Ubuntu online security for younger person.

I have installed Ububtu 12.x on a mini laptop I want to give to my granddaughter (12) but want to ensure I have done my best to ensure the right precautions in place to protect against attack on any front. I know of course that it is essential to brief the peron on sensible use. Any advice on ensuring a safe internet experience would be appreciated. I expect her to use Firefox but other browsers may be better.

Thanks.

 

A URL or DNS filter perhaps? For phishing/malware sites.

 

A URL or DNS filter perhaps? For phishing/scam sites.

 

I would recommend Dansguardian or similar programs to filter out inappropriate internet content. Rules of the Internet, #34 stands as the single best reason to use it. In general proxies are not a lot of fun to administer, but IMO it would be worthwhile.

She's a kid, so she's probably going to want games that use Flash and Java. That sucks from a security perspective, so I would recommend enabling apparmor to minimize the damage. Our very own HungryMan has written apparmor profiles for every program under the sun, including the Java plugin . Enabling apparmor will also protect her a bit from clicking on potentially malicious links.

I would also concentrate on security measures that don't rely on the user's input at all. That would eliminate AdBlock Plus and NoScripts.

-tell her to use the Software Center to install stuff.
-Set her Firefox browser to "tell websites I do not want to be tracked", never remember history, never remember passwords, don't use hardware acceleration.
-set ufw firewall to deny all incoming, allow all outgoing. That will give her the most firewall security with the highest usability & without breaking anything. That will also help when she's on public wifi.
-set Ubuntu to install updates automatically and without the user's interaction. This requires some setup by you on the front end.
-you may consider giving her a user account that cannot use sudo- or maybe give the sudo password to her parents instead of to her. But I wouldn't recommend that she use the Guest account as it isn't persistent and anything she creates (like school papers) will evaporate upon restart/logoff.

 

You may look at Chrome as it comes pre-installed with Flash. Make sure to set Chrome to auto-update and it will also auto-update Flash.

 

Best solution is put norton DNS or open DNS with child filter its pretty safe

but you also need to make sure that you teach you child not to download anything illegal from net like mp3 songs ....etc

because child dont know so education is best only solution


last time i heard a horrific story and poor kid in norway charge because of downloading some tunes and she didnt now even its illegal

best way is make 8-12 sites at speed dial which your grandaughter use in chrome or firefox and make sure she use only them then increase her sites data base it will cut her off from 80-90% risk because she only go to these sites only.

 

Yes, and the recommendations on that site are actually not sufficient if configuration files are updated/modified. In order to automate such cases additional measures are necessary.

 

Interesting tlu, thanks. What a pain- it's almost like Ubuntu doesn't want people to automatically update....

 

Well, not all users want their config files being automatically overwritten. They want full control of what's happening on their system. Besides, it's difficult to distinguish between different config files. For example, a couple of days ago several Apparmor profiles were updated (fixing this bug) - replacing the old files definitely made sense in that case. But I doubt that automatically overwriting, e.g., your individual grub configuration file would have been acceptable for you

 

@tlu- oh that would irk me totally to have grub re-written without my consent. I spent a LONG time getting grub configured properly with my triple-boot system!


@happyhacker: Other things I thought of that you may consider with the 12-year-old's tablet:

If her parents' router allows you to restrict services by port & by schedule, I recommend restricting ports 80 and 443 from bedtime to morning. That will prevent her from surfing the net & texting/skyping/facetiming friends into the wee hours of the morning.

The way I accomplished that on my router was to reserve IPs for the kids' devices, then restrict access to ports 80 and 443 for those IPs.

 

@OP
Chrome would be a really good starting point. It installs its own ppa so it (and flash) are always updated. You can go a step further then and disable or remove the distro supplied flash from Firefox or the whole system. Apparmor on Java, OpenDNS or Norton...I think the most difficult thing for you would be a way to keep her system updated. I would think rewriting her Grub file, or most other confs, wouldn't be a problem if you've not purposely edited them.

I wouldn't be worried about her using sudo (and if she does, she'll get a quick lesson in how not to use it) but you can always remove her from the sudo group (link)even though she's on an 'admin' account. Keep in mind, admin isn't root, it's not free reign over the system.

@Brandi
Any reason why you did port restriction on the router and not the devices themselves? I think it's better, if you're going to do something like that, to do it on the computer so rules would apply on other networks too.

 

Because my kids are really smart and budding little hackers They have figured out how to circumvent other controls I have set. I think it would take them about 10 minutes to change settings on the device itself. They can't change configurations on the router because I have a crazy complex password to it. If they crack that... well... more power to them (and God help us all).