Here are the security measures I use on my Linux machines:
* Have a back-up plan so that you can restore your computer after
a problem (not limited to finding malware, but more likely problems
such as a failed disk/SSD)
* Firewall that allows incoming connections only on specific
whitelisted TCP ports (and all outgoing traffic)
* For me, one of those ports is ssh, so strong passwords on all
accounts. Other ssh hardening options include allowing only a
restricted list of users to ssh, and requiring the use of ssh public
key authentication. (man sshd_config)
* Keep packages up to date with security updates, particularly the web
browser
* Browser:
- stay up to date (I use release channel from http://mozilla.debian.net/)
- Use ad blocking software (I favor ublock0, choose your own filter
preferences)
- Set flash plugins to not play by default
- consider a browser add-on that can enable/disable javascript per
site (this helps more with web nuisances like pop-up "sign up for
our mailing list" than with avoiding malware installation)
- If you're on a system that is out of support, don't browse the web
on it
* E-mail:
- Use aggressive spam filtering
- disable any functionality to auto-show attachments, auto-load
remote images, etc
- use a text-mode e-mail client for extra geek cred
- If you're on a system that is out of support, don't read e-mail
on it
* Don't allow untrusted machines on the local network / WIFI
- Some WIFI access points can create multiple separate networks, so
you can have a trusted wifi + ethernet and an un-trusted wifi
I don't think any of the common web or e-mail threats have payloads that
work on Linux anyway. But if you have an open ssh port and your root
password is "root", you will end up with unwanted software installed,
such as an IRC server to control somebody's botnet...
Jeff
------------------------------------------------------------------------------
_______________________________________________
Emc-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/emc-users
