Absolute security/locked down workstation?

Donny Bahama · 01-14-2013, 10:06 AM

I'm building a computer for my mom. Her uses will be limited to:

Email
Web browsing
Word processing
Spreadsheets
Viewing presentations
Viewing/organizing photos (Picasa)
Skype
A few simple games (e.g. solitaire) and possibly web(/java)-based games (e.g. Pogo.)

Can I whitelist these apps (and her home directory) and block everything else? My goal is to create something that is absolutely secure and safe from any kind (known or unknown) intrusion and/or malware. Any other suggestions for achieving this goal would be greatly appreciated.

snowpine · 01-14-2013, 10:22 AM

Hi Donny,

The FAQ's on these 2 pages will help answer your question (the first one is written for a beginner like your mom, the second contains links to more technical info for further reading for sys admins):

http://www.psychocats.net/ubuntu/security
http://ubuntuforums.org/showthread.php?t=510812

I recommend not deviating too much from the default security settings. (Maybe tighten up SSH if she is using that service.) Reason being that the defaults are quite sane, so unless you are an intermediate/advanced security expert, there is a greater chance of accidentally inconveniencing your mom than actually improving her security.

Fact is the best way to improve your mom's online security is to have a frank talk and educate her about the various threats that exist. Most older people who are compromised happens through social engineering "hacks" that trick and manipulate the user's behavior, rather than technological exploits. Also best to have a conversation with her bank's fraud department to figure out their policies. No matter how secure or insecure your mom's computer is, it is her financial institution that will determine whether the event is a minor inconvenience or a life-changing tragic event.

NyteOwl · 01-14-2013, 08:53 PM

Quote:

My goal is to create something that is absolutely secure and safe from any kind (known or unknown) intrusion and/or malware. Any other suggestions for achieving this goal would be greatly appreciated.

Take the computer, encase it in cement and drop it in the ocean. Seriously, it is unrealistic to talk about absolute security and safety against all known threats (let alone unknown threats).

Security is a process, and is always a balancing act between safety, risk and convenience. A good start is, as suggested, education as the key. Following good security practices such as many of the best practices listed on sites such as SANS and other similar sites.

Frankly (though there are those who disagree) I consider Skype a security risk in and of itself. Web based games are a great attack vector. Ensure Java is completely up to date as there has just been a major exploit reported.