How do you keep safe?


Go to solution Solved by coolguy80,

Recommended Posts

Art_X

A strange question I know but one I feel I need to ask, I have used Linux for many years on a PC the gets recycled every 5 years, eg - once I buy a new PC the old one gets turned into a media/back up server - seeing as it only ever goes online to get metadata and updates I do not really do too much to it, other than to tell iptables to block everything coming into the PC that doesn't come from one of my other PC's.

 

I am curious how people secure their desktops for day to day use online, although I often hear that there are no viri for Linux and that it's much more secure by default and such, Linux is getting more coverage due to it being on phones and such and people are starting to make malware and such for it.

 

I suppose coming from a Windows background of 25 years plus, always having AV or malware programs running I have become to rely on them to much and I believe that this may be holding me back from going to Linux full time, seeing as I do online backing and such not.

 

I have heard about IDS scripts and such but having to look through log files every day to see if "something" happened it not that appealing to me, and I often hear the excuse "well if you don't vist bad sites you should be fine!", but then how do you know if a site is back, sites are always being hijacked and code added, how can you tell if a site that was good yesterday is still good today?

 

I am not writing this to flame or bait about which system is better, I am writing it in the hope that people can help me to understand Linux better so that I can trust it for my day to day needs :)

Link to post
Share on other sites
Max Norris

Just like every other OS. Keep it up to date, regular backups, and a healthy dose of common sense. For the home user, that malware doesn't wind up on your system by magic, it's either via an exploit (IE keeping your system up to date) or user error (IE, no dumbassery allowed.) A few basic rules have kept all of my systems (Windows, BSD and Linux) malware free for a good number of years now, no babysitting software required. If you run public facing servers, obviously that's a whole different ballgame.

  • Like 1
Link to post
Share on other sites
+John Teacake

I found some good hardening scripts people have wrote on Github!

Link to post
Share on other sites
Art_X

I found some good hardening scripts people have wrote on Github!

Don't suppose you have links to said scripts :p

Link to post
Share on other sites
Sikh

I found some good hardening scripts people have wrote on Github!

 

Come on RED, you can only pull that ###### on The Blacklist. Do share these scripts, im interested as well

Link to post
Share on other sites
Haggis

Same as Max

 

I personally

 

  • Keep it up to date
  • Dont open stupid sites
  • Common Sense

 

The only time i scan files on Linux is if i will be accessing them from one of MY windows laptops

 

dont really give a toss if its someone elses windows systems lol

 

if i am curious and want to see what a dodgy site is i open it in a VM lol

Link to post
Share on other sites
The_Decryptor

I found some good hardening scripts people have wrote on Github!

People should only run those if they know what every command does, I've seen "secure firewall" scripts that end up making the system less secure due to people not knowing what the rules did, etc.

Link to post
Share on other sites
gohpep

I update my system, have a firewall, use common sense, only use free software, and use addons that enhance security.

I have an Arch system, using Parabola GNU/Linux-Libre, so I followed this guide: https://wiki.archlinux.org/index.php/Security.

 

I use ClamAV to keep my system clear of Windows viruses, and use chkrootkit and rkhunter from time to time to scan for rootkits and other exploits.

Link to post
Share on other sites
+John Teacake

People should only run those if they know what every command does, I've seen "secure firewall" scripts that end up making the system less secure due to people not knowing what the rules did, etc.

 

Its a good job I know what I am doing I am just too lazy most of the time haha!! :laugh:

 

Come on RED, you can only pull that ###### on The Blacklist. Do share these scripts, im interested as well

 

Hahaha!! I was sleep deprived I will fish them out later.

 

Don't suppose you have links to said scripts :p

 

^

Link to post
Share on other sites
Art_X

People keep saying common sense but no one has answered how to cover the area of a site that you go to which could normally be safe, then due to an exploit in the web server program or forum software or wordpress it is now sending out malware, how would you check for that, I have heard about chkrootkit and rkhunter and have used them in the past.

 

In the past people have told me that Linux is so secure you dont have to worry about anything, but times change and common sense should tell people that nothing is secure, I know due to Linux usage numbers that you are at a lower risk, but knowing my luck and due tot the fact I have never used Linux for day to day stuff I am bound to do something wrong and get into trouble, if I didn't have bad luck I wouldnt get any luck at all :p

I update my system, have a firewall, use common sense, only use free software, and use addons that enhance security.

I have an Arch system, using Parabola GNU/Linux-Libre, so I followed this guide: https://wiki.archlinux.org/index.php/Security.

 

I use ClamAV to keep my system clear of Windows viruses, and use chkrootkit and rkhunter from time to time to scan for rootkits and other exploits.

Reading the stuff on that page now, and some good links at the bottom, might be for Arch, but should be good for Gentoo as well :)

Link to post
Share on other sites
goretsky

Hello,

 

There are security threats to Linux, although they aren't always the same kind (or volume) as seen for Microsoft Windows.

 

Here's a blog post I wrote at work on the subject you might find of interest:  Do you really need antivirus software for Linux desktops?

 

Regards,

 

Aryeh Goretsky

  • Like 1
Link to post
Share on other sites
Brian M.

The biggest thing I do with my linux boxes is just use common sense.

Make sure they're firewalled, make sure fail2ban is setup correctly, make sure that SSH password/root login is off, etc. On my work machine, which has a public IP, I see so many brute force attempts on SSH - it's crazy.

Link to post
Share on other sites
+BudMan

"I see so many brute force attempts on SSH - it's crazy."

 

Going to be any public access box running ssh..  I always disable password auth on my ssh boxes..  I use public key auth, while fail2ban can keep the logs less cluttered..  If you there is no password, they can bang on it all day long ;)

  • Like 1
Link to post
Share on other sites
+John Teacake
Art_X

Thanks, will take a peek and see whats what :)

Link to post
Share on other sites
Max Norris

People keep saying common sense but no one has answered how to cover the area of a site that you go to which could normally be safe, then due to an exploit in the web server program or forum software or wordpress it is now sending out malware, how would you check for that, I have heard about chkrootkit and rkhunter and have used them in the past.

Even though a compromised site is sending out malware, it still needs one of two things for it to actually do harm. Either it's sending you a file and you were silly enough to actually let it run, or it's taking advantage of a vulnerability in whatever browser or an addon like Flash/Java/etc and doing some sort of remote code vulnerability, both of which goes back to common sense and keeping said software up to date, again that's not OS specific. Although I do go with a third layer; my browsers always run sandboxed. (Sandboxie/etc on Windows, not sure what's available for Linux, I typically don't run my *Nix systems in a desktop setup, but I'd suspect there's something similar.) So even if there was a zero day exploit in browser ____ and I happened to walk into a site that took advantage of it, it couldn't harm the system, at worst I'd have to flush the sandbox and the problem along with it, zero downtime with no tears. Random downloads are the same, sandbox or if that's unfeasible, a scratch VM that I could recover from a snapshot, let that take the bullet. No matter which OS you're on there's a risk of this sort of thing, desktop, server or mobile, doesn't matter.
Link to post
Share on other sites
The_Decryptor

"I see so many brute force attempts on SSH - it's crazy."

 

Going to be any public access box running ssh..  I always disable password auth on my ssh boxes..  I use public key auth, while fail2ban can keep the logs less cluttered..  If you there is no password, they can bang on it all day long ;)

And if you really want to annoy them, have an exponential backoff timer in the "password failed" case, so every time they try a wrong password it takes longer and longer to report it.

Link to post
Share on other sites
simplezz

1. Stick to the official and trusted repositories for apps and scripts.

2. Keep your whole system updated (trivial on Linux).

3. Install ABP + Noscript browser addons.

4. Most people don't need a firewall on Linux, but if you're concerned, then there are lots of tools. Routers tend to block a lot of stuff by default.

You're much safer on Linux than Windows. It doesn't hurt to be careful what you run though. Knowing how your system works and how to inspect it means you'll notice anything out of the ordinary.

Banking or handling sensitive information should never be done on Windows. It's just too risky. Even a Linux VM is better than doing that stuff in Windows. The number of rootkits, keyloggers, adware, viruses, and scamware I've seen on Windows would put you off the platform for life. It's absolutely insane that people still do banking on it.

  • Like 2
Link to post
Share on other sites
The_Decryptor

You still do need a firewall on Linux, you just need it properly configured (This is one area I think the Windows Firewall is really good at, allows traffic from LAN addresses by default, blocks it from WAN addresses by default, pretty much perfect if you trust the network)

Link to post
Share on other sites
+BudMan

"allows traffic from LAN addresses by default, blocks it from WAN addresses by default, pretty much perfect if you trust the network)"

 

???  That is exactly what every nat router on the planet does, and my edge firewall pfsense..  So why does that box being on a trusted lan network need a software firewall when that rule is already in place at the edge..  Other than to suck up resources on the lan box?

  • Like 1
Link to post
Share on other sites
cork1958

Been running Debian Linux exclusively on 2 boxes for well over a year now and have played with several other Linux distros for several years also. Definitely NOT a Linux guru by any stretch of the imagination though.

 

Yes,

People will say common sense is the number 1 defense and I will definitely agree with that, whether on Windows or Linux.

 

Can't say as I've ever had a malware/virus issue of any sort just by using common sense and keeping things up to date. I also use this excellent host file, http://winhelp2002.mvps.org/hosts.htm along with my own entries, on both Windows and Linux and keep that up to date too!

 

I know what you mean about relying on AV's and malware scanners in Windows though. I almost feel like I'm cheating or something in Linux as it leaves me with nothing to do as I don't have to waste hours waiting on a scanner to complete, only to see that it found nothing!

Link to post
Share on other sites
simplezz

You still do need a firewall on Linux, you just need it properly configured (This is one area I think the Windows Firewall is really good at, allows traffic from LAN addresses by default, blocks it from WAN addresses by default, pretty much perfect if you trust the network)

As Budman said, that's exactly what a standard router already does. Firewalls aren't a necessity on Linux because malware and trojans aren't a primary threat for the average user unlike on Windows. Provided a user sticks to the default respositories for software, there's little to fear.

For example:

zcGFHQd.jpg

Link to post
Share on other sites
Haggis

As Budman said, that's exactly what a standard router already does. Firewalls aren't a necessity on Linux because malware and trojans aren't a primary threat for the average user unlike on Windows. Provided a user sticks to the default respositories for software, there's little to fear.

For example:

 

 

I think your confusing Firewalls and Anti Virus

 

a firewall will do nothing for Malware and Trojan on any os

Link to post
Share on other sites
+BudMan

"a firewall will do nothing for Malware and Trojan on any os"

 

Agreed!!  Firewalls are not required on any host in a trusted network be it windows, linux, bsd, beos, whatever..  I think the biggest problem is the Scare and Fear mongering and hype companies looking to cash in spread about you need a firewall you need a firewall, etc.  Sorry but unless the box is on a hostile network no it doesn't

 

You need a firewall at the border between hostile and trust!  This is 100% true..  But you don't need one on every freaking host/device in your network..

 

  • Like 1
Link to post
Share on other sites
simplezz

I think your confusing Firewalls and Anti Virus

 

a firewall will do nothing for Malware and Trojan on any os

A firewall can prevent unauthorised outgoing traffic, including trojans. This isn't a problem on Linux, but on Windows it most certainly is and one of the reasons you need a firewall. The built-in Windows firewall isn't nearly sufficient to stop such threats though.

The simple firewall provided by a router is normally enough to keep out WAN traffic, but it won't help a compromised system from sending and receiving traffic.

  • Like 1
Link to post
Share on other sites
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By Copernic
      WinLock 8.46
      by Razvan Serea



      WinLock ensures that only authorized people can access sensitive information on your computer. With WinLock you can control how long others can use your computer. It runs from the system tray and requires a password to gain access to the available settings. It loads automatically with Windows and allows you to add an optional startup message, provide audio notification, and set the time limit. Once that limit is reached, Windows is summarily shut down. You can toggle the timer on and off from the tray. When enabled, there is no way around it without the proper password.
      WinLock also allows to disable Windows hot keys (such as Alt-Ctrl-Del, Alt-Tab, Ctrl-Esc, etc.), lock Windows desktop, customize Start menu, hide Start button and Switch bar, and much more...

      Block Windows and Lock Files features allow to block virtually any application or any part of it (window, popup message, dialog box), Explorer Windows (My Computer, Recycle Bin etc.), and lock selected files. Restricted sites feature filters Internet content and prohibits access to questionable websites.

      WinLock is available in two editions: Standard and Professional. WinLock Professional offers all features of the WinLock, plus several advanced security capabilities of interest to the professional users. The advanced features of the Professional edition are:

      Support for multi-user environment Internet Explorer restrictions Google Chrome restrictions Search through website for prohibited keywords Guest password USB key authentication Webcam snapshots Flexible removable drive restrictions WinLock 8.46 changelog:

      Disable pinned apps. Apply settings option. Disable right-click in Start menu. Disble F10 key. Microsoft Edge restrictions. Disable Timeline. Full support for unicode websites. Support for Edge 88 and Tor 10. Download: WinLock 8.46 | WinLock Pro 8.46 | ~10.0 MB (Shareware)
      Links: WinLock Home Page | WinLock Pro Screenshot

      Get alerted to all of our Software updates on Twitter at @NeowinSoftware

    • By Usama Jawad96
      Microsoft Edge will now let you know if your password is compromised
      by Usama Jawad

      Yesterday, Microsoft announced a bunch of new features coming to its Edge browser, including sidebar search, history sync, and more. Another nifty capability coming to the browser is Password Monitor, which alerts you if you are using unsafe credentials. The service began rolling out to Insiders back in June 2020 and is now being made available to the general public in Edge 88. Microsoft has detailed the feature in a dedicated blog post.

      Password Monitor is the outcome of collaboration between the Edge product team and a former Microsoft Research incubation group called the "Cryptography and Privacy Research Group". The underlying technology is based on homomorphic encryption and is built on top of the Microsoft SEAL homomorphic encryption library.

      Simply stated, Password Monitor contacts a server periodically and verifies that the credentials you have saved in Edge are not present in a database of breached credentials. If they are, the user is immediately alerted and asked to change them. It is important to note that neither Microsoft nor any other third-party can see your credentials, with the technology also secure against man-in-the-middle attacks so a malicious actor cannot hijack your password during transit between your browser and the server.

      Microsoft has also modified its SEAL library to ensure multi-platform support on various architectures including ARM, x86, and Mac, and it is also compatible with low-end devices. The firm has described the principles of homomorphic encryption in its blog post as well for our more cybersecurity-savvy readers. Microsoft has emphasized that the process consumes minimal network bandwidth, optimizes CPU utilization, and that the Password Monitor service is capable of handling a "large number" of client requests.

      Password Monitor will be made available to Edge users on a rolling basis so it will not be immediately visible to everyone. You can head over to the dedicated supported page to find out how to enable it.

    • By News Staff
      Cybersecurity: The Beginner's Guide ($23.99 Value) free offer ends today
      by Steven Parker

      Claim your complimentary eBook (worth $23.99) for free, before the offer expires on 01/19.



      It's not a secret that there is a huge talent gap in the cybersecurity industry.

      Everyone is talking about it including the prestigious Forbes Magazine, Tech Republic, CSO Online, DarkReading, and SC Magazine, among many others. Additionally, Fortune CEO's like Satya Nadella, McAfee's CEO Chris Young, Cisco's CIO Colin Seward along with organizations like ISSA, research firms like Gartner too shine light on it from time to time.



      This book put together all the possible information with regards to cybersecurity, why you should choose it, the need for cyber security and how can you be part of it and fill the cybersecurity talent gap bit by bit. Starting with the essential understanding of security and its needs, we will move to security domain changes and how artificial intelligence and machine learning are helping to secure systems. Later, this book will walk you through all the skills and tools that everyone who wants to work as security personal need to be aware of. Then, this book will teach readers how to think like an attacker and explore some advanced security methodologies. Lastly, this book will deep dive into how to build practice labs, explore real-world use cases and get acquainted with various cybersecurity certifications.

      By the end of this book, readers will be well-versed with the security domain and will be capable of making the right choices in the cybersecurity field.

      This free offer expires on Jan 19.

      How to get it
      Please ensure you read the terms and conditions to claim this offer. Complete and verifiable information is required in order to receive this free offer. If you have previously made use of these free offers, you will not need to re-register. While supplies last!

      >> Cybersecurity: The Beginner's Guide ($23.99 Value) - free download <<
      Offered by Packt Publishing, view their other free resources. Expires 01/19/20.

      Not for you?
      That's OK, there are other free eBooks on offer you can check out here, but be aware that these are all time-limited offers. If you are uncomfortable sharing your details with a third-party sponsor, we understand. Check out the Neowin Store for our preferred partners.



      Home Gym Giveaway | Ultimate Gaming Giveaway (feat. PlayStation 5 & Xbox Series X) Ivacy VPN - 5 year subscription for just $1 per month NordVPN - 2 year subscription at up to 68% off Private Internet Access VPN - subscriptions at up to 71% off Unlocator VPN or SmartDNS - unblock Geoblock with 7-day free trial Subscribe to Neowin - for $14 a year, or $28 a year for Ad-Free experience Disable Sponsored posts · Neowin Deals · Free eBooks · Neowin Store

      Disclosure: A valid email address is required to fulfill your request. Complete and verifiable information is required in order to receive this offer. By submitting a request, your information is subject to TradePub.com's Privacy Policy.

    • By zikalify
      Google to limit Chrome sync API following audit
      by Paul Hill



      Google has announced that it will be limiting access to private Chrome APIs that enable features such as Chrome sync and Click to Call so that only its browsers can use them. The decision follows an audit by the company which uncovered that third-party Chromium-based browsers were using the APIs.

      The web giant said that users of some third-party browsers were able to sign in to their Google Account and store and retrieve their Chrome sync data in their third-party browser. The data they could access includes bookmarks and presumably passwords. Google isn’t happy this is happening and has said that the APIs that enable these features will be restricted from March 15, 2021.

      For users that have already accessed these features, their data will still be available in their Google Account and will continue to be stored locally in their third-party browser. To continue using the restricted features, users will have no other option than to switch to Google Chrome or Chromium.

      Google Chrome’s Engineering Director Jochen Eisinger who authored the post did not share which browsers were using these APIs but Chromium has become an extraordinarily popular choice to build browsers on top of. Microsoft’s Edge, Opera, Vivaldi and Brave are some popular web browsers that are built atop of Chromium but they each have their independent syncing services.

    • By News Staff
      Free download - Cybersecurity: The Beginner's Guide ($23.99 Value)
      by Steven Parker

      Claim your complimentary eBook (worth $23.99) for free, before the offer expires on 01/19.



      It's not a secret that there is a huge talent gap in the cybersecurity industry.

      Everyone is talking about it including the prestigious Forbes Magazine, Tech Republic, CSO Online, DarkReading, and SC Magazine, among many others. Additionally, Fortune CEO's like Satya Nadella, McAfee's CEO Chris Young, Cisco's CIO Colin Seward along with organizations like ISSA, research firms like Gartner too shine light on it from time to time.



      This book put together all the possible information with regards to cybersecurity, why you should choose it, the need for cyber security and how can you be part of it and fill the cybersecurity talent gap bit by bit. Starting with the essential understanding of security and its needs, we will move to security domain changes and how artificial intelligence and machine learning are helping to secure systems. Later, this book will walk you through all the skills and tools that everyone who wants to work as security personal need to be aware of. Then, this book will teach readers how to think like an attacker and explore some advanced security methodologies. Lastly, this book will deep dive into how to build practice labs, explore real-world use cases and get acquainted with various cybersecurity certifications.

      By the end of this book, readers will be well-versed with the security domain and will be capable of making the right choices in the cybersecurity field.

      This free offer expires on Jan 19.

      How to get it
      Please ensure you read the terms and conditions to claim this offer. Complete and verifiable information is required in order to receive this free offer. If you have previously made use of these free offers, you will not need to re-register. While supplies last!

      >> Cybersecurity: The Beginner's Guide ($23.99 Value) - free download <<
      Offered by Packt Publishing, view their other free resources. Expires 01/19/20.

      Not for you?
      That's OK, there are other free eBooks on offer you can check out here, but be aware that these are all time-limited offers. If you are uncomfortable sharing your details with a third-party sponsor, we understand. Check out the Neowin Store for our preferred partners.



      Home Gym Giveaway | Ultimate Gaming Giveaway (feat. PlayStation 5 & Xbox Series X) Ivacy VPN - 5 year subscription for just $1 per month NordVPN - 2 year subscription at up to 68% off Private Internet Access VPN - subscriptions at up to 71% off Unlocator VPN or SmartDNS - unblock Geoblock with 7-day free trial Subscribe to Neowin - for $14 a year, or $28 a year for Ad-Free experience Disable Sponsored posts · Neowin Deals · Free eBooks · Neowin Store

      Disclosure: A valid email address is required to fulfill your request. Complete and verifiable information is required in order to receive this offer. By submitting a request, your information is subject to TradePub.com's Privacy Policy.