Virtualization for security.

[green_dragon34]

Using Mint 19.1 Cinnamon as base, I wanted to try to use Virtualization to create more secure OS.

Not having started this yet, I wanted to ask. What kind of software should I add to the Base Linux (Base Linux which does the internet communication, driver hardware?)

Anything I should remove, as it might save to cloud?

Like Firewalls, malware protection? Is there yet an Encrypted DNS, which I can lock onto, not allow a substitute DNS?

As you can guess, I am preparing an initial install.

Would anyone suggest an alternate Linux Stub to base my virtual machine on? (Something other than Mint Linux.)

Thanks for reading, and for those who take the time to reply.

[Pjotr]

Firejail is a fine sandboxing application, ideal for your web browsers:
https://easylinuxtipsproject.blogspot.c ... ndbox.html

You might find this article interesting, that I've written about security in Linux Mint:
https://easylinuxtipsproject.blogspot.c ... urity.html

[majpooper]

Firejail is a fine sandboxing application, ideal for your web browsers:
https://easylinuxtipsproject.blogspot.c ... ndbox.html

You might find this article interesting, that I've written about security in Linux Mint:
https://easylinuxtipsproject.blogspot.c ... urity.html

Firejail makes a lot of sense as it will sandbox your browser and any other apps you use to go online.
Although a VM will give you the benefit of sandboxing you can take a performance hit - so to my way of thinking Firejail is the best of both worlds - sandbox like a VM and no performance hit. VMs are great IMO for that Windows app that you need occasionally that there is just not a satisfactory native linux substitute.

There are several ways to accomplish encrypted DNS and to prevent DNS leak.

DNScrypt - I haven't used this method for a while but when I did it was very effective.
There is a HOWTO thread for DNScrypt on this forum
viewtopic.php?t=270777

VPN - This can depend on the vpn provider - some providers do not do a good job of encrypting your DNS queries and let your DNS queries go to your ISP un-encrypted.I use Private Tunnel which I like and tested and found it does send my DNS requests encrypted to it's servers. So if you go the VPN route you would need to research which VPN would encrypt your DNS.
https://www.privatetunnel.com/

PiHole - This is my favorite and what I am using now. This takes a little effort but well worth it IMHO. PiHole is a great add blocker as well as blocking other bad actors before they even get to your browser which improves your browser performance. As well you can configure DNS over HTTPS (DoH) to Cloudflare DNS servers for added protection. This gives you several advantages - performance, add blocking, malware etc. protection, just plain bad actor protection, encrypted DNS and preventing DNS leak. I did set up PiHole on a VM for testing and it worked fine so that could be an approach. But in the end I decided to run PiHole on an old laptop running LMDE - PiHole will run on any Debian based OS to include Ubuntu and Mint - you can even get a little RaspberryPi for ~ $100 and run it on that.
https://pi-hole.net/
https://docs.pi-hole.net/guides/dns-over-https/

[green_dragon34]

Looks like excellent knowledge. I will take some time to work on this, but not right now. I have a doctors visit coming up, where likely I will catch the Flu I have avoided so far. Thanks for the advice.