Ubuntu online security for younger person.

Discussion in 'all things UNIX' started by happyhacker, Dec 29, 2012.

Thread Status:
Not open for further replies.
  1. happyhacker

    happyhacker Registered Member

    Joined:
    Dec 6, 2012
    Posts:
    2
    Location:
    UK
    I have installed Ububtu 12.x on a mini laptop I want to give to my granddaughter (12) but want to ensure I have done my best to ensure the right precautions in place to protect against attack on any front. I know of course that it is essential to brief the peron on sensible use. Any advice on ensuring a safe internet experience would be appreciated. I expect her to use Firefox but other browsers may be better.

    Thanks.
     
  2. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,121
    Location:
    Pennsylvania.
    A URL or DNS filter perhaps? For phishing/malware sites.
     
  3. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,121
    Location:
    Pennsylvania.
    A URL or DNS filter perhaps? For phishing/scam sites.
     
  4. BrandiCandi

    BrandiCandi Guest

    I would recommend Dansguardian or similar programs to filter out inappropriate internet content. Rules of the Internet, #34 stands as the single best reason to use it. In general proxies are not a lot of fun to administer, but IMO it would be worthwhile.

    She's a kid, so she's probably going to want games that use Flash and Java. That sucks from a security perspective, so I would recommend enabling apparmor to minimize the damage. Our very own HungryMan has written apparmor profiles for every program under the sun, including the Java plugin . Enabling apparmor will also protect her a bit from clicking on potentially malicious links.

    I would also concentrate on security measures that don't rely on the user's input at all. That would eliminate AdBlock Plus and NoScripts.

    -tell her to use the Software Center to install stuff.
    -Set her Firefox browser to "tell websites I do not want to be tracked", never remember history, never remember passwords, don't use hardware acceleration.
    -set ufw firewall to deny all incoming, allow all outgoing. That will give her the most firewall security with the highest usability & without breaking anything. That will also help when she's on public wifi.
    -set Ubuntu to install updates automatically and without the user's interaction. This requires some setup by you on the front end.
    -you may consider giving her a user account that cannot use sudo- or maybe give the sudo password to her parents instead of to her. But I wouldn't recommend that she use the Guest account as it isn't persistent and anything she creates (like school papers) will evaporate upon restart/logoff.
     
  5. BrandiCandi

    BrandiCandi Guest

    You may look at Chrome as it comes pre-installed with Flash. Make sure to set Chrome to auto-update and it will also auto-update Flash.
     
  6. mack_guy911

    mack_guy911 Registered Member

    Joined:
    Mar 21, 2007
    Posts:
    2,677
    Best solution is put norton DNS or open DNS with child filter its pretty safe

    but you also need to make sure that you teach you child not to download anything illegal from net like mp3 songs ....etc

    because child dont know so education is best only solution


    last time i heard a horrific story and poor kid in norway charge because of downloading some tunes and she didnt now even its illegal :doubt:

    best way is make 8-12 sites at speed dial which your grandaughter use in chrome or firefox and make sure she use only them then increase her sites data base it will cut her off from 80-90% risk because she only go to these sites only.
     
    Last edited: Dec 30, 2012
  7. tlu

    tlu Guest

    Yes, and the recommendations on that site are actually not sufficient if configuration files are updated/modified. In order to automate such cases additional measures are necessary.
     
  8. BrandiCandi

    BrandiCandi Guest

    Interesting tlu, thanks. What a pain- it's almost like Ubuntu doesn't want people to automatically update....
     
  9. tlu

    tlu Guest

    Well, not all users want their config files being automatically overwritten. They want full control of what's happening on their system. Besides, it's difficult to distinguish between different config files. For example, a couple of days ago several Apparmor profiles were updated (fixing this bug) - replacing the old files definitely made sense in that case. But I doubt that automatically overwriting, e.g., your individual grub configuration file would have been acceptable for you :D
     
  10. BrandiCandi

    BrandiCandi Guest

    @tlu- oh that would irk me totally to have grub re-written without my consent. I spent a LONG time getting grub configured properly with my triple-boot system!


    @happyhacker: Other things I thought of that you may consider with the 12-year-old's tablet:

    If her parents' router allows you to restrict services by port & by schedule, I recommend restricting ports 80 and 443 from bedtime to morning. That will prevent her from surfing the net & texting/skyping/facetiming friends into the wee hours of the morning.

    The way I accomplished that on my router was to reserve IPs for the kids' devices, then restrict access to ports 80 and 443 for those IPs.
     
  11. shuverisan

    shuverisan Registered Member

    Joined:
    Dec 23, 2011
    Posts:
    185
    @OP
    Chrome would be a really good starting point. It installs its own ppa so it (and flash) are always updated. You can go a step further then and disable or remove the distro supplied flash from Firefox or the whole system. Apparmor on Java, OpenDNS or Norton...I think the most difficult thing for you would be a way to keep her system updated. I would think rewriting her Grub file, or most other confs, wouldn't be a problem if you've not purposely edited them.

    I wouldn't be worried about her using sudo (and if she does, she'll get a quick lesson in how not to use it) but you can always remove her from the sudo group (link)even though she's on an 'admin' account. Keep in mind, admin isn't root, it's not free reign over the system.

    @Brandi
    Any reason why you did port restriction on the router and not the devices themselves? I think it's better, if you're going to do something like that, to do it on the computer so rules would apply on other networks too.
     
  12. BrandiCandi

    BrandiCandi Guest

    Because my kids are really smart and budding little hackers :p They have figured out how to circumvent other controls I have set. I think it would take them about 10 minutes to change settings on the device itself. They can't change configurations on the router because I have a crazy complex password to it. If they crack that... well... more power to them (and God help us all).
     
Loading...
Thread Status:
Not open for further replies.