Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am Sauri Sen, have been a Java programmer for nearly 10 years and 3.5 years as C++ programmer. Currently I am pursuing MBA. I last used a Linux system during my college days 15 years back though I have deployed Java programs several times on Unix systems in these 15 years.
How to protect my PC running Windows7 and Fedora19 from targeted attacks?
buy a router is my best advice.
Windows? Update Regularly and
Practice "Safe Hex". Don't install anything from untrusted, or unknown sources. This includes crap from the Interwebs.
Never run as an Administrator ... always run as a "Limited User," except when you are actually doing system maintenance.
Assign meaningful passwords to every account, and change them now and again.
Rename your Administrator account so that its name isn't Administrator.
Figure out how Microsoft Backup works (it actually does!! ) and set it up to back-up to an external hard drive every hour.
Remove or disable the "anti-virus" software, which is by far the biggest vulnerability of a Windows system due to its all-powerful all-nosy nature.
Microsoft Windows "gets a bad rap" on security, but somewhat wrongly. It is, unarguably, a massively over-complicated system, but that's not the real problem. "What's wrong with Windows" is that literally millions of Windows users run as all-powerful Administrators, with no passwords anywhere in sight. The computer sees them as "(S)He Who Must Be Obeyed," which in fact they are, and so, when instructed by The Gods to "shoot yourself in the foot," it does so.
Fair Warning: Any operating-system can, and will, do this ... given a similar situation. Microprocessors do not have a brain.
Therefore, practice the Principle of Least Privilege. "A computer is awful at saying yes, but it's great at saying no." Therefore, give yourself the least amount of authority/access needed to do any particular job. (If you "wear many hats" at your company, set up a separate Limited User account for each "hat.") Arrange things so that "NO! You CAN'T do that!" is almost always "the right answer," and so almost always will be given, except for narrow-as-possibly-defined "bright line rules" in which the answer really should be "Yes."
Do this for every operating system: Windows, OS/X, Linux. Microprocessors speak only "1" and "0." They do not have a brain.
Last edited by sundialsvcs; 08-21-2013 at 05:57 PM.
Advice regarding Windows doesn't really belong in this forum. Anyone want to add advice wrt Fedora 19?
Oh, I sorta-kinda think its okay in this case, unSpawn, because "security is security," and the rules as-noted in my posting above are pretty much universal. I for one would say the same things about Fedora as I would about (yeech...) Windows. In the end, "security is a (human...) process, not a product."
While this is not the best place to find Windows-specific know-how, I don't get entirely bent-out-of-shape seeing it here.
Basically, I always instruct users on my networks in this: You should always practice safety-first when on any OS.
1. Use a Software and Hardware Stateful Packet Inspection and Filtering Firewall. While a hardware firewall usually works best in most situations, having a software firewall as a stop-gap will give you some piece of mind. Hackers can often take a lot of time getting through one firewall, but when they run into multiple firewalls on a network they tend to be a bit discouraged to continue on. Usually they attack anything weak and vulnerable. Software firewalls also tend to have Intrusion detection built into them also so it can alert a system admin right away of trouble.
2. Use anti-virus and anti-malware software. Regardless of the OS, viruses and malware can affect other systems even if they don't affect your own. While by nature UNIX-like operating systems have been resistant to malware, this is changing. OS-X already has malware that is some of the most destruction malware out there, and Android OS already has problems with malware. Run a trusted complete package that can scan multiple ways such as On-Demand/On-Access/On-Execution and has both Cloud and Local definitions. If you run Windows, I suggest also using a dedicated anti-malware tool like Spybot Search and Destroy and have it Immunize your system. On Linux/*BSD you have ClamAV and RKHunter so assign them cron jobs to execute at certain times. On Windows you also have the option of using tools Data Execution Prevention and User Access Controls. I suggest using them both. UAC can be nit-picky, but security is accomplished only through will, determination, and practice.
3. Practice safe internet usage. I don't know how many times I've seen this in my line of work but using programs like Limewire, Shareaza, etc. can be portals for viruses to get onto your system. Never use software that has illegal intentions in mind. Often you can get a virus in the simplest ways. BitTorrent is relatively safe, but use it for legitimate purposes, and use programs and websites like 7-Digital, Amazon MP3, and iTunes for music and movies. Oh, and stay off the adult entertainment websites...
4. Try to limit access to root/admin. Use strong passwords that are at least 14 characters in length. Mix letters, numbers, and symbols. Use a password checker to make sure your password is strong enough. Use programs like Sudo if necessary, and limit who has access to the Wheel group.
http://www.passwordmeter.com/ is a good place to get an idea of how strong passwords should be. Practice till you create exceptional passwords.
5. Always keep your software to to date with security and critical releases. Hot-Fixes are one thing, but Critical and Security updates should never be ignored or put off.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
) and set it up to back-up to an external hard drive every hour.
It is, unarguably, a massively over-complicated system, but that's not the real problem. "What's wrong with Windows" is that literally millions of Windows users run as all-powerful Administrators, with no passwords anywhere in sight. The computer sees them as "(S)He Who Must Be Obeyed," which in fact they are, and so, when instructed by The Gods to "shoot yourself in the foot," it does so.
