Security for newbies

[MrLeek]

Don't get me wrong, the sticky posts are great and I've learnt a lot from them.

But are there simple tips/suggestions for new users to make sure the security is set correctly? Again, I can't stress enough that the sticky's are good - I've read bodhl.zazen's security thread about 5 times already and I'm still picking up new things.

Then you get a part that says:

The two most common cracks posted on these forums are ssh and vnc, both running with password authentication.

Do I use them? How will I know? Brain is starting to hurt....!!

Maybe it's me - perhaps it's just a case of guru's encouraging the newbies to keep reading and keep asking questions. But maybe a FAQ-style guide will work - the best help I can be is to try and compile a guide filled with guru tips.

[Dangertux]

Don't get me wrong, the sticky posts are great and I've learnt a lot from them.

But are there simple tips/suggestions for new users to make sure the security is set correctly? Again, I can't stress enough that the sticky's are good - I've read bodhl.zazen's security thread about 5 times already and I'm still picking up new things.

Then you get a part that says:



Do I use them? How will I know? Brain is starting to hurt....!!

Maybe it's me - perhaps it's just a case of guru's encouraging the newbies to keep reading and keep asking questions. But maybe a FAQ-style guide will work - the best help I can be is to try and compile a guide filled with guru tips.

Well... I think there are two things here. For one if you do not KNOW you are using VNC or SSH, then there is probably an issue. You also have to realize that this forum is for questions, we're going to try to answer them the best we can. That being said, it's good to be able to provide in depth explanation and demonstration like the security stickies do.

If you don't understand the basics of linux before reading the security stickies you probably won't get much out of them. Nor will you get much out of an FAQ either. The biggest misconception I've seen on this forum is the assumption that your ability to secure a system can outrun your knowledge of the system you're securing. This is simply not true. If you don't understand its workings, regardless of how many tutorials, guides, stickies and faq's you read your security model will be found lacking.

Hope this helps.

[haqking]

Well... I think there are two things here. For one if you do not KNOW you are using VNC or SSH, then there is probably an issue. You also have to realize that this forum is for questions, we're going to try to answer them the best we can. That being said, it's good to be able to provide in depth explanation and demonstration like the security stickies do.

If you don't understand the basics of linux before reading the security stickies you probably won't get much out of them. Nor will you get much out of an FAQ either. The biggest misconception I've seen on this forum is the assumption that your ability to secure a system can outrun your knowledge of the system you're securing. This is simply not true. If you don't understand its workings, regardless of how many tutorials, guides, stickies and faq's you read your security model will be found lacking.

Hope this helps.

Big +1

We can give you the commands to see if a process is running but if you dont understand what it means then it means very little

You can see if the ssh daemon is working for example

Code:

ps -A | grep sshd

or you could use netstat to look at port 22 for ssh, or 5900 for VNC, however these are default ports and could have been changed.

[WasMeHere]

Edit - General text for newbies about Servers; the main wiki page is https://wiki.ubuntu.com/BasicSecurity

Until you do understand how it works, my recommendation would be to not set those things up, and if they are set up by default, disable them. When you're ready to start learning new services like SSH, VNC, Samba (smb), FTP, telnet, remote desktop, etc., then consider playing with them in a virtual machine. Ubuntu has Oracle VM Virtual Box right in the Software Center. This can reduce your exposure to security problems you don't know while you learn. Of course it's not fool-proof.

SSH and Samba are running by default in Ubuntu Server. SSH can be made safer by using an RSA key instead of password to log in.

I've read bodhl.zazen's security thread about 5 times already and I'm still picking up new things.

Then you get a part that says:

Quote:
The two most common cracks posted on these forums are ssh and vnc, both running with password authentication.

So, if you don't need an SSH server or VNC server running on your personal computer don't do it. If you don't know what those acronyms are, then you should DEFINITELY not use them until you do some significant research.
________________________

Hi MrLeek,

Have you installed servers for ssh and vnc? Probably not unless you run Ubuntu Server. Without them your computer is not vulnerable to such attacks. You can check in a terminal window with the following command

Code:

which ssh

and instead of Enter press Tab twice
and

Code:

which vnc

and instead of Enter press Tab twice.

If you get only ssh and vncviewer you have only the client programs. You can login on remote computers with them. If you get a response with several alternatives, for example

Code:

ssh          ssh-agent    ssh-askpass  sshd         ssh-keygen   ssh-vulnkey
ssh-add      ssh-argv0    ssh-copy-id  sshfs        ssh-keyscan

and

Code:

vnc4-common  vnc-java     vnc-server   vnc-viewer   vnstat       
vnc4server   vncserver    vncsnapshot  vncviewer    vnstati

you have the servers installed. But are they running? If you type the following command in the terminal (and press Enter)

Code:

ps -au root | grep ssh   # the command

and get the following response (mine is running behind a firewall)

Code:

  873 ?        00:00:00 sshd   # the response

then the ssh server is running
and similarly for

Code:

ps -au root | grep vnc

Finally, the ssh and vnc sessions themselves are like sending letters in an envelope, not open post-cards like email, but they can be attacked. But you should know when you are using ssh and vnc, because you are (inter)active, or at least you have set up an automatic sesssion yourself.

the best help I can be is to try and compile a guide filled with guru tips.

That would be great

Have fun finding out about Ubuntu
Olle

[Ms. Daisy]

Brain is starting to hurt....!! .

Yup. Been there done that. New user myself. Obviously I want to secure my machine while I learn Linux. I spun my wheels searching for a security "package" or simple steps to follow (clearly I'm an ex-Windows user). I guess I was looking for the Linux version of Norton or AVG- just run in the background & I'll feel all warm & fuzzy until I learn enough to tweak it. As far as I can tell no such thing exists, or at least not one that's worthwhile. So it's a Catch 22. You want to secure Linux while you learn it, but you have to understand Linux to secure it. So the only solution I've come up with is to learn Linux along with security measures, kind of using one to further the other. As far as I'm concerned the only way to learn Linux is to DO Linux along with reading volumes of manuals. Same seems to go for security measures. And meanwhile do my banking on the windows partition where I'm more knowledgeable about security. If anyone's got a better solution, I'm all ears.

And what's got me flummoxed right now is that a fair amount of the good security measures utilize a server (like ssh & vnc, right?). But you DO NOT want to install a server until you know what the hell you're doing. The learn-as-you-do approach on a server will get you cracked.

If you do end up writing a FAQ guide filled with guru tip, I will read it!

[WasMeHere]

@ Dangertux & haqking

You are right, it is easy to make a hole in the firewall, if you are not a good mason. And the same argument applies to data security.

But you can't leave the newbies with a statement, that they don't know, so they cannot be safe. I think it is a good idea to provide tips and hints what to do and what to avoid. What has the Ubuntu mason done, that newbies should not tamper with?

I think there can be a list of tips to decrease the security risks. It is probably also worthwhile to compare the security between different operating systems and different kinds of communication. It is very important to keep economical transactions secure for everybody, not only gurus, so how should that be done?

Having fun finding out
Olle

[Dangertux]

@Olle Wiklund

While I don't disagree that basic security is something every user should know about. Those topics are covered quite well in the afforementioned stickies.

Unfortunately as with anything the level of value you take from it is directly proportional to the level of knowledge you have going into it. So tips and tricks are nice, but truthfully if you don't understand the reasoning behind them your level of understanding of some concepts will never move beyond that of hobbyist.

Hope that clarifies.

[WasMeHere]

Hi Ms. Daisy,

... And meanwhile do my banking on the windows partition where I'm more knowledgeable about security. If anyone's got a better solution, I'm all ears...

I think that the intrinsic security is much better in linux compared to Windows. Add to that the fact that there are so many more Windows computers. So it is much more tempting to make virus, trojans and worms for Windows. Today the smartphones are also a target, and I think they are more vulnerable than Windows computers. But there have been successful attacks against linux too.

Anyway, I do my internet banking from an Ubuntu 10.04 LTS computer. I have a small device with a plastic card with a chip, that I run off-line (without wiring), and create one-off security codes for login and signature.

(@ MrLeek) ... If you do end up writing a FAQ guide filled with guru tip, I will read it!

Yes, I think many people are looking forward to a security FAQ for newbies

Have fun finding out
Olle

[Dangertux]

The first step to securing your environment is to realize that there is no such thing as intrinsic security.

[WasMeHere]

@Olle Wiklund

While I don't disagree that basic security is something every user should know about. Those topics are covered quite well in the afforementioned stickies.

Unfortunately as with anything the level of value you take from it is directly proportional to the level of knowledge you have going into it. So tips and tricks are nice, but truthfully if you don't understand the reasoning behind them your level of understanding of some concepts will never move beyond that of hobbyist.

Hope that clarifies.

Yes I think I understand what you mean. Edit: And you are right I should not have used the term intrinsic security. What I mean is that the code itself is repaired quickly, when a security hole is found (much faster than Windows). There are not add-on program packages to cater for security (anti-virus programs etc.) although I know that some people have started to use such programs to keep their email free of virus, not infecting linux, but maybe infecting Windows computers, that receive 'forwarded' letters.

But most people will never be even half as interested in computers as you and I. They will be hobbyists forever. How can we help them to avoid holes in the firewall, virus and trojans? If we tell them to avoid everything, their computers will not be used. If we tell them something they don't understand or don't find because it is embedded in things they don't understand, they might do something that leave them wide open to attacks.

If we can make clear and short information, it will improve the security for most Ubuntu users. And this is what MrLeek intends to do. It will not be easy, but he might be a talented teacher.