16
8
Obviously, there are different methods for securing based on home versus professional computers. My questions generally pertains to securing home desktops, but professional protection is definitely welcome :) Knowledge is power.
Ever since moving to the wonderful world of Linux a couple years ago, I never even really thought about security. Seeing as most low-life scum make viruses for Windows machines seeing as they're more abundant.
But how do I know if I'm safe/secure from anyone who want's to get at me or my stuff. I know that anyone who is determined enough to get in will, there's no question about that. But what steps can I take to ensure I'm protected from things like rogue root shells and automatic attacks? Also, is there a sort of built-in firewall/antivirus in more Linux distros?
I know this question is quite broad seeing as there are tons of ways someone could compromise your system, but maybe you could share what you did to make sure you were safe.
EDIT: I decided to not allow root login via ssh and to change the port is listens on to something random. Hopefully this a step in the right direction. Currently looking at iptables and shutting down services. Hopefully this question will get a lot of quality responses (it's already got 3) and it'll help other paranoids :)
EDIT 2: Got some iptables issues, but it's proving to be a good tool
EDIT 3: As of yet, no one has touched on the issue of hard drive encryption. Is this worth it? I've never used it before so I'm unaware of how it all works. How easy is this to accomplish?
One more edit: in terms of services that should be running on your system, which ones should or should be running? Which ports should be open on your box? Of course this depends on what you use, but what's opened by default and what is dangerous?
9Don't connect to the Internet. – Wuffers – 2011-04-21T23:00:22.283
There isn't a way to completely secure anything, there's always going to be a hole to get into your system somewhere – Sandeep Bansal – 2011-04-21T23:04:35.340
I mentioned that in my question above, also the question was changed from "completely" to "properly" – n0pe – 2011-04-21T23:10:00.470
Properly? Oh, in that case, don't connect it to anything. (This question deserves a lot of votes!) – Randolf Richardson – 2011-04-21T23:17:25.627
Yeah not connecting to anything would be the obvious one. Along with putting the computer in a box, not connected to power either (in case the hacker surges the power to your house) :) – n0pe – 2011-04-21T23:22:03.847
3If the threat can't get there through the internet, it can get there via sneakernet. That said, you work to address the most common vulnerabilities unique to your operating situation, rather than lapse into paranoia by attempting to mitigate any and all possible threats. – music2myear – 2011-04-22T18:45:56.327
I like that philosophy @music2myear. It makes a lot of sense, thanks. – n0pe – 2011-04-22T18:55:17.477
You're welcome. I know it isn't an answer, but given the possible permutations of what may be a correct answer to this question, it helps cut through some of the noise to know what "secure" means for you. – music2myear – 2011-04-22T19:05:39.640