- title Securing a New Ubuntu Installation
Securing a New Ubuntu Installation
A common concern with computers is security. Now that you have a nifty new Ubuntu installation, what do you need to do it make it secure? Very little. In fact, you are mostly done already by having installed Ubuntu.
Don't Break It
The default Ubuntu install is quite secure (remember, by installing Ubuntu you are nearly done), but if you start installing new stuff or changing the configuration of the system, you might change that. Understand what you install. If it is an application that is part of Ubuntu and one that only runs when you run it, and if it doesn't otherwise change the operation of the system, you are pretty safe. However, if you install some server software or if you install software you download from some random web site (run by...?), you might get into trouble. Stick with the software you install using the utility Synaptic, and try to understand what you install.
Keep you computer up to date
Ubuntu will want to install software updates, let it do so. When they stop releasing updates (regular releases get updates for 18-months), move to a newer version of Ubuntu.
Be suspicious of e-mailed attachments.
Is it from someone you know? Is it expected? (In other words, really from the claimed sender? It could be a forgery.) Mostly the evil software you receive will only work on Windows, but this will change as Linux becomes more popular, so start being wary now. That is pretty much it. Read on for some controversial suggestions to chew on, and for more techie details try the Security page.
More Controversial Thoughts
There are some things to consider that are not completely mainstream.
Do NOT recycle passwords between different web sites and accounts. This is general advice that isn't specific to Ubuntu, and almost no one follows it. Most people have just one or a small number of passwords they use all over the place. This is dangerous, it is like having one (or several) master key(s) to your life and then giving copies to everyone you ever do business with! Do you want the restaurant or convenience store you stop at to have a key to your house? Recycling passwords is like that, giving lots of people copies of just a couple passwords is bad. Instead use different passwords for different purposes. If you want to be fancy and find a way to keep the list encrypted somehow, cool. But if that is too complicated and frightening (lose the master password or have a technical malfunction...), get a piece of paper and write down your passwords there, all in one long list. People like to repeat old advice about never writing down a password, but if writing them down is what it takes to not recycle passwords, then it is a good idea. A nasty hacker half way around the world isn't going to be able to read the passwords you have written down in your wallet, but if that hacker breaks into (or runs!) a website that you give your password to... Unorthodox, yes, but using Linux itself is unorthodox. (Here is an expert who says to write down passwords: http://www.schneier.com/blog/archives/2005/06/write_down_your.html) Yes, choose good passwords (see StrongPasswords). And if you want to somehow obscure the passwords you write down (some regular transposition maybe) that will make you safer if you lose your wallet. If you make a photocopy periodically and keep it separate you will be able to change all your passwords the day you might lose your wallet.
What about Firewalls?
You don't need one for a simple Ubuntu installation. A firewall can prevent some types of attacks on your computer by blocking unsolicited network connections from the outside, and Ubuntu includes firewall software. However, a default installation of Ubuntu isn't listening to any unsolicited connections from the outside anyway, so in this case a firewall offers no additional protection. Installing a firewall won't hurt your security per se, but there are two indirect risks to consider:
- Networking is complicated, and correctly configuring a firewall can be complicated. You might configure things incorrectly, resulting in a firewall that either doesn't do anything, or a firewall that interferes with your use of the computer.
- Though firewalls can get extremely sophisticated (and also extremely complicated), there is a limit to what they can accomplish. If installing a firewall gives you a nice satisfying feeling of security...then it can lead to complacency and a false sense of security. Worry about other aspects of computer security first.