I am paranoid about security. I had some discussions on the web about this topic. Some people told me to use BSD coz they think its more secure. I tested GhostBSD but unfortunately my bluetooth is not supported.

Lots of people kept saying "it depends on the user". I am tired of listening to that sentence.

I tried to install qubes os but unfortunately my hardware is not supported.

To keep my Linux distro secure I do 3 things :

1)I have enabled ufw
2)I run network facing apps like Firefox, Hexchat, Brave inside a firejail sandbox.
3)I install updates as soon as they are offered.

Frankly I don't know what else to do.

What do you think ? Is there any other step I should take ?

So bluetooth is more important than your security?

Installing software is not enough you need to configure and maintain them continuously.

Why don't you install a scanner (like clamav - if you are paranoid)?

In that case you are lost. What do you think how can it be accomplished? The admin should maintain the system, apply [vulnerability] patches, configure daemons, services, follow the news .....
If you won't do that your system will not be secure.

remove/disable all the services you do not need.
if you are really paranoid just disconnect it from the net.

1 members found this post helpful.

if you are concerned about security, maybe install maldet / antivirus / small footprint distro, like arch / hardened kernel / suricata in IPS mode , thats what comes to my mind.

1 members found this post helpful.

Do your research until you understand how ridiculous that statement is.

No bluetooth is not more important than security but the thing is I watch movies using my desktop & I use a bluetooth headphone for that. I simply can't avoid using bluetooth.

I install updates as soon as they are released.

I read that clamav scans for Windows viruses. I use only Linux. I don't a single Windows PC at home. So I didn't install clamav.

I don't any services enabled. No ssh, nothing. All ports are closed. I have tested with nmap.

Thanks for that. I didn't know that bluetooth is such a security mess. What if I only use bluetooth when I need to use my headphone & physically remove the usb bluetooth dongle when I don't need bluetooth connectivity ? Is that a sensible idea ?

Edit : I found that I can disable bluetooth (please see attachment) Will this improve security ?

Attached Thumbnails

 

^ Thanks for not reacting to my obnoxiousness.
Yes, to some extent. Frankly, I have not researched if disabled bluetooth devices are still potentially reachable from the outside. But then, I'm not "paranoid about security".

My logic tells me that a disabled bluetooth receiver is a smaller security risk than an enabled one, and that a hard disabled bluetooth receiver is a smaller security risk than a soft disabled one.

Xanax is decent.....relax bro.

Trust me, but they can turn on anything in my house except the ones that are connected to a power bar
(in the off position).

I use the military model. The only machine I need fully secure is in a locked room, on filtered power, with no network, and a guard on the door. Actually I skip one step, if it was really military there would be someone monitoring that guard remotely. I am not that paranoid.


Anything less than that is a compromise. I am not the one who can tell you what you are using your machine for, what data you should or should not have on that machine, or what connections you should allow or accept to that machine to use or protect that data. When I DO that kind of thing, I start with a lot of business, procedure, threat, and operational data before I even make a suggestion, and I get paid. A LOT!


What kind of data do you have that you consider at risk? How do you use your machine that might open that data to unauthorized access? What is the real level of risk and how can you adjust to reduce that risk.

Don't answer those questions for ME, consider them yourself. You need to decide what your level of real risk is and how much inconvenience you are willing to live with to control that risk. And THAT is why you keep getting that advice you so hate. It is the shortest way to say the real best answer.

A wired headphone is not an option here?

I think you have two options. The isolated Crypto room special hardware inside a special room. Have no device enter or leave. No connection except filtered power.

The other option is to learn and use as many best practices as you can.
https://www.cyberciti.biz/tips/linux-security.html

Starting with a base may help. https://en.wikipedia.org/wiki/Securi...erating_system


Hackers get control by physical and external.

You limit the server to the very minimum needed to do tasks. From zero extra installed programs to zero services to the users with the most minimum permissions.

1 members found this post helpful.

"Security is a process." Exactly what "threat vectors" are you attempting to guard against in your present situation? Start from there.

Of course ... I presume that "your regular user account" is not "an Administrator" ... that is to say, a member of the wheel group. Of course. Of course it isn't ...? Which means that "rogue software," operating in your name but without your knowledge nor consent, could not permanently damage your system, no matter how hard they tried?

1 members found this post helpful.

There are several distributions that allow (and two that enforce) operation of all software in containers. It is horribly inefficient on space, and slightly less fast, but anyone using an application vector to attack finds themselves locked within a container that only exists until the application (and its container) close.

That only helps slightly if you bypass the protections and fire up a browser at host level and go to an insecure or compromised site. I still think it an option that someone with REASON to be paranoid should explore.

Oh, another member who promised to be gone forever with much drama and fanfare (several times actually) - and now "mysteriously reappeared"...

1 members found this post helpful.

So, who are you talking about and how exactly has that hurt YOU? Just curious.