor. From application to processor: Any piece of software on the computer, the Operating System (such as Linux, Microsoft Windows, Solaris, BSD, etc.), or any application that you install and use, and even any application that you may write, must all be converted at some point into a language known as Assembly Code[^]. This language is not standard for all processors and accompanying hardware, the name Assembly Code just refers to all languages that must directly be interpreted by the hardware. A single processor can only ever do one t

I'm not that familiar with static memory. Your best bet is to run a memory test to determine if the failure is located in the memory module. If you do register an error, swap the modules into different slots and test again. If you return another error, there is a good chance you do have bad stick of memory. If you do not return an error on the second attempt, it is probably a bad socket, not the memory module; in which case you would need to replace the motherboard. Another thing you want to avoid is "mix-n-match memory". Make sure that the memory installed in the system is nearly exactally the same. You said they are PC133, so make sure both are ECC or neither are ECC, make sure the brands match too - as some brands do not mix well with others. You will also want to check with your BIOS to make sure the voltage output to the modules are correct. Lastly, if I am not mistaken, SRAM is an old(er) technology. That being the case, you may want to think about upgrading the system entirely. -David PS- This is completely unrelated, but try out Opera instead of IE, you might like it...

You need to run Samba on your linux box. Then just modify /etc/smb.conf to list the directory(s) and permissions you want to share on/with the Windows network. You will have to work a little bit with the encrypted (Windows) and unencrypted (Samba) passwords to get them to play nicely together.

Yes, that will work. It looks like the WAP54G supports WiFi Protected Access (WPA), so it will offer protection. But as mentioned earlier, linking the two routers and having them both provide connectivity on the same network will be difficult. Post your results, I'd like to hear about it.

Ok, there are a few minor issues with the setup you described. Nothing is "wrong" with it, if that is what you want; but I don't think this is the case. The router you chose, the WAG325N, is really good. It supports 802.11b,g, and n. Now, I am assuming you want to put the wireless access point upstairs because you don't have any cable run up there. This makes sense, but I don't think you want an access point; you want a signal repeater. The access point you chose, the WAP54G, is just another router. You can daisy chain the two, but that can be troublesome to setup; and, the access point, or router (WAP54G), will have to be physcially connected to the main router (WAG325N). This defeats the purpose all-together. On top of that, if it does work out, all devices accessing the secondary network (upstairs) will only operate at 802.11b, and g speeds, and not 802.11n at all. I think a better solution to your problem is to use a signal repeater for the upstairs level. A signal repeater will recieve a signal from your router and then re-broadcast it at a much higher decibel (dB) level. But keep in mind that most signal repeaters can only repeat ONE signal frequency. So if you get a repeater that will repeat an 802.11g signal, than the 802.11g signal will be the strongest on the upper level and therefore will only provide 802.11g speeds to those devices connected to the network on that frequency.

Not necessarily. If you look up the standard, CAT-5 was initially supposed to support 100Base-T and 1000Base-T, but it was an unofficial specification and fairly unstable on 1000Base-T networks. The CAT-5e specification was created to support a 1000Base-T network by simply making minor adjustments to the CAT-5 specification. CAT-6 does the same thing as CAT-5e, but has much more room to grow; like having power over ethernet, etc.

Both cables have a max segment length of 100 meters. So once you get a signal booster or two on each run, you then only have to decide what type of phone system you will be utilizing. POTS (CAT-1)with signal boosters will provide voice only for each extention. Or you could go with VoIP (among others) with signal boosters; you will need to run at least CAT-5, but if your budget will allow, try to go with CAT-5e so you have the ability to operate on a stable 1000Base-T network.