Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Keyaedisa's Beginner's Security 101
#1
Brick 
Welcome.

In this post I will be discussing some basics when it comes to security both on a Linux machine and in general in some cases. I will try to keep it simple as this is for the beginners. Should this post be found to be useful enough, I will consider writing another one about some more in depth and hardcore methods.

I nor XeroLinux or any member of XeroLinux are responsible for anything you do to your system. If you decide to enact any of these measures, you are proceeding at your own risk.

First and foremost let us begin with the basics. There are two things you can do when installing a new distro to get you started on the right path. These are:
  • Encrypting your drive
  • Setting a unique password for your root account that is not used with any other account

Encryption
When encrypting your drive there are some things to remember and too consider. Depending on what you use to encrypt your drive, typically what is bundled with your distro's installer will provide you the option to make a key or generate one. It is important you do not forget or lose this key. Xero provides encryption through Calamares. Consider enabling encryption on your next install. Sometimes when encrypting your drive you may be asked to enter a password on every boot. This will most likely be different than your actual key you would use to decrypt the data. Do this research on your own. The main benefit of this is that as long as no one has the password to boot the drive and then also to login (these should ideally be two different passwords. If you want to get crazy you can even use things such as pictures, biometric sensors, or hard keys), there will be effectively no way for them to access any data on the drive no matter what fancy methods they may try. It is important you set up your encryption properly to ensure this. You can even separate different parts of your filesystem and encrypt them individually and then set them up to talk to each other so that in the 1 in a million chance someone breaks one partition, they would have to repeat the process for any other partitions. You can even go as far as encrypting your boot partition. However that is not for beginners.

Unique Root Password
This is pretty straight forward. Your root password should be unique to the root account and to the root account only. You can opt for a standard password (a randomized 12-15 character pass is a good start), or you can go crazy and use things like a hard key, bio-auth, pictures, or specialized files. That is beyond the scope of this post.

Additional Measures
After installing your system there are several things you can do to work towards a more secure environment. I will provide only a bullet point list and no explanation as these are beyond the scope of this post.
  • Firewall
  • Sandboxing
  • Using a VPN
  • Setting TOR as your default gateway but allowing each process it's own route
  • Tunneling through TOR with a VPN (this is good because it hides the fact you are using TOR from your ISP alongside added security)
  • Practicing general safety measures to protect yourself from Social Engineering attacks. This I will expand upon
General Safety Measures
These steps are intended to protect you from Social Engineering type attacks.
  • Never, and I mean NEVER! click unknown links.
  • Use anonymous accounts wherever you can. There are varying degrees of anonymity depending on who you are trying to hide from. I will not get into this here but for now: A barebones entry level Anon account (to hide from the average individual) will not have been registered with any email you have used for any other service. Nor will it have your real birth-date, name, address and location, or any other information, personal or not, that can be tied to you, used to setup the account nor posted in any way. This account should appear to be a complete stranger even to yourself. Perhaps even switch up the way you talk. Again, depends on who you are trying to hide from.
  • Set a unique password for each account of any service that you use. No two accounts should have the same password. 12-15 character minimum and should be randomized. Do not use a password manager. Write down all your passwords and logins on a piece of paper and store it somewhere safe. Create several handwritten copies of this and store them in different places if you are the type who loses things.
  • Never set up auto login. Your passwords will be long and hard to remember at first if you created them using my minimum criteria (12-15 character minimum and randomized). However, after typing them over and over (and making an actual effort to recall them from memory as best you can), you will come to remember them. They will be burned into your brain. You will be impressed with yourself. As you should.
  • Do not engage in private conversations with complete strangers. Whether over the phone or via message through a social media or internet service. These could be someone trying to string you along for a Social Engineering attack. These are almost always a part of a grander scheme.
  • When engaging in conversation on your anon accounts. Do not reveal any information about yourself whatsoever. Nothing.

How To Limit Invasion of Your Privacy
Below are steps you can use to limit the data collected on you by internet services. This is different than protecting yourself from potential attackers. You are protecting yourself from data miners. You should care about this. Everyone should care about this.
  • De-Google your life immediately. This means delete all Google accounts registered to you. Before doing so make sure to tell them to delete all data they have collected on you. Delete Google Chrome and use a browser like Firefox instead. Or Tor if you are really living like that. Replace all your emails with something like Proton. These emails should be anonymized. They should not be able to be traced back to you through anything other than IP used to create them. You can get around this but that is beyond the scope of this post. Use these anonymized accounts to interact with Google and other services on a need only basis. If you want to go full fuck you to Google you can live on a VPN or on a VPN tunneling through Tor, and only interact with their services using anonymous accounts created on a VPN or VPN tunneling through Tor. Again, beyond the scope of this post.
  • Use private mode only in your browser. Firefox allows you to set varying levels of data mine blocking. Tor takes it to another level. Use Tor when possible, but if you find that it is to slow for you try a different bridge or just use Firefox with the highest settings to block data collectors and other unsavory privacy invaders.
  • Live on VPN or VPN tunneling through Tor. You can even go as far as to setup your router to do this for you so every device connected to it is automatically protected. This is advanced stuff and beyond the scope of this post but I felt it worth mentioning as this is a very good way to protect yourself. Can even be used to block ads for your entire network.
  • Use a VPN on your mobile device. Good VPN's cost money. Consider investing in one or hosting your own. Make sure that the provider has a NO LOG policy. Take this a step further and just simply do not use any internet service on your mobile device. They are even tracking you through the apps you use. Even game apps. This is real tin foil hat stuff as the majority of people have already become accustomed to the convenience a smart phone offers, but if you care as much as I do. It's worth considering.
  • Delete Facebook. Do it now. Do it immediately. Before deleting tell Facebook to delete all your data. They won't but will act like they did, but better safe than sorry. Perhaps open yourself to legal revenge on them if need be. Zuck is a data demon. Think succubus, but instead of feeding on your perverted thoughts he feeds on every single piece of information he can squeeze out of you.
  • Use only anonymized accounts and in each service you use manually deny them as much information as possible through each service's settings. This includes personalized ads. Multi-app tracking. Location tracking. Contacts. Photos. Camera and microphone permissions. Etc etc. Enable and disable select permissions on a need only basis. This includes your mobile devices and computers. There is no reason that either of these devices need to know your location at all times or have access to any of the aforementioned peripherals. Most will stick track you anyways but this makes it harder.
This is only scratching the surface of things you can do. However this post has gone on long enough.

Wrap Up
Security and privacy is not an easy game as you can see by this post and how annoyingly difficult or inconvenient most of these entry level choices are. This is by design. Our digital rights have been stolen from us and the only way we can get them back is by getting involved where we can. Preferably politically if you live in a country that won't violate your rights for standing up for yourself, but at minimum by sticking it to corporations who live off your data and attackers. Make their life harder because the invasion of your privacy is an abominable act that everyone should be furious about. The more people that protect themselves, the easier it will become for everyone to protect themselves. Fight this fight, I promise it is worth it. Also, enjoy XeroLinux. It was crafted with love. Should this post receive adequate attention and support I will consider diving into more advanced matters. Consider reading and familiarizing yourself with the Arch Security recommendations if you want to harden your system manually. There is a treasure trove of information there. Arch Wiki Security. Good luck on your travels. -Keyaedisa
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)