Archive

Posts Tagged ‘partition’

10 Things You Must Know About Linux Security

December 29th, 2016 No comments

Millions of users that opt out for using Linux operating system for two decades now, all on the grounds that it is much safer than most others on the market. While it’s true that Linux is less susceptible to security breaches, it is not impenetrable (no system on the planet is), which is why users should get acquainted with some security precautions that can protect their devices even more. The main topic of this article are 10 things you must know about Linux security, and we’ll try to bring this topic closer to home and closer to everyday use of your OS.

1. It All Starts with Updates

Even if you were using the most secure operating system on Earth, it still wouldn’t do you much good unless you keep it up to date. Linux distributions are usually very easy to manage when it comes to the matter at hand and we wholeheartedly suggest you setting up automated updates so that you can rest assured that everything is under control. Also, remember to keep all your apps updated as well, because cybercriminals use them as the back entrance for installing malicious software.

2. Separate Disk Partitions

This is computer security 101 and Linux is not an exemption from the rule. The fact that Linux offers more safety doesn’t mean that you can’t downgrade it by being negligent when it comes to protecting your security. As soon as you’ve set up Linux, be sure to separate disk partitions, so that you have a few different ones for different purposes. This is a form of insurance in case anything goes wrong with a program or a virus starts running rampant. Chances are bigger that the threats will stay contained only on one partition, so you don’t have to eliminate all the data from your device, but just what’s on a particular partition.

3. Security Enhanced Linux

SELinux is one of the main reasons why this operating system is considered to be so bulletproof, but it can also prove to be a bit overbearing. This is a security mechanism that comes in the kernel and it will be extremely careful for you not to stumble on anything malicious on the internet and sometimes it will be too careful. However, shutting it down completely can result in complete security failure of the OS and you don’t want to do that. It would be wise to at least have SELinux in permissive mode, where it won’t enforce its security policy, but it will actively inform you if there’s something you should be worried about.

4. Make Use of the Firewall

Maybe you’re not familiar with the fact that Linux has a very efficient firewall, but now that you know, you should use it all the time. The component is called iptables and it grants you significant amount of control when it comes to keeping your network traffic in check. The firewall is usually disabled by default, but you can turn it on easily enough, depending on which distro of Linux you’ve got.

5. Old Passwords

Using old passwords is a recipe for potential disaster, because it makes it much easier on hackers to get into your device and wreak havoc. Linux has a solution for this problem – it restricts any account from using any of the past five passwords that have been used. If you do try to reuse one of your old passwords, it will simply show an error page and request a new one.

6. Security Software

Many people think that it’s an overkill to have security software on top of already very secure Linux, but it can bring no harm. Having an antivirus program can hardly be a bad thing and if all other system defenses fail, it will be there to save the day. Furthermore, if you’re concerned about your privacy when browsing the internet, consider getting a VPN service to encrypt activities on the web and prevent surveillance.

7. Manual Account Lock

If there are users of the device that don’t inspire trust or simply won’t be using their account for a while, you can lock down their account in the OS. If the user of the locked account tries to access it, he/she will only get an error page saying that the account isn’t available. Bear in mind that the lock account option is only available for root user.

8. Think about Browser Security

Browsers are always potential security weak links unless you tend to them. No matter what browser you use, hackers can find a way to slither between the cracks, which is why you should take full advantage of security plugins that abound for any browser there is.

9. Encrypting Your Hard-Disk

This is great prevention for any unfortunate event of your laptop getting stolen or lost. Choosing to encrypt all the essential data on your device prevents anyone from misusing it and you can rest assured that no unauthorized person can reach your confidential information, because they’ll need FDE password that only you know. The best thing is that this encryption won’t in any way slow down your computer’s performance.

10. You Need Strong Password

This is another security 101 tip, which many Linux users forget about because they believe that the OS’s security can’t be breached. If you use simple and weak passwords, then a simple brute force attack can have your security crumbling down. Don’t gamble with this aspect of your safety and have a strong password for your Linux OS.

If your computer’s security is one of your primary concerns, then using Linux will definitely give you some peace of mind. Just remember that you also have to put some effort into securing your device even more so that your OS becomes a fortress against cybercriminals.


Thomas Milva is 28 and has been in an Information Security Analyst for over four years. He loves his job, but he also loves spending his time in nature, because he’s working from home, which sometimes means not getting enough fresh air. He also regularly writes for wefollowtech.com, where he often comments on the latest web trends in his articles. Thomas currently lives in Baton Rouge with his dog, two fish and his girlfriend.

Getting Up and Running with Debian

September 1st, 2009 3 comments

Considering that it was my first experience with Linux, the installation of Debian actually went rather smoothly. I popped in the Debian live disc, rebooted my machine, and said goodbye to Windows XP.

The Basics:

I chose the graphical installer, because I’m a big wimp, and because it makes screenshots. You might ask how the installer saves screenshots to a hard drive that is as of yet unpartitioned, and will be wiped/encrypted during the coming hours… I don’t know either, but I guess that’s a part of the Linux magic. (You don’t get any of these pictures, because I lost them when I reinstalled, and forgot to take more the second time around).

The first few settings were fairly straightforward. Debian asked me to choose my default language, geographical location, and keyboard layout. Debian appears to support some 44 different keyboard layouts on install, including Dvorak, and Canadian Multilingual, which is perhaps the most awful layout ever conceived by man. Is it as bad for the Quebecois as it is for us Ontarians?

Next, the installer attempted to detect my hardware settings, and scanned the live disc for required drivers. At this point, the installer notified me that my system would require non-free firmware files to get my wireless card working. In Linux-speak, non-free simply means that the firmware is distributed as a compiled binary, and that the source code is not available. It is, however, free in the sense that I don’t have to pay a dime to use it, although I have to agree to a license to do so. Given the option to load the firmware files from a disc, or to wait and deal with the problem once the desktop was up and running, I chose the latter.

The next step was for the Debian installer to attempt to auto-configure my DHCP settings, and to use my ethernet card to connect to the internet. Since the laptop wasn’t plugged in to an ethernet cable, it didn’t really surprise me that this step failed. I chose to configure the network later, and moved on to giving my machine a name and choosing my timezone instead.

Partitions and Full-Disc Encryption:

When it came time to partition my disks, I chose to take a shot at full-disc encryption. The most basic Linux drive has two partitions – one called /boot that is generally formatted with ext2 and takes the place of Window’s boot sector, and another called / that contains the rest of your data, including the OS. Once the BIOS has finished all of it’s startup checks and initializations, it hands off to GRUB, which is stored on the /boot partition. GRUB does some other stuff, and then boots the operating system, which is stored on the secondary partition, usually formatted with one of the many available file systems that Tyler covered in detail in a previous post. There is a great explanation of the entire boot process available here.

To allow for multiple partitions, Linux utilizes some fancy software called the LVM (logical volume manager), which virtualizes any partitions that you create within the big main one. When enabling full-disc encryption, everything inside of the LVM (all of the partitions except for /boot, because the machine needs to be able to start) is encrypted as it is written to disc, and decrypted as it is read from disc. This method of protecting your data is extremely secure, as the encryption is transparent to the user and operating system, while every file on the system remains encrypted until the correct password is provided by the user.

Debian allows me to put each of the important parts of my root directory on separate drive partitions. For example, I can separate the /home partition from the /usr, /var, and /tmp partitions within the LVM. This would be extremely handy if my machine were running multiple physical discs, and I wanted to put my install on a separate disk from my data so that backups and reinstalls are less painful. Because I’m new at this and have only one disc, I chose to put all of my files in a single partition.

Before proceeding with installation, Debian tried to zero all existing data on my drive. Since that data wasn’t at all sensitive, my hard drive is small, and I don’t care to wait years for the wiping process to finish, I hit the cancel button in the bottom-right hand corner of the screen, which allowed me to skip to the next step. I actually found this out by accident, fully expecting the cancel button to boot me right out of the install process. Silly UI design, that.

The last step in partitioning my drives was to provide a password for the full-disc encryption, and to choose the file system for each of my newly created partitions. As previously noted, my /boot partition is formatted with ext2, and the LVM is using a filesystem called crypto, which I assume is just the name of the encrypted partition container. Linux also creates a root partition for me (located at /), which I’ve chosen to format with the ext3 filesystem, since ext4 does not appear to be supported by my installer. Finally, a partition called /swap is created (the equivalent of the Window’s swap file), that is formatted with the (what else?) swap file system.

It should be noted that the partition manager screen also had a strange UI bug in it – the continue button that had been my friend and companion thus far throughout the install process ceased to have any meaningful functionality. I had to choose to ‘finish partitioning and write changes to disc’ from the partition manager menu before I could continue with the installation.

Just About There:

With all of the setup options behind me, the Debian installer helpfully finished the install all on it’s own, pausing only to demand that I enter a root password, a default user account name and user account password. It should be noted that if you intend to become a l337 system administrator, your root password should be hard to guess but easy to type, as you’ll be forced to enter it whenever you do an action that is outside of the user account security privileges (or in other words, essentially anything of consequence).

Lastly, the installer asked if I wanted to enable the Debian package popularity contest (popcon), and which default software I wanted to install. I chose to add a web server, file server, and SQL database to the default install. That done, the installer went on it’s merry way and actually got down to the business of installing my distribution.

Adding the Tubes (Or Not):

Remember how the Debian installer failed to auto-detect my DHCP settings because my laptop wasn’t plugged into an ethernet cable? Well it also “forgot” to install my ethernet card driver at the same time. Since the machine doesn’t have a network connection, I have no access to the Debian repositories from which I can get the required drivers, but I can’t seem to get them without access to those repositories. I found the driver in question here, but have no idea what to do with the driver once I get it, because it is distributed as a *.rpm package, which is the Fedora package format, and unsupported by Debian. I’ve found various discussions on the Debian website that reveal that tg3, the driver for my network card, was removed from the Debian package, because it is not “free” in the sense that it is distributed as a compiled binary, and not as source.

After spending a half hour scouring the GOOG for instructions on how to install this driver, only to come up empty handed, I’ve decided to simply reinstall, but to plug the ethernet cable in this time, and hope that it works better than it did last time. If anybody knows what the hell happened, I’d love to hear an explanation, and perhaps a method by which I can fix the problem.

Back from the Reinstall:

So after waiting for Debian to reinstall, I got back up and running, and just needed my wireless card active so that I could put my ethernet cable back in my other computer. Luckily, the steps to get it working are very straightforward:

  1. Open the synaptic package manager
  2. Under the settings menu, select repositories, and select the DFSG and Non-DFSG checkboxes. This will allow synaptic to install packages that are non-free.
  3. Search for a package called firmware-ipw2x00, and install it
  4. Agree to the firmware license
  5. Open a root terminal
  6. Type “modprobe ipw2200” to load the firmware kernel module
  7. Navigate to the etc/ directory, and open the file “modules” in the nano editor
  8. add the line “ipw2200” to the end of the file
  9. Hit ctrl-x to close the file, and Y to save the changes.
  10. Restart your machine

Once your machine restarts, the wireless firmware will be loaded, and you should be able to click on the network icon in the taskbar and select an available wireless network to connect to.

So Everything is Cool, Right?

Well, not quite. My system is up and running, supports full-disc encryption, wired and wireless networking; but the GNOME desktop bugs the hell out of me, and so far as I can tell, I don’t have a working sound card yet… More on that one tomorrow. The moral of this story is as follows: NEVER install Debian without a network connection present. It’s just not worth your time.