Like with any operating system today, there are always going to be potential targets for exploit. Buffer overflows, stack overflows, sloppy code, user errors – the list just keeps going. To counter this, I’m going to show you how to take simple steps to ensure that you are utilizing commonsense safety strategies for safer Ubuntu computing.
One of the most commonly argued issues is whether or not desktop Linux really needs to utilize virus protection. My take is as follows: there are indeed root kits and viruses that target Linux. That said, they pale in comparison to the sheer volume targeted at Microsoft Windows. So it is understandable how people can be lulled into a false sense of security due to these statistics.
Bottom line: it is not a bad idea to scan your PCs contents for virus nasties. Use of removal media, drives and email all dictate that there is opportunity to unintentionally share viruses with Windows users. Ensuring that I am not hosting something benign to me but dangerous to someone else, goes without saying in my own home network.
Therefore I would suggest you follow this example by using something like ClamAV to do a weekly virus scan. Unless you live in a bubble free of Windows PCs, taking action with weekly scans is really something more of us ought to consider doing.
At this point, there has yet to be a significant threat here. However, not installing or running unknown applications can also be a big help with prevention just in case. One of the single dumbest ways to install malware without realizing it on any platform is to blindly install a newly discovered software app without researching it first. If it uses closed source code, you have no way of knowing what it might be doing behind the scenes.
On the Web browser front, I believe that by simply making sure Java is turned off and you are not blindly installing Firefox extensions without researching them first, you can pretty much avoid any future malware threats from this side of the equation. Bundle both approaches together, and you’ll find that even if one day malware does become a problem, you’ll be well ahead of the curve with regard to commonsense malware spread prevention.
Thinking firewall protection
As with any operating system connected to the Internet these days, using a firewall is a must. For Ubuntu Linux users, this means using IPTables via UFW (the Uncomplicated Firewall).
Sadly, as with most ideas concocted by engineers, casual users do not consider a firewall that requires use of the command line to be “simple.” This obvious flaw in casual usability is what led to the development of Gufw.
Gufw provides a very simple means of enabling/disabling your IPTables settings within modern Ubuntu installations. Gufw also makes port control a snap as it is provides for simple, pre-configured or advanced port forwarding options.
Utilizing this kind of firewall protection will provide a decent level of firewall security right out of the box. Unfortunately, this by itself does nothing for traffic being transmitted over your network or even over the Internet. Afterall, a firewall is but a gatekeeper, not an motorcycle cop chasing down potential threats to your network.
OpenVPN and OpenSSH
Despite the fact that many enterprise users might need to utilize OpenVPN in order to connect to work, I find it frustrating that more people do not put emphasis on OpenSSH as an alternative for home-based workers needing to connect to non-VPN secured networks.
The idea behind both technologies is that a user can securely connect to a remote network PC/server, access remote shares/email/documents and do so without worrying about their back and forth traffic being compromised by a malicious attacker.
In the case of OpenVPN, this software allows the home stationed enterprise user to connect with their company’s Virtual Private Networking (VPN) server with as little hassle as possible. From there, they’re able to access their desktop located at work, manage documents or just check email. The idea is that workers out of the local office can still be held to the same security protocols set forth by the IT staff, yet are able to do so outside of the home office and over otherwise unsecured networks.
Making the OpenVPN connection is fairly simple to do, once you have installed network-manager-openvpn from your Ubuntu repositories. After it and other dependencies are installed, just click on network-manager and begin the setup process for your VPN settings. In today’s latest Ubuntu release, 8.10, users will find that VPN connections are ready to be setup out of the box.
Back on the home front, I am partial to using OpenSSH for my own coffee shop wi-fi to home network communications. Using OpenSSH allows me to use my home installation of Evolution, Firefox and other Internet using applications that I would rather not use at a coffee shop to transmit communications.
OpenSSH also provides a stellar means of file/folder sharing for PCs on your LAN as well. But should you utilize No-IP along with it, you can take this up a notch by making file/folder sharing a seamless experience regardless of where you happen to be at the moment. Share files with the same dependable access whether at home or half way across the world.
In the end, SSH and VPN are virtual secure bridges from PC to server or PC to PC. And as secure as these options happen to be, this does not mean that browsing the Internet or sending POP email is automatically safe in transit. You still want to implement some SSL into the mix by using HTTPS for browsing websites and SSL security for transmitting email back and forth.
Securing your Ubuntu PC for local use
To date, the single biggest security risk to your PC is generally parked right between the monitor and the chair. Users, especially on a shared PC, provide more opportunity for security issues than any virus or malware happening to sneak onto your PC.
Because we are unable to control what others might happen to do on a PC, I am going to list some tools and techniques that will better prepare you to handle any foolish behavior perpetrated by others.
• Keep the updates in check Failing to keep an Ubuntu system up to date is going to provide more problems later on than it will with any bugs in the updates being provided. Security updates are paramount.
• Locking down other users Immediate advantages include not discovering a previously working installation of Ubuntu being hosed by a less experienced family member or friend. The best way to accomplish this is to setup a limited, non-super user account for others to work with. From users and groups in the administration menu, just toggle off any options you wish to disallow from the newly created limited user account via your own super-user account.
• Securing your home directory More about privacy than security, you could easily avoid the headaches of dealing with encryption and just chmod 0700 /home/$USER from a terminal window. Assuming you are the only one with super user/root privileges on that PC, no one else is going to be able to view the contents of your home directory. If encryption is a must, there are a number of helpful howtos out there, this being among the better ones. Yes, it is quite involved to accomplish.
• OpenDNS for basic content filtering One of the best ways to keep users of your Ubuntu box from accessing potential phishing sites or hosts of malware is via OpenDNS. Changing your network’s DNS settings can be done either on a PC by PC basis or via the gateway router appliance.
Ubuntu is as safe as you make it
There is no question that by utilizing the tips I have outlined above, you will be on your way to a safer Ubuntu experience. But despite these guidelines, there are always going to be ways for you to land yourself into trouble.
Because desktop Linux is indeed so powerful, anyone with super-user privileges should be aware that there are commands out there that can be run from a terminal or a shell script that can create massive harm. The kind of harm that translates into lost data.
So when you are forum hopping, looking for a fix to a problem that has presented itself, ask a trusted source before ever running code you are not familiar with. This tip alone, will do wonders to ensure your Ubuntu using safety.