Results 1 to 10 of 25

Thread: Should I harden my Ubuntu 64 bit further?

Hybrid View

  1. #1
    Join Date
    Nov 2009
    Location
    Nutley, NJ
    Beans
    551
    Distro
    Ubuntu 12.04 Precise Pangolin

    Should I harden my Ubuntu 64 bit further?

    Hi. I installed Ubuntu 11.10 64 bit using the alternative installation .ISO file which I burned to a CD-R disc. I setup a custom installation using full disk encryption using LUKS/LVM (AES-CBC mode 256 bits SHA-256 hash algorithm). I also set a unique, strong, complex passwords for my home directory and LUKS/LVM at boot-up.

    I opened up the BASH terminal and I typed in chmod 700 $HOME this morning.

    I have not setup custom AppArmor profiles or HIDS / NIDS such as Snort yet. I am still reading the stickies to learn more information before I make that decision.

    Which gets me to my point: should I harden my Ubuntu 64 bit by carefully following the stickies?

    I have an ASUS N61JV-X2 notebook PC with Crucial 8 gigabytes of DDR3 PC-8500 SDRAM and an Intel 2nd Generation 2.5" 34nm MLC NAND FLASH X25-M 160 gigabyte Solid State Drive. I replaced my previous operating system which was Microsoft Windows 7 Ultimate 64 bit with Ubuntu 11.10 64 bit as my sole operating system of choice less than three weeks ago.

    I have an unencrypted /boot partition of 250 megabytes.
    I have an encrypted / root partition of 10 gigabytes.
    I have an encrypted /home partition of approximately 130.00 gigabytes and I set a unique, strong, complex password using encryptfs because Ubuntu prompted me to set my password after I installed my operating system and I logged into my user account the first time.

    I use my computer and Ubuntu 64 bit to surf the Internet, read and write e-mail messages, chat with my online friends in real time, use social media including Facebook, Twitter, Google+, LinkedIn, YouTube, etc, copy and convert my 1,100+ CDs to .FLAC lossless audio files, rip and copy encrypted DVD-Videos that I purchased, watch movies, TV shows, videos, and listen to music. I also write documents using LibreOffice Writer quite heavily. I read documents such as digital magazines, e-books, Adobe .PDF files, etc.

    I don't use my computer or Ubuntu to hack into other people's servers or computers and I do not code my own software projects. I am teaching myself how to code in C++, but I just started a few weeks ago so I am a beginner.

    I use TrueCrypt to secure my data on removable storage devices such as my Seagate FreeAgent Desk 1.5 terabyte USB 2 external hard disk drive and my Kingston DataTraveler HyperX 128 gigabyte Super Speed USB 3 thumb drive using AES-XTS mode 256 bits with SHA-512 hash algorithm.

    Do I need to go further to harden my Ubuntu 64 bit?

    Should I install a HIDS and NIDS such as Snort?

    Should I create custom AppArmor profiles for frequently used software applications that can access the Internet such as Google Chrome and Mozilla Thunderbird?

    Do I need to install my own hardened kernel which requires me to update and patch it on my own?

    I feel a lot safer and more secure using Ubuntu 64 bit with full disk encryption even though I know that once I put in my passwords and mount my drives, I am open to attacks.

    I check my hardware firewall logs for suspicious activities and unknown users trying to connect to my home network daily. I use WPA2 AES-TKIP to secure my wireless network with MAC authentication for every wireless device.

    I also installed Bitdefender for Unices with a free 1 year license and I scan my computer and storage devices daily.

    I use Deja Dup to backup my data and I encrypt it using GPG and a unique, strong, complex password.

    How much farther should I go to harden my Ubuntu system? Is it really necessary given my usage scenarios?

    I rarely take my ASUS N61JV-X2 notebook PC outside of my home. I have Verizon FiOS fiber optic high speed Internet and TV at home.

    What do you recommend? Why?

  2. #2
    Join Date
    Nov 2009
    Location
    Nutley, NJ
    Beans
    551
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Should I harden my Ubuntu 64 bit further?

    I also set Ubuntu to lock my screen with my user password every 2 minutes or I manually lock it even when I leave my bedroom every time.

  3. #3
    Join Date
    Nov 2009
    Location
    Nutley, NJ
    Beans
    551
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Should I harden my Ubuntu 64 bit further?

    I use KeePass2 with a unique, strong, complex password to store my user IDs, passwords, and other login credentials. I have a LastPass Premium account and I store my online login credentials separately from KeePass2 which I use for offline stuff like local passwords. I use the two-factor Sesame authentication with LastPass Premium and my web browsers.

    I use Google Chrome all of the time as my primary web browser.

    I setup two-factor authentication for my Google account and Facebook account and HTTPS connections are enabled by default.

    I know how to select unique, complex, random, strong passwords. I never reuse old passwords. I never use the same IDs and passwords for multiple accounts or encrypted storage devices either.

  4. #4
    Join Date
    Nov 2009
    Location
    Nutley, NJ
    Beans
    551
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Should I harden my Ubuntu 64 bit further?

    I am reading the UFW firewall sticky and I plan to deny in and restrict out to essential ports for services later today.

  5. #5
    Join Date
    Sep 2011
    Beans
    1,531

    Re: Should I harden my Ubuntu 64 bit further?

    Seems like you might benefit from reading the basic security wiki:

    https://wiki.ubuntu.com/BasicSecurity

    But to answer a couple of your questions, yes. The Apparmor, security & firewall stickys are good to follow.

  6. #6
    Join Date
    Nov 2009
    Location
    Nutley, NJ
    Beans
    551
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Should I harden my Ubuntu 64 bit further?

    I saved that wiki so that I can read it offline. I am following some of the recommendations on the wiki, but I have not worked on ufw firewall, Snort, or NIDS. I don't use Mozilla Firefox; I use Google Chrome so some of the add-ons do not exist yet. Accuvant Labs did a research paper looking into the anti-exploitation technologies for all three of the major web browsers using Microsoft Windows as one of their test operating systems and they concluded that Google Chrome scored the highest in terms of anti-exploitation technologies including JIT hardening and sandboxes.

    There is a discrepancy between the wiki and the stickies. The stickies seem to cover more advanced topics which are not included in the wiki like Snort.

    Thank you for providing a link to that wiki. I have a lot of reading and thinking to do before I decide to harden my Ubuntu 64 bit this weekend.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •