Ubuntu 8.04 Hardy Heron security

Discussion in 'all things UNIX' started by Osaban, Dec 31, 2008.

Thread Status:
Not open for further replies.
  1. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,214
    Hi there,
    My son got a new laptop, and I inherited his old desktop. I thought what a wonderful opportunity to try out Linux. So I managed to install Ubuntu 8.04 Hardy Heron (very odd names they have, sounds almost like exotic animals), and surprise, everything works out of the box (I haven't tried everything, but as far as browsing with Firefox, and doing common operations there isn't really much difference from a Windows OS (I'm not about to say goodbye to Windows at all).

    Mrkvonic states that there isn't any need to have an AV or a FW with Ubuntu because any change to the system needs privileges (a bit like UAC in Vista). What about scripts, while browsing? Does one need 'NoScript' with Firefox? And keyloggers, would there be any remote chance for them, without physical access?

    It really feels strange not to have a single security application, what a liberating thought!
     
  2. Ocky

    Ocky Registered Member

    Joined:
    May 6, 2006
    Posts:
    2,677
    Location:
    George, S.Africa
    If you don't have a router w/firewall you should really install a firewall.
    In Hardy ufw is installed by default but it needs to be 'engaged'.
    Best solution is to install Gufw - a frontend for iptables ..
    http://gufw.tuxfamily.org/index.html and set it to Deny All** (plus any
    other ports you want to either allow or block eg. ssh, netbios etc.)
    Then in the terminal enter sudo iptables -nL to check your settings.
    ** i.e. Deny Incoming traffic.
    An AV like Avast is needed if you don't want to pass on any virus
    to Windows users. eg. you might forward an email attached file, which
    contains bad stuff that can't execute on Linux but can on Windows platforms.
    For Firefox you would need NoScript and maybe also Adblock Plus.
    You can also install Opera.

    Happy New Year !
    (Am on my second Scotch after the security alarm techie brought the ceiling
    down while attending to the transmitter in the roof - a big mess !) :argh:
     
    Last edited: Dec 31, 2008
  3. tlu

    tlu Guest

    There are more reasons. You don't need a FW as Ubuntu doesn't have any open ports by default. If you still think a FW is necessary you can use - as Ocky already mentioned - ufw, but again it's not necessary on a desktop system. An AV is not necessary as there is no need to install any (possibly infected) applications from 3rd party sites since you'll get everything you'll ever need from the official repositories which contain open-source packages controlled by the Ubuntu staff and community. (Just start Synaptic and have a look what the repositories offer for you.) And not only Linux itself but also your installed applications will be kept up-to-date through security patches via the repositories. - This is also the answer to your question regarding keyloggers.

    Yes, since browsing related risks like XSS are independent from the OS you're using.

    Linux is very different from Windows. You'll find out that it makes no sense to fiddle around with HIPS and all that stuff. Once you've understood the Linux philosophy you'll see that its maintanance is much easier than it was with Windows.
     
  4. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,214
    Thanks. Happy New Year to every one! I'm actually on champagne and wine.
     
  5. Arup

    Arup Guest

    Happy New Year, having Laphroaig and smoked salmon here.
     
  6. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    tlu pretty much explained it for you.

    You manage software from official repos, so no need to install unknown stuff, and none of those things can work without the root password, so you don't need any anti-malware stuff. Firewall is optional.

    Happy New Year!

    Mrk
     
  7. wat0114

    wat0114 Guest

    A question for Mrk or someone who knows, will Flash and Shockwave online games work in the latest Ubuntu using Firefox? My kids live off of this stuff so it's mandatory that it works for them :p I haven't used Ubuntu for some time, and I remember only Flash worked in that version (Hardy heron) but not Shockwave.
     
  8. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    It worked for me ...
    But as always, try for yourself and see what gives ...
    Mrk
     
  9. lewmur

    lewmur Registered Member

    Joined:
    Dec 22, 2008
    Posts:
    332
    Go to /System/Administration/Synaptic Package Manager and type "guard" in the search box. Click on "guarddog" and mark it for installation. Click "Apply" and it will install. This is a GUI based front end for iptables so you don't have to know any "command line" syntax.

    But with that said, there are basically two groups of people who feel the need to use a software firewall behind a router's hardware one in Linux. The first group are the ones who feel it necessary to wear both a belt and suspenders to make sure their pants don't fall down in public. :eek:

    The second group are those who's "homes" have been invaded so many times using Windows that they don't feel safe without "double locks" on their doors, even though they've "moved to a safe neighborhood."

    Firewalls in Linux are really only there because there are people who use dialup and don't have a hardware firewall.
     
  10. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,214
    I have never used a hardware firewall (With Windows I always rely on software firewall, and had no problems so far). I 'll follow your instructions, thanks.
     
  11. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    If you using a router of some sort to connect to the internet?
     
  12. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,214
    No, I don't use a router, I live in a fairly new apartment building, and all you have to do is plug in your internet cable into a socket very similar to the telephone one, as a matter of fact we have one for the phone and one for internet in every room (it is obviously broadband, and fairly strong too).
     
    Last edited: Jan 1, 2009
  13. Ocky

    Ocky Registered Member

    Joined:
    May 6, 2006
    Posts:
    2,677
    Location:
    George, S.Africa
    Shockwave will only work if you install Wine, download the Windows version
    of Firefox and have mozplugger installed. See here:- https://help.ubuntu.com/community/Shockwave
    Flash of course is no problem as you already know.
     
  14. lewmur

    lewmur Registered Member

    Joined:
    Dec 22, 2008
    Posts:
    332
    If you used a router rather than dialup, you used a hardware firewall. You just didn't know it. All routers have firewalls built in.
     
  15. lewmur

    lewmur Registered Member

    Joined:
    Dec 22, 2008
    Posts:
    332
    Then the apartment building is using a router and switches to distribute the connections from, at least, a t1 connection.
     
  16. bktII

    bktII Registered Member

    Joined:
    Apr 12, 2006
    Posts:
    224
    IMO one of the most important security features for any OS is a basic firewall with default deny for incoming connections.

    Two additional front-ends for iptables are lokkit and firestarter. lokkit is set and forget after you run it and configure.

    The firestarter GUI can be setup to run on startup (via sessions) with a small change to the sudoers file in /etc. Then one can view and query tcp connections by bringing up the GUI from the taskbar.

    Alternatively, to view tcp connections one can run in a terminal window: "sudo netstat -cpa | grep ESTABLISHED'.
     
  17. lewmur

    lewmur Registered Member

    Joined:
    Dec 22, 2008
    Posts:
    332
    Everyone is entitled to their own opinion but do you have any documentation to back this one up? The hardware firewall in the router comes "with default deny fo incoming connections." If a software firewall doesn't also provide protection for OUTgoing connections, it is redundant. Just like suspenders with a belt.
     
  18. bktII

    bktII Registered Member

    Joined:
    Apr 12, 2006
    Posts:
    224
    @lewmur

    "IMO one of the most important security features for any OS is a basic firewall with default deny for incoming connections.

    This is a generic statement and makes no distinction between a hardware-based and software-based firewall. If one has a properly configured hardware-firewall, then a software firewall is possibly redundant depending on your requirements. However, the OP stated:

    " ... all you have to do is plug in your internet cable into a socket very similar to the telephone one, as a matter of fact we have one for the phone and one for internet in every room (it is obviously broadband, and fairly strong too).

    Maybe the hardware-based firewall is properly configured (e.g., default password changed - just an example) and maybe it is not. In this case, since a tenant at the apartment complex has no knowledge of the configuration, I would opt for the redundancy of a software-based firewall.

    Also, one can configure iptables to block outgoing connections via IP address range or port.
     
  19. lewmur

    lewmur Registered Member

    Joined:
    Dec 22, 2008
    Posts:
    332
    "for an OS" makes it software.
    I have both an anti-virus app and a software firewall on my Windows system. I still have to remove malware on a regular basis. I have NEVER encountered malware, other than "phone home cookies," on my Ubuntu system. So that "security feature" does not qualify as "important."
     
    Last edited: Jan 1, 2009
  20. wat0114

    wat0114 Guest

    Thank you Ocky! My apologies also to all for posting my question in this thread. It's really about Ubuntu security :oops:
     
  21. NGRhodes

    NGRhodes Registered Member

    Joined:
    Jun 23, 2003
    Posts:
    2,331
    Location:
    West Yorkshire, UK
    Also note the Flash is slower in Linux (compared to Windows), video generally is acceptable, eg Youtube. What you will notice with games is that slows downs are more likely to happen as the complexity of the screens increase.

    For some reason as well Flash can suffer performance issues on certain configurations when resizing the window (eg going to full screen), this is well known with youtube like video playback for example.
     
  22. Arup

    Arup Guest

    Flash movies work fine using x64 Flash 10, I have used them in full screen as well, also from whatever Flash intensive sites I have used, it has worked out fine.
     
Loading...
Thread Status:
Not open for further replies.