Linux Mint Beginners Guide Part 10: Basic Security

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

so security is a very very important topic now Linux is a very secure platform it's one of the most secure but if you have bad hygiene it's not really going to save you I mean if you have a password that's as simple as abc123 it doesn't matter how secure your operating system is it could still get taken over so you do want to make sure that you have good security hygiene now in this video I'm gonna give you guys some hints about how to secure your system but at the end of the day it depends on common sense not opening attachments from people that you don't know running bash scripts you don't know where they came from or what they contain having hard passwords I mean you really do need to have some really good passwords that are hard to brute-force those things are common sense so common sense things aside I'm going to give you guys some additional things that you can do to secure your system so let's go ahead and check it out so back here in linux mint land the first thing I want to mention is something I've already mentioned before so I'm not going to spend too much time on that and that is installing updates this little shield icon down here appears when there's updates right now says that there's two updates available I'll click on it and it's telling me that there's a couple updates or mint update and mint upgrade info now what's off in the case is you'll have prerequisites that these will update first and then other updates will show up now I just installed a bunch of updates via the command line for the previous video so I'm going to refresh this to make sure that it's actually true it's going to refresh the index here and we do actually have a update still pending here so I'm gonna go ahead and install it so it's just going to update the Linux kernel and it has some dependencies which you know that's completely normal so I'll click OK and then I'll type the password I've gone over updating before so I'm not going to spend any time here these updates come in either for purposes of security maybe they patch a security hole or it's a feature update in a example of a web browser maybe Firefox updates or something and to get the newest bird a Firefox Firefox will release security updates as well but sometimes it's just a new version and you're getting a new version with new features so you'll get updates for either reason but it's important to always keep in mind that you need to keep your packages updated it's very important there's a reason why they make these updates available now something else I want to show you is the firewall utility so if you just start typing firewall in the search box up here you see firewall configuration if I click on that again it's going to ask for a password because this does change system settings this is going to bring up a utility that allows you to manage your firewall go ahead and close this one get this out of the way and firewalls are something that I think everybody should take advantage of but you do have to understand some basics of how firewalls work a lot of people think that simply having one and having it turned on is good enough well no having one turned on is a good idea but having one turned on isn't really by itself going to make you secure by default it's turned off I'm going to turn it on and you can see that now it is on again that's not going to stop anything by itself but it does mean that the firewall is enabled and we can create rules we have several profiles here so you might have a different profile at your office than you have at home maybe at home you don't mind other family members sharing your music directory or something like that but that might not be something you want to do when you get to the office you could create additional profiles by going up here to preferences and you can add or remove profiles right here so I'm gonna go ahead and close this so in order to take full advantage of the firewall we do have to configure it so what we're seeing here is that the policy for incoming is deny by default I didn't change this yet if I drop down we have allow what you really don't want we have deny which is again the default and we have rejected so okay what's the difference between reject and denial it's actually a very important difference in one of the things you want to learn about firewalls probably one of the most important things with deny its going to drop the traffic which means if a bad guy is hammering your machine trying to get in there basically trying to connect to a certain port it's just going to drop their traffic it's not going to send them a message back as saying hey I blocked you shame on you you know which would basically they'll get some kind of a reject message we don't want that deny we'll just drop it it doesn't send anything back to the person letting them know that their connection was refused it just throws it in the garbage as a traffic comes in it just throws it in the wastebasket that's exactly what it does doesn't say a word just silently just drops it so that's very important that's what you want now it's important with a firewall that you don't give the person trying to get into your machine too much information so if they try to connect to a port and you send them a message back saying I'm rejecting you access denied then what that tells them is oh there's something there great I got the right one I got the right port number because I got a message back that says that I'm rejected so now I could try to use some vulnerability tools to take advantage of a security vulnerability to get access to that that's not what you want you want it to be silently dropped which is what deny will do so we're gonna leave deny alone and then the outgoing traffic so that was for incoming for outgoing we're allowing everything and that's great we need to do that because that's a good default now you mean you could make the argument that if you have a script running on your computer that you didn't approve that you could block outgoing and there is a security benefit to that but for the most part it's common practice to allow everything from your computer out but not allow anything from the public internet in so that means if you're browsing the internet since the connection started on your web browser and is fetching something outbound that connection will be allowed where as Joe in Louisiana isn't going to be allowed incoming because he's on the public Internet and he's up to no good so you would definitely want to deny his traffic which means just silently drop it now one of the things that this is good that's going to matter here is what you have listening for connections so I'm gonna open up a terminal I'm not going to go to detailed here about command line I have an additional series about that but basically I'm going to make the text larger here what is actually listening on your computer that's what we want to find out so I'm gonna run sudo netstat - tu LPN I'm not gonna go into detail here but what this command is going to do I've got to put in my password is show you what ports are listening for connection so I'm going to maximize this here and let me make the text size a little bit smaller so things will show up better so basically I use sudo for this command that's not required but that does give you the program name and we can see what's actually allowing for connections from the outside now I have SSH running unless you installed it yourself you probably wouldn't have that but that's a concern because 0.0.0.0 is basically from anywhere this SSH server is allowing connections from anywhere via port 22 so if I didn't have a firewall then anybody would be allowed to hammer at this and try to break into it and SSH is a huge target you definitely do not want that to be publicly available because that is one of the first things that hackers will try to do it's not as bad if it's listening for connections on local host which is 127.0.0.1 so cups is basically for a print server that's what that is so that's something that you may be a concern but not as big of a concern and we also have as you know ipv6 right here without going into detail about networking that's also port 22 you see that's also SSH and then I have some other things listening here with the idea what security is you want to close as many things that are listening to the public Internet as you possibly can now right down here we have cups listening to the public internet again you have to do some research as far as what's actually listening but the first thing about securities is to know what's less and I'm gonna use 22 as a default if I didn't know what that was I can google it I could find some documentation to find out if that's needed or not I already know what it is that's SSH that's because I installed it myself so back here in the firewall so what I want to do is create a new rule right here I want to go to advanced because I already know what I want to do but if you have a specific application that you want to allow into the firewall and it's on the list you could use one of these but just be careful what you allow into your machine I'm gonna click on advanced and what I want to do is allow SSH but only from a very specific source so I'm gonna give it a descriptive name so I'll do allow SSH from desktop and what I'm gonna do is allow it direction it defaults to in but I'm gonna set make sure it's set to both because I want to allow inbound and outbound and this is over all interfaces now by default it's do not log I believe but it just remembers the last thing I did when I was actually experimenting with this but anyway I do want to log that because if someone's trying to get into my machine via SSH I do want to know about that and I want to allow it from a very specific place so let's just say for example I have a desktop on my network in a scipy address is 1 9 2 1 6 8 I'm just going to make up one 1.1 26 that's it let's just say that's the IP address of my desktop and I want to allow it to port 22 locally so basically I'm going to allow port 22 so anything from this IP address going to port 22 I'm going to allow that and I'll click Add and then I'll close it and we can see here that it is going to allow port 22 which again is SSH from the desktop so if any other machine either internal or external tries to access this machine via 22 and its IP address is not this one it's not going to be able to access that service and we see that when we created it and put and allow in and allow out because I chose both when I set this up so I'm not going to go over SSH I have a series of videos for that and that's not even the point the point is you're probably going to have things on your computer that you need other people to be able to access whether you're sharing a folder or something like that you might want other people to be able to access your machine and the point of the firewall this is what a lot of people don't know especially when they're just starting out is that simply having the firewall like I mentioned isn't good enough you want to utilize it in a clever way specifically you want to allow only the computers or IP addresses to access the services that are required to do so and Jen and then make sure that everybody else cannot actually access your machine and the this rule right here satisfies that example I do want SSH to be allowed but I only want this one IP address to be able to access that SSH is one of the most abused ports when it comes to individuals trying to gain access to your machine from the outside the best rule of thumb though is if you don't need SSH the SSH server remove it it's not installed by default anyway so the best rule of thumb for security is if you don't need it just get rid of it now another thing that I want to bring up is software sources you know again have to put in my password here and this is regarding package management so you might be wondering why am I going over this at this video is about security and there's a very important reason for that the majority of the packages you want to install you get them from in software the software manager right here which we know is what we would use if we wanted to install packages majority of the packages that you want to install will probably be found here but you're going to run into situations where the Linux Mint default repositories won't have what you need and that's when you go here to software sources and you might go to PPA so maybe the developer of the program releases Appa to enable you to download that or maybe it's a full-on repository and you would add it here either way you would just add it as needed but that's very useful but also a very big security risk as well repositories are great because they allow developers to make something available to you that wouldn't otherwise be accepted into the default repositories but the reason why they could also be a problem is because what happens then if the program that you're installing is no longer updated maybe the developer moved on to something else it happens all the time they get way too busy they can't update their program they can't address security vulnerabilities and you know maybe you're not going to notice it used all your updates you know you do the right thing and keep updated but then maybe you'll notice a specific program hasn't been updated in a very long time worse you might even see errors come up that it can't even reach the repository if it goes offline now you have a package on your system that is out of date and it's not being maintained anymore so that's why you should only add repositories that you absolutely need because if the developer moves on to bigger things and stops updating it well now you have a piece of software that's not being metate it and that's a big deal but even if the repository didn't go offline maybe the package is actually completely current and it's updated regularly it could still have security vulnerabilities that maybe the designer the program it they didn't find it yet the more packages you install the more repositories you include the higher your attack surface and the higher the chance is that you might have a piece of software running on your machine that actually might introduce a security vulnerability so just keep that in mind when you add repositories that you should only do so if you absolutely need that particular piece of software and there's no other way to get it now in my case under additional repositories you can see that I have two that I added Google Chrome when we walk through installing google chrome that created its own repository here so that way you can get the latest Google Chrome generally speaking it's from Google you can trust it again just keep an eye on that in case it ever stops being updated I doubt that would happen but we also have Ivaldi which is another browser that we installed that also resulted in adding a new repository that does happen sometimes when you install a DEP package it might put a repository file here that will allow it to be updated and we also have authentication keys here so Google added one and Pahlavi added a couple right here when we install those now packages do need to be signed you'll get a warning if they're not you shouldn't install any packages that are not signed because they might represent a security risk so you definitely want to keep an eye on that so for the most part that's it there's a lot more about security we can get into it's just important to make very good choices and some of those choices were made when you first installed Linux Mint when you install it you get an option to encrypt your drive I recommend you do that especially if you have documents on your computer that are sensitive what that does is it allows you to have your hard drive encrypted such that if if your computer gets stolen or something someone can't take the hard drive out since they don't know your password they can't log in but normally what they can do is take the hard drive out and still read your data but if it's encrypted they can't because encryption encrypting the hard drive protects data at rest so that's important as well at least encrypt your home directory there's two options there's a crypt at the very beginning of the installation process which encrypts your entire Drive but there's also an option to encrypt your home directory which you probably should do at least which basically does the exact same thing it's just not the entire hard drive is just the documents in your home directory now information outside your home directory can leak information about you so that's why if you're really sensitive you might want to encrypt your Drive and I would argue if you use your computer for work purposes you should definitely encrypt the entire hard drive but that's a decision that you made at the very beginning of the installation and it is possible to encrypt your drive after the fact it's just way beyond the scope of this tutorial series and it's probably easier to encrypt it by just reinstalling at that point just something to keep in mind that encryption is important if you have sensitive information on your machine so there you go hope that was helpful for you guys thanks so much for watching my video I appreciate it and stays tuned to my channel I will have new tutorials up very soon so I will see you then thank you so much for watching my video I really appreciate it if you want to help me out make sure you check out the description below this video where you'll find links to my latest book mastering a boon to server second edition as well as my patreon page if you like this video be sure to click that like button and share it on Twitter or any other social media network and be sure to subscribe so you'll be the first to see my latest videos as they're uploaded thanks again

Info

Channel: LearnLinuxTV

Views: 41,712

Rating: 4.9733586 out of 5

Keywords: LearnLinux, Linux, Tutorial, Review, Howto, Guide, Distribution, Distro, LearnLinux.tv, Learn Linux, operating system, os, open-source, open source, gnu/linux, linux mint, beginners guide, windows alternative, security, mint, mint desktop, cinnamon, linux mint 19.1, getting started, linux beginner, desktop, laptop, firewall, networking, tcp/ip, learn linux, how to, linux mint tutorial for beginners, linux distros for new users, linux tutorial

Id: avUFKQRFyKg

Channel Id: undefined

Length: 18min 21sec (1101 seconds)

Published: Wed Jun 12 2019