There are several things we can do to better enhance our security. We will discuss software as well as behaviors that can make us safer. This post consists of notes used and presented during my University Of Advancing Technology talk. This post was intended for individuals to follow along with.
Anti-Virus in Linux? Yes! We should consider using AV even if we are using Linux. ClamAV is an excellent choice. Being able to scan files for infection is important because we do not live in a world where we can completely ignore other operating systems.
$ sudo pacman -S clamav $ sudo freshclam $ sudo systemctl start clamav-daemon.service $ sudo systemctl enable clamav-daemon.service $ yaourt -S clamav-unofficial-sigs
Find a good VPN service and use it. Just remember your threat profile and assume your VPN is being monitored.
Pick one from the list or find one you like. Later you may decide to deploy your own.
Tor, I2P, Freenet
Tor may be necessary depending on your threat profile and what you are try to accomplish. Freenet and I2P may also be viable alternatives depending on your needs.
Use the tool ArpON to defend yourself from ARP spoofing/poisoning attacks. This is useful for those folks who travel and may find themselves on foreign networks with many untrusted users.
$ yaourt -S arpon-ng
Setup will vary for the type of network you plan to be a participant on.
Firewalls & UFW
A firewall can and should be used at home and is of particular importance when using a laptop on foreign networks. UFW is easy to use and setup. A good example of installation and configuration for home use is below.
$ yaourt -S ufw $ sudo systemctl start ufw.service $ sudo systemctl enable ufw.service $ sudo ufw default deny incoming $ sudo ufw default allow outgoing $ sudo ufw allow ssh $ sudo ufw enable
You can learn more here about UFW.
Firejail is an excellent tool for sandboxing applications like your web browser.
$ yaourt -S firejail
You can then run
firejail chromium and this will use the default settings for
sandboxing your browser application. There exist many default profiles for well
known applications. You can also build your own profiles. This is a must have.
A Mandatory Access Control system goes far beyond the normal Discretionary Access Control system provided by Linux. AppArmor has excellent default profiles for many applications and is relatively simple to setup depending on your choice of distribution. I am of the opinion that the simplicity of AppArmor in combination with Firejail is superior to SELinux and provides excellent coverage against most issues you might run into.
Learn more about AppArmor at the Arch Wiki.
Learn how to encrypt and sign data and messages. GnuPG is an excellent tool for this use.
$ # Generate a Key $ gpg --gen-key $ # Generate a revocation Cert $ # Make One For Several Eventualities $ gpg --output ~/revocation.crt --gen-revoke email@example.com # Make it inaccessible to others $ chmod 600 ~/revocation.crt
Check out the OpenNIC project. Your DNS is a weak link. Learn to use an alternative from the one issued to you through your provider.
You can combine this with DNSCrypt.
You can diagnose DNS issues with dnsdiag.
Pick one. There are tons. You should be using two factor authentication and strong passwords every where.
GNUzilla and IceCat
The internet provides many ways by which we can reduce our safety, privacy, and security. Some of the options above can be used to help claw back some of your digital rights. You as a user are responsible for your own destiny. You can defend yourself by adding basic software and securing focused practices to your life style.