help a noob become better

Hey guys, i have searched most of the threads for my answer but cant seem to get a stable solution.i know my way around computer but i would still be a noob compared to you guys.This is a great site and there really is alot to learn. i need someone to guide me to securing my computer so that my future work will not be compromised by all means. as i have learned that before you try to break into someone elses security, you need your to be secured first and better than your targets. basically i need information and advice from people who know what they are doing and know that thier own system are impenetrable from others. i have a Ubuntu OS. i will be most grateful if you can help me!\Thankz

The sarcastic response would be: "Disconnect your LAN lead/WLAN, and dissable all removable devices" :P

On a more serious note, the other week there was a thread about operating systems and various ups and downs on their security.

1. There are hardened Linux kernels out there that I didn't know existed.

2. I don't know about Debian based stuff so much, such as Ubuntu, but for OpenSuSE you do have a firewall service - I would imagine it's about average, just does what it says on the tin. You can configure specific ports TCP/UDP and maybe protocol. As for what Ubuntu has I can't be sepcific on this front.

3. As far as securing your machine goes, make sure inbound connections on your machine to any services are either blocked or you dissable those services unless needed.

4. Software updating, I have mixed feelings about. If the update is not just asthetics but improved security I tend to go for it. I have had a few minor problems with updated software and libraries confliting with both Windows and Linux distributions I've used, with Linux applications it tended to be with programs which needed a specific version of a library but seemed to use the generic sybolically linked library file(s). You can either work around this one of three ways or just update to a later version of the program.

5. As for anti-virus stuff, Linux tends to have a much lower probability/"rate of infection" because it often varies, not everything can be binary distributable with Linux. But, there are some, and there are some free anti-virus packages you can use which support Linux. Like all "prevention-ware" as I call it, it becomes a hog on the system, when if you're careful anyway and don't go looking for trouble you're generally fine. Example: Clicking on a link that blatently contains some form of mallicious executable/hijack/what-not, or executing something without giving it a brief check over first - this tends to apply more to Windows but hey.

6. I am not all that knowledgable on rootkits and the more hardcore stuff related, someone else would be able to help there. But you can keep an eye on your kernel modules, I forget how.

7. Lastly, the things most Windows users don't realise exist but most Linux users might, are logs, you can grep them/ or using "awk" to search for specific field for anything that maybe significant.

EDIT another thought: If you maintain to your network, make sure you know all the risks involved with using Wireless and making sure your for example router firmware is best for further security. That, I find, often does a lot more good than using software Firewall on the machine in my opinion, I maybe wrong.

Hope this helps, if anything I've said is incorrect, don't hesitate to clobber it and let me know I'm full of [insert favourite curseword here] :)

Jim,

j4m32 wrote:

4. Software updating, I have mixed feelings about. If the update is not just asthetics but improved security I tend to go for it. Yes. This is very important. You should always install any security related updates for your programs. Personally, I prefer to always have the latest software anyway.

j4m32 wrote:

5. As for anti-virus stuff… There's no need for any anti virus software on Linux (or Windows) as long as you don't install every program you find off the internet. Just be careful and use your common sense and you should be ok.

How to have a more secure linux … as a start some distros are built with security in mind, you could try to use one of those as it is tested for security weaknesses more than other, could be a bit more complicated to use but its worth it.

another thing ("as said before") update, update and more update.

and as for antivirus, you may not really need it, but what the hell ClamAV is free, then why not :).

also you should always have your firewall up, and any service you dont use should always be off (SSH, HTTP, FTP, Mail) or any other that you dont really need just uninstall it.

also its better to have your computer behind a hardware firewall or at least behind a router that has no port forwarding enabled.

for SSH if you really need it google hosts.allow and hosts.deny :) really great stuff.

learn about NAT and firewall on linux.

limit the perms of the the user you are using to be as minimal as can be.

never login as root but set a new complicated password for it using 'passwd ' on ubuntu and remove the sudo perms from your regular user. (this may sound stupid) but in case some one got your user pass he will not be able to do anything.

the logs is a great place to look for any threats.

install nmap and use 'nmap localhost' every few days to check for strange open port.

also every once in a while use 'su' to gain root with your complicated pass and then use 'who' to check if any users are logged in to your computer.

always disable remote login for your root account.

there are few scripts that could disable remote login for some IP addresses on ssh in case of 3 or 5 or as many failed attempts to login via (SSH - only have it if you need it), you could use them and read there logs too :).

keep an eye on securityfocus.com to check if your OS has any new exploits revealed and on fixes for them, if fixes exist install, other wise disable/uninstall the service-software causing it.

this is almost everything you could do on ubuntu/linux to have it as secure as can be. yet its not 100% secured though, as hackers have many ways of gaining access, but this would remove any threats from non extreme hackers.

Alright, everyone here is severely overdoing it.

If you are behind a router, then ensure your wireless is secure (if you use it) and keep your system as up-to-date as possible. If you're not behind a router or firewall, then install your own firewall to the machine. Iptables is a good firewall to know your way around, but if you don't there are GUI's for it.

That is really all you need.

Of course, there are things like hardened kernels, intrusion detection systems, and rootkit detectors, however you don't really need them in your situation. Especially considering you don't seem too familiar with what you're doing, it might be best to not worry about them yet. It's not like your running a server, this is your personal system. The majority of attackers will never know you exist if you're behind a router or firewall, and they won't give a shit either. You really don't have to worry about automated attacks like malware, botnets, or virii because you're not running Windows. I don't know why everyone is recommending such paranoid practices that sound like a simple waste of time to me.

MoshBat wrote: [quote]stealth- wrote: I don't know why everyone is recommending such paranoid practices that sound like a simple waste of time to me. Because they use their PC for creepy things.[/quote]

Then I believe encryption would be of much more use to the sick fucks. :P

stealth- wrote: The majority of attackers will never know you exist if you're behind a router or firewall, and they won't give a shit either.

to tell the truth, this is a huge mistake to think so because… 1- your computer could be a spammers heaven as they could use it to send spam mail … 2- could be used to hack other websites/networks, DDOS attacks and many others that the hacker just cant do directly through his personal computer as he could be traced. 3- botnets are usually windows computers but a linux box can be a part of it so he has to worry about that.

those who hack for living would love to have a personal computer rooted so that they could use it as an aid for huge things and over 80% of the computers rooted by hackers are personal computers just like yours and mine.

hackers do not care what OS your running as those who are a threat to you or me know A lot about windows and linux so they will try to gain access to it no matter what OS your running, and even routers have exploits and some if not most of them has support user and telnet active and may get hacked.

thats why that waste of time configuring your linux box will save you few days with the FBI or you local police station trying to explain whay you are sending spam or why are you DDosing websites.

Alright, here is how home machines are hacked:

1. Site hacked/malicious site created
2. Hacker puts malware on the site
3. Malware attacks the computer
4. Malware installs a rootkit.
5. ????
6. Profit!

Now take into consideration what you were recommending. Absolutely none of that, with the exception of keeping up-to-date software, would hinder this type of attack in the least. This is, of course, in the very rare situation where there is malware on the site designed for linux (which is virtually unheard of).

A machine behind a firewall that drops 100% of incoming packets is not going to be rooted by incoming connections. I don't know why you keep recommending defenses for that. If you have your router accepting remote administration requests from IP's outside the LAN, then you would have had to set that option yourself. It is disabled by default on almost every router in existence, and if you're dumb enough to enable it then you deserve to be rooted. Almost everything you recommended is just going to waste his time.

Download Damn Vulnerable Linux. Most secure distro on the net :)