Ubuntu Commonsense Security
As you start to understand how Ubuntu works, you’ll become more and more aware of commonsense methods that will protect your system. However, we’ll outline a few of these now to get you started:
•Entering your password: Be very wary if you’re asked to enter your password (outside of initial login, of course). You’ll be asked to provide your password when following many of the configuration steps within this book, for example, and this is acceptable and safe. But if you’re asked to do so out of the blue, you should be suspicious. If the root password prompt dialog box appearsnwhen you run a file that shouldn’t really need root permissions, such as an MP3 or OpenOffice.org file, you should treat the situation with caution.
• Creating perfect passwords: Setting up good security inevitably involves having a good, strong password. The challenge is to create something easy to remember but hard to crack, so it should involve punctuation, numbers, and an assortment of uppercase and lowercase letters. Perhaps you could base a password on a favorite song. For instance, TiaLTNGO@TQiD1986-4:02 is a great password. To remember it, I just need to know that “There is a Light That Never Goes Out” was a track on The Queen is Dead released by The Smiths in 1986, and it was 4 minutes and 2 seconds long. In contrast, password, password4, and andy1302 are poor because they are open to dictionary attacks, in the case of the first two, or personal information attack in the third case.
• Installing new software: Be careful in choosing programs to download and install. Because Linux works on the basis of open source code, theoretically, anyone can tamper with a program and then offer it for download by the unwary. This rarely happens in real life. Even so, it’s wise to avoid downloading programs from unofficial sources, such as web sites you find online via a search engine and whose authenticity you cannot totally trust. Instead, get software from the web site of the people who made it in the first place or, ideally, from the official Ubuntu software repositories.
Figure . Beware if you’re asked to type your password out of the blue and for no apparent reason.
• Updating your system: Always ensure that your system software is completely up-to-date. As with Windows, many Ubuntu programs have bugs that lead to security holes. Crackers target such vulnerabilities. Downloading the latest versions of Ubuntu software ensures that you not only get the latest features, but also any patches for critical security holes. As with most versions of Linux, updating Ubuntu is easy, and, of course, it’s also free of charge.
• Locking up your PC: Attacks can be either remote or local, so in addition to online security, you should limit who has physical access to your computer. Any Ubuntu system can be compromised by a simple floppy boot disk, or even by just selecting the rescue mode entry on the boot menu, which provides the user with root access to the computer. This is for obvious reasons; the idea of a boot disk or the rescue mode is to let you fix your PC should something go wrong, and you cannot do this if you’re blocked from accessing certain files. When Linux is used on servers that hold confidential data, it’s not uncommon for the floppy and CD-ROM drives to be removed, thus avoiding booting via a boot disk. Such computers are also usually locked away in a room or even in a cupboard, denying physical access to the machine. Another option might be to add a BIOS password to the computer, meaning you’ll be prompted for it during the boot process. The method for setting this up depends on your computer type, but generally, look for the BIOS Setup option when the computer is booting. Obviously, make sure you never forget a BIOS password, because a computer that doesn’t boot is not very useful.