Re: How to get 100% secure debian system?

To: Jonathan Hutchins <hutchins@tarcanfel.org>, Roman <romansouth7@gmail.com>
Cc: debian-security@lists.debian.org
Subject: Re: How to get 100% secure debian system?
From: Alexander Swen <alex@swen.nu>
Date: Mon, 23 Jan 2023 00:12:51 +0100
Message-id: <[🔎] 637eaaa756b590825fcc81b14ffb64945a496d2b.camel@swen.nu>
Reply-to: alex@swen.nu
In-reply-to: <[🔎] e3588f8aefae90931004d478e95e7dd3@tarcanfel.org>
References: <[🔎] CAFJGKPkXcYw=XGdOb1acPsVvC3O9TtHQ4a-P+58pUr7c0JYO_g@mail.gmail.com> <[🔎] e3588f8aefae90931004d478e95e7dd3@tarcanfel.org>

Hey Roman,

Although it isn't worded very friendly, helpful or welcoming, Jonathan tries to express that in IT, there is no such thing as being 100% secure. He has a point, but... So, I'll try to be more helpful.

Every system is, eventually, breakable. A bit more helpful answer would be: It all depends on your needs. It makes great difference if you're developing websites for, say, some secret service, or for the local pizza shop. There is a bottom line, of course. If you work on a system that isn't updated and you don't bother to pay any attention to any operational security then chances are that you'll be hacked. And then, even the local pizza shop won't be happy with you. But, if you're developing such a low-profile website, chances are slim that some nation state hacker will break into your house and try to decrypt your hard drive while you're having a pizza (in that pizza shop of course, keep your customer happy 🙂. The cost of such an operation is far higher than the possible win of it.

So ask yourself: Do I really need 100% security? Or do I want to avoid to fall victim of, say, something like ransomware or some random script kiddy that scans the web for vulnerable computers?

In the latest case, my answer is: There's a fair chance for everyone to avoid being hacked. A good start is your consideration to switch from Windows to Linux. Just because Windows is used far more often, and by, usually, far less knowledgable users, there is simply far more to win for hackers if they attack Windows than Linux. But, simply switching OS is not enough. So, before you start you should consider to follow some guidelines. A first is to not use your current installation to download anything on, that you consider to use later. You can use some other device to download some ISO and verify the checksum afterwards and then copy that ISO to a USB device, or a real CD-rom. Then you have a reasonable chance that you have the software that was offered on the download page. Whether that software is free of trojans or virusses, no-one can 100% guarantee you. But, as said, you have a fair chance.

So, then you install the OS on your computer, and then you probably want to be able to access your old files. Before you do so, install anti-virus software (ClamAV is, what I've heard, the most popular tool for Linux, don't forget to update the database, however).

You have to more, though. Spend some time on configuring your firewall (in modern Debian that would be Firewalld (which configures netfilter).
Another thing is to enable the Debian security package repository and regularly (anytime you start working, or create an hourly cronjob) update and upgrade your packages. If a new kernel is delivered, reboot.

It won't stop there. If you're not already using it: start using some password manager (1password, Lastpass, Keepassxc are all good ones) and change the passwords of all the accounts you have. You cannot exaggerate this. Every account you have should have a unique, complex, password. If you can: enable whatever form of second factor authentication you can find.

I wrote this late evening, so, probably many other, smarter people will notice things I forgot to write. And, as, in general, the Linux community thrives by helping each other: they will tell us what I forgot. And hopefully you will get much more helpful answers to your follow-up questions. Because the basis of your question is a good one and clearly, the cynical answer you got is not what you deserve.

Good luck with your switch to Linux, welcome in the Linux world and from now on: your journey begins. It will, at times, be difficult. But if you're willing to learn, you'll probably never regret this step. And later, please do answer questions if you think you can be of a help to others.

Kind regards,

Alex

On Sun, 2023-01-22 at 12:30 -0600, Jonathan Hutchins wrote:

The only way to achieve 100% security is to totally disconnect the
computer, including any power connection. You are still vulnerable to
physical attacks, so for total security destroy all of the components.

Hello. I'm a Windows 10 user. Unfortunately, I've used a lot of cracked programs in the past. I want to switch to debian and use only legal software. I want to write debian netinst to a flash drive. Is it possible that the distribution on the flash drive will be hacked through a Trojan or the sources of downloaded files from the server will be changed during installation? I create websites. It is important for me to know that my system is 100% secure and information is not shared with third parties.

Reply to:

Follow-Ups:
- Re: How to get 100% secure debian system?
  - From: Michel Verdier <mv524@free.fr>

References:
- How to get 100% secure debian system?
  - From: Roman <romansouth7@gmail.com>
- Re: How to get 100% secure debian system?
  - From: Jonathan Hutchins <hutchins@tarcanfel.org>

Prev by Date: Re: How to get 100% secure debian system?
Next by Date: Re: How to get 100% secure debian system?
Previous by thread: Re: How to get 100% secure debian system?
Next by thread: Re: How to get 100% secure debian system?
Index(es):
- Date
- Thread