[SOLVED] Security Apps Question

[parkernathan]

On my Mac, I use a series of security tools from Objective-See (https://objective-see.com/), primarily Block Block, RansomWhere?, OverSight, and ReiKey. Are there any such alternatives available for Linux, or do I even need such utilities?

Thanks!

[RIH]

I think that most Linux Desktop users would not have any additional security applications at all.

I don't think that anti-virus/malware applications provide any needed additional security & can cause problems of their own.

Compartmentalisation certainly seems a way to go if a user has security concerns. Adding applications via the Flatpak system gives some additional security this way. As do specialist applications like Firejail.
https://firejail.wordpress.com

There are certainly many applications available to allow the monitoring of network traffic, although, for the most part I think these are aimed more at Server Admin than the desktop user.
https://www.tecmint.com/linux-network-b ... ing-tools/

[cliffcoggin]

I think it safe to assume that if any specific security tools were necessary in Linux Mint they would have been installed with the OS. That you have no such tools means you don't need them. By far the best security tool you can use is the one between your ears.

[legacypowers]

On my Mac, I use a series of security tools from Objective-See (https://objective-see.com/), primarily Block Block, RansomWhere?, OverSight, and ReiKey. Are there any such alternatives available for Linux, or do I even need such utilities?

Thanks!

In Linux Mint(and a good portion of the distros for now), X is the default display server, to put it in simple words(easy to understand, but not exactly technically correct), it is the program that applications(clients) connect to draw graphical stuff on the display of your machine, but it is possible that one X application(for example Firefox) to peek at another application, and it is possible that one application globally monitors keypresses, which can be used for good(like global keyboard shortcuts), or evil(like log every key stroke of your keyboard, like an keylogger) and what can be done to mitigate this issue?
Well if you are within the range of the official distributions repository, chances are that you are mostly secure(supply chain attacks are still a possibility).
But every now and then you will need to install a package(or execute a "random" binary) that don't come from the official repository, and what can be done to mitigate this security risk?
Sandboxing, which confines the application partially limits what it can access on your system.
As mentioned before, Firejail is the tool for the job, you can set a global, usually most restrictive, profile, and do custom profiles to tailor it for the purpose of the application,firejail have preset profiles for popular applications, which can also be customized.

Recommended reading: https://wiki.archlinux.org/title/Firejail

[Hoser Rob]

Linux just doesn't need all those security apps like Windows does. For one, you can't install anything in Linux without asking for a password (unless you;re dumb enough to turn that off, and you still need a strong password). For another, Linux doesn't leave unused network ports open like Windows does.

Your main issue in Linux is phishing and browser hacks. Use a good adblocker like uBlock Origin and other addons like NoCoin etc. NoScript is very good but too much of a PITA for many if not most users. And, of course, be careful what you click on.

[legacypowers]

For one, you can't install anything in Linux without asking for a password (unless you;re dumb enough to turn that off, and you still need a strong password).

Actually not true, the major part of the damage that a ransomware can do is within your home folder, and guess what it don't need super user permissions to do it.

For another, Linux doesn't leave unused network ports open like Windows does.

uuh what? an unused network port is an unused network port, the clue is in the name it is unused, no one is using it, unless there is a process using that port, that port is closed in any case and wont affect your security, independent of a firewall, in the case of having a service using a port, what a firewall can be beneficial is filtering the traffic, for example only allowing certain IP address to connect to that port, or inspecting the packets and dropping suspicious one(for example in linux, iptables is just a user interface to the netfilter kernel framework)
The name port leads people to believe that it is like a physical front door, and leaving it open anyone could enter, and firewall sounds cool beacuse fire, like you are drawing a line in gasoline and setting it on fire so no one can cross, but in reality the use case for firewalls is to filter packets.

Your main issue in Linux is phishing and browser hacks. Use a good adblocker like uBlock Origin and other addons like NoCoin etc. NoScript is very good but too much of a PITA for many if not most users. And, of course, be careful what you click on.

uBlock Origin is a good recommendation indeed, NoScript is also good but you will have a harder time making websites work depending on your configuration.
I would also add: DecentralEyes(improves your privacy by being harder to track by known and widely used Content Delivery Networks) , HTTPS Everywhere(Helps ensuring that you are connected and everything is being transfered thru an encrypted connection(SSL), enhancing your security(by making it harder to read traffic on a "Man In The Middle" attack and privacy, CanvasBlocker(improves your privacy by blocking HTML5 Canvas fingerprinting and Clear URL(remove tracking parameters on URL)

Also keylogging doesn't require super user privileges.

[parkernathan]

Thanks for the feedback. I'll keep Firejail in mind if I need to test an app in a sandboxed environment. I did install OpenSnitch since I used Little Snitch on my Mac, and I like to keep tabs at what apps call out.

I am using some of those browser plugins, and I'm also considering setting up a PiHole on my network for increased ad blocking (using NextDNS now, but I'd rather not deal with the yearly service charge).

We may also be getting a router upgrade over the summer with better network level protection/firewall which would be useful.

Thanks again!

[legacypowers]

I am using some of those browser plugins, and I'm also considering setting up a PiHole on my network for increased ad blocking (using NextDNS now, but I'd rather not deal with the yearly service charge).
We may also be getting a router upgrade over the summer with better network level protection/firewall which would be useful.

A PiHole is a great addition to your network, but that don't replace uBlock Origin; uBlock Origin is a little bit more than a mere adblocker, for example youtube ads aren't caught by PiHole, if you want to get a little more advanced you can use your pihole as a fully fledged recursive DNS server(if you are interested this guy made a video on how to do it), this way is a little bit harder for you to be affected by dns spoofing attacks(where a dns server gets compromised and the attacker can change the ip addresses that a domain resolves to).

about the router upgrade, don't worry too much about that, but if you wanna be sure, choose one that can be flashed with another firmwares like OpenWRT or FreshTomato, those firmwares gets way more updates which may enhance your security if a security vulnerability is found, on most default firmwares on Small Office / Home routers, updates aren't carried often, if any at all).

[parkernathan]

Good points. I'll check out UBlock and see about making PiHole a fully recursive DNS server.

What are some good routers that can be flashed with OpenWRT? In my office, I'm currently using a Cisco RV345 as my router and 16 port switch, and in another room, we have the Cisco CBW240AC for the WAP (where the WAP is located, it covers the entire building). We're looking at pivoting off of Cisco and onto Airfy, Check Point, or Ubuquiti, but I'm also open to looking at other options.

Thanks!

[legacypowers]

Good points. I'll check out UBlock and see about making PiHole a fully recursive DNS server.

What are some good routers that can be flashed with OpenWRT? In my office, I'm currently using a Cisco RV345 as my router and 16 port switch, and in another room, we have the Cisco CBW240AC for the WAP (where the WAP is located, it covers the entire building). We're looking at pivoting off of Cisco and onto Airfy, Check Point, or Ubuquiti, but I'm also open to looking at other options.

Thanks!

On the Open WRT website there is a list of supported hardware.

[parkernathan]

Great. Will check it. Thanks!

[parkernathan]

On OpenWRT, if I need a separate WAP from my router, does the WAP also need to be running OpenWRT if it's in AP only mode, or does it matter?

Thanks!