Re: Debians security features in comparison to Ubuntu
On Sat, May 17, 2014 at 4:38 AM, herzogbrigitte1@t-online.de
<herzogbrigitte1@t-online.de> wrote:
> Hello there,
> I'm a new user of the great Debian distro for my Desktop. But when I talked to a friend and I told him, that I'm using Debian (Wheezy) for my desktop computer, he told me that I shoudn't use it because it is not secure.
>
Maybe he meant that he didn't figure you could secure your Debian
system as well as Ubuntu secures the Debian system for some definition
of average user. (Are you the average user that the Canonical team
imagines?)
Otherwise, he was telling you that Ubuntu is secure even though the
foundation of Ubuntu is not.
Which is not the case, at any rate.
> He told me to use Ubuntu instead. He explained that with the fact, that Ubuntu has more security features enabled than Debian (also more compiler flags for security) in a fresh install. He gave me a link to the following site:
> https://wiki.ubuntu.com/Security/Features
>
That's a good list of all the currently fashionable "security"
features for Linux. Some of the items in the list are meaningful, some
are not. Most might be if you know what you are doing with them. None
of the meaningful items in that list are unavailable on Debian, and
the defaults are reasonably secure in Debian.
> So, I'm very happy with Debian but because my friend seems to be an expert for Linux, I don't know if I can use Debian. Can you tell me which of the security features promoted by Ubuntu are also enabled in Debian?
>
Security is not a package you can buy or download. Whether you choose
Ubuntu or Debian, if you are concerned about security, you need to
spend time learning about it The partly out-of-date pages that Riku
gave you links to are a good place to start.
The first question I would ask (but don't answer me, of course) is how
good your passwords are. This will be an issue with any OS you choose,
even seriously secure OSses like openBSD.
Your passwords should be at least ten characters, preferably twelve or
more, include alphabet and numbers and one or two punctuation marks.
One I used to use was something like "MI<ro$0fT5t!NKs". But don't use
that, of course. (When I realized that too many people know my
prejudices, I decided I shouldn't use it.)
The next question is whether you allow root login. (Again, don't
answer me, on or off list. Just check yourself.) If you allow root
login at all, use an extra strong password for root. You probably do
not want to allow root login from the network, but you may want to
allow root login from the console.
Changing the port sshd listens to is also a good idea.
Do not surf the web as root or as any administrator login id, of course.
Speaking of admin login ids, it's a good idea to have one non-root
login id that you only use for administrative tasks. And you should
avoid getting onto the web when logged in with the admin id. Which
means you need another id for general use, which makes two strong
passwords, three if you allow root login.
If you have a habit of downloading random apps from the internet,
unlearn that habit. Use your package manager instead, and think twice
or more about the apps that you can't get through your package
manager.
(This is turning into another blog post, I think.)
Anyway, the basics of security are the same, whether you use Debian,
Ubuntu, Fedora, openBSD, whatever.
--
Joel Rees
Be careful where you see conspiracy.
Look first in your own heart.
Reply to: