Back to article
Safe Surfing With Ubuntu
Stay Safe Out There
December 18, 2008
There is a common belief that if someone switches to a desktop Linux distribution such as Ubuntu, then security concerns generally take care of themselves. Unfortunately, reality has a different take on this.
Like with any operating system today, there are always going to be potential targets for exploit. Buffer overflows, stack overflows, sloppy code, user errors -- the list just keeps going. To counter this, I'm going to show you how to take simple steps to ensure that you are utilizing commonsense safety strategies for safer Ubuntu computing.
One of the most commonly argued issues is whether or not desktop Linux really needs to utilize virus protection. My take is as follows: there are indeed root kits and viruses that target Linux. That said, they pale in comparison to the sheer volume targeted at Microsoft Windows. So it is understandable how people can be lulled into a false sense of security due to these statistics.
Bottom line: it is not a bad idea to scan your PCs contents for virus nasties. Use of removal media, drives and email all dictate that there is opportunity to unintentionally share viruses with Windows users. Ensuring that I am not hosting something benign to me but dangerous to someone else, goes without saying in my own home network.
Therefore I would suggest you follow this example by using something like ClamAV to do a weekly virus scan. Unless you live in a bubble free of Windows PCs, taking action with weekly scans is really something more of us ought to consider doing.
At this point, there has yet to be a significant threat here. However, not installing or running unknown applications can also be a big help with prevention just in case. One of the single dumbest ways to install malware without realizing it on any platform is to blindly install a newly discovered software app without researching it first. If it uses closed source code, you have no way of knowing what it might be doing behind the scenes.
On the Web browser front, I believe that by simply making sure Java is turned off and you are not blindly installing Firefox extensions without researching them first, you can pretty much avoid any future malware threats from this side of the equation. Bundle both approaches together, and you'll find that even if one day malware does become a problem, you'll be well ahead of the curve with regard to commonsense malware spread prevention.
Thinking firewall protection
As with any operating system connected to the Internet these days, using a firewall is a must. For Ubuntu Linux users, this means using IPTables via UFW (the Uncomplicated Firewall).
Sadly, as with most ideas concocted by engineers, casual users do not consider a firewall that requires use of the command line to be "simple." This obvious flaw in casual usability is what led to the development of Gufw.
Gufw provides a very simple means of enabling/disabling your IPTables settings within modern Ubuntu installations. Gufw also makes port control a snap as it is provides for simple, pre-configured or advanced port forwarding options.
Utilizing this kind of firewall protection will provide a decent level of firewall security right out of the box. Unfortunately, this by itself does nothing for traffic being transmitted over your network or even over the Internet. Afterall, a firewall is but a gatekeeper, not an motorcycle cop chasing down potential threats to your network.
OpenVPN and OpenSSH
Despite the fact that many enterprise users might need to utilize OpenVPN in order to connect to work, I find it frustrating that more people do not put emphasis on OpenSSH as an alternative for home-based workers needing to connect to non-VPN secured networks.
The idea behind both technologies is that a user can securely connect to a remote network PC/server, access remote shares/email/documents and do so without worrying about their back and forth traffic being compromised by a malicious attacker.
In the case of OpenVPN, this software allows the home stationed enterprise user to connect with their company's Virtual Private Networking (VPN) server with as little hassle as possible. From there, they're able to access their desktop located at work, manage documents or just check email. The idea is that workers out of the local office can still be held to the same security protocols set forth by the IT staff, yet are able to do so outside of the home office and over otherwise unsecured networks.
Making the OpenVPN connection is fairly simple to do, once you have installed network-manager-openvpn from your Ubuntu repositories. After it and other dependencies are installed, just click on network-manager and begin the setup process for your VPN settings. In today's latest Ubuntu release, 8.10, users will find that VPN connections are ready to be setup out of the box.