Security is a very broad, potentially daunting subject to a new Linux users in Debian and Ubuntu. If you think that anyone can boil security down to a list of 7 things. So we didn't even try. Instead, our goal is to present a listing of the most basic security concepts that can be fairly easily implemented while you learn. This guide was inspired and written by several new users of Ubuntu who were very interested in learning how to hack around their brand new Ubuntu operating systems. We were lucky enough to have some security professionals collaborate with us. But we still don't claim that we will reduce your risk to zero. We are presenting a pragmatic approach to security.
Linux Vulnerabilities Myths and Reality
The majority of new users are coming from Windows environments, where security focuses mostly on anti-virus software. To understand security on Linux distributions like Debian and Ubuntu, you must shift your thinking from this point of view. In the following points, we're going to analyze what threats actually effect you as a a new Linux user of Debian and Ubuntu user.
Myth: If I install an anti-virus program I'll be fine.
Reality: At the time of writing, there are no known viruses on the big bad web designed to target Linux. A few targeting Windows can execute in a manner that could allow compromise of a Linux system via an interpreter layer like Wine. Very few people recommend existing anti-virus software for Linux machines, in part because there are few decent free anti-malware solutions available. Enterprise class solutions are good, but the consumer-grade products aren't on par with their Windows counterparts enough to warrant their use. Moreover, if you focus entirely on viruses then you are ignoring the vast majority of real threats to your Ubuntu machine.
Myth: Security through obscurity keeps me safe.
Reality: It's a favoured argument from Linux supporters, but Linux/Ubuntu is not that obscure to “crackers”. They may be obscure to you or your friends, however, there are many who know how to exploit Linux vulnerabilities just as easy as Windows, Mac OSX, Solaris, AIX, or any other operating system's vulnerabilities. The best defence is knowledge and preparation. Relying on an “obscure” operating system to hide behind is NOT a good strategy.
Myth: I can browse however I want to because malware on the web is mostly designed for Windows.
Reality: While the majority of malware does target Windows, this statement overlooks the fact that an entire spectrum of web based attack vectors exist that work on any operating system. Cross Site Scripting, Cross Site Request Forgery, Click-Jacking, Session Riding, and many other methods can be used to exploit weaknesses in a relationship of trust between you and a website, or a website and you, regardless of your operating system. For things like this we have browser add-ons which will be discussed in the browser security section.
Myth: I don't need to use fancy browser add-ons when using public access wifi because I use Ubuntu.
Reality: An absurd statement. Most attacks carried out on public wifi include several varieties of man in the middle attacks. If you want to utilize public wifi, it is highly discouraged to do anything more than trivial in nature with it unless you are an advanced user and you know how to set up a virtual private network (VPN), a VPN via Secure Shell (SSH), or use Secure Sockets Layer (SSL) in conjunction with SSLstrip.
Myth: I don't need a firewall because Ubuntu has no open ports by default.
Reality: This is a matter of risk tolerance. Added protection, particularly that which takes only a few minutes to set up, is always worth it. Firewalls are discussed in more depth later in this document.
Myth: Windows malware can not compromise Ubuntu.
Reality: Ubuntu CAN be compromised by Windows malware if you're using Wine. This is not to say that Windows malware can infect a Linux system directly, however it CAN, if targeted properly, utilize the Wine interpreter to send system calls to the Linux kernel. This is a very rare case, and it is highly unlikely that it would occur as it would be a very targeted attack. But for completeness sake we should mention that it CAN happen.
Myth: Ubuntu is harder to exploit than Windows, Mac OSX, whatever else - and it's targeted less than those other operating systems as well.
Reality: The process of discovering a vulnerability and exploiting it is pretty much the same across the board, regardless of operating system.
These are just some common myths associated with Linux distros like Debian, Ubuntu and security. This list is not comprehensive, but it covers the largest misconceptions held by new users. This does not mean that Ubuntu is inherently insecure, or is less secure than previous versions, or is more/less secure than any other operating system. It is just an effort to dispel common myths and get the reader (you) thinking in a positive direction toward improving their system's security posture. If you follow the steps in this Wiki, you will have a decent defense built to protect your machine from viruses as well as the other more pressing threats out there.