Basic Security
- Thread starter Rob
- Start date
CaffeineAddict
Well-Known Member
This is the default behavior of most firewalls includingIncoming: Deny all
Works for me.
NAT routers but it's not good enough.You also want to control output traffic by creating rules for local applications that require network access.
Reason for this is to detect and block potential "call home" type of malware such as trojans.
Another solid reason is if you intentionally install untrusted software then you want to detect if they use internet.
The way I detect this is by deny output by default and logging everything else (ex. ports with no rules).
And the traffic that is allowed to go out can optionally be logged as well to check outgoing IP on whois sites.
I'm planning to work on a method in
nftables to detect the so called zombie behaviorBecause that is the best basic security for new users. It seems to be pretty well agreed upon by all the big players. Is it perfect? No. Nothing is perfect, including all the effort you are investing in nftables.
Consider how many companies and governments continue to be hacked... many of whom that I would guess use complicated nftables rules applied by IT experts. That doesn't give me a good feeling.
If your browser is compromised by malware, you won't catch that because you've allowed tcp/udp on both ports 80 and 443... right? You won't know that the malware "phoned home" at the same time you updated your distro or watched cat videos on YouTube. I think there are better tools for this than a firewall for those folks who want to dig deep.
Here's another way of looking at it. If your system has been compromised by malware and is phoning home.... your firewall and other security measures already failed you. Incoming needs the most protection. Outgoing is for analysis.
This tutorial (now over a decade old) is titled, "Basic security"... not "Advanced Security." Basic security begins by NOT installing untrusted software. And the default firewall settings are fine for most users, most of the time. These are the things that should be emphasized to our new Linux users... not scaring them into thinking they need a months-long effort to tweak complicated firewall rules that they do not understand, that most of us will never understand, including me.
CaffeineAddict
Well-Known Member
If you get put down and give up from securing your system because big guys are known to fail in spite of all efforts then that's not good.
There is that saying which goes that the best protection is to bury down your PC 3 meter underground... but I would certainly not give up on pushing forward and finding new ways to defend, including privacy related best practices because likewise today many people give up from privacy because of hostile corporate services etc. but that's not good, it's very bad to give up.
I understand, I missed the point of this thread, thanks for reminder!
I'm not giving up at all. I'm pretty much always trying to stay aware of what's going on in computer security and threats, at least generally speaking. No doubt there is much that I miss though, and like a lot of other older folks, I may sometimes be too set in my ways to change or learn new things. Using default firewall settings is a choice made because I have looked at iptables/nftables before... and I know that is not where I want to concentrate my time and energy. The firewall settings are not a source of fear for me.
With computer security, what we all ultimately reach is a balance... finding the right amount of security that works good enough, but is not too onerous to use. That balance is different for all of us. The default firewall settings remain "good enough" for most people, most of the time. And iptables or nftables are indeed way too onerous for most Linux users, IMO. It's taken you months to reach that balance that you are comfortable with, but that's too much to expect of most users... likely too much for even most advanced users too.
The best security advice to new users should be simple.
- Don't install software you don't trust
- Update all software regularly
- Enable the default firewall (change at your own risk)
- Use a password manager, and don't re-use passwords
- Don't visit sketchy websites (porn, dark web, pirates, etc)
- THINK before you blindly run terminal commands
- THINK before you blindly enter your root password
- THINK before you give a stranger Teamviewer access
- THINKING... is the best protection we've got!
Security is a process, not an application.
A perfectly secure computer is impossible. So, we decide how much security we need when weighed against the goals we have for our computing time.
A perfectly secure computer is impossible. So, we decide how much security we need when weighed against the goals we have for our computing time.
CaffeineAddict
Well-Known Member
There are so many examples where a malware or an attacker does not need you to give them a password.
Contrary to popular beliefs, Linux is not secure "by default"
What examples...
In Linux a password is everything...can't do anything without it "Contrary to so called popular beliefs" as you say.
From: https://en.wikipedia.org/wiki/Spectre_(security_vulnerability)
Spectre is now mitigated, but there have been a few other such vulnerabilities as mentioned online.
IMO Security is a mindset.
Brickwizard
Well-Known Member
80% of security problems lay between the seat back and the keypad, the rest a good fire wall will usually take care of
CaffeineAddict
Well-Known Member
I cannot agree more with you!
Human factor (the user) plays really big role.
To folks who are relatively new to security, I suggest reading about "safe computing", there are many great articles online on that topic providing really good breakdowns.
I would only like to add that in today's world from a regular user standpoint a wast majority of threats come trough web browser rather than potentially malicious software.
That's why it's important to secure your web browser as a very first step, ex. browser settings and extensions such as, no-script, CAD and uBlock. (those 3 work well together, all it takes to read docs about them and to configure them so that they don't do duplicate work and don't interfere with each other, it's possible.)
Brickwizard
Well-Known Member
this can easily be seen on social media, if we discount the usual look at me type post, and those obviously tied to advertising we are left with the two most dangerous post, the clickbait designed to find your preferences and to seek out ISP's, port addresses and Mac addresses or phishing topics designed to illicit information that can be compiled to find your passwords etc[ your favourite colour, first pets name, place/date of birth etc,] It never ceases to amaze me how many people will actually respond to such sites despite the number of warnings over the last 20 years or so..
CaffeineAddict
Well-Known Member
This kind of touches both (1) security and (2) privacy, but there is also a third category which most people do not pay attention to.
It's called (3) identity theft.
I think identity theft is even more dangerous than previous 2 categories simply because even if one fails in first 2 categories that person may recover easily ex. by reinstalling system or changing online accounts.
But when it come to identity theft one does not recover! at least not without the police and expensive law suits.
Last edited:
I could see that. Though, that mindset would lead to a process I should think.
Here is an explanatory video on the spectre exploit which may interest readers of the thread. There's a bit of an update on spectre2. It gets a little technical in parts, but basically the narrator points to the security issues in the CPUs which among other things, neutralise or bypass password security. Although linux handles these effectively, there are, nevertheless, implications for performance.
Condobloke
Well-Known Member
Amen.
Condobloke
Well-Known Member
How to Detect if a browser plugin is spying on you
Steps anyone can use to detect browser plugin spying, even when they try to hide it.
nullsweep.com
