Is full Disk Encryption Really Enough?

[Htop919]

As a beginner I'm trying to see what else i can do in my knowledge to secure my installation better.

Mother Board Settings > Admin and Startup Passwords are Enabled, LAN DVD USB Boots etc. Disabled. DDR Memory Data Scrambling ON, IPMI Password Tightened.

Installed Debian 8.2 on my Drive which is on AHCI SATA Port with Legacy Boot. / Full Disk Encryption Including SWAP / Strong Password on Startup.

Seems good enough? My Mother Board Supports TPM, Secure Boot and all those security Bells and whistles.

Is there something else I can do?

[dasein]

Is there something else I can do?

Not only can, but must. If you're all that worried about it, then you need to design, engineer, and fabricate all your own hardware (including USB devices, NICs, hard drives, etc.).

[Bulkley]

There is never enough but if you put up too many bars you will wind up living in a prison of your own making. The most important part of security is to not put on the Internet anything that you would be unwilling to put up in a bus station washroom. Do not store bank passwords in your browser. Etc.

[GarryRicketson]

Yep, that is what it boils down to. If you do some searches you will find , for example, the "mother board", and all the other "chips" in your computer, could have backdoors, and
"code" built into them by the manufactures, they probably are watching you right now.
They can de-cypher, de-encrypt everything you encrypt , because they have all ready monitored how you encrypt it. I can not post links or details, because it would then become a "politcal" issue, as well. But some searches will show you nothing is really secure.
Sorry, I hate to make a paranoid person more paranoid, but it is the reality. If you stay offline, do not use any "wireless", and have no kind of wire less or "phone lines" connected to your home, this includes "cable TV" and satellite dishes, you might be sort of secure , but who knows, there may be hidden transmitters in your mother board, or one of the chips in your computer. I just try not to worry about,..don't need to really, I am not doing anything wrong, that is against any laws, I am not a "terrorist", and I don't have anything in my life that needs to be "TOP SECRET",.. in other words, they can watch me all they want, hope they enjoy the show.

[mardybear]

Computer security is directly related to intended usage. The spectrum ranges from a non-connected system in a physically secure location that does not handle sensitive data to 24/7 servers handling privileged information. Entire books have been written on the subject. Real books, not blog posts

So you need to review your usage case and then decide how much is enough. Multi-user setups, auto-mounting parititons with sensitive data, hardware backdoors, sloppy password sharing, rampant javascript, precompiled binaries, background daemons and services. There are so many potential holes it can make you crazy.

If you no longer run a Windows OS then you are ahead of the game, but really only you can decide how much is enough. Nobody can properly answer that question for YOU.

[GarryRicketson]

Not exactly a "book" but much better then a "blog"

https://www.debian.org/doc/manuals/secu ... l#contents


https://www.debian.org/doc/manuals/secu ... 10.en.html

[Bulkley]

Also, stay off of Facebook and Twitter. They make their money by invading your privacy. Apple will sell you out so don't buy any Apple products. Frankly, don't have any phone with a locator in it. Use StartPage, Duck Duck Go or Ixquick for searching; avoid Google as much as possible. Avoid Flash as much as possible. Have some extensions that remove cookies, including Flash cookies. Get the idea?

Watch some of the lectures by Eben Moglen who explains this much better than we will.