LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 10-11-2017, 03:36 AM   #1
Cipher198
LQ Newbie
 
Registered: Oct 2017
Posts: 1

Rep: Reputation: Disabled
Unhappy ubuntu security issues


i am new to linux but i dont feel safe here. am currently using ubuntu 16.04 lts. how can i maximize my security while browsing online
 
Old 10-11-2017, 12:25 PM   #2
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 9,351
Blog Entries: 4

Rep: Reputation: 3334Reputation: 3334Reputation: 3334Reputation: 3334Reputation: 3334Reputation: 3334Reputation: 3334Reputation: 3334Reputation: 3334Reputation: 3334Reputation: 3334
Well, start by identifying exactly what you perceive to be a threat! Computer systems are not "intrinsically" vulnerable, and in fact many exploits are purely opportunistic.

Some things that I routinely do:
  • My "ordinary" user account is non-privileged: it cannot issue the sudo command.
  • All "home directories" are accessible only to the owning user.
  • I'm running regular backups to an external drive, all the time throughout the day. These backups are protected.
  • I use ad-blockers. (Sorry, LQ!) "Internet advertisements" are actually programs.
  • When I "wear different hats," I have separate (non-privileged) user accounts for each "hat." For instance, to do small-business accounting, I must log on as an accounting user. If I'm working on different client projects, each one has its own account.
  • Much of this is what is referred to as the Principle of Least Privilege.
 
3 members found this post helpful.
Old 10-12-2017, 11:02 AM   #3
DavidMcCann
LQ Veteran
 
Registered: Jul 2006
Location: London
Distribution: PCLinuxOS, Debian
Posts: 5,842

Rep: Reputation: 2162Reputation: 2162Reputation: 2162Reputation: 2162Reputation: 2162Reputation: 2162Reputation: 2162Reputation: 2162Reputation: 2162Reputation: 2162Reputation: 2162
Most problems are actually caused by users! People get emails from an unknown source and click on an attachment, or they see an free program offered on the internet and install it. That sort of malware is common in Windows-land and it works.

It doesn't work in Linux-land. Run your file manager and go to /bin. Right click on a program name, like bash, and then click on Permissions. You'll see a box labeled "allow executing file as program" has been ticked. That was done by the package manager that installed bash and the program could not run until it was done. You couldn't just dump malware on Linux and expect it to run: some-one with the authority to do so has to tell the system that it's OK.
 
2 members found this post helpful.
Old 10-12-2017, 12:17 PM   #4
jamison20000e
Senior Member
 
Registered: Nov 2005
Location: ...uncanny valley... infinity\1975; (randomly born:) Milwaukee, WI, US( + travel,) Earth( I wish,) END BORDER$!◣◢┌∩┐ Fe26-E,e...
Distribution: any GPL that works well on freest; has been KDE, CLI, Novena but open... http://goo.gl/NqgqJx &c ;-)
Posts: 4,451
Blog Entries: 3

Rep: Reputation: 1449Reputation: 1449Reputation: 1449Reputation: 1449Reputation: 1449Reputation: 1449Reputation: 1449Reputation: 1449Reputation: 1449Reputation: 1449
Thumbs up Good reads* by Sundialsvcs & DavidMcCann, Thanks.

Can't help () bringing up, © Canonical Ltd (a privately held company) tho my netinst is not entirely free as in freedom unless you go that route!

eg:
<vidio*:> https://www.crowdsupply.com/sutajio-kosagi/novena
https://www.gnu.org/distros/free-distros.html &c...

have fun!

Edit: script blockers can be installed alongside ad ones.

Last edited by jamison20000e; 10-13-2017 at 12:36 PM. Reason: spelling eror :p
 
1 members found this post helpful.
Old 10-13-2017, 02:41 PM   #5
X-LFS-2010
Member
 
Registered: Apr 2016
Posts: 510

Rep: Reputation: 58
if your new to ubuntu please. just take things as they are:

very possible russian asian muslim or ms or who) have hacked things to give "certain people" a way to get in if they have the need to. infact debian used to expressely say their was such packages and they were not responsible for what users "chose to install"

ALSO very possible since your new that you can't learn how to "secure a unix work station" quickly

ANSWER: click on the firewall thing make sure that's ON. past that: attach it only to internet not to your private lan until you (are ever) confident you are safe enough for your needs

(i can tell you remote attacks are not prevailant - watch your modem lights they will be still when your not browsing (it's likely no one is loggin in to your computer remotely), i can also tell you china runs malware port scans on a regular basis on all IP in the USA - so you DO want a firewall - and you should not have "private" or banking information on the machine, as you might be held responsible by your bank if you did)
 
Old 10-14-2017, 11:33 AM   #6
DavidMcCann
LQ Veteran
 
Registered: Jul 2006
Location: London
Distribution: PCLinuxOS, Debian
Posts: 5,842

Rep: Reputation: 2162Reputation: 2162Reputation: 2162Reputation: 2162Reputation: 2162Reputation: 2162Reputation: 2162Reputation: 2162Reputation: 2162Reputation: 2162Reputation: 2162
I forgot to mention the firewall! If you have a router, that should have its own. If you have a phone-company dongle stuck in a USB port, you need to have one on the computer, and you can never have too many anyway .

Ubuntu, like most (all?) Debian derivatives comes with the firewall turned off. Use the following commands
Code:
sudo apt-get install ufw
sudo ufw enable
The first may be redundant — ufw may be installed — but it will obviously tell you if it is. The second does the trick.
 
1 members found this post helpful.
Old 10-14-2017, 03:36 PM   #7
jamison20000e
Senior Member
 
Registered: Nov 2005
Location: ...uncanny valley... infinity\1975; (randomly born:) Milwaukee, WI, US( + travel,) Earth( I wish,) END BORDER$!◣◢┌∩┐ Fe26-E,e...
Distribution: any GPL that works well on freest; has been KDE, CLI, Novena but open... http://goo.gl/NqgqJx &c ;-)
Posts: 4,451
Blog Entries: 3

Rep: Reputation: 1449Reputation: 1449Reputation: 1449Reputation: 1449Reputation: 1449Reputation: 1449Reputation: 1449Reputation: 1449Reputation: 1449Reputation: 1449
I like Firewalld.
 
Old 10-14-2017, 04:08 PM   #8
YesItsMe
Member
 
Registered: Oct 2014
Posts: 712

Rep: Reputation: 274Reputation: 274Reputation: 274
Nothing will fix the horrendous security problems of Linux except the Linux developers. The distribution you chose is not quite as important for this.
 
Old 10-15-2017, 12:41 AM   #9
AwesomeMachine
LQ Guru
 
Registered: Jan 2005
Location: USA and Italy
Distribution: Debian testing/sid; OpenSuSE; Fedora; Mint
Posts: 5,513

Rep: Reputation: 1011Reputation: 1011Reputation: 1011Reputation: 1011Reputation: 1011Reputation: 1011Reputation: 1011Reputation: 1011
Probably the single most effective measure is to use a for-pay vpn as an anonymous proxy. Then, write an iptables firewall script that drops all spoofing addresses, and only allows RELATED and ESTABLISHED traffic on the INPUT table, and which only accepts traffic on ports and protocols you require.

You can pick up a Watchguard hardware firewall on eBay for 20.00, which is an extremely effective way to prevent unwanted traffic. If you don't use ssh, then disable the ssh service.
 
Old 10-15-2017, 10:46 AM   #10
DavidMcCann
LQ Veteran
 
Registered: Jul 2006
Location: London
Distribution: PCLinuxOS, Debian
Posts: 5,842

Rep: Reputation: 2162Reputation: 2162Reputation: 2162Reputation: 2162Reputation: 2162Reputation: 2162Reputation: 2162Reputation: 2162Reputation: 2162Reputation: 2162Reputation: 2162
Quote:
Originally Posted by AwesomeMachine View Post
… write an iptables firewall script that drops all spoofing addresses …
And this is advice for some-one who describes themself as "new to Linux"? I've used it for years and wouldn't know where to start implementing that!
 
Old 10-15-2017, 08:50 PM   #11
AwesomeMachine
LQ Guru
 
Registered: Jan 2005
Location: USA and Italy
Distribution: Debian testing/sid; OpenSuSE; Fedora; Mint
Posts: 5,513

Rep: Reputation: 1011Reputation: 1011Reputation: 1011Reputation: 1011Reputation: 1011Reputation: 1011Reputation: 1011Reputation: 1011
You can get iptables scripts online. Everything that you need is there. You just have tweak it a bit, and delete most of it. I can't write iptables from scratch. Spoofing addresses are private address space, like 10.0.0.0/8, etc.
 
Old 10-17-2017, 03:02 PM   #12
trumpforprez
Member
 
Registered: Nov 2016
Location: UK
Distribution: Debian Jessie
Posts: 154

Rep: Reputation: Disabled
Quote:
Originally Posted by Cipher198 View Post
i am new to linux but i dont feel safe here. am currently using ubuntu 16.04 lts. how can i maximize my security while browsing online
Firstly, Richard Stallman said Ubuntu is spyware.
Ubuntu gives your browsing history to companies and the feds.

So you can choose an OS which is more secure.
Alternatively, you can 'harden' Ubuntu by installing AppArmor.

For secure browsing, use Firefox with NoScript and HTTPS Everywhere add-ons.
You can try different methods of anonymous browsing like Freenet, tor and I2P.
Do your research and find the best method.

Linux distros are much safer than Windows OS. For example, Linux distros don't need third-party firewalls or antivirus.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Canonical Outs Linux Security Patch for Ubuntu 14.04 LTS to Fix Several Issues LXer Syndicated Linux News 0 08-08-2017 04:32 AM
LXer: Security Reseacher explains security issues related to Windows 10 Linux subsystem at Blackhat LXer Syndicated Linux News 0 08-07-2016 09:54 AM
LXer: Buck-security - Security scanner for Ubuntu Servers LXer Syndicated Linux News 0 03-31-2010 08:10 PM
Slackware vs Ubuntu on security issues JKoder Linux - Security 8 06-09-2006 07:10 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 10:22 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration