Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
05-31-2013, 03:31 PM
|
#1
|
Member
Registered: Jun 2011
Posts: 33
Rep:
|
best way to segregate browsing activities
Hi,
I want keep my online financial transactions completely separate from the rest of my web browsing. Obviously the absolute safest way is to simply use separate computers, but that's not particularly convenient. If I were to setup a second X11 login, how much risk would this less sheltered account pose to the other one? And what would be the preferred way to implement this? Perhaps xnest? I'm not new to Linux, but I'm also not exactly fluent, so please go easy on me
Thanks!
Last edited by planarian; 06-04-2013 at 03:04 PM.
|
|
|
05-31-2013, 06:30 PM
|
#2
|
Moderator
Registered: May 2001
Posts: 29,415
|
You mention separation, "the absolute safest way" and risk but talking about convenience kind of neutralizes all that... I'm not going to talk about using read-only media (see here and there) and I'm also not going to talk about virtualization (as I know of your requirements mentioned only elsewhere) but I'll ask you this:
are you trying to apply your fears, uncertainties and doubts regarding the Other Operating System to Linux?
If not then what are the top three risks you think you are protecting against?
And how would these attacks commonly occur?
Just trying to make you think.
|
|
1 members found this post helpful.
|
05-31-2013, 08:36 PM
|
#3
|
Member
Registered: Jun 2011
Posts: 33
Original Poster
Rep:
|
Quote:
are you trying to apply your fears, uncertainties and doubts regarding the Other Operating System to Linux?
|
There isn't really any OS I know well enough to be able to make a properly informed judgment about the risk of, say, having an account hacked. What I do know is that in the right hands, all of them can be made into a fortress, and all of them -- including Linux -- can be fatally compromised by someone who doesn't understand what they're doing. What I'm looking for are common practices, and perhaps some description that would allow me to improve my understanding of Linux's account management. For instance, one respondent in that thread you mentioned points out that x11's keylogging facility is shared, which I think is probably worth noting.
[EDIT -- I just looked more carefully at your links, and there's a lot of very useful advice there; thanks.]
Last edited by planarian; 05-31-2013 at 09:03 PM.
|
|
|
06-01-2013, 04:18 AM
|
#4
|
Member
Registered: Oct 2012
Location: France
Distribution: Debian / Fedora / Ubuntu / OpenBSD
Posts: 46
Rep:
|
Use a virtual machine (Virtualbox will do the job)
|
|
|
06-01-2013, 06:44 AM
|
#5
|
Member
Registered: Jun 2011
Posts: 33
Original Poster
Rep:
|
A VM would probably run too slowly; it's an old computer. Would xnest be a reasonable substitute?
Last edited by planarian; 06-01-2013 at 06:48 AM.
|
|
|
06-01-2013, 09:45 AM
|
#6
|
LQ Veteran
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Rep:
|
Another firefox but in "privacy mode"?
|
|
|
06-03-2013, 12:00 AM
|
#7
|
LQ Guru
Registered: Aug 2004
Location: Sydney
Distribution: Rocky 9.2
Posts: 18,391
|
You could try a separate heavily locked-down install (ie dual boot on the same box), used ONLY for banking.
Add such things as noscript, ghostery, https-everywhere to FF.
Disallow images and cookies and only allow manually for each specific bank site.
Type in each web address manually (do not copy/paste something may have invisible ctrl chars/nulls) and bookmark those. Only use bookmarks.
Set default/'home'/startup site to one of those.
NEVER store accts details/passwds/pins on the computer.
|
|
1 members found this post helpful.
|
All times are GMT -5. The time now is 11:07 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|