Secure Your Ubuntu

Security Secure your Ubuntu

“The only security that a man can have in this world is a reserve of knowledge, experience and ability” Henry Ford

ecurity is one of, if not the most de- Install minimum packages bated topic with people using comput- It is a good idea to remove packages that Sers. Losing data be it personal photos, you do not use regularly. Even after unin- bank statements or work related documents stalling some programs, their dependen- is every users worst nightmare. This article cies may still exist. Such dependencies is dedicated in enlightening and empower- should be removed using a program like ing you to enhance your experience on this the Computer Janitor available under Sys- wonderful operating system. Security I have tem –> Administration in Ubuntu. It will tried to give at least one example of the so- not only enhance your security but also lution wherever possible. improve performance. The Figure 1 shows the various dependencies that still existed Is Linux really a Secure even after removing the programs using a System? package manager. This is one of the biggest questions that a new Also, it is advised to install software only Linux user is confronted with after switching from trusted sources. This is because secu- over from another operating system. A lot of rity vulnerabilities are not induced only from comparisons can be raised between different malicious software installed on the system. operating systems explaining their loopholes. They might even exist in current supported However, there is no operating system in the packages residing within Ubuntu reposito- world that will be completely invulnerable to security issues, and there never will be. But unlike other systems, Ubuntu comes as close as possible to provide you with a protected platform for doing your work. Each process running on the Linux system has its own private memory pages and cannot access the memory pages being used by another process. The kernel maintains its own memory areas. For security purposes, no processes can access memory used by the kernel processes. Also, each individual user on the system has a private memory area used for handling any applications the user starts. This method of isolation prevents unauthorized entry of various malicious software into Ubuntu. Figure 1. Computer Janitor in Ubuntu

www.linuxidentity.com 25 Security

Figure 3. Provide your password for administrative tasks

Figure 2. Disable Unused Startup Services Figure 4. Example of APG in Terminal ries. A regularly updated list can be Administrative A similar case may arise while viewed at the Ubuntu Security No- Privileges trying to run a command in the ter- tices page available at http://www. There are certain applications that minal. Here you may be asked ei- ubuntu.com/usn require special privileges. When ther to provide a password directly It is a good practice to visit this you try to open such a program, a or use sudo at the beginning of the page before installing a new pro- pop up window similar to the one command. gram on Ubuntu to be informed shown in the Figure 3 may appear. If you’re unsure about the appli- about its security vulnerabilities. When some malware wants to gain cation, simply hit [Cancel] or press access to your computer, it requires the [Esc] key. Disable Unused this password. Services When confronted by such a Strong Passwords It is important to disable the services window think carefully before pro- This is a practice that should be that you do not plan to use for some viding the password. The details followed by a user whether you are time. These services can be found at menu will give you more informa- setting a password for your work the System –> Preferences –> Start- tion about the process that is trying email account or just a social net- up Applications menu. to gain access. working site. For example, you may turn off The window should launch only There are various elements the Remote Desktop service (see when you have asked a certain appli- that a password should contain Figure 2) if you do not wish to use cation to do something which requires for it to be called strong. A very it. These changes will not only en- administrative privileges. These ap- good method of creating a strong hance your security but also speed plications have the potential to cause password is by using an Automat- up your boot process. major changes in the system. ed Password Generator. The pack-

Figure 5. Open Seahorse via menu Figure 6. Creating a PGP Key

26 Linux Identity Starter Security

Figure 7. Your PGP Keys Figure 8. Choose Recipients age apg in the Ubuntu repositories These programs allow us to create firm a passphrase for the new PGP is a very useful tool to creating a variety of keys that can be used to key. This is the cipher/password passwords that are very difficult encrypt information. that is essential to lock and unlock to crack. information using this key. Be sure The Figure 4 shows an example Note: For this method to run to remember it or your data could of the apg command generating six we will need to install the be lost forever. strong passwords automatically. package seahorse-plugins which is You can view the created PGP Also these passwords are easy to not provided by default. Install this keys in the My Personal Keys Tab as remember when associated with package using the Synaptic Pack- shown in the Figure 7. their pronunciations as shown in age Manager or the following com- These keys only exist on your the parentheses beside them. mand in the Terminal: computer at the moment. You can synchronize these keys with remote Encrypting your files ↵ servers. To do this in Seahorse and folders $ sudo apt-get install seahorse-plugins choose Remote –> Sync and Pub- There may be times when you want lish Keys... from the menu. to keep your information hidden Creating a PGP Key from other people having access to Choose Passwords and Encryption Encrypting your information your computer. Or to ensure that im- Keys from the Applications –> Acces- Now go to the files and folders that portant information is not divulged sories menu as shown in theFigure 5. you wish to encrypt. Select the when an unauthorized person ob- The Passwords and Encryption files/folders, right-click and choose tains your data. At such times, just Keys window will come up. Choose Encrypt... from the menu. A Choose making your files/folders hidden or File –> New... or press [Ctrl] + [N]. Recipients window (see Figure 8) changing their permissions is not You will be confronted with the pop- will open where you are required to enough. Here, it is better to make up window. specify the key that you want to as- use of encryption. sociate with these set of files and Encryption simply means encod- Note: If you already have a folders. ing information in such a way that key, the same can be import- In case there are multiple files or it will be accessible only to the per- ed into Seahorse. To do this choose folders another window will pop up sons authorized to view it. There are File –> Import... and specify the lo- as shown in the Figure 9. many popular ways of encrypting cation of the key. It is a good prac- If you have selected the option files and folders in Ubuntu. As an tice to keep backup of keys on your of encrypting by packing together in example, I have explained encryp- computer remote servers. A key can a package, a compression package tion on a Ubuntu Desktop with PGP be exported using the File –> Ex- of the specific extension will be pro- keys using Seahorse. port... command. duced. Or else, you will see files with The package Seahorse is a the extension pgp which are the files front-end for the Gnu Privacy Guard Here choose PGP Key as shown in encrypted using this key. program that integrates into the the Figure 6 and click on continue. Gnome Desktop. This package is A simple setup will guide you Decrypting your information provided in the Ubuntu 10.04 Sys- through this creation process. You To open encrypted packages or pgp tem by default. For Kubuntu, you will be asked information like your files, simply double-click them. The can make use of the KGPG pack- full name and email address. You packages will open via your default age which is available by default. will also be asked to enter and con- compression application where you

www.linuxidentity.com 27 Security will be asked the passphrase. In this aspect also requires a case of pgp files, you will be first mention in this article. asked to enter a new name to save Hackers and such other the file. Then you will be required to elements are constantly enter the key’s passphrase. The de- trying to illegally gain in- crypted file will then be created in formation from various the specified folder. computers be it from a Government institution or Security Updates your grandma’s laptop. The Figure 9. Pack Multiple Files / Folders Developers of Ubuntu OS often come risk multiplies even more if up with various security patches and you are using your Personal updates that can be easily integrat- Computer to view mails or ed into your existing system. Ubuntu download from unknown 10.04 is tagged as a Long-Term-Sup- sites over the Internet. port (LTS) release. For LTS releases, And there is only one so- Ubuntu provides security and patch lution to it: Be Smart. Don’t updates for up to 3 years. trust anyone over the Inter- Hence, it is advisable to keep net. Never ever divulge any your system up-to-date by down- information over the Inter- loading and installing the latest up- net unless you are sure that dates. This can be easily done un- it cannot be misused. der Ubuntu using the Update Man- ager. To start the program choose Strengthen your System –> Administration –> Up- Web Browser date Manager. Of the many web brows- Figure 10. Automatic Security Updates You may also want Ubuntu to ers available in the Ubuntu install security updates automati- Family repositories, Mozilla cally. This is also possible through Firefox is the most popu- the Update Manager. To do so open lar cross-platform browser. the Update Manager and click on Also, it allows a user the the Settings... button present in the functionality of installing bottom. The window as shown in various addons to enhance Figure 10 will pop up. its productivity and security. The drop-down menu under Automatic Updates allows you to Note: The https pro- choose the frequency of installa- tocol suggests a secure tion. Click on the radio button saying site compared to the stan- Install security updates without con- dard http protocol. Use it firmation to install security updates whenever a site supports automatically. it to keep your information safe when on-line. Social Engineering Notorious people seeking informa- We can further strengthen tion have started the use of tech- the forces by installing var- niques of manipulating people ious addons that promote instead of technical hacking tools security over the Internet. as was popular earlier. Hence, I will mention only a few Figure 11. Firestarter for Ubuntu

Table 1. Various addons that promote security over the Internet Addon Description Adblock Plus This is a beautiful addon that lets you block specific pieces of javascript. NoScript This addon allows active content to run only from those sites that you trust, and thus protects you against XSS and Clickjacking attacks. WOT This addon gives you extra information about the site that you are currently at. They have a scorecard for rating every site. You can also upload your data and further improve their database. Xmarks Sync, Weave These are recommended addons that allow you to store and synchronize your passwords Browser Sync and bookmarks.

28 Linux Identity Starter Security addons that you can install in Anti-virus tection. It also has an inbuilt Virus Mozilla Firefox to make your One does not really need an anti- Browser that gives you information browsing experience secure and virus on Linux. This is because about all the malware listed in the pleasant (see Table 1). malicious software affecting Win- anti-virus database. And the Events The Firefox preferences window dows Systems do not affect Li- tab that keeps a history log of the can be opened via Edit –> Prefer- nux. This is true even if you have anti-virus. ences. It has two tabs Privacy and an emulator like WINE installed. Security which offer many self-ex- This is because, when trying to Third-Party Security planatory options. make any changes to the system, Applications you will always be prompted for a As we have seen earlier, an anti- Firewall password. virus or firewall may prove use- Ubuntu by default has a very se- However, some users prefer to ful on Ubuntu. Besides free and cure built-in kernel firewall called dual-boot the two operating sys- open-source software, there are iptabled. There are various open- tems. In this case, malicious soft- also commercial versions offered source applications available in the ware that might get downloaded in by various companies. Other avail- Ubuntu repositories which allow you Ubuntu will affect their Windows able Linux anti-virus suites include to configure this firewall. Firestarter system. For such cases, there is Avast, AVG, Avira, Bitdefender, is a one nice tool that allows you to a very smart free open-source Eset, F-secure, F-prot Kaspersky, create rules for various inbound and anti-virus program available right McAfee, Panda Security, Sophos, outbound connections on Ubuntu. in the Ubuntu repositories. For Symantec and Trend Micro. Other The Figure 11 shows the status of a GNOME desktop it is called Clam firewall applications include Ap- certain computer connected to the AV while on KDE it is referred to as pArmor, Gufw, Modsecurity, Sys- Internet. KlamAV. trace and Zorp. For Kubuntu, you may want to The Figure 12 shows ClamAV use another tool called Guarddog. while scanning the user’s home di- Conclusion Other available open-source ap- rectory. One can also scan a specific Security is one of the most de- plications include gui-ufw, Firewall file or directory present on the disk. bated topics on Ubuntu. Often it Builder and KmyFirewall. You also have an option to move is said that lack of popularity has certain files to quaran- kept Linux from been targeted by tine if you feel that they unethical programmers. However, are infected. this is not true. The more you use KlamAV is just the it, the more you’ll find that Linux KDE front-end to Cla- is very robust compared to other mAV. The Figure 13 operating systems. shows KlamAV scanning the user’s win- References dows directory which is on the different JJ http://sites.google.com/site/ partition. KlamAV lets easylinuxtipsproject/security the user configure JJ https://help.ubuntu.com/ advanced options like community/Security updates, quarantine JJ https://help.ubuntu.com/ Figure 12. Scan /home using ClamAV area and e-mail pro- community/StrongPasswords JJ https://help.ubuntu.com/ community/GnuPrivacy- GuardHowto JJ https://wiki.ubuntu.com/ Testing/Applications/Sea- horse JJ http://en.wikipedia.org/wiki/ Social_engineering_(security) JJ http://en.wikipedia.org/wiki/ Linux_malware JJ https://help.ubuntu.com/ community/Antivirus JJ https://help.ubuntu.com/ community/Firewall

Figure 13. Scan Windows Directory using KlamAV