This is an area I am interested in, too.
Let's think about the computer as a 'line of defense' for sensetive
information, such as banking records, private cryptography keys and personal
information.
--
The first line of defense is Libreboot. Libreboot is:
1. Not backdoored: It cannot be used to remotely access the peripherals of
the computer, such as to act as a keylogger, like proprietary BIOS firmware
can.
2. True full disk encryption: you can encrypt the /boot partition because
Libreboot has its own GRUB payload (or depthcharge on ARM). Write protection
of Libreboot offers further protection
3. Kernel signature checking: use GnuPG to check if your kernel was signed by
you.
--
Your next line of defense is full disk encryption. Do not use any method
other than Diceware to generate the passphrase. A Diceware passphrase is very
long, so cannot be brute-forced, it has lots of entropy, because you generate
the words from a list using a physical die (or dice). Make a passphrase that
is at least 8 words long, which should be sufficient through to 2050. I used
to have a 10 word passphrase but I once could not remember it all, even
though I had used memory techniques such as imagining a story.
--
So what happens if you download some file designed to exploit a zero-day
vulnerability in the Linux kernel, to execute arbitrary code and install
malware? It could come from malicious JavaScript (bypassing NoScript using an
undiscovered bug, for example), or a man-in-the-middle attack. The answer is
a Grsecurity-patched kernel, with PaX flags and a restrictive access policy.
There is a pre-built kernel in the Debian repo but I patch Linux-libre and
build it from source as I got strange errors. Here are the benefits of grsec:
1. Prevents most arbitrary code execution: PaX flags for ELF executables is a
'least privelige' approach, in that executables should only have enough
access to priveliged parts of the system that they absolutely need. It
prevents things like buffer overflows that can be used to gain root
priveliges. It breaks a few programs, such as gnome-shell and firefox, so you
need to manually set the flags sometimes.
2. Managing access control lists: the gradm administration facility for grsec
creates an access policy, throught the Role-Based Access System (RBAC). You
set it to run and 'learn' typical system activities, and then you commit it
to a custom access control list, which prevents programs from doing things
out of order. You have identities that are not recorded, such as the 'admin'
identity, which would then prevent programs doing 'administrative' activities
they shouldn't. This is really powerful and easy to use.
--
Apparmor profiles can help restrict the system access for applications, with
each program having a set of profiles. This does not require much
configuration as most distributions have a set of profiles prepared earlier.
--
SELinux is apparently quite difficult to use. It was developed by the
National Security Agency (NSA) in the USA. I do not use it so have no idea
how it really works. It is made by the NSA but backdoors are probably
unlikely because the NSA use it to protect their systems, and probably would
not want rival intelligence agencies getting exploiting it.
--
If you are concerned by surveillance then Tor Browser Bundle is essential. In
fact, if you follow any of this advice, take heed of this! Tor offers great
benefits to security and privacy because it gives you as much anonymity
online as is possible right now. There is also a 'hardened' Tor Browser
Bundle' available to AMD64 architecture GNU/Linux. You should be aware of the
following:
1. Tor is a network by which you can have anonymity. It diverts your traffic
through several nodes, until you get to the exit node, which accesses the
internet. So if you are behind the Great Firewall of China, you could have
your traffic exit in, say, Japan, Germany, America, or wherever there is an
exit node.
2. Tor is slower than the normal internet. Idiots use it to torrent, which
not only unmasks their identity (because torrenting applications generallly
are designed to get round network restrictions), but slows the whole network
down for everyone else. The network is large but it is not large enough to
facilitate large volumes of traffic at high speed. Foertunately, it is more
than sufficient for browsing news websites, online forums, etc.
3. You should learn to use Tor and the Tor Browser Bundle safely. If you log
into online accounts that weren't created using Tor or using a Tor-created
email address then you reveal your identity and possibly all of your usage
history for that session. This is arguably worse than not using Tor at all
because there is evidence that mass surveillance tracks Tor users especially.
I will include the link to using Tor well. Similarly, do not try to 'Torify'
applications not desinged to work with Tor, such as the aforementioned
torrenting clients. You may do it wrong and reveal your IP address. That
being said, if you Torify your email, even if it is not anonymous (if you are
using an ethical email provider they probably won't log IP addresses and
probably would not have asked for your real name) you can gain location
privacy. You should encrypt your email if you do this though, because a Tor
exit node operator could read them (they are basically like postcards).
--
Email encryption is really important too. Public-private key cryptography
allows you to send and receive email such that it can only be read by the
person it is meant for.
--
Firewall. The GUFW app in the repos does this. You should at the very least
block all incoming connections.
--
Links
- Libreboot FAQ, basically everything you need to know:
https://libreboot.org/faq/
- Diceware FAQ, I use the alternative Beale word list on the website because
it has fewer "American-isms":
http://world.std.com/~reinhold/dicewarefaq.html#howlong
- Micah F. Lee's article about getting a grsec kernel:
https://micahflee.com/2016/01/debian-grsecurity/ (patch Linux-libre, not
official Linux kernel; malicious firmwares are a real risk)
- Grsecurity website: https://grsecurity.net/
- "Playing with grsecurity, a brief tutorial":
https://judepereira.com/blog/playing-with-grsecurity-a-brief-tutorial
- "Grsecurity/The Administration Utility":
https://en.wikibooks.org/wiki/Grsecurity/The_Administration_Utility
- Apparmor: https://wiki.debian.org/AppArmor/
https://wiki.debian.org/AppArmor/HowToUse
https://en.wikipedia.org/wiki/AppArmor https://wiki.ubuntu.com/AppArmor
- Security-Enhanced Linux: https://www.nsa.gov/what-we-do/research/selinux/
https://en.wikipedia.org/wiki/Security-Enhanced_Linux
- The Tor Project and FAQ: https://www.torproject.org
https://www.torproject.org/docs/faq.html.en
- Tor Browser Bundle: https://www.torproject.org/projects/torbrowser.html.en
- "Email Self-Defense": https://emailselfdefense.fsf.org/en/
- Gufw: https://help.ubuntu.com/community/Gufw
