The ultimate personal unix security thread.

I'm the average guy... Dealt with hackers my entire life. Reaching the breaking point and I NEED TO FIGURE OUT HOW TO KEEP THESE "people" out. It has been happening since I was a kid. Pop ups for vacations. Winning vacations... To young to accept the trip to Florida so the guy is ~ Snipped as per TOS ~ off and hangs up. You know the average criminal hacker mumbo jumbo. So I'm on a quest to build a system that a hacker will have no chance of hacking into AT ALL COSTS. By that I mean I'm willing to sacrifice functionality if it means telling the hackers to EFF OFF.

At this point all I know is that I need to switch to UNIX or LINUX. I don't want to order a disk from osdisk.com because they don't seem very professional and probably have allowed the OS they sell to be corrupted. I don't care what anyone says I was a disk direct from the manufacture. Un-corrupted in any way or at least keep it to a minimum.

So from this point I can only guess what to do. I don't even know how to use UNIX or Linux.

Basically I want the computer to connect to the internet without any way for a hacker to get in. Shut down all ports install and use external fire wall or a software firewall. I don't know and I need some help. Lots of us need this.

---------------------

Some things I need to do on the computer.

1) download emails. I download emails through pop3 program mozilla thunder bird. (can they hack me when I do this?)
2) I use tor to surf the net (anything better can they hack me?)
3) I sometimes play multiplayer video games that require huge amounts of data flow. I know this is where they can hack the easiest. (willing to stop playing if impossible to prevent them from hacking me)

 

You're gonna need better examples of how you're being hacked. Pop-ups like those apply to anyone without something like an ad-blocker.

As for getting Linux installed, just download the ISO, verify the checksum, burn it onto a CD/DVD or USB drive, and boot from that removable media. Follow on-screen instructions to install. Make a disk image of your previous OS beforehand in case something goes wrong.

1) Thunderbird is available on Linux, and of course your webmail. Very unlikely unless they've hacked your email provider.
2) Tor is more for privacy than security. While it does help hide your IP address, you have to rely on other people running the exit nodes. A VPN may be a better choice.
3) You won't be able to play most of those on Linux anyways.

 

Cheapest option: Don't connect to the internet, when you are willing to sacrifice functionality

Easiest option: Buy a Mac or a Windows 8 RTM tablet with keyboard (depending on you much money you want to spend)

Journey which will take you a month or so: CentOS with AppArmor

Quest which will keep you busy for a year or so: Qubes

 

Hardened Gentoo with RBAC and SELinux, with hardened toolchain. Compile software with seccomp filters.

Cost of attack for a system using seccomp sandboxing with properly implemented MAC and a hardened kernel is way way way too high to be reasonable. Barring ridiculous attacks that involve hardware backdoors or some such thing, no one is getting into that system in a meaningful way.

Make heavy use of DAC and user controls, and pin IPTables rules to said rules.

Encrypt everything, locally and transmitted via SSL - force TLS everywhere.



www.insanitybit.com/2012/12/17/hardening-ubuntu-linux/

This is a guide for hardening Ubuntu. If you start off with Gentoo you can go way further.

 

That should keep you busy for the next decade. lol.

 

Yes, unfortunately there's a lot of maintenance and a huge learning curve for setting up a system that is too costly to attack.

Personally, I don't have the time or patience for it. I'm fully capable of doing it but I don't care enough. Huge time sink for no payoff - I'm already very secure.

I would suggest just hopping to Ubuntu and following my guide, you'll be secure.

 

Well you sold me I would LOVE to get into the computer security field but at this point in time I "can't". I took your advice down for future reference when I have time to work on such a serious project.