How Secure Are We?
Hello there, Arch users.
I'm a fairly secure user of Windows and Android operating systems. I've also recently wanted to further expand and harden my privacy and security out of a need, as I live under not-so-favorable conditions.
I've switched my desktop OS to Linux less than a couple of months ago. Started with Linux Mint Debian Edition (a Debian "rolling release"). Was a fine learning experience and I've got to administer my home Linux box in a secure manner until it broke (nothing related to security, just that proprietary drivers broke over an update.. too lazy to fix it)
Now I intend to install Arch after testing Antergos and getting to use the Arch environment. I'm interested in reading good tips on how to secure is the system and how to further increase security in terms of remote exploitation specifically. Should I depend on Arch as a daily *secure* driver for everyday needs? I need to address that firstly as it's the uncontrollable part; unlike human-infrastructure type of attacks. I did read the Security wiki, but I also need more tips from experience as what can be installed or what should be avoided.
Some guidance questions:
1- As this is a rolling release OS, is it more or less secure than long-support release systems?
2- What specific tips can we use to further secure our systems?
I'm currently using Antergos, but I intend to switch to full Arch install in about 2 weeks (will have free time by then). I like the Arch environment (and forums) and I'm interested in ways to further secure it.
Also, a good tip would be like: you need to install ufw and gufw and run
# sudo gufw
and turn ufw on.
3- How long, on average, does it usually take to patch vulnerabilities found in Linux, from your experience? i.e. Is it usually faster or slower than other distros? An educated guesstimate would work, as I don't expect to find standardized info.
4- AUR! I need someone to go on all day about anything related to security about AUR. Awesome ArchWiki doesn't have much on this.
For example:
- When a package I installed is updated from vendors/authors, does my package pull from the source vendor and immediately update (most importantly, Google Chrome), or does my system have to wait for the package maintainer to actually update his work for yaourt to pull from? i.e. Does the system update packages as soon as the vendor updates them, or as soon as the maintainer updates them?
- When I pacman -Syu, does this include updating AUR? Here
5- What VPN do you guys use?
# mod edit: less inflammatory title
Last edited by jasonwryan (2015-01-28 20:22:08)
Mars wrote:1- As this is a rolling release OS, is it more or less secure than long-support release systems?
Two totally different things; "LTS" distributions aim to provide support to a generally "fixed" set of packages (ie, same major kernel, same major toolchain etc), usually back-porting security fixes to those packages where required. Rolling release aims to provide the latest packages of everything -- this can lead to a lot more breakages than an "LTS" distro if not managed properly. LTS is generally more forgiving of "lazy" management.
As far a security goes, it's difficult to compare. LTS releases generally get security patches back-ported, but sometimes they may not, especially towards the end of the LTS life cycle, or if implementing the fix would significantly change expected behaviour of the software. On a Rolling Release, you'll get the latest which includes any security fixes, but also includes any NEW security issues (probably not even discovered yet) introduced in recent versions.
Mars wrote:2- What specific tips can we use to further secure our systems?
This is the same regardless of your distribution. The standard list applies: minimize your attack surface (use a firewall, disable services you don't need), use good passwords, enforce MAC instead of DAC (eg, SELinux or AppArmour).
Mars wrote:3- How long, on average, does it usually take to patch vulnerabilities found in Linux, from your experience? i.e. Is it usually faster or slower than other distros? An educated guesstimate would work, as I don't expect to find standardized info.
You say "in Linux" then "other distros" -- are you wanting to compare Linux to other operating systems, or Arch to other distributions? If it's the later, then Arch is generally quite on the ball. Looking at recent vulnerabilities:
http://allanmcrae.com/2015/01/who-you-gonna-call/
http://allanmcrae.com/2014/09/shellshoc … rch-linux/
Mars wrote:- When a package I installed is updated from vendors/authors, does my package pull from the source vendor and immediately update (most importantly, Google Chrome), or does my system have to wait for the package maintainer to actually update his work for yaourt to pull from? i.e. Does the system update packages as soon as the vendor updates them, or as soon as the maintainer updates them?
makepkg will do whatever the PKGBUILD tells it to do. If the PKGBUILD is for a specific version of a package (as is generally the case) then that is what it will build. You are free to download the PKGBUILD from the AUR and modify it yourself if it is not the version you want/latest version. This is fairly straightforward generally, and there is lots of information in the wiki, on man pages and generally around the web.
The exception to this is git packages, which often pull the latest git tree before building, which means you'll *really* have the latest version, probably not even a version that has been released by the upstream developer.
Mars wrote:- When I pacman -Syu, does this include updating AUR? Here
No, read up on the wiki the difference between the official repos, the community repo and the AUR.
Mars wrote:5- What VPN do you guys use?
OpenVPN to my own VPS.
Similar Messages
-
I have lost my iPad. How secure are my data ?
I have lost my iPad.
Unfortunately I have not activated the Search my iPad function.
The iPad is locked with the code.
How secure are my data ? Is it possible, that someone get into my data ?Anything is possible, but having it locked is good. You need to change your Apple password. The finder may reset to factory settings which will delete all your data.
These links may be helpful.
How to Track and Report Stolen iPad
http://www.ipadastic.com/tutorials/how-to-track-and-report-stolen-ipad
Reporting a lost or stolen Apple product
http://support.apple.com/kb/ht2526
Report Stolen iPad Tips and iPad Theft Prevention
http://www.stolen-property.com/report-stolen-ipad.php
How to recover a lost or stolen iPad
http://ipadhelp.com/ipad-help/how-to-recover-a-lost-or-stolen-ipad/
How to Find a Stolen iPad
http://www.ehow.com/how_7586429_stolen-ipad.html
Apple Product Lost or Stolen
http://sites.google.com/site/appleclubfhs/support/advice-and-articles/lost-or-st olen
Oops! iForgot My New iPad On the Plane; Now What?
http://online.wsj.com/article/SB10001424052702303459004577362194012634000.html
If you don't know your lost/stolen iPad's serial number, use the instructions below. The S/N is also on the iPad's box.
How to Find Your iPad Serial Number
http://www.ipadastic.com/tutorials/how-to-find-your-ipad-serial-number
Cheers, Tom -
How secure are my personal emails and chats using the iCloud if my daughter just synced all our family apple devices to the cloud?
Welcome to the Apple Community.
http://support.apple.com/kb/HT4865 -
How Secure are LEAP/EAP enabled WLAN's ?
I would like to ask you the experts the same question that I get asked many times by my customers with regards to how secure is a 802.1X enabled wireless networks.
I constantly get presented with reports by security experts deeming Wireless as not secure.
Do you have any direct answers to this and material to substantiate your answers.This page is an index to all of the WLAN security white papers plus various magazine and universtiy articals and the responses from Cisco
http://www.cisco.com/warp/public/779/smbiz/wireless/wlan_security.shtml/
There is more than a few nights vaulable reading that should help you answer your customers questions.
Like any technolgy if you do not understand how to administer it then it will be insecure but there are many tools to make it secure.
In my opinion network security should not be one layer of security but many layers all adding up to make it very hard and time consuming for hackers. They will look for an easier target. -
How secure are VS2010 controls - grid using sql
I have an API from a vendor that is using a macro that was not encrypted that I used as a parm which was intercepted and changed by the users with the inspect element feature in a browsers.
Now I'm changing the app to avoid taking in any parms and writing it in server side code using a datagrid with an embedded data connection and sql statement. The plan is to publish this as a web application only placing
the source on the server. How secure is this method? Is there anything I need to look out for or avoid doing? The material displayed on this page is sensitive information therefore I need it to be as secure as possible.
Thanks!Hi kindnesshelps,
Based on your description, it seems that it is not the correct forum for this issue, since this forum is to discuss:
Visual Studio WPF/SL Designer, Visual Studio Guidance Automation Toolkit, Developer Documentation and Help System, and Visual Studio Editor.
To make this issue clearly, would you mind letting us know more information about this issue? Which language are you using? Which kind of app are you developing? Which VS IDE version do you have?
>> The plan is to publish this as a web application only placing the source on the server.
You said that “publish this as a web app”, do you mean that this issue is related to the Web app?
If this issue is related to web app, you could ask this question in the ASP.NET forum:
http://forums.asp.net. If then, you could get an answer more quickly and professional. Thanks for your cooperation.
Best Regards,
Jack
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey. -
Im just wondering how secure stickies are. Im not talking about someone stealing my macbook and being able to read them. Im thinking some guy getting access to my mac via hacking??
Just because I sometimes stick sensitive data in thereIm thinking some guy getting access to my mac via hacking??
In that case, extremely secure. Unless you've been careless in opening up services in System Preferences -> Sharing, it is extremely difficult or even impossible to hack a Mac at this time. -
Cl58: How Secure are passwords stored on Firefox
Without divulging anything to sensitive. How protected are the passwords we have stored on firefox. Thanks!
The names and passwords are encrypted by a Triple-DES key that is stored in key3.db and a master password adds an additional level to that encryption.
If you do not use a master password then having access to key3.db and signons.sqlite is sufficient to have access to the encrypted names and passwords.
So use a strong master password (e.g at least 12 characters) that can't be easily guessed or found via a dictionary lookup or a script then you should be safe.
Make sure that you remember that master password or all passwords are lost.
See http://en.wikipedia.org/wiki/Triple_DES - TripleDES (CBC mode) -
How secure are Apps that store your personal Information?
I have a few Apps for storing ID and Credit card info - but I am very hesitant to use them - How do I know that once I have used them, the creator of the app cant access my supposedly "secured" info?
Any app--regardless of the "who"--can be hacked, and info stolen, if someone wants it bad enough. Not all apps store info in your unit; the info may be safely stored in a encrypted server somewhere far away.
My recommendation is that you not store your CC info and any personal information you don't want spread around. Turn off certain program functions for example, go into settings and scroll down and see what programs are listed there. You can turn off certain info that they gather there. Other programs, you may need to open the app and adjust settings there.
If there is an "purchase in the app" function...that becomes your call. Generally, though...the less info you keep in an app, the better.
Doc -
How secure are the ISL/ISH handlers in WLE 5.0.1
Hi,
We are looking at the possbility of allowing clients to connect on to a
V5.0.1 ISL with no SSL or other form of encryption. The clients would be
restricted by firewalls to just these two ports. While we don't care if
they are able to mess up the WLE Domain - we don't want them being able to
get any other type of access to the machine over these ports.
Any advice/pointers on how we might evaluate this risk would be appreciated,
thanks
MarkThis question should really be posted in the
weblogic.developer.interest.weblogicenterprise.
There is the possibility that the clients could connect to any other
IIOP-based system since the
ISL communicates with IIOP. In addition, it is also possible for the
clients to connect to CORBA
objects that then do invocations to other things, such as Tuxedo
applications, other CORBA objects,
etc.
Better yet, if WLS is installed behind the firewall, it is possible for them
to get access to WLS since
it too is capable of communicating over IIOP.
Finally, your going to have to "poke a hole" in the firewall to allow IIOP
traffic through. So unless
your firewall is IIOP aware and will filter traffic to only allow IIOP
destine for the ISLs through, your
probably creating a huge security hole
Paul Patrick
"Mark O'Brien" <[email protected]> wrote in message
news:[email protected]..
>
Hi,
We are looking at the possbility of allowing clients to connect on to a
V5.0.1 ISL with no SSL or other form of encryption. The clients would be
restricted by firewalls to just these two ports. While we don't care if
they are able to mess up the WLE Domain - we don't want them being able to
get any other type of access to the machine over these ports.
Any advice/pointers on how we might evaluate this risk would beappreciated,
>
thanks
Mark -
How secure are livecycle designer ES2 forms?
When a form is created using livecycle ES2 - are the responses submitted over email then secure?
Ie. when both submitted or attached (as required with yahoo & hotmail accounts)Does anyone have any tips on how to resolve this? My LiveCycle form is a dynamic form. It seems like livecycle Designer ES2 has corrupted it or designer ES2 has a bug that makes reader and acrobat print engine not recognize the pages.
Any help would be great.
Thanks,
Josh -
How secure are the documents that are uploaded via the form?
I am looking to create a form for RFP use and have added a section that allows them to upload documents. How is this information encrypted or secured?
Hello,
apparently, you are concerned that no one can execute a successful right-click, or is that a misunderstanding?
If not, should we really do that? Thereover you will find a wonderful philosophical discussion at http://webhome.idirect.com/~bowers/copy/copy1.htm
And by the way there is the misconception that we can protect our graphics, or, or ... With little effort interested people can get to their destination.
Hans-Günter -
How secure are my photos in Aperture?
This is following on from another question I asked the other day about how best to organise my library.
Prior to using Aperture I used to store all of my photos in two directories. RAW files where stored in one called Digital Negatives and high res TIFF files in once called Final Prints.
This is my current workflow:
1. Create folder in Digital Negatives directory named after shoot date and download all photos into it.
2. Create a new project in Aperture and import the photos as referenced material.
3. Do all the neccassary RAW processing etc and, if required open certain files in External Editor (Photoshop), save those changes and this updates the version in Aperture.
So far so good, so far so simple.
However it strikes me that in doing this I'm not actually creating a new file to store in my Final Prints. If Aperture where to stop working (something I've read in these forums when applying an update) I have no access to my finished photos. If I were to ever decide to stop using Aperture I'd loose all my edits etc. Ultimately yes I would still have my RAW files but the idea of having to re-process several thousand files and trying to recreate the image exactly as it originally was is going to be nigh on impossible.
So, is it safe to just leave Aperture to handle all of my files like this or should I as a matter of course export all photos that I want to keep as high res tiffs?We just finished a podcast interview with Joe Schorr (prd. mgr) that'll be up at ApertureProfessional.com in a few days, but the bottom line is this...
If you reference your images, and your library were to vanish, with no backup at all, you still would have your original raw files. You'd just be missing your adjustments, keywords, etc. But as the other posters said, you need to back up any type of file that is crucial to you.
However, the comment "even if Aperture were to stop working" isn't something that could happen. The program Aperture is not the library of files it creates. If your copy of Aperture were to somehow stop working, you could just reinstall it. Or, if your computer died and you had your library backed up, you'd could just move that library to any other computer. Aperture wont' "stop working" on any universal level.
Even if, hypothetically, Apple were to go out of business tomorrow, the copies of Aperture on your computers would still work. Whether stored in the Library or stored as referenced files, they're still stored as their original raw files, and any program that can edit those can read them.
Even better, you can, if you're really concerned, periodically export your images along with XMP sidecars, then you could just pick right up in Adobe Bridge and keep going.
Incidentally, files that live in the Library are still not locked in. The library's just one big folder. If you right click on it and select "Show Package Content" you'll be able to navigate through a folder structure of your images that matches the layout of your projects.
I go into this more in depth here:
http://www.apertureprofessional.com/showthread.php?t=939 -
How secure are the files I upload?
Are the files I load into my adobe account for conversion kept confidential? Could anyone else not authorized by me access these files?
Are the files I load into my adobe account for conversion kept confidential? Could anyone else not authorized by me access these files?
-
Please read post at following: http://bbs.archlinux.org/viewtopic.php?id=70556
Thank YouCross posting is against the forum rules. Please continue in your other thread.
-
I cannot find any encryption settings for voice/video calling via Firefox Hello. How secure are my conversations?
hello vidriduch, firefox hello uses webrtc as communication channel which provides peer-to-peer connections which are encrypted end-to-end out of the box...
Maybe you are looking for
-
Are we Beta testing the N97 for Nokia?
Because if i was given this as a beta release i would have told them what i thought, the current launch version on the N97 with V10 firmware is barely an Alpha release, this phone was a rush job thrown out on the market to coincide with the launch of
-
Mail app crashes when opening on original iPhone
My teenage son's mail app keeps crashing when he tries to open it on his original iPhone. It has been happening since 2.0, with neither of the latest updates fixing the problem. He has been a jailbreaker with his phone in the past. I have never jailb
-
Please help! I have random songs that are appearing in my list of movies. I have tried deleting them and then redownloading them from the cloud to get them back into songs. I am successful after redownloading, BUT ...once I close out iTunes and the
-
I TUNES 8 REFUSES TO IMPORT ANY VIDEO !!!
Please can somebody help - I used to be able to import mp4 videos converted with toast or isquint into itunes with no problem but it won't work with itunes 8 . If I try dragging the video files to my library they just 'bounce' back - have tried the i
-
I'm new to Pages and I've searched online for an answer to this question but haven't found anything quite what I need. When I import an image from Finder (or drag and drop from Finder) into Pages, the Text Wrap default is "automatic" which seems to b