4

I would like to set up a computer at home (preferably running Debian, or some other flavor of Linux) to be used only for secure financial transactions.

The idea is that, by strictly limiting what is done with this computer to a small set of operations it will be easier to keep it secure.

I imagine that this is something that many people would like to do but I have not found a good set up of instructions for implementing. I can only find instructions/checklists for securing/hardening a general-purpose computer, which I figure should be more difficult than what I want to do, and maybe produce a less secure system.

Maybe I have not hit on the right search terms?

Any pointers would be appreciated.

kjo
  • 1,043
  • 2
  • 9
  • 15
  • 1
    Uhm, you probably will need to buy a [HSM device](https://en.wikipedia.org/wiki/Hardware_Security_Module), if you want extra security for TLS. – Diti Jun 14 '14 at 13:02
  • When you say "used only for secure financial transaction," should we assume you mean "for doing your own banking, bill payments, and other financial tasks and not for recreational surfing of CNN, eBay, and Stack Exchange?" – gowenfawr Jun 14 '14 at 15:12
  • @gowenfawr: that's correct. – kjo Jun 14 '14 at 22:35

3 Answers3

3

In addition to the other answers, you might want to try to increase the security of your browser. Default levels are a compromise between security and ease of use.

For Firefox, there is a list of SSL related addons that may help. There are also instructions on improving the security of SSL connections.

There is also a web site that helps you understand whether you have the basics right for SSL connections.

Getting SSL connections right is one of the important things as it is your secure connection to your secure web sites.

I would actually recommend also that you put the whole secure setup on a large FLASH USB drive and boot from it when you want to securely go online. That way, you are not accidentally leaving traces behind on your normal partition. Keep the USB drive in the safe when not in use.

By the way, the reason you haven't hit on anybody recommending this way of doing things is simply that it is a pain and few people are that bothered.

UPDATE:

If you are keen to have a USB bootable, secure environment, you have some options.

Firstly, you might consider using BSD (see here and here) instead of Linux as this is generally considered more secure by design.

For Linux, there are some articles that explore what you are trying to do. Here for example, here.

You can add some additional security by ensuring that the USB drive is fully encrypted. This can be via a whole disk encryption (or here) or by using secure USB drives, for example the LOK-IT drive.

Be careful though if you travel with these devices since there are plenty of unenlightened corners of the world, including the USA, whose customs officials will assume that you are a bad guy, if not a terrorist, if you are "evil" enough to carry encrypted data with you. Ref: 1, 2, 3, 4, 5, ...

Julian Knight
  • 7,092
  • 17
  • 23
  • I really like the idea of putting the whole system in some removable medium. In fact, I have been looking for some "pre-hardened" bootable image that I can use for this, but no dice so far... – kjo Jun 14 '14 at 22:37
  • 1
    Perhaps my update will help? – Julian Knight Jun 15 '14 at 17:51
  • Many thanks for the pointers and the links. They give me a lot to work with. – kjo Jun 16 '14 at 01:09
1

In addition to the suggestions mentioned in other answers, I would at least do the following:

  • Make sure you keep your Linux operating system up to date with the latest security updates. I would recommend frequent (daily or weekly) updates. If your Linux distribution allows for automatic updates, I would choose that. You can even set up a cron job to update frequently, or manually give the command to update such as:

    yum update all

  • Use the highest levels of encryption that the sites you interact with support.

  • Create strong passwords (e.g. long, including capital / small letters, numbers, symbols).

  • Use reliable antivirus software, and keep it up to date, and set it to scan frequently (daily should be good).

There are many other items that you can apply to be more secure, but these are some of the big and easy ones.

This question also has many helpful answers on how to secure Linux: Secure Linux Desktop

This article, although it is for Windows, still largely applies to your situation and contains some further suggestions for financial security: http://www.microsoft.com/security/online-privacy/finances-rules.aspx

Community
  • 1
Jonathan
  • 3,157
  • 4
  • 26
  • 42
0

Not quite sure what your exact question is in here. Anyways,

  1. try to delete all third party programs, which you don't need. There can always be some code who does something evil. For example: The Ubuntu Kernel sends data from your machine to a password-protected website, as marketing data, when you don't turn it off :).
  2. check your open ports and firewall
  3. Check for a "privacy-browser"
  4. There are browser addons / or you program your own, if your familiar with writing code, who always put you on a SSL connection automatically if there is one available on the website. Like this, your web traffic is safe from MitM attacks for example.

When you follow all these steps, you should have a quite safe home machine!

Xatenev
  • 231
  • 1
  • 6