Linux · Recovery Guide

Lock Down Your Linux Desktop: Updates, Firewall & Sandboxing

Improve the security of your Linux computer with these simple steps to keep your system updated, your network protected, and your applications contained.

Keep Your System Up to Date

Regular updates are crucial for patching security vulnerabilities and improving system stability. Think of it like keeping the locks on your house doors free from rust.

1. Enable Automatic Updates: Most Linux distributions allow you to set up automatic updates. Check your system's settings for 'Software & Updates' or 'Automatic Updates'.
2. Perform Manual Updates Regularly: Even with automatic updates configured, it's good practice to manually check for and install updates. Open a terminal and run sudo apt update && sudo apt upgrade (for Debian/Ubuntu-based systems) or sudo dnf update (for Fedora/RHEL-based systems).
3. Reboot After Kernel Updates: If your updates include a new kernel version, it's essential to reboot your system to ensure the changes take effect. Your system will usually prompt you to do this.

Set Up a Firewall

A firewall acts as a barrier between your computer and the internet, controlling what network traffic is allowed in and out. It's your digital bouncer.

1. Enable UFW (Uncomplicated Firewall): UFW is a user-friendly firewall interface commonly found on Ubuntu and other Debian-based systems. Open a terminal and type sudo ufw enable.
2. Check Firewall Status: To see if your firewall is active and what rules are in place, use the command sudo ufw status verbose.
3. Allow Essential Services: By default, a firewall might block necessary services. For example, to allow web traffic (on port 80 and 443), you'd use sudo ufw allow http and sudo ufw allow https.
4. Block Unnecessary Ports: It's good practice to block all incoming connections by default and only allow those you specifically need. UFW does this when you enable it, but you can add specific deny rules if needed.

Harden Your Browser with Sandboxing

Web browsers are often a primary target for attacks. Sandboxing helps isolate your browser from the rest of your system, limiting potential damage if you encounter malicious websites.

1. Understand Browser Built-in Sandboxing: Modern web browsers like Chrome, Firefox, and Edge have built-in sandboxing features that run web content in a restricted environment. Keep your browser updated to benefit from the latest protections.
2. Use Browser Extensions for Extra Security: Consider extensions like uBlock Origin to block ads and trackers, and HTTPS Everywhere to enforce encrypted connections. Always research extensions before installing them.
3. Consider a Dedicated Browser for Sensitive Tasks: For online banking or other critical activities, use a separate browser profile or even a different browser entirely to minimise risk.
4. Run Browser in a Sandbox (Advanced): Tools like firejail can create a more robust sandbox for your browser, further isolating it from your system. Install with sudo apt install firejail and run your browser with firejail firefox or firejail google-chrome.

Practise Good Digital Hygiene

Beyond technical configurations, your daily habits play a huge role in your computer's security. Good digital hygiene is like washing your hands to prevent illness.

• Use Strong, Unique Passwords: Never reuse passwords across different accounts. Use a password manager to generate and store complex passwords.
• Enable Two-Factor Authentication (2FA): Wherever possible, activate 2FA for your online accounts. This adds an extra layer of security beyond just a password.
• Be Wary of Phishing Attempts: Always double-check the sender of emails and the legitimacy of links before clicking. If it looks suspicious, it probably is.
• Regularly Back Up Your Data: In the event of a security incident or system failure, regular backups ensure you don't lose your important files. Store backups offline or in a secure cloud service.
• Install Software Cautiously: Only download and install software from trusted sources. Be careful with repositories or direct downloads from unfamiliar websites.