Page 4 of 6 FirstFirst ... 23456 LastLast
Results 31 to 40 of 58

Thread: Important: community effort to harden Ubuntu

  1. #31
    Join Date
    Nov 2009
    Location
    Nutley, NJ
    Beans
    551
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Important: community effort to harden Ubuntu

    My second administrator account works. I just logged in successfully. I'm going to keep it just in case there's something wrong with my primary administrator account which I am using right now. I've made a ton of mistakes while learning how to use GNU/Linux especially with Ubuntu in the past. I've locked myself out or I've made it impossible for me to login as any user in the past because I've gone way overboard on security.

    I've learned some hard lessons as I have gotten older. I'm done with my security hardening process now.

    I installed the harden packages from the Ubuntu Software Center. I know that they won't make me invincible, but they do improve the security quite a bit with little to no user intervention. I turned off telnet as an example.

    What do you think about the harden packages in the USC?

  2. #32
    Join Date
    Aug 2008
    Beans
    19

    Re: Important: community effort to harden Ubuntu

    Missing from the security wiki is the suggestion to turn off most or all browser plugins. Flash is no longer supported in any browser on Linux other than Chrome, where it is being specially installed, just for Chrome, by Google. The other Flash install is not supported and known to be compromised. Also the Java browser plugin, which most people simply don't use for anything, has recently had a bunch of very serious vulnerabilities found and fixed. But it is best to turn it off.

    These things are particularly easy to turn off if you use FireFox for general browsing and Chrome for known safe sites where you need Flash.

    ...

    After reading the 3rd page of messages, yeah, you are looking at the wrong thing. You are trying to harden your laptop like it's a server. You need to harden it like it's a laptop. The biggest threats you face to getting hacked are through your browser and other network connected clients. Mostly the browser, especially if you have scripting turned on and have installed plugins.
    Last edited by Jason80513; December 8th, 2012 at 05:46 AM. Reason: Read page 3.

  3. #33
    Join Date
    Nov 2009
    Location
    Nutley, NJ
    Beans
    551
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Important: community effort to harden Ubuntu

    I have the QuickJava 1.8.0 extension add-on which allows me to turn on or off Javascript, Java, Flash, Silverlight or Novell Moonlight, images, CSS, and proxies at the touch of a button. I also have the apparmor-profiles package installed and I set both the Google Chromium and Mozilla Firefox Novell AppArmor profiles to enforce mode for extra security.

    Here is my list of Mozilla Firefox extension add-ons:

    Adblock Plus 2.2.1
    BetterPrivacy 1.6.8
    Click&Clean 4.0
    Delicious Bookmarks 2.3.4
    DoNotTrackMe 2.2.5.1205
    Evernote Web Clipper 5.4
    FEBE 7.0.3.5
    Force-TLS 3.0.1
    HTTPS Everywhere 3.0.4
    Ghostery 2.8.3
    Global Menu Bar Integration 3.6.4
    LastPass 2.0.0
    Malware Search 0.9.4
    NoScript 2.6.3
    Novell Moonlight 3.99.0.3
    QuickJava 1.8.0
    Send to Kindle for Mozilla Firefox 1.0.2.54
    Test Pilot 1.2.2
    Ubuntu Firefox Modifications 2.6
    Unity Desktop Integration 2.4.1
    Unity Websites integration 2012.10.12 beta
    WOT 20120926
    Yoono 7.7.17

    It's a long list, but it's features rich and I certainly have a very hardened and secure Mozilla Firefox web browser. My NoScript white list is checked daily and I remove unnecessary or unused exceptions daily. I make a full Mozilla user profile backup using FEBE every midnight and I copy that backup to Box.com, Ubuntu One, Google Drive, and Microsoft SkyDrive nightly.

    I'm safe and secure.

  4. #34
    Join Date
    Nov 2009
    Location
    Nutley, NJ
    Beans
    551
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Important: community effort to harden Ubuntu

    I also have WiTopia personal VPN PRO and basic subscriptions and I connect to their Washington, DC VPN gateway which features Blowfish CBC mode 256 bits 16 rounds with SHA-512 hash algorithm encryption using SSL certificates and the OpenVPN protocol every single time I use my System76 PC and GNU/Linux.

  5. #35
    Join Date
    Nov 2009
    Location
    Nutley, NJ
    Beans
    551
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Important: community effort to harden Ubuntu

    This is my list of Mozilla Firefox plug-ins:

    Shockwave Flash
    Skype button for Kopete
    IcedTea Web Plug-in
    DivX web player
    QuickTime Plug-In 7.6.6
    VLC Multimedia Plug-in
    Windows Media Player Plug-in 10
    Google Talk Plug-in Video Accelerator
    Google Talk Plug-in
    Gnome Shell integration
    iTunes Application Detector
    Silverlight Plug-in

  6. #36
    Join Date
    Aug 2008
    Beans
    19

    Re: Important: community effort to harden Ubuntu

    Yeah, with that list of plugins, you aren't that safe and secure. Every one of those has potential exploitable vulnerabilities, and all can be accessed by any web page you visit.

    At the very least, turn off icedtea and flash. I am a Java developer, and I won't even turn on the icedtea plugin.

  7. #37
    Join Date
    Nov 2009
    Location
    Nutley, NJ
    Beans
    551
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Important: community effort to harden Ubuntu

    I watch a lot of videos on YouTube and other websites like Vimeo so I need Adobe Flash. I also need IcedTea plug-in because I do business with HD Tracks at http://www.hdtracks.com to purchase high resolution music albums at a premium price. They use Java and JavaScript to download the premium content to my PC over the Internet. It's their own custom Java applet named HD Tracks Download Manager.

  8. #38
    Join Date
    Nov 2009
    Location
    Nutley, NJ
    Beans
    551
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Important: community effort to harden Ubuntu

    I also installed OpenJava JDK 7, IcedTea Web Start Plug-in, and IcedTea Web Start. I found out that HD Tracks won't work without these software packages installed in Ubuntu 64 bit GNU/Linux and Mozilla Firefox won't work without them with the HD Tracks website. I plan to do some holiday shopping with AIX Records for more high resolution music albums and they require the same technologies to purchase and download premium content. I do business with these online record stores fairly frequently.

  9. #39
    Join Date
    Aug 2011
    Location
    Manchester
    Beans
    83
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Important: community effort to harden Ubuntu

    Quote Originally Posted by Welly Wu View Post
    I have the QuickJava 1.8.0 extension add-on which allows me to turn on or off Javascript, Java, Flash, Silverlight or Novell Moonlight, images, CSS, and proxies at the touch of a button. I also have the apparmor-profiles package installed and I set both the Google Chromium and Mozilla Firefox Novell AppArmor profiles to enforce mode for extra security.

    Here is my list of Mozilla Firefox extension add-ons:

    Adblock Plus 2.2.1
    BetterPrivacy 1.6.8
    Click&Clean 4.0
    Delicious Bookmarks 2.3.4
    DoNotTrackMe 2.2.5.1205
    Evernote Web Clipper 5.4
    FEBE 7.0.3.5
    Force-TLS 3.0.1
    HTTPS Everywhere 3.0.4
    Ghostery 2.8.3
    Global Menu Bar Integration 3.6.4
    LastPass 2.0.0
    Malware Search 0.9.4
    NoScript 2.6.3
    Novell Moonlight 3.99.0.3
    QuickJava 1.8.0
    Send to Kindle for Mozilla Firefox 1.0.2.54
    Test Pilot 1.2.2
    Ubuntu Firefox Modifications 2.6
    Unity Desktop Integration 2.4.1
    Unity Websites integration 2012.10.12 beta
    WOT 20120926
    Yoono 7.7.17

    It's a long list, but it's features rich and I certainly have a very hardened and secure Mozilla Firefox web browser. My NoScript white list is checked daily and I remove unnecessary or unused exceptions daily. I make a full Mozilla user profile backup using FEBE every midnight and I copy that backup to Box.com, Ubuntu One, Google Drive, and Microsoft SkyDrive nightly.

    I'm safe and secure.
    You might be interested in looking at Request Policy, RefControl, Browser Protect and cookie whitelist with buttons. They're quite underated addons and find they help ensure my privacy esp having control over which websites are allowed to add cookies. I think you'd appreciate at least taking a look at them.

  10. #40
    Join Date
    Nov 2009
    Location
    Nutley, NJ
    Beans
    551
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Important: community effort to harden Ubuntu

    I installed Request Policy and Browser Protect. I set up another white list for Request Policy. So far, it's working properly. Now, I am fully protected and secure using Mozilla Firefox!

Page 4 of 6 FirstFirst ... 23456 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •