Why Linux is more Secure than Windows

There are different methods to secure

Linux by Simple Methods:

As scare as securing your Linux framework may appear to be, one thing to recollect is that each additional progression has any kind of effect. It’s quite often better to make a humble walk than let vulnerability shield you from beginning security in linux.

As favorably, there are a couple of fundamental methods that incredibly advantage clients at all levels, and knowing how to safely wipe your hard drive in Linux is one of them. Since I received Linux fundamentally in light of security, this is one of the primary things I learned. When you have assimilated this lesson, you will have the capacity to part with your hard drives securely.

As you may have achieve, the standard method for erasing doesn’t generally cut it. The regularly utilized procedures for erasing documents – clicking “erase” in the working framework or utilizing the “rm” order – are not secure.

When you use one of these methods, all your hard drive does is mark the area where the deleted file used to be as available for new data to be written there. In other words, the original state of the bits (1s and 0s) of the deleted file are left intact, and forensic tools can recover the files.

Why Linux is more Secure than Windows

This might seem like a bad idea, but it makes sense. Hard drives are designed to optimize hardware integrity, not security. Your hard drive would wear out very quickly if it reset the bits of a deleted file to all 0s every time you deleted a file.

Another process devised with hard drive lifespan in mind is “wear leveling,” a firmware routine that saves each new file in a random location on the drive. This prevents your drive from wearing out data cells, as those near the beginning of the drive would suffer the most wear if it saved data sequentially. However, this means it is unlikely that you ever would naturally overwrite a file just through long-term use of the drive.

What do you mean by “securely wipe” a hard drive?

Moving Raw Bits

Secure removal involves using a program to overwrite the hard drive manually with all 0s (or random data). This useless data overwrites the entire drive, including every bit of every saved and deleted file. It even overwrites the operating system, leaving nothing for a malicious actor to exploit.

Since the command line is usually the simplest way of going about manual operations like this, I will go over this method. The best utility for this is the “dd” command security in linux.

The “dd” commamd can be used for many things besides secure deleting, like making exact backups or installing Linux distributions to USB flash drives, but what makes it so versatile is that whereas commands like “mv” and “cp” move around files as file objects, “dd” moves data around as a stream of raw bits. Essentially, while “mv” and “cp” see files, “dd” only sees bits.

What “dd” does is very simple: It takes an input and sends it to an output. Your Linux system has a stream of 0s it can read located at /dev/zero. This is not a normal file — it’s an endless stream of 0s represented as a file.

This will be our input for a wipe operation, for the purpose of this tutorial. The output will be the device to be overwritten. We will not be overwriting an actual running system, as 1) you probably wouldn’t want to; and 2) it actually wouldn’t work, because your system would overwrite the part of the system responsible for performing the overwrite before the overwrite was complete.

Securely erasing external storage devices, like USB flash drives and external hard drives is pretty straightforward, but for wiping your computer’s onboard hard drive, there are some extra steps involved.

The Live-Boot Option

If you can’t use a running system to wipe an onboard drive, how do you perform the operation? The answer is live-booting. Many Linux distributions, including those not explicitly specialized for the purpose, can be loaded and run on a computer from a connected USB drive instead of its onboard drive. When booted this way, the computer’s onboard drive is not accessed at all, since the system’s data is read entirely from the USB drive.

Since you likely installed your system from a bootable USB drive, it is best to use that. To live-boot, we have to change the place where the computer checks to find an operating system to run by entering the BIOS menu.

Why Linux is more Secure than Windows

The BIOS is the firmware code that is loaded before any part of any OS is run, and by hitting the right key at boot time, we can access its menu. This key is different on different computers. It’s usually one of the “F” keys, but it might be something else, so it might take a few tries to figure it out, but the first screen that displays should indicate where to look.

Once you find it, insert the live-boot USB, reboot the computer directly into the BIOS menu, and select the option to change the boot order. You should then see a list of storage devices, including the inserted USB. Select this and the live system should come up.

What is the Right Address?

Before we do any erasing, we need to make sense of which deliver our framework relegates to the drive to be erased (i.e., the objective drive). To do that, we will utilize the “lsblk” charge, for “rundown piece gadgets.” It returns data about appended square gadgets, which are basically hard drive-sort gadgets.

Before running the charge, observe the objective drive’s stockpiling size, and disengage all gadgets associated with your PC EXCEPT the drive putting away the framework you are live-booting from. At that point, run “lsblk” without any contentions or alternatives.

$ lsblk security in linux

The only device that should appear is your onboard hard drive and the live-booted USB. You will notice that “lsblk” returns a name (under “NAME”) beginning with “sd” and then a letter, with branching lines to the same name appended with a number. The name the branches originate from is the name of the “file” serving as the address of the drive in the /dev directory, a special directory that represents devices as files so the system can interact with them.

You should see an entry with the size of the USB drive hosting the live-boot system and a path under “MOUNTPOINT”, and (only) one other entry with the size of your target drive with no mount point listed. This second entry gives you the address for the output of “dd”. For instance, if your target drive corresponds to the name “sdb”, then that means /dev/sdb is the address.

However, to identify the address of an external drive you want to delete, run “lsblk” once with no device attached, check the (single) entry against your onboard drive’s size and make a note of its address, connect your target drive, run “lsblk” again, and check that its size corresponds to that of one of the entries in the output.

Foiling Identity Thieves

Now we’re ready to delete. All we do is invoke “dd,” give /dev/zero as the input, and give our target (for this example, /dev/sdb) as the output. “dd” is an old command from the time before Linux, so it has a somewhat odd syntax. Instead of options prepended with dashes (“-“), it uses “if=” for “input file” and “of=” for “output file.” Our command, then, looks like this.

$ dd if=/dev/zero of=/dev/sdb

Depending on how big the target drive is, and how fast your processor is, this could take a while. With a powerful processor wiping a 16-GB flash drive, this could take as little as 10 minutes. For an average processor writing over a 1-TB drive, though, it could take a whole day. You can do other things with your computer (though not with that terminal), but they probably will be slower.

Though this is probably not something you’ll do often, knowing how definitely will serve you well in the rare instances when need to. Identity theft from forensically analyzing discarded drives happens all the time, and this simple procedure will go a long way toward defending against it.

Thank you

2 Comments

Add a Comment

Your email address will not be published. Required fields are marked *