Securing a Slackware Laptop
Hi all!
Since I started traveling with my personal laptop (that uses Slack 13.37) I realize the benefit of securing the machine against attackers and other breaches that could expose my information to foreigners. Since I am at home behind a hardware firewall with very tight rules and uses services such as snort, squidguard, ip tables and other firewall technologies, I feel OK but traveling and connecting my laptop to hotels and cafes wifi's and other networks, I am not 100% confident I am secure and also what would happen if my laptop was to be stolen? Right now, I have nothing except stock Slackware and the KDE login protecting from unauthorized access... not much as you can see. So I am wondering what is the community's recommendations to make my laptop more secure & minimize the risks of leaking my info? I recognize that it is impossible to be 100% protected but there's gottaa be better than just a simple login to protect from unauthorized access? Firewalls? Intrusion detection on the machine? Like I said, at home I use SNort, squidguard and other firewall technologies to protect my entire network. What would be recommended to install on a standalone machine? Thanks! |
Although not a specific answer, US-CERT has posted guidelines for security that may provide you a guide; see http://www.linuxquestions.org/questi...9/#post4420056 or directly at the US-CERT web site http://www.us-cert.gov/cas/techalerts/TA11-200A.html. Lots of good advice.
Outside of the above, you may want to consider encrypting your dive (but that's kind of overkill -- remember, Linux ain't Winders, eh?). Hope this helps some. |
|
Quote:
|
Quote:
I'd say, focus on hardening the install first and foremost. Then, when things are sufficiently locked down, weigh whether the drive needs to be encrypted. |
Encrypting a drive partition in Linux is not a complex task. On a laptop that is travelled with and might be stolen it is a reasonable and prudent precaution.
What you want to encrypt will determine where in the "hardening" process you start. If you want to encrypt the entire drive using say LUKS then you do the encryption before you install the system. If you only want to encrypt the home partition you can worry about that after you install the system, assuming you create a separate partition for home at install time (always a good idea in any case). Based solely on the OP's distros and posts I'd say their familiarity should be enough that it wouldn't be onerous. Of course all the usual advice applies - don't run any services you don't need, make sure all the applications and services you use are up-to-date on patches, configure iptables firewall, or install something like Shorewall or Firestarter to help with the firewall management. The above mentioned Cert and NIST guidelines are well worth consulting as is the SANS w @W|GGL|T/unixfool ltns! |
I encrypt everything using dm-crypt. I don't use swap and boot must be unencrypted.
If I do not encrypt / I there is still information to gather if the laptop is stolen. When traveling, I believe your biggest security risk is whatever LAN you connect to (assuming / is encrypted). Sniffing, spoofing, monkeyinthemiddle, blah.... I would find a 'secure' way to remote into another server to access internets. |
Quote:
Just to clarify: I agree that a lost/stolen laptop is a bad thing, but it appears that the OP actually wanted to harden the laptop. While encrypting a drive will lessen the chance of access if the laptop is lost/stolen, it won't prevent him from being exposed when using his laptop in a coffee shop (unless I'm seriously mistaken). I still feel that a basic hardening of the laptop is the first step (but then again, if he's constantly on the go, he should probably encrypt his drive sooner than later). He's already done it for use at his home...he just needs to focus on how to lessen a break-in when away from his home network. OP, in addition to what I stated earlier, a VPN conduit between and outside location and your home would probably be another good idea. |
Quote:
|
Quote:
Disk encryption will not help if people can walk into your system while the disk is 'unlocked'. But closing the computer down so the outside world can't access it and the computer gets stolen is equally useless if you need / want to secure sensitive information. |
Hey guys! Thanks to ALL for this prevcious input, lots of reading for me to come.... I'll digest all that stuff and probably will ask several questions if nobody minds.
TO start with, I suscribed to the slackware security mailing list. I have never worked with this before so I wonder how it works? I imagine I will get an email whenever somebody posts to the list (like all other mailing lists) but then how do I benefit from it? How do I apply patches? Yes my intentions are A) to harden the laptop so I minimize my chances of seeing my own stuff on the web :( and B) make it hard/very hard for somebody to retrieve my info if my machine was stolen. Quote:
|
OK so I performed some modifications on my system. I did the following things as a start:
-Modified hosts.allow & .deny to allow only my local machines to communicate with eachothers; -Disabled root's SSH; -Disabled root's VNC; -Disabled all unnecessary services from inetd.conf; -Installed snort from Slackbuilds.org. I however encountered 2 problems: 1-Following the README.slackware, I updated the ruleset via the script in the readme file but there is no /docs/signatures in any of the tar files I downloaded from https://www.snort.org/snort-rules... I wonder if its because they recently changed the tar files and somehow removed this signatures folder !? 2-When I start snort via the rc script, I get: Code:
bash-4.1# /etc/rc.d/rc.snort start |
While investigating the problem with Snort, I have decided to try encryiption but before I get going, I need to ask a few questions:
My current setup looks exactly like this: /dev/sda1 ==> /boot /dev/sda2 ==> SWAP /dev/sda3 ==> Extended | ===>/dev/sda5 ==> / | ===>/dev/sda6 ==> /mnt/storage (just an empty mount point for temporaty file storage) /dev/sdb1 ==> SWAP /dev/sdb2 ==> Extended | ===>/dev/sdb5 ==> /home Can I encrypt this setup (except /boot) without having to wipe my drive and restart fresh? Once encryption is complete, any risks of not being to backup my data or read/write it? I am thinking about bugs or other caveats I should be aware. I use rsync (rsnapshot) via cron to weekly backup /home/users to my local server. Will I have problems to continue using these FS tools? I guess this will get me started! Thanks!!! |
Quote:
|
Quote:
But really, installing, configuring, and tuning Snort is something that is outside of the parameters of this thread, as the subject matter is quite large in scope. You'll be learning things about Snort for quite awhile. I suggest hitting up the Snort forums and reading anything related to Snort, so you can become immersed. It isn't something that you're going to master in a week/month/quarter or even a year. Expect lots of time trying to understand the IDS and the log contents. |
All times are GMT -5. The time now is 07:20 PM. |