The software described in this documentation is either in Extended Support or Sustaining Support. See https://www.oracle.com/us/support/library/enterprise-linux-support-policies-069172.pdf for more information.
Oracle recommends that you upgrade the software described by this documentation as soon as possible.
You can use data encryption to protect data that is stored or that is being transmitted. Data on storage devices and media can be at risk of theft or device loss. Data being transmitted over local area networks and the Internet can be intercepted or altered. In addition, data encryption to protect privacy and personal data is increasingly being made a mandatory requirement of corporate security policy and by governmental regulations (for example, HIPAA, GLBA, SOX, and PCI DSS).
Oracle Linux systems provide several strategies for protecting data:
When installing systems and application software, only accept RPM packages that have been digitally signed. To ensure that downloaded software packages are signed, set
gpgcheck=1
in the repository configuration file and import the GPG key provided by the software supplier. You can also install RPMs using the Secure Sockets Layer (SSL) protocol, which uses encryption to protect the communications channel.To protect against data theft, consider using full-disk encryption, especially on laptops, external hard drives, or removable devices such as USB memory sticks. Oracle Linux supports block device encryption using
dm-crypt
and the Linux Unified Key Setup (LUKS) format. The cryptsetup administration command is available in thecryptsetup-luks
package. These technologies encrypt device partitions so that the data is inaccessible when a system is turned off. When the system boots and you supply the appropriate passphrase, the device is decrypted and its data is accessible. For more infomation, see thecryptsetup(8)
manual page.An alternative approach for protecting data on a device is to use the eCryptfs utilities to encrypt a file system. The eCryptfs utilities are available in the
ecryptfs-utils
package. Unlikedm-crypt
, which encrypts block devices, eCryptfs encrypts data at the file-system level, and you can also use it to protect individual files and directories. For more information, see theecryptfs(7)
,ecryptfs-setup-private(1)
,ecryptfs-mount-private(1)
, andecryptfs-umount-private(1)
manual pages.Oracle Linux uses encryption to support Virtual Private Networks (VPN), Secure Shell (ssh), and password protection. By default, Oracle Linux uses a strong password hashing algorithm (SHA-512) and stores hashed passwords in the
/etc/shadow
file.Oracle Linux takes advantage of hardware-accelerated encryption on Intel CPUs that support the Advanced Encryption Standard New Instructions (AES-NI) instruction set, which speeds up the execution of AES algorithms as well as SHA-1 and RC4 algorithms on x86 and x86_64 architectures.