Linux is generally considered a secure system, which is one of the main reasons someone might choose it as their default work environment. Here are a few tips on how you can further secure your Linux system.

When people mention Linux as a secure system, a common argument is that it is less targeted by malware and other attacks compared to Windows. However, Linux security extends beyond that.

First, Linux uses a trustless model and enforces strict privilege rules for its users, even separating administrator and user credentials. For example, as a user, you can set two passwords: one for general use and another for root user mode to handle encrypted data, software installation, and system setups.

Additionally, Linux is an open-source product, which means it undergoes extensive scrutiny. Linux systems are heavily used in networking, so they come with robust security features for safe network operation. Linux is also diverse in its distributions, making it more challenging for malware to spread widely across networks. Moreover, Linux is regularly updated and patched to stay current with security developments.

Despite these strengths, there is one vulnerability that persists in Linux: the user. New Linux users should be cautious and not take everything at face value. Even if you chose Linux for its security, it’s important to follow best practices to ensure comprehensive protection. Here are some recommendations:

Secure the UEFI or BIOS

Setting a UEFI/BIOS password secures your system in several ways. It locks access to drives and boot options. Why is this important?

Imagine an attacker exploits the fact that your UEFI/BIOS is not password-protected. They could boot into your UEFI/BIOS settings and set the default boot option to a USB drive with a live Linux version. Once booted from the USB, they could open a terminal, locate your partition, mount it, and use chroot to change your passwords.

Here’s how an attacker could do it:

#show partitions and disks
fdisk -l 

#mount Linux partition
mount /dev/nvme0j1p3 /mnt


#get access to your system
chroot /mnt


#change your password
passwd

With an unsecured UEFI/BIOS, an attacker could easily lock you out of your system, gain control, and potentially access sensitive information.

Encryption of Disks

When installing Linux, you can opt for full disk encryption or use encryption tools post-installation to secure your files. This prevents an attacker from accessing your data even if they steal your files, as they would need to break the encryption first, which is typically very difficult.

Downsides of encryption include the need to enter a password whenever you access encrypted data. Additionally, if you forget your system password, you may not be able to recover access using chroot.

Use Firewall and Manage SSH

The firewall on Linux should be enabled by default, but you can ensure it is configured properly:

sudo ufw enable
sudo ufw allow ssh
sudo ufw deny 80/tcp

If you don’t need SSH, you can deny access through the firewall or completely disable the SSH service from starting at boot:
 

sudo systemctl disable ssh

Use Two-Factor Authentication (2FA)

For enhanced security, consider using Two-Factor Authentication (2FA). This adds an additional layer of security, making it more difficult for attackers to gain access. You can install a 2FA authenticator on your Linux system:

sudo apt install libpam-google-authenticator

Worth Mentioning Tools

Fail2Ban: This tool reads log files to detect repeated failed login attempts from IP addresses and then blocks those IPs, preventing further brute-force attacks.

ClamAV: An antivirus tool designed to detect malware and viruses.

AppArmor: A security module that allows you to set rules defining what privileges different applications have on your system.

There are other tools available, but for new users, this article combined with regular system updates provides a solid security foundation.

Stay connected.

Contributtion:

Photo by RealToughCandy.com: https://www.pexels.com/photo/linux-tux-penguin-mascot-cutout-lying-on-a-tray-with-ice-cubes-11034131/