Securing a New Ubuntu Installation

A common concern with computers is security. Now that you have a nifty new Ubuntu installation, what do you need to do it make it secure?

Very little. In fact, you are mostly done already by having installed Ubuntu.

Don't Break It

The default Ubuntu install is quite secure (remember, by installing Ubuntu you are nearly done), but if you start installing new stuff or changing the configuration of the system, you might change that. Understand what you install. If it is an application that is part of Ubuntu and one that only runs when you run it, and if it doesn't otherwise change the operation of the system, you are pretty safe. However, if you install some server software or if you install software you download from some random web site (run by...?), you might get into trouble. Stick with the software you install using the utility Synaptic, and try to understand what you install.

Keep you computer up to date

Ubuntu will want to install software updates, let it do so. When they stop releasing updates (regular releases get updates for 18-months), move to a newer version of Ubuntu.

Be suspicious of e-mailed attachments.

Is it from someone you know? Is it expected? (In other words, really from the claimed sender? It could be a forgery.) Mostly the evil software you receive will only work on Windows, but this will change as Linux becomes more popular, so start being wary now.

That is pretty much it. Read on for some controversial suggestions to chew on, and for more techie details try the Security page.

More Controversial Thoughts

There are some things to consider that are not completely mainstream.

Worry About Javascript.

Every web site seems to want to use it, but most Firefox security holes that are discovered require Javascript.

Do you really want any hacker who can put up a web site or buy an ad to be allowed run his software on your computer? That's what Javascript let's him do. Yes, there are restrictions to what Javascript can do, but there always seems to be another vulnerability to be fixed. Also, Firefox lets you open up a bunch of windows and tabs at once, if they are all busily running Javascript your computer can slowdown.

Consider installing the Firefox extension "NoScript", it lets you decide whether to let a website run Javascript (a little menu in the bottom corner of the browser window makes it easy), by default most web sites are not allowed. Turn on Javascript for your bank, turn it on for favorite sites you trust, but mostly keep it off. You will be safer and your computer will run faster.

Passwords

Do NOT recycle passwords between different web sites and accounts. This is general advice that isn't specific to Ubuntu, and almost no one follows it.

Most people have just one or a small number of passwords they use all over the place. This is dangerous, it is like having one (or several) master key(s) to your life and then giving copies to everyone you ever do business with! Do you want the restaurant or convenience store you stop at to have a key to your house? Recycling passwords is like that, giving lots of people copies of just a couple passwords is bad.

Instead use different passwords for different purposes. If you want to be fancy and find a way to keep the list encrypted somehow, cool. But if that is too complicated and frightening (lose the master password or have a technical malfunction...), get a piece of paper and write down your passwords there, all in one long list.

People like to repeat old advice about never writing down a password, but if writing them down is what it takes to not recycle passwords, then it is a good idea. A nasty hacker half way around the world isn't going to be able to read the passwords you have written down in your wallet, but if that hacker breaks into (or runs!) a website that you give your password to...

Unorthodox, yes, but using Linux itself is unorthodox. (Here is an expert who says to write down passwords: http://www.schneier.com/blog/archives/2005/06/write_down_your.html)

Yes, choose good passwords (see StrongPasswords). And if you want to somehow obscure the passwords you write down (some regular transposition maybe) that will make you safer if you lose your wallet. If you make a photocopy periodically and keep it separate you will be able to change all your passwords the day you might lose your wallet.

What about Firewalls?

You don't need one for a simple Ubuntu installation.

A firewall can prevent some types of attacks on your computer by blocking unsolicited network connections from the outside, and Ubuntu includes firewall software. However, a default installation of Ubuntu isn't listening to any unsolicited connections from the outside anyway, so in this case a firewall offers no additional protection.

Installing a firewall won't hurt your security per se, but there are two indirect risks to consider:

  1. Networking is complicated, and correctly configuring a firewall can be complicated. You might configure things incorrectly, resulting in a firewall that either doesn't do anything, or a firewall that interferes with your use of the computer.
  2. Though firewalls can get extremely sophisticated (and also extremely complicated), there is a limit to what they can accomplish. If installing a firewall gives you a nice satisfying feeling of security...then it can lead to complacency and a false sense of security. Worry about other aspects of computer security first.

MailingListFAQs/securingNewInstall (last edited 2009-05-19 16:22:29 by kentborg)