Posts Tagged ‘security’

10 Things You Must Know About Linux Security

December 29th, 2016 No comments

Millions of users that opt out for using Linux operating system for two decades now, all on the grounds that it is much safer than most others on the market. While it’s true that Linux is less susceptible to security breaches, it is not impenetrable (no system on the planet is), which is why users should get acquainted with some security precautions that can protect their devices even more. The main topic of this article are 10 things you must know about Linux security, and we’ll try to bring this topic closer to home and closer to everyday use of your OS.

1. It All Starts with Updates

Even if you were using the most secure operating system on Earth, it still wouldn’t do you much good unless you keep it up to date. Linux distributions are usually very easy to manage when it comes to the matter at hand and we wholeheartedly suggest you setting up automated updates so that you can rest assured that everything is under control. Also, remember to keep all your apps updated as well, because cybercriminals use them as the back entrance for installing malicious software.

2. Separate Disk Partitions

This is computer security 101 and Linux is not an exemption from the rule. The fact that Linux offers more safety doesn’t mean that you can’t downgrade it by being negligent when it comes to protecting your security. As soon as you’ve set up Linux, be sure to separate disk partitions, so that you have a few different ones for different purposes. This is a form of insurance in case anything goes wrong with a program or a virus starts running rampant. Chances are bigger that the threats will stay contained only on one partition, so you don’t have to eliminate all the data from your device, but just what’s on a particular partition.

3. Security Enhanced Linux

SELinux is one of the main reasons why this operating system is considered to be so bulletproof, but it can also prove to be a bit overbearing. This is a security mechanism that comes in the kernel and it will be extremely careful for you not to stumble on anything malicious on the internet and sometimes it will be too careful. However, shutting it down completely can result in complete security failure of the OS and you don’t want to do that. It would be wise to at least have SELinux in permissive mode, where it won’t enforce its security policy, but it will actively inform you if there’s something you should be worried about.

4. Make Use of the Firewall

Maybe you’re not familiar with the fact that Linux has a very efficient firewall, but now that you know, you should use it all the time. The component is called iptables and it grants you significant amount of control when it comes to keeping your network traffic in check. The firewall is usually disabled by default, but you can turn it on easily enough, depending on which distro of Linux you’ve got.

5. Old Passwords

Using old passwords is a recipe for potential disaster, because it makes it much easier on hackers to get into your device and wreak havoc. Linux has a solution for this problem – it restricts any account from using any of the past five passwords that have been used. If you do try to reuse one of your old passwords, it will simply show an error page and request a new one.

6. Security Software

Many people think that it’s an overkill to have security software on top of already very secure Linux, but it can bring no harm. Having an antivirus program can hardly be a bad thing and if all other system defenses fail, it will be there to save the day. Furthermore, if you’re concerned about your privacy when browsing the internet, consider getting a VPN service to encrypt activities on the web and prevent surveillance.

7. Manual Account Lock

If there are users of the device that don’t inspire trust or simply won’t be using their account for a while, you can lock down their account in the OS. If the user of the locked account tries to access it, he/she will only get an error page saying that the account isn’t available. Bear in mind that the lock account option is only available for root user.

8. Think about Browser Security

Browsers are always potential security weak links unless you tend to them. No matter what browser you use, hackers can find a way to slither between the cracks, which is why you should take full advantage of security plugins that abound for any browser there is.

9. Encrypting Your Hard-Disk

This is great prevention for any unfortunate event of your laptop getting stolen or lost. Choosing to encrypt all the essential data on your device prevents anyone from misusing it and you can rest assured that no unauthorized person can reach your confidential information, because they’ll need FDE password that only you know. The best thing is that this encryption won’t in any way slow down your computer’s performance.

10. You Need Strong Password

This is another security 101 tip, which many Linux users forget about because they believe that the OS’s security can’t be breached. If you use simple and weak passwords, then a simple brute force attack can have your security crumbling down. Don’t gamble with this aspect of your safety and have a strong password for your Linux OS.

If your computer’s security is one of your primary concerns, then using Linux will definitely give you some peace of mind. Just remember that you also have to put some effort into securing your device even more so that your OS becomes a fortress against cybercriminals.

Thomas Milva is 28 and has been in an Information Security Analyst for over four years. He loves his job, but he also loves spending his time in nature, because he’s working from home, which sometimes means not getting enough fresh air. He also regularly writes for, where he often comments on the latest web trends in his articles. Thomas currently lives in Baton Rouge with his dog, two fish and his girlfriend.

Trying out KeePassX

October 23rd, 2016 No comments

KeePassX is an independent implementation of the popular password manager that supports the KeePass (kdb) and KeePass2 (kdbx) database formats. Like the official KeePass application, KeePassX is open source but the main difference is that KeePass requires Microsoft’s .NET framework or the Mono runtime to be installed whereas KeePassX does not.

The feature list from their website shows that KeePassX offers:

  • Extensive management
    • title for each entry for its better identification
    • possibility to determine different expiration dates
    • insertion of attachments
    • user-defined symbols for groups and entries
    • fast entry dublication
    • sorting entries in groups
  • Search function
    • search either in specific groups or in complete database
  • Autofill (experimental)
  • Database security
    • access to the KeePassX database is granted either with a password, a key-file (e.g. a CD or a memory-stick) or even both.
  • Automatic generation of secure passwords
    • extremly customizable password generator for fast and easy creation of secure passwords
  • Precaution features
    • quality indicator for chosen passwords
    • hiding all passwords behind asterisks
  • Encryption
    • either the Advanced Encryption Standard (AES) or the Twofish algorithm are used
    • encryption of the database in 256 bit sized increments
  • Import and export of entries
    • import from PwManager (*.pwm) and KWallet (*.xml) files
    • export as textfile (*.txt)
  • Operating system independent
    • KeePassX is cross platform, so are the databases, as well
  • Free software
    • KeePassX is free software, published under the terms of the General Public License, so you are not only free to use it free of charge, but also to redistribute it, to examine and/or modify it’s source code and to publish your modifications as long as you provide the same freedoms for your modified version.

I’ve been a long time user of KeePass and figured I would check out KeePassX to see if there were any advantages to making the switch. Opening up my existing KeePass2 database was a breeze and even the ‘experimental’ autofill seemed to work just fine. I should also point out that, at least on Linux, KeePassX seems to be much quicker and definitely feels more native compared to the WinForms+Mono official version (I imagine the opposite is true while running on Windows).

The password generation tool for KeePassX is also very similar to the one in the official KeePass however they’ve opted for some defaults which could actually reduce the randomness, and thus security, of a password: exclude look-alike characters, ensure that the password contains characters from every group, etc.

The Password Generator in the official KeePass application

The Password Generator in the official KeePass application

These defaults do make it a bit easier to read or transcribe the passwords should you ever need to and given a long enough password the impact on security should be minimal.

The Password Generator in KeePassX

The Password Generator in KeePassX

So what are my feelings on KeePassX overall? In my limited use it seems like an excellent alternative to the official KeePass application and one that may almost be preferred on non-Windows platforms. I think I’ll be making the switch to KeePassX for my Linux-based installs.

Update: after some slow progress a few developers decided to fork the KeePassX project over at KeePassX Reboot. We’ll have to see how things with this fork play out but I wanted to mention it here in case you decided that the fork was the better version for you.

I am currently running a variety of distributions, primarily Linux Mint 18.
Previously I was running KDE 4.3.3 on top of Fedora 11 (for the first experiment) and KDE 4.6.5 on top of Gentoo (for the second experiment).
Feel free to visit me at my personal website here.

Ubuntu 16.04 VNC woes? Try this!

October 2nd, 2016 No comments

You may recall a few years back I made a very similar post about Ubuntu 14.04’s ‘VNC woes’. Well unfortunately it seems things have changed slightly between 14.04 and 16.04 and now the setting that once fixed everything now doesn’t persist and is only good for that session. Thankfully it is pretty easy to adapt the existing work around into a script that gets run on startup in order to ‘fix it’ forever. Note that these steps should also work on any Ubuntu derivatives such as Linux Mint 18, etc.

Credit goes to the excellent post over at ThinkingMedia for confirming that the fix is basically the same as the one I had for 14.04. What follows is their instructions on creating a start up script:

1. Create a text file called and place the following in it:

export DISPLAY=0:0
gsettings set org.gnome.Vino require-encryption false 

2. Modify the file’s permissions so that it becomes executable. You can do this via the terminal with the following command:

chmod +x

3. Create a new startup application and point it at your script. Now every time you reboot it will run that script for you and ‘fix’ the issue.

One last thing I should point out – this work around disables the built in VNC encryption. Generally I would absolutely not recommend disabling any sort of security like this however VNC at its core is not really a secure protocol to begin with. You are far better off setting up VNC to only listen to local connections and then using SSH+VNC for your secure remote desktop needs. Just my two cents.

I am currently running a variety of distributions, primarily Linux Mint 18.
Previously I was running KDE 4.3.3 on top of Fedora 11 (for the first experiment) and KDE 4.6.5 on top of Gentoo (for the second experiment).
Feel free to visit me at my personal website here.

KeePass: The Cross-platform Password Safe

December 20th, 2012 1 comment

These days you really need a strong, unique password for almost everything you do online. To make matters even worse for the average user, security nuts will tell you that you actually need a different password for essentially every account you hold. Why? Consider the following scenario:

Little Timmy signs up for Facebook using his super secret password @wesomeS@auce3!. This password is so strong and good that even he can hardly remember it. Then he wants a Twitter account so he goes and signs up there using the same password. Some time passes and Timmy’s Twitter account is hacked. Using his associated e-mail address they try the same e-mail and password on Facebook (because it is a popular website that most people belong to) and lo and behold they have access. Little Timmy’s virtual life falls apart around him.

Think I’m being paranoid? Take a look at these examples and adjust your tin foil hat accordingly.

What to do?

So what can you do about it? Well for one don’t use the password above because now it is all over the internet. For two use strong unique passwords for each website you care about. What do I mean by that? Well in the above example Timmy clearly cared about both Facebook and Twitter so he should have used different passwords for each. That way when his hypothetical Twitter account became hacked the attackers couldn’t use the same password to gain access to his Facebook account. That said it is always good to have a throw away password or two to use on those one-off websites that you will either never visit again or don’t care if they get compromised. Third either remember all of these unique passwords in your super genius conehead sized brain or use a password safe to make it easy on yourself.

Password Safes

A password safe is essentially a program that allows you to maintain a number of different passwords while only having to remember one. Essentially you enter a master password into the program and this acts as your key to unlock all of your others passwords. That way you (technically) only have to remember one password at a time (the master password) and you only have one password to change on a regular basis (although you should obviously refresh your other passwords every so often as well). A number of these programs exists (such as LastPass, etc.) but personally I prefer KeePass.


KeePass comes in two flavours: version 1.x (which is technically now legacy) and version 2.x (which is current). Beyond feature set the biggest difference is that version 2.x requires the .NET Framework (or Mono) and version 1.x doesn’t. For the purposes of this post I’ll be focusing on version 2.x.

KeePass has a number of great features that make it indispensable in my day-to-day computing life. While the full feature list is actually quite long I’ll just list the most useful or important ones here:

  • Open source which means that the source code has been looked at and checked over for any sort of backdoor or other nonsense that a potentially evil author would code into it. This is very important when you’re considering placing all of your password eggs in one proverbial basket.
  • When you create a new password entry you can store any sort of arbitrary information along with it:

    New Password Entry

    New Password Entry

  • All of your passwords are stored completely encrypted including all comments, website URLs and user names. This is incredibly convenient because it allows you to safely do things like create an entry containing you credit card information. Never again will you have to hunt down your wallet to make that spur of the moment online purchase!
  • It is portable – you can run it straight off of a USB stick, no installation required!
  • Rule based, strong password generator. Having a long, strong, password is very important but remembering one is very hard. Instead why not have KeePass generate a per-website, completely random, strong password for you? Using a website that for some reason doesn’t like special characters or only allows up to a 12 character password? No problem just change the rule set you use when you generate that particular password.
    Password Generator

    Password Generator

    Here are some examples of random passwords I just generated now:

    Lots of random passwords!

    Lots of random passwords!

  • Cross-platform – KeePass has implementations on almost every platform. Version 1.x runs on Windows, Mac and Linux (via KeePassX). Version 2.x runs on Windows, Mac and Linux (using Microsoft’s .NET or the open source Mono). There are even versions of it for Android, iPhone and others.
  • Auto-type – this is by far the best feature. Even if you, for some reason, didn’t want to use any other feature that KeePass has to offer, its Auto-type functionality alone is worth the install. Essentially you tell KeePass what window to look for (for instance Firefox browsing my bank’s website) and how it should type things for you (usually user name, tab, password, enter). Then you set up some key combination you want to use (like Ctrl + Alt + A) and KeePass does all of the typing for you. Now when I want to enter one of those crazy strong and super random passwords I don’t have to type it out or even copy and paste. I simply click my mouse in the user name field and press Ctrl + Alt + A. The genius of this is that it can work for all accounts on your computer not just website ones – for instance I use it at work to keep track of my passwords for our internal programs.


All of this praise may make it seem like I’m getting paid to write this article but that isn’t the case (not that I would turn the money down mind you *hint hint*…). KeePass is just one of those programs I use daily that does so many things right I can’t help but like it. So in conclusion give it, or a similar password store, a try and make your online presence more resilient to password hacking. Let me know which password safes you think are awesome.

This post originally appeared on my personal website here.

I am currently running a variety of distributions, primarily Linux Mint 18.
Previously I was running KDE 4.3.3 on top of Fedora 11 (for the first experiment) and KDE 4.6.5 on top of Gentoo (for the second experiment).
Feel free to visit me at my personal website here.

A Matter of Opinion

July 19th, 2010 No comments

Tonight I installed VirtualBox, an incredibly handy virtualization program that lets me run instances of Windows and other Linux distributions from the comfort of my Linux Mint 9 Isadora desktop. Upon installing the latest version in my repositories, I launched the program, only to be confronted by a dialog box offering a link to a newer version of the program available on its website. So I clicked the link, and downloaded the *.deb of the new version. My package manager started up, tried to install the new package, and complained that it conflicted with the existing VirtualBox install. So I opened synaptic, uninstalled the version of VirtualBox that I got from my repositories, and finally installed the most recent version from the website.

So here’s my question, and please feel free to leave your opinion in the comments below: Should Linux applications warn the user about updates that are not available from their repositories?

On one hand, I like having up to date software, but on the other, package maintainers work hard to ensure that everything that ships with a stable distribution plays well together, and probably don’t appreciate these apps leading users outside of their carefully curated repositories. From a security-oriented point of view, this is also bad practice, as much of the security that is inherent in Linux comes from the fact that the vast majority of the software that you install has been vetted by the package maintainers who work to ensure that your distribution is safe and stable. And surely the guys who program VirtualBox, being the insanely awesome ninja-powered pirate wizards that they are, could have come up with a way to update my install without my having to uninstall and re-install an entirely new version. Just sayin’

Chime in with your opinion in the comments below.

On my Laptop, I am running Linux Mint 12.
On my home media server, I am running Ubuntu 12.04
Check out my profile for more information.