Announcement

Collapse
No announcement yet.

Can you 2FA 2-Factor Authtication Kubuntu security

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    [CONFIGURATION] Can you 2FA 2-Factor Authtication Kubuntu security

    Hello,
    I've been hearing and reading a few stories of late of how Linux DOES have some flaws, and I recent one where a NAS has a vulnerability that can allow the attacker to compromise Linux systems with ransomware. This sort of scared me, so I was wondering if there is such a thing as 2FA, login, and 2FA for root access or system changes.
    Is it possible to beef up security without a 200character password?
    Other Hardware Security like fingerprint readers(sort of like these. but prefer the 2FA keys, as I already have a couple and can easily use one)
    As an attempt to stop Ransomware or whatever attacking my Kubuntu PC

    Thanks

    #2
    But wouldn't a daily (or almost) backup to an unmounted disk render ransomware somewhat futile?

    Comment


      #3
      https://support.yubico.com/hc/en-us/...ogin-Guide-U2F, as one example for yubikeys
      Ok, more stuff:
      https://www.yubico.com/support/downl...bikey-manager/
      https://launchpad.net/~yubico/+archive/ubuntu/stable

      Not sure how well all this works with KDE's DSSM login, but it seems to be much improved in recent years.
      I have been looking at this sort of thing for my laptop off and on, but never bit the bullet.

      Of course, most malware/ransomware gets installed by trickery as opposed to breaking passwords and similar security so 2fa is useless in many cases.


      fingerprint will highly depend on if the reader is actually supported in Linux to begin with. Many simply are not, and will not be.

      Comment


        #4
        Originally posted by Don B. Cilly View Post
        But wouldn't a daily (or almost) backup to an unmounted disk render ransomware somewhat futile?
        Yes, you are not backed up unless you back up your back-up with offline backups.

        Comment


          #5
          IMO, unless 'you'; an individual person; is worth mega-millions of dollars, ransomware attackers aren't interested in your PC.
          Windows no longer obstructs my view.
          Using Kubuntu Linux since March 23, 2007.
          "It is a capital mistake to theorize before one has data." - Sherlock Holmes

          Comment


            #6
            Ransomware is the result of social engineering, the trickery mentioned above, so the chances of incorporating the ransomware into your backup is pretty high.

            Understanding social engineering, and avoiding situations of that, is very important. Being not visibly rich, as Snowhog mentioned, is also useful
            The next brick house on the left
            Intel i7 11th Gen | 16GB | 1TB | KDE Plasma 5.27.11​| Kubuntu 24.04 | 6.8.0-31-generic



            Comment


              #7
              May be of interest to some. 81 Ransomware Statistics, Data, Trends and Facts for 2021
              Windows no longer obstructs my view.
              Using Kubuntu Linux since March 23, 2007.
              "It is a capital mistake to theorize before one has data." - Sherlock Holmes

              Comment


                #8
                Number 11 is a pretty universal factor in ANY security attack, "The most common tactics hackers use to carry out ransomware attacks are email phishing campaigns, RDP vulnerabilities, and software vulnerabilities."

                The best defense: be careful what you click on, and keep your system (all of it) updated.
                The next brick house on the left
                Intel i7 11th Gen | 16GB | 1TB | KDE Plasma 5.27.11​| Kubuntu 24.04 | 6.8.0-31-generic



                Comment


                  #9
                  The three basic factors of security are: something that you are (picture, fingerprint, retina scan), something that you have (token, account), something that you know (password, PIN). Multifactor authentication involves use of more than one factor, plus multiples of at least two others factors.
                  The next brick house on the left
                  Intel i7 11th Gen | 16GB | 1TB | KDE Plasma 5.27.11​| Kubuntu 24.04 | 6.8.0-31-generic



                  Comment


                    #10
                    Originally posted by CharlieDaves View Post
                    ... recent one where a NAS has a vulnerability that can allow the attacker to compromise Linux systems with ransomware.
                    You may have heard about some WD MyBook devices that could be used as NAS that could be set up to allow connections from the internet to access that storage. They were indeed running Linux, but the devices went out of support and stopped being updated. A vulnerability was found years later, and some bad actor found that there were all these old devices exposed to the internet with the vulnerability. That wasn't too bad, not much to be had grabbing people's family photos, but this access leaked and some %$#%$@# thought it was cool to run a script crawling the whole internet finding them and destroying them. The malware pretended to be ransomware but no recovery was possible.

                    So, don't run devices that can't be updated, and don't give the internet access to your backup. If you have to put your backup on the internet, one can use ssh to access it, with keys that require a pass phrase.

                    Having backups that are only connected when you're accessing them helps, but that isn't totally safe. The bad guys install malware on a computer that sits and waits for you to go through a backup cycle, encrypting the backups silently. Such an attack needs multiple vulnerabilities to work, so become much less likely to work on Linux.
                    Regards, John Little

                    Comment


                      #11
                      Originally posted by claydoh View Post
                      Yes, you are not backed up unless you back up your back-up with offline backups.
                      Back Up a Bit here. WTF?

                      Comment


                        #12
                        Originally posted by Snowhog View Post
                        IMO, unless 'you'; an individual person; is worth mega-millions of dollars, ransomware attackers aren't interested in your PC.
                        From what I've read over the last decade, umm, yes they are. How else do they get a "bot-net" ?

                        Comment


                          #13
                          Thanks to Snowhog && jglen490 && jlittle && Don B. Cilly && Claydoh && 'others'
                          So I gather overall, to my question of additional 2FA or external hardware security to login or "root' access, it's a negative.
                          But additional thanks to those above, for the very interesting responses. I'll be busy reading for the next day or so.

                          Thanks to all

                          Comment


                            #14
                            Originally posted by claydoh View Post
                            https://support.yubico.com/hc/en-us/...ogin-Guide-U2F, as one example for yubikeys
                            Ok, more stuff:
                            https://www.yubico.com/support/downl...bikey-manager/
                            https://launchpad.net/~yubico/+archive/ubuntu/stable

                            Not sure how well all this works with KDE's DSSM login, but it seems to be much improved in recent years.
                            I have been looking at this sort of thing for my laptop off and on, but never bit the bullet.

                            Of course, most malware/ransomware gets installed by trickery as opposed to breaking passwords and similar security so 2fa is useless in many cases.


                            fingerprint will highly depend on if the reader is actually supported in Linux to begin with. Many simply are not, and will not be.
                            I vaguely remember how DSSM login works, but isn't root access needed for almost any attack, virus or malware?
                            I could suggest for your laptop, that TOR thingy dongle that boots but never changes. And I do remember from years gone by, BIOS level security for Windozes, not to mention some Windozes reboot to standard configuration software deployed at a place I used to work. Everytime you reset the PC, it would reload from an image file, and yet you had access from the running machine with an additional password (they gave me second last day I worked there) to make changes. I also think this had a server administration component to it. As I was aware of the software but never used it, I have no recollection beyond this. My brain works on the read & visual, maybe audio with hands on component. I have to see it in action. And with computers, My brain makes a virtual hardware PC, and I make the little 1's and 0's move around the board or software so I know what is happening and HOW it is happening.
                            But thanks for your contribution.

                            Comment


                              #15
                              Originally posted by CharlieDaves View Post
                              Back Up a Bit here. WTF?
                              It is pretty clear you need to have copies or separate backups that are *not* on the same computer. Even an always-connected USB backup drive, for example can be compromised be ransomware, I assume.. Thumb drives that are in a drawer or some other location, that sort of thing. Something that can be accessed without an internet connection, so that you have something that works if there is no internet, as well as if the computer dies a horrible death or is infected with computer-rona, a known clean backup/image/whatever.



                              That reminds me I need to set up my cloud backup again, once I decide on which route to take this time.
                              Last edited by claydoh; Aug 25, 2021, 05:10 PM.

                              Comment

                              Working...
                              X