Windows 10 and macOS have a bad reputation when it comes to customer privacy and user policies. In addition, our steady stream of Windows 10 and macOS articles can hack to make it look like a reasonably secure operating system does not exist. But I am here to tell you that there is a viable alternative that could offer some sense of security and trust.
There are quite a few notable Linux distributions with excellent development records and supporting communities to choose from. Just to name a few, there are Manjaro, BlackArch, Parrot Security OS and Kali, but I decided to use Ubuntu for several reasons:
- Ubuntu has a strong support community . This is the main reason for choosing Ubuntu over other popular Linux distributions. Compared to others, Ubuntu has a large support community that can be found on Ask Ubuntu, UbuntuForums and on many IRC channels. My experience is that these communities are very open to questions from beginners and ensure that users moving from a Windows 1
- No bloatware . Unlike Windows 10 and macOS, the Ubuntu installer only provides essential software. This means abandoning ridiculous games, commercial products, and pre-installed software that wastes RAM and CPU resources.
- Installing Kali tools is easy . Thanks to the Katoolin project, it is possible to quickly install hacking tools on Ubuntu that can be found in Kali Linux. I don't necessarily advise users to install such tools on a Ubuntu machine, but I think Null Byte readers will appreciate this.
- Low system requirements . The Ubuntu developers only recommend 2 GB of system memory (RAM) to run the operating system (OS). I was able to perform it comfortably with only 1 GB of RAM and lightweight distributions such as Xubuntu at only 512 MB. I have lost count of the number of old computers that Ubuntu has brought back to life thanks to the ability to work smoothly on old hardware.
Now, when you set up a Ubuntu system for the first time, there are a few security considerations. After the initial installation, there will be some tasks that you also want to perform for a more secure system, but we will cover them in future parts of this mini series.
Generally, this series is somewhat aimed at Windows 10 users interested in the transition to Ubuntu, so I start building the operating system from the time of installation. Readers who have already installed Ubuntu can proceed to later parts in the series if they are available.
Disclaimer: these articles are not intended as an ultimate hardening guide or preventative guideline for defense against government actors or well-funded agencies. These are just a few simple things that Ubuntu users can do to improve their defense against physical attacks and while working on public Wi-Fi networks.
To properly protect Ubuntu from physical attacks, Ubuntu must be hardened from the ground up during installation. First download the latest Ubuntu ISO, verify the ISO and create a Live USB. I recommend Etcher, a platform-independent live USB maker.
Place your USB flash drive in your computer, select "Select image" in Etcher and then choose the Ubuntu IOS that you downloaded. Then select "Connect a disk" or only "Select disk" and choose your USB stick. Click on "Flash!" and wait until it is ready.
Step 2: booting into the Ubuntu Live USB
On the computer you are installing Ubuntu starts up from your new Live USB.
The key required to boot into the Live USB depends on the manufacturer of your computer. Many OEMs use F12 such as Dell and Lenovo. ASUS uses the Esc key. Consult your OEM's online documentation if in doubt. You can also simply start your computer normally to see what it is; After they are first started, many computers display the shortcut to the startup menu.
Select your Ubuntu Live USB drive if necessary and then select "Install Ubuntu" or similar to start the installation process.  Step 3: Minimize the attack surface.
Use the "Minimum installation" option in the installation program. This does not help with physical attacks, but it can only be done during the initial installation process. By minimizing the number of installed packages, you prevent Ubuntu from loading unnecessary applications. If it is discovered tomorrow that Transmission, a popular torrenting application or Thunderbird, a popular email client, is vulnerable to a new exploit, your system will be completely unaffected.
The minimal installation will reduce the attack area for applications that can be discovered to contain vulnerabilities in the future. Third-party applications and commercial software can always be installed at a later time if needed.
Step 4: Defending Against Hard Drive Forensics
There is an ongoing battle between security and convenience . Securing something is making access uncomfortable. Conversely, something is easily accessible, making it unsafe.
Do not think that there is nothing worth protecting on your hard drive – never underestimate your value for hackers. You may not leave sensitive files in your Documents folder or attack photos in your image library, but web browser cookies where you are logged into a website can still be extracted. Files and photos that have been "removed" from the trash can still be dug up and brought back to life during forensic attacks.
If you want to enable encryption during installation, you must enter a password to unlock the hard disk with every boot and load the operating system. Many of you will undoubtedly find this uncomfortable. However, encrypting the hard drive protects your data in the event that an attacker physically removes the drive forensically. It also protects against single-user mode attacks, turning on the device with a privileged boot mode.
Ubuntu & # 39; s default encryption settings actually offer a high level of protection against password-guessing brute-force attacks. However, the use of a complex password sentence of more than 16 characters is still recommended.
Step 5: Defending Against Sudo Abuse
After If you select "Install Now", the "Who Are You" ? " screen. Yes, this means a different password to remember. This password is used to log in to the newly created user account (the & # 39; Your Name & # 39; section) when the computer is woken from sleep or hibernation and when sudo is used to perform privileged assignments.  As someone who uses sudo a lot, I fully understand how difficult it can be to type a complex password several times a day. However, it is also important to set a strong password here . Someone with physical access to an unlocked operating system may be able to guess a weak password and execute a nasty command with increased privileges.
Step 6: Defend Against USB Rubber Ducky Attacks
Ubuntu Operating Systems are just as vulnerable to USB Rubber as standard Ducky attacks like Windows 10 or macOS. Such attacks can be prevented by disabling Ubuntu's ability to fully accept input from USB mice and keyboards. For desktop users, this may not be a realistic option. Laptop users who never use external keyboards, on the other hand, can appreciate such a change.
Use the command below to disable external mice and keyboard input. USB mass storage devices may still connect to the operating system.
sudo echo & # 39; blacklist usbhid & # 39;> /etc/modprobe.d/usbhid.conf cialis19659037 command to update the boot configuration. Restart for the changes to take effect.
sudo update-initramfs -u -k $ (uname -r) update-initramfs: generating /boot/initrd.img-4.15.0-23-generic cialis19659039 extensionsNext Up: Network Attack Defense
Following the above steps should provide a reasonable degree of defense against physical attacks. In the hardening sections after the installation of this series, we will talk about best practices for network security, application hardening, and auditing tools that can be used to address virtually any operating system weakness. Click on the link below to go directly to the next section about defense against a network attack.