[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On 07/11/12 13:55, Neil Winchurst wrote: > My previous thread about security resulted in 102 replies so I thought I > had better start a new one. Obviously security is important and of > interest to most list members. > > I have read the comments and suggestions very carefully. As I have > mentioned I am preparing for a new install on my current desk top which > is currently running Mint 10 KDE, very out of date now. > > I just use the computer at home. My wife has her own laptop using the > wifi signal from the router and running Xfce. My desktop is linked to > the router via a cable and will be running either KDE or Xfce. I will > not be doing any file sharing. I use the computer for emails, browsing > and running a personal web site. We both keep our machines switched off > when we are not actually using them. > > _______________________________________________________________________ > > > The recommendations seem to be as follows, please correct me if wrong. > > > > Use a strong password to log on (which I have always done) > > A virus scan is not needed since we both use Linux only. > > We do not need file sharing so do not need SSH. > > I ought to set up some firewall on the desk top. Have not yet sussed out > which one. > > When I install, set up /home in its own partition which I do already. > > It was suggested that encrypting /home would be a good idea. > > Store really important files and a list of passwords separately, eg on a > USB stick. I already keep some important files, encrypted, on the web site. > > Also install and use keepass2 as extra storage of passwords etc. I > already use keepass but there is now an updated version. > > Re security, have I missed anything please? > > Thanks for any help. Other list members may well be interested too, > > Neil > > > > Sounds like you've pretty much got it covered Chief! SSH is useful for a lot of things, but if you don't want it, don't bother. Whatever firewall manager you choose is up to you - anything will do, it's going to be talking to iptables at the backend no matter what. Upgrade to keepass2 simply by starting it, and going File > Import and choosing your old keepass file (I think it's an .idbx file, or something like that) to pull in all your old entries. Lastly, if you do choose to encrypt home, which is probably a good idea, you will get a dialogue at some point telling you it's generated a key header file that you should record and save somewhere safe: it's really *not* joking about this. If your encrypted home is ever corrupted or the password lost (and there has been a nasty ext4 bug recently) you will need that header backup to recover your partition. Of course, if you're maintaining good and constant backups, you can recover from there but thought I should mention it. Good luck! -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq