Disclaimer
I am not a security expert at all. This is written strictly from the standpoint of an end-user who has had spyware and adware in Windows and who has read other users' advice (those users may or may not be security experts) about security practices in general.This is not intended to be a comprehensive guide to what will absolutely provide you the best security or what theoretical ways your security can be breached. The point of this document is explain some basic, practical measures you can take to be relatively secure.
This is targeted at home desktop users. I know a very little about that, but I know nothing about securing servers.
Many of these principles can be applied to other Linux distributions as well, but the content is focused mainly on Ubuntu.
What are some security best practices?
I would suggest these at the very least (there are some measures you can take to go beyond this, but this is a good start):
- Don't change any default settings with regard to networking unless you know what you're doing. If you decide to allow remote logins, for example, expect that people (people with malicious intent) will try to log in remotely and take control of your computer.
- Use strong passwords for all users. Strong passwords tend to be longer than six characters and a mix of numbers, letters (both upper- and lower-case), and symbols. Strong passwords do not contain birthdates, addresses, or words in the dictionary.
- Don't install software from untrusted sources. Don't just download and compile any .tar.gz you come across through an internet search, unless you know it can be trusted. Generally, it's a good idea to stick to software you can install through Ubuntu's online repositories. If you want to know how to install software, read this guide. I've never known of any made-for-Linux software containing malicious code, but if you're super-paranoid...
- Use the NoScript extension in Firefox. Of course, if you don't have Firefox, you may be able to achieve a similar functionality in your preferred browser, but the general idea is the same—a way to block JavaScript, Java, and Flash on all websites except those you explicitly approve. Most of Firefox's exploits are JavaScript-based. They tend to get patched pretty quickly, but why wait even the one day to a week it takes for a patch to come out?
- Back up regularly. This goes for your important personal files and your system files (you can make an image of your entire installation if you want).
- Don't be dumb. That's right. You can have your firewall all set up and encryption, etc., but if you're dumb, the battle is lost. A lot of security breaches come through social engineering. Don't give your password away. Don't click on links in emails. Don't open attachments from people you don't know. Don't be dumb.
So, do I need a firewall, anti-virus, anti-spyware tools?
By default, Ubuntu ships with no open ports on public interfaces. In other words, a "port scan" would show all closed ports, nothing open. As a result, putting up a firewall would provide no more security than not putting one up. Remember that open ports provide services that hackers can connect to, and only if they can connect to these services can they be potentially abused and exploited.A firewall, however, adds the benefit of peace-of-mind from accidentally installing a server program that opens up a port by default. Also, it satisfies curiousity by logging potential "hits." Linux comes with a very strong, secure, and powerful firewall called iptables, but it is relatively difficult to use from a new user's standpoint. As a result, there are many graphical tools that give you a simple user interface for configuring iptables, such as Firestarter for GNOME or Guarddog for KDE. There are many more in the repository, too. Remember—these all use iptables in the background, so find your favorite interface—they all offer the same great protection. [These last two paragraphs contributed by jdong from the Ubuntu Forums. Thanks, jdong!]
Conventional wisdom in the Linux community says that there are either no or very few Linux viruses out in "the wild," and that most are just proof-of-concept theoretical viruses. Some people recommend installing a virus scanner like ClamAV in order to protect your Windows-using friends from Windows viruses you might accidentally send them. I don't really see how that's an issue, though. If you have an attachment you created in Linux, why would it have a Windows virus in it? If your computer has been compromised in such a way that you don't have control over what you send other people, then you have a lot more to worry about than spreading viruses to your Windows-using friends!
I've never heard of any spyware in Linux... ever. Still, if you're super-paranoid, stick to software in the repositories. And if you don't trust even the software in the repositories, why are you installing Ubuntu at all? The operating system and the software are packaged by the same people.
Some real dangers out there are rootkits and cracking. It doesn't happen often that a Ubuntu user gets a rootkit installed or has her computer cracked, but both have happened, and I've seen threads about them in the Ubuntu Forums. There are rootkit detectors in the repositories—rkhunter and chkrootkit, for example. I'm not sure what to do about cracking except some of the advice I gave before—stick with the default network settings unless you know what you're doing, and use strong passwords.
Is Ubuntu's security model stronger than Windows'?
Right now, as of Windows XP (and in Windows Vista, though it has UAC, which is a little better, though many Windows users disable the UAC prompts), Windows defaults to the first user being the computer administrator, so the user is able to accidentally (or, God forbid, through accidental approval/installation of a malicious program) modify systemwide settings.
Windows allows you to make it more secure by creating limited user accounts and using the Run As... option to run only particular tasks or programs as administrator (similar to the su feature in most Linux distributions). Run As... is crippled in its implementation, though. If you use Run As... to install Windows Updates, the updates do not install properly. Also, you have to find the particular launcher files (extension of *.cpl) for Control Panel applications in order to use the Run As... option on them. The way to run Explorer (the file browser) as administrator from within a limited user account is extremely complicated.
Unfortunately, in addition to Run As... being crippled, many third-party (not Microsoft) software companies design their applications to be run as administrator (since that is the Windows default, which is Microsoft's fault). Here is the Hall of Shame for programs that need to be run as administrator in Windows in order to function properly.
Ubuntu's default user operates as a limited user most of the time but has the ability (since she belongs to the admin group) to temporarily assume administrator (also known as root) privileges for particular tasks, and this setup is not only the default setup, but it is also fully functional—not crippled in any way.
So running as a limited user takes care of everything?
Not exactly. This is a common argument made by Linux users, that if you run as administrator, your whole system can be borked, but if you run as a limited user, only your personal files can be damaged.
While that's somewhat true, personal files are usually more important to a user than system files. After all, I can reinstall Ubuntu in half an hour and have it running again the way I want it to within two hours. If I lost all my personal files, it would take me months to recreate a lot of them, and some I would not be able to recreate at all.
This is why it's really important to back up whatever files are important to you.
Isn't using sudo essentially the same as running as root?
This is a common misconception about sudo among Linux-using non-Ubuntu users. When you run as root, anything you do has system-wide privileges. You can do anything. You have free reign over your entire system. This would be akin to walking around with everything you own, including all your money in cash on your person.
When you run as an admin in Ubuntu, you're almost always a limited user. If you preface a terminal command with the word sudo or preface a graphical command with gksudo or kdesu, you allow yourself (and only with password authentication) to temporarily assume root privileges for that one task. This would be like having your belongings in a safe with a combination lock or keeping all your money in a bank, where you can access your account through an ATM card and PIN code.
There is a fifteen-minute "timeout" for sudo. If you launch one command with sudo, you'll be prompted for a password, and within the same shell, you won't be prompted again for other sudo commands for the next fifteen minutes. If you want, you can change the sudo timeout to something lower so that you'll always be prompted for a password on every sudo command.
So anybody can assume root privileges with a password?
No. Only users in the admin group. The first user created during the Ubuntu installation will belong to the admin group. Any other users would have to be added to that group manually by the first user or another user in the admin group.
This whole sudo business makes no sense and isn't user-friendly
You're entitled to your opinion, of course, but many people consider Mac OS X to be one of the most user-friendly operating systems around, and it uses sudo.
Where can I read more about sudo?
http://help.ubuntu.com/community/RootSudo
Recovery mode makes me root user. Isn't that a security risk?
Well, if you have several people using your computer, you can put small obstacles in their way by setting a root password, setting a Grub password, or setting a BIOS password. Still, anyone who has physical access to your computer and a little know-how practically has root access anyway. She can boot a live CD and mount your partition or even just physically remove the hard drive from your computer and put it in another computer. There's a certain amount of trust you automatically give anyone by allowing her to sit at your computer.
Is there any way to be 100% sure my computer will never be cracked into?
If you follow the instructions at the top of this page, you probably will not have your computer cracked. When you're connected to the internet, though, you are always vulnerable to security breaches of some kind. The only thing you can do is try to reduce your vulnerability. And I've read from a few security experts on the Ubuntu Forums that if someone is really determined to crack into your computer and capable, she pretty much will eventually—it's just a matter of time. The more obstacles you can put in the way of that happening, the more time it will take. Of course, disallowing remote logins is a big help.
What's the most important part of OS security?
The user. It's always the user. I'd rather have a smart user running as administrator on a Windows computer with no firewall, no anti-virus, and no anti-spyware than a dumb user running as limited user on a Ubuntu computer with a firewall, anti-virus, and a rootkit detector. Dumb users click on anything, somehow manage to install untrustworthy software even without administrative privileges, and use easy-to-guess passwords.
As an illustration, take a look at this excerpt from the Seinfeld episode "The Robbery," in which Jerry buys a secure "operating system," and Kramer plays the "dumb user."
ELAINE: [from the bathroom] JERRY! [enters the living-room] Jerry, oh, hi, welcome back. How were the shows?
JERRY: Great, I had fun, where's the TV, where's the VCR. [Elaine looks guilty] What?
ELAINE: They were stolen.
JERRY: Stolen? When?
ELAINE: A couple a hours ago, the police are coming right over.
JERRY: Stolen?
ELAINE: [Kramer enters the apartment] Someone left the door open. [it's clear that she means Kramer; she walks to the bathroom]
JERRY: [to Kramer] You left the door open?!
KRAMER: Uh, Jer, well ya know, I was cookin' and I, I uh, I came in to get this spatula...and I left the door open, 'cause I was gonna bring the spatula right back!
JERRY: Wait, you left the lock open or the door open?
KRAMER: [bobs his head guiltily] The door.
JERRY: The door? You left the door open?
KRAMER: Yeah, well, I was gonna bring the spatula right back.
JERRY: Yeah, and?
KRAMER: Well, I got caught up... watching a soap opera...[with a broken voice] The Bold and the Beautiful
JERRY: So the door was wide open?
KRAMER: Wide open!
JERRY: [Elaine enters the living-room] And where were you?
ELAINE: I was at Bloomingdale's...waiting for the shower to heat up.
KRAMER: Look, Jerry, I'm sorry, I'm uh, you have insurance, right buddy?
JERRY: No.
KRAMER: [looks shocked] How can you not have insurance?
JERRY: Because...I spent my money on the Clapgo D. 29, it's the most impenetrable lock on the market today...it has only one design flaw: the door...[shuts the door] must be CLOSED.
Text transcription from SeinfeldScripts.com