Image: Richard McManus/Getty Images.
Everyone knows: Linux is much more secure than Windows. From the start, it was designed to be highly secure.
By installing a Linux distribution, you already benefit from increased security for your use and your data. However, don’t be complacent: if a device is connected to a network, it is vulnerable.
Here are some simple tips to follow, even if you are a novice, to strengthen your security on Linux. I promise, you won’t have to edit init scripts, run commands iptables complicated or to install software like fail2ban. Rather, it is about behaviors to adopt to avoid malware, ransomware and other cyberattacks.
If you are a Linux administrator, you can also share these tips with those who use it on a daily basis.
1. Update regularly
Regardless of the operating system, this tip is always among the first to follow. However, many people are still unaware of this.
Indeed, updates do not only bring new features or visual innovations. They mainly contain security patches to correct the vulnerabilities that have been discovered. For my part, I check for updates daily, and install them as soon as they are available. Sometimes they are minor, but other times they fix critical Common Vulnerabilities and Exposures (CVE) security vulnerabilities.
Whatever your Linux distribution, check regularly (if you can, daily, otherwise weekly) if updates are available and apply them. At the end of the process, you may need to restart your computer.
2. Don’t install apps from unknown sources
As with Android, the best thing to do when it comes to security is to only install apps from the built-in package managers. Whether your system uses apt, dnf, snap, flatpak, pacman or zypper, it is highly recommended to only install applications using these methods. Of course, this deprives you of many applications. But when it comes to software installation, the motto is “better safe than sorry”.
Still, if you find an app you really want to install that isn’t in the standard repositories, check to see if it’s available as a Snap or Flatpak package. If so, install it using one of these methods. If not and you seriously need one, do some research to verify that the repository in question is trustworthy.
Installing a single malicious application can compromise an entire system. Caution is required to prevent this situation which could prove catastrophic.
3. Use a secure password
You might be thinking that this is your desktop, not a server. This is true, but it is not a reason to use a user password like password Or 12345678.
When setting your password, keep two things in mind: the risk of attacks on your network and prying eyes. On your desktop computer, the most likely threat is still someone logging into your session and accessing your data. But that doesn’t mean it can’t be just as vulnerable to intrusion by a cybercriminal who has infiltrated your network.
This is why the use of a secure, one-time password is essential. Keep in mind that this password is not just used to log in: it is also necessary to launch updates, install applications and perform admin tasks.
4. Don’t use Chrome
Most Linux distributions offer Firefox or Chromium by default for accessing the internet. And while Chrome, the most used web browser on the planet, can easily be installed on your OS, note that it is among the least secure browsers.
To help you make your choice, you can consult our selection of the most secure browsers. There you will find Brave, Firefox, Tor, DuckDuckGo and Mullvad, but of course Chrome is not there.
If you still don’t know which to choose for Linux, I recommend Firefox or Tor.
5. Enable your firewall
Some Linux distributions come without the firewall enabled. For example, on most Ubuntu-based ones, the UFW firewall is not enabled by default. Moreover, most of them do not offer a graphical interface for the firewall either.
If you don’t want to have to run any commands (although to enable UFW just run the command line sudo ufw enable), you can use gufw GUI application. The latter can be installed from your distribution’s application store. Once you have installed it, you can activate the firewall by placing the slider on the position We.
Gufw is one of the easiest to use firewall GUIs. Image: Jack Wallen/ZDNET.
Once you enable the firewall, you can launch any service (like SSH or Samba) that you need to allow without having to issue any commands (like sudo ufw allow ssh).
6. Never log in as root
The root profile is disabled on Ubuntu distributions. However, it is possible on other distributions (notably Debian and Fedora) to easily log in as root user in order to be able to do everything without having to worry about sudo.
However, using this profile is not recommended. As a root user, you have super-privileged access and, if someone breaks into your system, that person will also have unlimited access to all the services, applications and data you have. stored.
So my advice is to NEVER log in as root. Always use sudo for admin tasks so as not to expose your system to potentially serious attacks.
7. Fully encrypt your drive
If you have installed Linux on your machine yourself and your distribution offers Full Disk Encryption (FDE), you should use it.
Why choose this solution? Suppose someone steals your laptop. If your drive is not encrypted, the person who took over your device can remove the drive, mount it on another machine (to avoid having to enter the user password), and take away the data that it contains. If, on the other hand, you have enabled full disk encryption, the person in possession of your computer will not be able to access your disk unless they know the encryption password.
Of course, it is impossible to guarantee 100% that no one will be able to get hold of your data. After all, as the old saying goes: “where there is a will, there is a way.” But with this feature enabled, you’re making it much more difficult for those who try.
Source: ZDNet.com