Language Selection

English French German Italian Portuguese Spanish

10 Steps for Basic Linux Desktop Security

Filed under
Linux
Security
HowTos

I agree that Linux is less vulnerable than Windows, but that doesn’t make it immune to attackers. It’s not always about security flaws, buffer overflows or denial of service attacks. Most intruders exploit incorrect system configurations or access permissions which are often caused by user ignorance.

I came up with a list of 10 basic rules that should reduce the security risk.

1. Download the ISO for your preferred distro from trusted sources. It’s recommended to visit the official web page and select a download method from there. If you are downloading from unofficial torrent sites for higher speed rates, make sure they’re using the same tracker. Upon downloading always check the SHA1/MD5 sum.

2. Don’t perform a full install. Select only packages that you need, why waste the disk space? Fewer packages means less bugs.

rest here




More in Tux Machines

Leftovers: OSS and Sharing

  • 10 Top Open Source Artificial Intelligence Tools for Linux
    In this post, we shall cover a few of the top, open-source artificial intelligence (AI) tools for the Linux ecosystem. Currently, AI is one of the ever advancing fields in science and technology, with a major focus geared towards building software and hardware to solve every day life challenges in areas such as health care, education, security, manufacturing, banking and so much more.
  • List of FLOSS International Conferences September 2016 Materials
  • This Week In Servo 78
    Our overall roadmap is available online and now includes the initial Q3 plans. From now on, we plan to include the quarterly plan with a high-level breakdown in the roadmap page.
  • Firefox 49 Release: Find out what is new
    Firefox 49.0 is the next major stable release of the web browser. Firefox 48.0.2 and earlier versions of Firefox can be updated to the new release.
  • Open-Source Climate Change Data From NASA, NOAA, & Others Available For 1st Time
    Climate change has many components — rising sea levels, alterations in rainfall patterns, and an increase in severe storm activity, among others. Communities around the world are faced with the need to plan for climate change but don’t have the information available to do so effectively.
  • Another Setback for 3D Printed Gun Advocate Cody Wilson as Court of Appeals Rules That National Security Concerns Outweigh Free Speech
    It’s been a long, drawn-out battle, beginning in 2013 when Cody Wilson, founder of Defense Distributed, published the open source files for his 3D printed handgun, the Liberator, online. The State Department ordered that he take the files down, and Wilson complied, but not before thousands had downloaded them and spread them elsewhere on the Internet. In 2015, with the help of gun rights organization The Second Amendment Foundation, Wilson filed a federal lawsuit claiming that the State Department had violated not only his Second Amendment but his First Amendment rights. By suppressing his right to share information online, Wilson argued, the State Department was violating his right to free speech.
  • In 3D-Printed Gun Case, Federal Court Permits Speech Censorship in the Name of Alleged National Security
  • Oracle tries playing nice with Java EE rebels
    With Oracle now trying to get back on track with advancing enterprise Java, the company is seeking rapprochement with factions that had sought to advance the platform on their own. The two groups involved are mostly amenable to patching up the relationship. Oracle's Anil Gaur, group vice president of engineering, said this week he had already been in touch with some of the concerned parties. The two factions include Java EE Guardians, led by former Oracle Java EE evangelist Reza Rahman, and Microprofile.io, which has included participation from Red Hat and IBM.

GNU News

Project Releases

Security Leftovers

  • Krebs Goes Down, Opera Gets a VPN & More…
    Krebs on Security in record DDOS attack: Everybody’s go-to site for news and views of security issues, has been temporarily knocked offline in a DDOS attack for the record books. We first heard about the attack on Thursday morning after Brian Krebs reported that his site was being hit by as much as 620 Gbs, more than double the previous record which was considered to be a mind-blower back in 2013 when the anti-spam site Spamhaus was brought to its knees. Security sites such as Krebs’ that perform investigative research into security issues are often targets of the bad guys. In this latest case, Ars Technica reported the attack came after Krebs published the identity of people connected with vDOS, Israeli black hats who launched DDOS attacks for pay and took in $600,000 in two years doing so. Akamai had been donating DDoS mitigation services to Krebs, but by 4 p.m. on the day the attack began they withdrew the service, motivated by the high cost of defending against such a massive attack. At this point, Krebs decided to shut down his site.
  • Upgrade your SSH keys!
    When generating the keypair, you're asked for a passphrase to encrypt the private key with. If you will ever lose your private key it should protect others from impersonating you because it will be encrypted with the passphrase. To actually prevent this, one should make sure to prevent easy brute-forcing of the passphrase. OpenSSH key generator offers two options to resistance to brute-force password cracking: using the new OpenSSH key format and increasing the amount of key derivation function rounds. It slows down the process of unlocking the key, but this is what prevents efficient brute-forcing by a malicious user too. I'd say experiment with the amount of rounds on your system. Start at about 100 rounds. On my system it takes about one second to decrypt and load the key once per day using an agent. Very much acceptable, imo.
  • Irssi 0.8.20 Released
  • What It Costs to Run Let's Encrypt
    Today we’d like to explain what it costs to run Let’s Encrypt. We’re doing this because we strive to be a transparent organization, we want people to have some context for their contributions to the project, and because it’s interesting. Let’s Encrypt will require about $2.9M USD to operate in 2017. We believe this is an incredible value for a secure and reliable service that is capable of issuing certificates globally, to every server on the Web free of charge. We’re currently working to raise the money we need to operate through the next year. Please consider donating or becoming a sponsor if you’re able to do so! In the event that we end up being able to raise more money than we need to just keep Let’s Encrypt running we can look into adding other services to improve access to a more secure and privacy-respecting Web.
  • North Korean DNS Leak reveals North Korean websites
    One of North Korea’s top level DNS servers was mis-configured today (20th September 2016) accidentally allowing global DNS zone transfers. This allowed anyone who makes a zone transfer request (AXFR) to retrieve a copy of the nation’s top level DNS data. [...] This data showed there are 28 domains configured inside North Korea, here is the list: airkoryo.com.kp cooks.org.kp friend.com.kp gnu.rep.kp kass.org.kp kcna.kp kiyctc.com.kp knic.com.kp koredufund.org.kp korelcfund.org.kp korfilm.com.kp ma.gov.kp masikryong.com.kp naenara.com.kp nta.gov.kp portal.net.kp rcc.net.kp rep.kp rodong.rep.kp ryongnamsan.edu.kp sdprk.org.kp silibank.net.kp star-co.net.kp star-di.net.kp star.co.kp star.edu.kp star.net.kp vok.rep.kp
  • Yahoo’s Three Hacks
    As a number of outlets have reported, Yahoo has announced that 500 million of its users’ accounts got hacked in 2014 by a suspected state actor. But that massive hack is actually one of three interesting hacks of Yahoo in recent years.