Page 1 of 3 123 LastLast
Results 1 to 10 of 23

Thread: Best security config/flavor?

  1. #1
    Join Date
    May 2012
    Beans
    32

    Smile Best security config/flavor?

    I'm studying network security (fast growing market now) and have a quandary :

    Which flavor in the Debian family can bring me good enough security to keep Coca-Cola's secret recipe (hypothetical) ?

    Which browzers are best?

    What configurations?

    I've already decided that all programs capable of net access should be issued containers. Anything else?

    Help my studies alot to have a good example to play with. No teachers here. Just me and some good books. An example would help alot.

    Thanks for any help.

  2. #2
    Join Date
    Jun 2010
    Location
    London, England
    Beans
    8,052
    Distro
    Ubuntu Development Release

    Re: Best security config/flavor?

    This is really a subject for discussion. It is not a support request.

    The most secure operating system is the OS installed on a computer that is switched off. The next most secure is the OS this is installed on a machine that is never connected to the internet or any other kind of network in any way when it is switched on.

    You need to define "network security." You need to identify areas at risk and then check if there are processes in place to reduce the risk if not eliminate it. Do not forget to include users as a security risk.

    What does this mean?

    I've already decided that all programs capable of net access should be issued containers.
    What do you do when the user wants to run a live video stream over from the internet. The web browser needs disk space to cache the file. How can the user have this freedom if it is in a container that prevents it from accessing the storage space? And once you give it access to storage space what is to stop the application from accessing what is already existing on the disk and from accessing system files?

    Regards.
    It is a machine. It is more stupid than we are. It will not stop us from doing stupid things.
    Ubuntu user #33,200. Linux user #530,530


  3. #3
    Join Date
    Sep 2013
    Beans
    15

    Re: Best security config/flavor?

    Hello,

    I am not a security specialist, but a good start could be to look at the "Security Discussions" on the ubuntuforums.org.

    Also, from my experience, security comes from good configuration: if you don't need a service, disable it. Especially true for web servers and other listening services.

    I'm sure there are security veterans ready to help you on the forums

  4. #4
    Join Date
    Sep 2007
    Location
    Oklahoma, USA
    Beans
    2,271
    Distro
    Xubuntu 14.04 Trusty Tahr

    Re: Best security config/flavor?

    Quote Originally Posted by Barkester View Post
    I'm studying network security (fast growing market now) and have a quandary :

    Which flavor in the Debian family can bring me good enough security to keep Coca-Cola's secret recipe (hypothetical) ?

    Which browzers are best?

    What configurations?

    I've already decided that all programs capable of net access should be issued containers. Anything else?

    Help my studies alot to have a good example to play with. No teachers here. Just me and some good books. An example would help alot.

    Thanks for any help.
    The first and most basic thing to understand is that security is a process, not a program. The process goes on without end; any interruption of it reduces security, quite possibly to a fatal degree.

    This process includes, but isn't limited to, provision for disaster recovery, limiting user access tp critical areas, and in general avoiding known risky behavior.

    The second and next most basic thing to keep in mind is that lack of security is always a people problem, not a purely technical situation. The most widespread security breach I even personally witnessed resulted from our little company's CEO and his penchant for getting pirated software and installing on the firm's network...

    Beyond these two thoughts, I'll leave it to the true professionals to go into more detail...
    --
    Jim Kyle in Oklahoma, USA
    Linux Counter #259718
    Howto mark thread: https://wiki.ubuntu.com/UnansweredPo.../SolvedThreads

  5. #5
    Join Date
    Dec 2007
    Location
    Bombay
    Beans
    6,528
    Distro
    Lubuntu 14.04 Trusty Tahr

    Re: Best security config/flavor?

    Quote Originally Posted by grahammechanical View Post
    This is really a subject for discussion. It is not a support request.
    +1.
    de gustibus et coloribus non est disputandum -- Wiktionary

  6. #6
    Join Date
    Nov 2008
    Location
    Storybrooke
    Beans
    Hidden!
    Distro
    Ubuntu Development Release

    Re: Best security config/flavor?

    Moved to security Discussions
    Ubuntu Forums Moderation Staff
    Okay then. We're relying on mirror dust and fairies but now we have a plan which is progress - Emma

  7. #7
    Join Date
    Mar 2014
    Beans
    12
    Distro
    Ubuntu

    Re: Best security config/flavor?

    JKyleOKC +1
    And don't forget to turn on and setup firewall with UFW on your Ubuntu.
    Last edited by james114; March 26th, 2014 at 11:35 AM.
    OS: Ubuntu 12.04 / Specification: Xeon 3210 with 8 GB DDR333
    My Bible Project (PHP)

  8. #8
    Join Date
    Sep 2007
    Location
    Oklahoma, USA
    Beans
    2,271
    Distro
    Xubuntu 14.04 Trusty Tahr

    Re: Best security config/flavor?

    Quote Originally Posted by james114 View Post
    JKyleOKC +1
    And don't forget to turn on and setup firewall with UFW on your Ubuntu.
    Actually the firewall is useless until such time as you activate one or more servers, because (unlike many other operating systems that install invisible servers by default) without servers there won't be any ports listening to the outside world. Once you do activate one, however, then UFW, GUFW, or something similar would be needed. Note that all of these are simply front ends to help you configure "iptables" which is the real firewall built into the kernel code, and once you've done the configuration these front ends don't need to run any more.
    --
    Jim Kyle in Oklahoma, USA
    Linux Counter #259718
    Howto mark thread: https://wiki.ubuntu.com/UnansweredPo.../SolvedThreads

  9. #9
    Join Date
    Mar 2007
    Beans
    783

    Re: Best security config/flavor?

    Actually the firewall is useless until such time as you activate one or more servers
    I disagree. Someone, even without root, could open a port running "service" in user space and allow more stuff in. If you close all incoming ports except those you want open then you are far more assured that there aren't any listeners.
    Registered Linux User: 450747 Registered Ubuntu User: 16269

  10. #10
    Join Date
    Sep 2007
    Location
    Oklahoma, USA
    Beans
    2,271
    Distro
    Xubuntu 14.04 Trusty Tahr

    Re: Best security config/flavor?

    Quote Originally Posted by ant2ne View Post
    I disagree. Someone, even without root, could open a port running "service" in user space and allow more stuff in. If you close all incoming ports except those you want open then you are far more assured that there aren't any listeners.
    Good point, in theory at least. If the system is open to anyone other than yourself, this might be possible. However getting anything installed without using root would limit the damage to only that user's area (including areas where he had write permission).

    As it happens, I do use a minimum set of rules for iptables and run the fail2ban lockout utility since I do have a couple of servers open to the outside world. My major points were that the firewall isn't nearly so necessary here as it is with other systems that aren't so secure by design, and to note that all of the popular firewall utilities are tools to configure, not to implement, the actual protection. Far too many newcomers worry overmuch about getting GUFW to run automatically at all times! Once is enough; the configuration persists until it's explicitly changed again.
    --
    Jim Kyle in Oklahoma, USA
    Linux Counter #259718
    Howto mark thread: https://wiki.ubuntu.com/UnansweredPo.../SolvedThreads

Page 1 of 3 123 LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •