Despite having vowed to keep my Xandros Linux operating system as simple as possible, I continue to find myself tinkering. I had initially planned to use this only as a web-browsing ebook reader and to avoid using it for online purchases or for any other activities that would require real security. But as I have grown fonder of the machine and as I have found that it could totally replace my Ubuntu-loaded Acer laptop, I have been drawn into further explorations of security issues.
Generally speaking, Linux is so much more secure than a Windows system that it is unnecessary to run antivirus software, but it is desirable to protect any computer with a firewall of some kind. Fortunately our DSL router allows creation of a very strong firewall in our own wifi connection. I checked this with GRC's "Shields Up" and found the protection excellent. Most Linux releases also include a firewall for the individual machine (Iptables, which is often invoked with Firestarter). The version of Xandros on the Eee PC does not, however, allow Iptables. Then, too, to speed boot time and simplify things, all Xandros Eee's log in with "user" (instead of allowing or demanding unique user names); this further compromises security. I see the advantages to skipping a login screen on a netbook so I'm not complaining, but from a security point of view it is not ideal. Since I very much want to keep running the trim, efficient Xandros that came with the machine, I started looking into alternative means of creating security.
The answer is easily found on the excellent wiki.eeeuser.com site. Their guide for owners has a whole section on security, which taught me much about Linux security in general and about the particular quirks of the standard Xandros OS. A step-by-step guide walked me through the necessary terminal commands for closing all the open ports on my Eee. (The vulnerability exists only because the base installation is set up to allow networked printing with Windows computers through the Samba service.) After closing down these open ports, this is probably the most secure computer I have ever used. True, it does not operate behind a formal firewall program, but firewalls basically control traffic through open ports. No open ports equals no need for a firewall--at least so I'm told. And who ever knows the hard facts about any of this?
No comments:
Post a Comment