It’s normal to hear Linux users brag about security and sometimes tease Windows users. Some Linux users have this perception that security is assured simply by running Linux as well as configuring a Linux VPN. According to the Berkeley Linux Users Group, several enterprises have started switching to Linux mainly because of the security challenges and attacks they’ve experienced over the years.
Attackers are getting smarter by the day, developing new tricks due to which operating systems like Windows 10 and Windows Server 2016 are severely affected. However, moving to Linux doesn’t necessarily mean you’re entirely shielded from these attacks.
Last week, Hackread published a detailed report on EvilGnomes, a Linux malware caught targeting desktop users by recording their conversations and stealing their data. The good news is that there are some steps which can be taken to secure your Linux device.
If you are a beginner when it comes to Linux and want to take your security to the next level, fret not as we have got you covered. Here, we’ll discuss simple yet effective ways to improve the security of your Linux OS:
Use Full Disk Encryption
No matter what Linux distro you use, we highly advise that you encrypt your hard disk. Setting up User Account Control (UAC) doesn’t secure your files, after all. If you don’t encrypt your hard disk, anyone can access your files by merely booting another Linux OS from a USB stick.
FDE encryption makes access to your data impossible to unauthorized users. However, when choosing the FDE password, make sure you pick a secure one. On distros like Ubuntu, for example, you can encrypt your hard disc during the installation by checking the “Encrypt the new Ubuntu installation for Security” box.
Keep Up With Software Updates
Linux developers release software updates from time to time. By keeping up to date with them, the OS becomes less prone to attacks as there are no loopholes left for the bad guys to exploit. Most Linux distros make it easy to stay updated with software updates. Ubuntu, by default, has security updates set to install automatically.
This can be adjusted in Software & Updates. All you have to do is check the Important Security Updates box. You can also choose how often you want to check for updates automatically, among other things.
Restrict Root Access
On Linux, admin tasks are isolated from user tasks. Most Linux distros will require you to log in as a desktop-user at boot time. This is an excellent approach to separate user actions from root (superuser) actions.
To act as a superuser, Linux would request a password just to ensure you are authorized for the activity you are about to carry out. When all of an operating system’s components wind together, it becomes much easier to introduce malware from your email provider to your system files.
Unlike Windows accounts, Linux user accounts normally do not have root access, which is required to make significant changes to the system. If malware gets into the system, then there is no way to spread without that access. To restrict root access and also customize access privileges, go to System > Administration > Users and Groups.
Use a VPN
You have set up full disk encryption for the files on your Linux system, but what about the data you’re transmitting over the web? It’s unencrypted and sent in the open, which means anyone can intercept and steal your private information.
By using a reliable VPN, you can browse safely and privately as your traffic is routed through an encrypted link between you and the vulnerable Internet. If anyone is sitting in the middle, trying to listen in on your communications, they’re only going to get garbled data of no use to them.
Enable Linux Firewall
Similar to using a VPN, configuring a firewall is a crucial security measure. Leaving your firewall disabled is not a good practice as you might fall victim to unauthorized intrusions. Linux, being a robust and secure OS, has a firewall component called IP tables that gives you a powerful way to manage all network traffic.
Ubuntu, as well as other distros, come with a front-end program that simplifies setting up IP tables, called Graphical Uncomplicated Firewall (GUFW). It is disabled by default. To enable the firewall, type the following in the terminal:
$ sudo apt-get install guf
This will install the GUFW. After installation, launch it by typing:
Wrapping Things Up
And that’s about it! Put the aforementioned measures to practice, and improve the security of your Linux OS by leaps and bounds.