My security worries aren't that high as I'm anti-paranoia, but I usually install rkhunter. Most Linux anti-virus software detects windows viruses that pass through your system via email or other ways so I don't bother with them - not my problem. You should have AppArmor installed by default but I always remove it and I don't know how to configure it or if it's worth it. Sounds to me like you've done almost everything you need to do.

The fact that you are concerned about your security it immediately makes you more secure than 90% of people. Now as to securing your system - you have done a great job so far. Well, as to adding more security. zerconf, UPnP are a good services to disable but honestly, your systems sound very very secure. You could always do something like encrypt home if you are worried about somebody getting physical access to your pc. AppAarmor is the next step up but I think that its unneccessary. Most (not all) Linux distros in their default configuration are far more secure than even a hardened Windows PC.

The point of securing a computer is to prevent it from being owned in the first place. This is where you should concentrate your efforts. Let's think about the possibilities:

* Firewall. Unnecessary in a Linux computer. Windows often starts many services listening for incoming connections on various ports, a legacy of SMB networking. Host firewalls help limit inbound connections to trusted networks and block them from the Internet. Linux-based operating systems don't do this, so host firewalls are unnecessary. Host firewalls that try to stop outbound traffic are useless. They can easily be owned by malware, which means the computer is already untrustworthy. I wrote about this back in 2007 when we (I was at Microsoft then) updated the firewall for Vista. My advice then still stands.

* Host intrusion detection. Usually unnecessary on a home computer or laptop, unless you expect to travel to places where computer espionage is a problem (China and Russia come to mind -- I've detected intrusion attempts in these places).

* Anti-malware. Other than with the occasional rootkit, malware writers don't target desktop Linux. The user population is so small that attackers just don't care. They're lazy, and they want to do as little as possible for the largest reward. That's why they attack Windows and Android. Widely used platforms, often configured insecurely.

* Mandatory access control. SELinux and AppArmor are flavors of this kind of technology. While these are excellent tools for enforcing policies across collections of computers, such as in an enterprise, they are largely ineffective at helping achieve the goal of preventing a computer from being owned.

All that's to say -- you really don't need to do anything post-install to make your Kubuntu laptop "more secure." It already protects itself. I'd suggest uninstalling UFW and AppArmor, as they aren't appreciably reducing your attack surface anyway. Don't worry about extra tools like Tiger or Rkunter unless you're traveling to dodgy areas. File or drive encryption might be useful, but again, only if you expect to be in places where the likelihood of theft is high.

Do be careful about cross-platform attacks. Java and Flash are probably the most dangerous things you can put on a Linux box. If you don't need them, avoid them. And remember that even though you can still install the Flash binary, it no longer receives security updates, as Adobe discontinued the product.

I've spent a couple decades working in information security and firmly believe in the notion of just enough, not too much. The beauty of Linux is that just enough is the default.

I don't really like the idea of no firewall in an open network like my school has.. everyone has access, there's no real access control. no questions were asked when we walked out with about 40 desktop-PC's.. so anyone can bring any device in, to do damage to all network devices available.

might be my windows-mentality, but I prefer some security..
a few years back, Linux had a small group of users.. but the amount is growing, and linux is gaining more interest by virus-makers and those who want to do damage. just because people underestimate it.

I will leave my security as-is, since it should be sufficient. but removing everything, that's not really gonna happen

I think you misunderstand what a firewall does.

Let's say AlicePC wants to talk to BobServer. BobServer is running Apache HTTP server. Therefore, BobServer has created a listening socket on {bob_ip_address : port_80/tcp}. Apache "owns" that socket, and simply waits for incoming connections. Now, someone starts a browser on AlicePC and wants to go to BobServer. AlicePC creates a socket on {alice_ip_address : ephemeral_port}. The browser on AlicePC "owns" that socket and uses it to send traffic. When the browser session to BobServer is finished, AliicePC terminates the socket, and the ephemeral port that was attached to the browser is now unused and no longer connected to anything.

If the only thing listening on BobServer is Apache, then guess what -- no firewall is necessary for protecting BobServer. BobServer will flat out refuse any connections to ports other than 80/tcp, because there is no other listening service on BobServer. Firewalls become useful if you want to restrict the traffic. If, say, BobServer had many services, each listenging on different ports, and you wanted to allow folks on the LAN to talk to BobServer on all of them but only allow the Internet to talk to Apache, then you'd put a firewall in front of BobServer with a rule that allows only Internet traffic to reach {bob_ip_address : port_80/tcp}. Now you would be using a firewall, a technical control, to enforce a security policy.

Let's turn the discussion to clients.

You say you're worried about people bringing devices that might damage other devices. That's a problem if the other devices present attack surfaces that can be damaged. The thing to realize about Linux-based operating systems is that they don't present a useful attack surface by default. They don't randomly assign services to listening sockets that can be used to compromise the system. This means that there's nothing for a firewall to do.

Return to the earlier example. AlicePC is a Linux desktop and UFW is running. AlicePC, after boot, has no active sockets. Thus, no traffic will enter or leave her computer. UFW is doing nothing. Now the user at AlicePC starts a browser. The user visits a web site on BobServer. The browser creates a socket on {alice_ip_address : ephemeral_port} and uses that to make an outbound connection. UFW creates a rule that permits traffic to flow between {alice_ip_address : ephemeral_port} and {bob_ip_address : port_80/tcp}. Yay, exactly what we want. But how much security is UFW really adding? Answer: none. Say EvilPC is sniffing the wire. EvilPC can spoof traffic and create datagrams that appear to come from {bob_ip_address : port_80/tcp} and inject them into the session currently established between AlicePC and BobServer. UFW is powerless to prevent such an attack.

I certainly admire your desire to keep your computers safe. One important aspect of doing this is to understand how attacks occur and how defensive measures work, and whether they provide any utility. Because of the way Linux is designed most of the common methods you'd use to protect a Windows computer simply aren't required.

well, I certainly know how firewalls work, I got a dedicated system working here(at home), that's based off IP-tables(mainly for testing, learning, QoS and bandwith optimizing, but I also use it to block traffic I don;'t need but that's floating around on the network).
but yeah, at your second example, wouldn't be a check for MAC-address spoofing, in combination with Deep-Packet Inspection a solution?

and to be honest, you' re on of the first persons i've heard, who' s saying Linux doesn't need a firewall.
I was just reading around, and as it seems, UFW might be disabled, but IPtables is/are running by default(I keep learning in the process),

thanks for your explanation and time. and i think i will remove/disable UFW within a little bit although the AV is gonna stay(dual boot with windows.. so AV might be necessary)

kind regards,
Frank

It is very easy to parrot "security advice" because, well, more security is always better, right? So that's why you can find a plethora of articles telling you to do this-and-that-and-the-other-thing. Far less common is advice that encourages people to step back, think about risks and likelihoods, and then apply a proper set of compensating controls that don't go overboard. I'm definitely in the camp that insists on risk-based mitigations that have the earlier characteristic I mentioned: just enough, not too much.

People who claim Linux needs a firewall would appear not to understand how IP networking works. Firewalls block traffic that would otherwise flow. Traffic flows only when applications create sockets. If there are no sockets, then there's no need for a firewall. If the only exsiting sockets are those required for data transfer, the firewall would allow that anyway. I may put a firewall on a Linux box if I want to restrict which sockets can accept traffic from particular locations, as I described in my previous example. That's the only case in which it makes sense.

Now about your MAC address spoofing...how would you verify that it's happening? If EvilPC is sniffing the wire, MAC addresses are also visible. EvilPC can spoof MAC addresses, too.

There's really only one way to stop this kind of attack: per-flow, per-packet authentication. You get that with IPsec. Not, as it turns out, with 802.1X. I wrote about this, too.

Steve, I like your mantra of "just enough, not too much" - it reminds me somewhat of a similar mantra found in formal logic: "both necessary and sufficient".

So, you could say that on a typical Linux desktop PC that a firewall may be sufficient to enforce security, but (in the vast majority of cases) not necessary. Security measures that are sufficient but not necessary fall into the category of overkill, while measures that are necessary but insufficient fall into the category of 'false sense of security'.

And then you have Norton security products, which somehow manage to be overkill and less secure than you think, all at the same time...

I would argue along these lines: Is the compensating control necessary? If no, then don't implement it; no further evaluation is required. If yes, then is the compensating control sufficient? If yes, then stop; mitigation has been satisfied. If no, then find an additional compensating control.

Or in pseudo code:

If you implement something that isn't necessary, it doesn't matter whether that thing has any redeemable sufficiency: you've just implemented security theater. If you implement something that's necessary but isn't sufficient, you've left open a vulnerability that then creates exposure for attack.

The only thing that code doesn't address is the 'not too much' principle. For example, if I were to unplug the ethernet cable between my PC and my router, I would be 100% safe from all network attacks, but at the price of an unacceptable loss of functionality.

I guess the concept of necessity could inherently include that principle though, e.g. "It is necessary for me to do X, Y and Z on a public network without getting pwned". Then, the necessity check could be characterised as "Do I need this (or any) additional compensating control to achieve that?".

I was internalizing the notion of "start with things that are necessary, stop when you've reached a sufficient point." IOW, I was leaving out the major while loop

Of course, even if the above pseudo code is still not of necessary quality to express the notion, it's probably sufficient. LOL

I'm pretty sure that an air gap approach to network security would = 1 000% increase in productivity for me Though this probably doesn't apply to everybody.

On SteveRiley and HalationEffect's point, Fedora sometimes gets so carried away with strict default security measures that it actually can get in the way of you using your system. I once tried to configure a Fedora Apache test server and after two hours gave up because some SELinux thing was thwarting me.

This should work.



(from the Sourcefire computer security calendar)

= = =

Of similar interest, you might enjoy reading about Marcus Ranum's Ultimate Firewall. Marcus, along with Bruce Schneier, have strongly informed my own thinking about matters such as these.

I agree with most of what's been said here, the way most people set up firewalls is rather redundant, with this I mean using a firewall to block traffic to ports that aren't listening (redundant) and allowing all traffic to services that are listening (you normally want to allow at least some traffic to listening services to actually use them, but a firewall that allows all traffic doesn't protect the services at all).

Still, firewall can be used to blanket protect from user ignorance. It's fairly easy in linux to install services that will listen to outside connections without really knowing what these services do or how to configure them securely ("I'll install an ssh server because that sounds cool...and then forget about it").