Internet Security – Precautions When Exposing Desktop to Internet

configurationnetworkingSecurity

I've always used my Ubuntu desktop behind the security of a router with NAT, but there have been a few times when I've had to plug it directly into an active cable modem.

In general, what precautions I should be taking in situations when my computer is exposed to the internet like this for extended periods of time? Specifics that immediately come to mind are:

Are there any default network services I might want to disable?
Is there a need to modify the default firewall configuration?
Should I be concerned about services using password authentication?
What kind of logging can I do to be notified of unauthorized access?

I realize that questions like this are just the tip of the iceberg of expansive topics that entire professions are based upon, so let me make clear: What I'm looking for are a few straightforward recommendations of best practices or configuration changes that a desktop user would find useful in a default Ubuntu installation.

Best Answer

A standard ubuntu install should not activate network services that are accessible via the internet.

You can check via (for tcp):

netstat -lntp

Similar for udp, but udp does not distinguish between ports opened for listening or sending.

Thus, an iptables configuration is not necessary.

A bit off-topic perhaps, since following concerns you in any case (it does not matter if you are behind a router):

consider disabling flash (since the flash plugin has a big history of hilarious security problems)
consider disabling the Java-Plugin (if enabled) and enabling it only for certain sites (not as much security related problems in the past as flash, but a few)

And, sure, you probably know that, but anyways: Always work as normal-user as possible. Don't use firefox etc. as root ...

An example netstat -lntp output:

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      935/sshd        
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      1811/cupsd      
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      1755/exim4      
tcp6       0      0 :::22                   :::*                    LISTEN      935/sshd        
tcp6       0      0 ::1:631                 :::*                    LISTEN      1811/cupsd

The 127.0.0.1 entries are harmless, because those programs only listen on the local network interface.

sshd is an example of a service that listens on all available interfaces (0.0.0.0, i.e. including the one the cable internet modem is connected to) - but usually you have good passwords or disable password authentication and only use public-key.

Anyways, IIRC sshd is not installed by default.

The last two interfaces regard IPv6. ::1 is the address of the loopback device (like 127.0.0.1 in IPv4), thus safe. ::: is the IPv6 all network interface wildcard analog to 0.0.0.0 (IPv4).

Best Answer

Related Solutions

Ubuntu – the best way to launch a process when the Internet connection goes up/down

Security – Precautions with .deb Files Found on the Internet

Related Question