linux4noobs@lemmy.world
Community in the text?
If the device get stolen, your drive and its files can be easily read.
Other attacks like malware or ransomware are almost the same if the drive is encrypted or not.
Disk encryption is important for laptops and phones because these devices are frequently stolen. For desktop or servers is still good idea, though.
Thanks a lot for your answer. How would you encrypt a server? Typing a password every time it boots isn’t possible for me, since I would need a monitor for my headless server.
You can use SSH for unlocking: https://www.cyberciti.biz/security/how-to-unlock-luks-using-dropbear-ssh-keys-remotely-in-linux/
That’s why it’s not always an option.
Some servers have some kind remote console hardware, with their own security issues.
Your “threat model” is important too. Do you expect that server to get stolen? If it happens, is there critical data that should not leak?
Maybe you need to encrypt a directory, and not the whole drive.
My threat model isn’t high. Just normal stuff everyone has, but that would be disadvantagely if someone else got them.
It’s more if a precautionary measure. It doesn’t have to be super safe, but better than nothing.
Safe in what context ?
If the drive is mounted and data accessible, in case your computer is compromised by some kind of malware, well, the data will be easy to exfiltrate. Now, if the computer is turned off or the drive unmounted, that’s what encryption comes in to protect it.
So, basically, encryption will protect the data in case of physical theft of the drive or in case of remote hacking if the drive is un-mounted.
Safe in the context of someone stealing the hard drive and look through private photos and stuff by plugging the drive into another device.
In that case, without encryption, your safety is zero. That’s the exact scenario that full-drive encryption was designed for.
Well… shit. Thank you for your great advice. I’m gonna look for how I can secure my data.