I want to secure my Ubuntu PC from any threats (network/online to local/offline protection). What all can I do?
Security – Securing Ubuntu in Every Possible Way
Security
Related Solutions
Disk encryption only works to the point where you've got somebody manually unlocking it. If the server can boot itself and start up without human interaction, if somebody gains access, they've got the data.
Here are a few ideas ranging from basic to silly.
Lock the server in a box. Bolt the box to a wall. Treat it like a safe.
Make the restaurant contractually liable for the physical security of the software. Make it known that their copy is watermarked and if it ends up on a torrent site, they're liable for the lost sales. But do it without sounding like a douche.
Physical port blocking: Blank off any USB, serial, etc ports.
Glue SATA cables into their ports (and block other SATA ports).
Lock the BIOS. Disable other SATA ports. Disable USB. Disable everything you're not using.
Rebuild the kernel with
make localmodconfig
so the only drivers your kernel has is for the hardware it's dealing with.Consider full-disk encryption with a physical key like a smart card or a good biometric system. Staff will leave smartcards in (because they've got better things to do) but biometric might work if you implement some sort of auto-shutdown at the end of the day.
Physical DRM. Dongles devices that form part of the code execution. They're really expensive to create and aren't insurmountable (cite: Autocad's torrid and failed relationship with dongles).
"Phone home" if the server is opened. Script something up that looks at internal light levels. If they increase dramatically, trigger a SMS via an attached dongle (you might be introducing a new attack vector).
A lot of these things don't just make the server more secure, they make it much less robust and harder to fix... Most of these countermeasures are at least an extra point of failure.
Consider that with most applications, their maximum shelf-life is five years. Making this cheap enough not to bother stealing might be a better strategy.
Giving out your public IP address simply makes you a target. It is like posting your email address. Malicious people will then be able to use your IP and target your computer. Whether they will be successful or not depends on the way you've set up your machine but in any case, the first step will be getting your public IP.
Now, posting your internal IP, is not dangerous at all. For example, my current internal IP is 192.168.0.37. There are certainly thousands of computers all over the world that are connected to their local LAN using the exact same IP. Internal IPs are just that, internal, they have absolutely no meaning outside your own network and sharing them is not dangerous.
The same goes for the rest. All of the information you mention is specific to your local network (assuming you mean the broadcast address of your internal IP, not the public one) and there is no danger in sharing them whatsoever. In fact, please make sure to use real addresses when you ask questions since they can help us understand where the error lies.
In summary, you don't really want to share your public IP or the MAC address of your network card but internal IPs, broadcast address, subnet mask, default route (that's just the internal IP of your router) and DNS servers can be shared with no risk. DNS servers are public anyway and all the rest are internal to your local network and have no meaning outside it.
Best Answer
The best way to secure any computer that way is just to unplug it.
Security threats have been around and will continue to exist, and that's something you have to understand. However there are a few tips, costumization that you can do to have a more secure box.
A lot of these security measures are present in a wiki here: Ubuntu Security
Here you will find an introduction to the most famous forms of attack and how to prevent them, including:
Introduction to AppArmor
Host-based Intrusion Detection Systems (HIDS)
Network Intrusion Detection Systems (Snort)
Viruses
SSH and VNC
Firewall
etc.
Luckly, there are a few good resources where you can learn more:
Security
My favorite site for security
InstallingSecurityTools
The Big Ol' Ubuntu Security Resource
Locking Down Ubuntu
Basic info
Because there are so many measures one can take reading for those sites is a good place to start. I can resume some of the basic measures:
sudo chmod 0700 /home/your-user-name
Also there's an Ubuntu version called Ubuntu Server that you should try.