Securing Your Linux System Bit by Bit

Securing Your Linux System Bit by Bit

By Jonathan Terrasi • LinuxInsiderECT News Network

Jun 13, 2017 10:35 AM PT


As daunting as securing your Linux system might seem, one thing to remember is that every extra step makes a difference. It’s almost always better to make a modest stride than let uncertainty keep you from starting.

Fortunately, there are a few basic techniques that greatly benefit users at all levels, and knowing how to securely wipe your hard drive in Linux is one of them. Because I adopted Linux primarily with security in mind, this is one of the first things I learned. Once you have absorbed this lesson, you will be able to part with your hard drives safely.

As you might have deduced, the usual way of deleting doesn’t always cut it. The most often-used processes for deleting files — clicking “delete” in the operating system or using the “rm” command — are not secure.

When you use one of these methods, all your hard drive does is mark the area where the deleted file used to be as available for new data to be written there. In other words, the original state of the bits (1s and 0s) of the deleted file are left intact, and forensic tools can recover the files.

This might seem like a bad idea, but it makes sense. Hard drives are designed to optimize hardware integrity, not security. Your hard drive would wear out very quickly if it reset the bits of a deleted file to all 0s every time you deleted a file.

Another process devised with hard drive lifespan in mind is “wear leveling,” a firmware routine that saves each new file in a random location on the drive. This prevents your drive from wearing out data cells, as those near the beginning of the drive would suffer the most wear if it saved data sequentially. However, this means it is unlikely that you ever would naturally overwrite a file just through long-term use of the drive.

So, what does it mean to “securely wipe” a hard drive?

Add a Comment

Your email address will not be published. Required fields are marked *