Xubuntu

Luku 11. Keeping your computer and personal information safe

Sisällys

Keep your software up to date
Passwords
Tips for good online security
Varmuuskopioi säännöllisin välein
Consider encryption
Using your computer in a shared environment

Keeping your computer and personal information safe from security threats is one of the most important aspects of computing today. This guide aims to help you achieving a higher level of security. Pay particular attention to the following subsections:

Keep your software up to date

Security updates are very important. They are the best defense you have against the people who want to harm your computer, and you should install them immediately. When a security update is released, hackers already know how to abuse computers that are not up-to-date. In the worst case scenario, they are searching for victims to hack with automated programs in under a few hours.

Automatic security updates are enabled by default in Xubuntu. If you want to change the settings for the automatic updates, go to the Updates tab under Settings ManagerSoftware & Updates and change the settings to your liking.

[Varoitus]

If you disable automatic updates, you are lowering the security level of your computer. When the automatic updates are turned off, it's essential to remember to upgrade manually often.

[Vihje]

If you use an Internet connection with limited bandwidth and do not want to use automatic updates, remember to update every time you have access to an unlimited connection.

Passwords

Use strong and unique passwords for important accounts

Using strong and unique passwords for important and sensitive accounts helps prevent unauthorized access to your personal information, identity theft and direct financial losses. Consider the following scenario:

  1. Alice uses identical passwords for mytrustedbank.com and insecureblog.com

  2. insecureblog is hacked and Alice’s information and password are stolen

  3. Hackers can now access Alice’s bank account and steal her money

Password reuse can turn into a disaster. You should pay attention to use unique and strong passwords for the following services:

  • Email accounts. Email accounts can be used to reset all your other passwords via the “Forgotten password” links found on all websites.

  • Key stores and password managers. It is worth having a good password for those services, since they allow you to avoid typing many other passwords!

  • Accounts related to banking, including PayPal and other payment sites. If someone can access these, they can steal your money.

What is a strong password?

The strength of a password depends on how hard it is for an attacker to guess it. Attackers use special programs that can make millions of guesses per second, so weak passwords don’t stand a chance.

Some passwords (like monkey, password, test, 123456) are extremely common. If you use those common passwords, your accounts will be hacked easily. However, adding capital letters, numbers or symbols is often not enough to turn a weak password into a strong one. This is because people reliably pick the same additional symbols and numbers (for instance, monkey1 is more common than mo5nkey, and also more common than monkey hoover).

It is better to choose a longer secret, such as a pass phrase (for example correct horse stable battery), than a secret that is both hard to remember and easy to crack. Consider using a series of common words which you can easily remember. Do not pick words that people around you would naturally associate with you (for instance, you should not pick poker related words if you play poker every day).

How to reuse passwords safely?

While using the same password for multiple accounts is not encouraged, everybody ends up doing this, even security experts. There is no definitive agreement among security researchers on how to reduce the risk of reusing passwords, but you should consider the following:

  • Separate your professional password from your personal passwords.

  • Avoid mixing passwords between websites where attackers can damage your reputation and low-value websites.

  • Use a password you're willing to lose for sites you do not trust.

  • Do not "waste" passwords on websites you connect to once a year. Make up a random password and use the "forgotten password" feature next time.

When to change your password?

You don’t need to change your passwords every other day. In many cases, if an attacker could steal your password, they will be able to steal it again in the future.

If you do need to change your password, you must pick one that is actually different from the previous one. For example, monkey5 is not an acceptable substitute for monkey4, and it will be easily guessed by an attacker who already stole your previous password!

How to change your login password

To change your password, follow the steps below:

  • Avaa AsetuksetKäyttäjät ja ryhmät

  • Napsauta käyttäjänimeäsi listalla

  • Napsauta Vaihda... Salasana-otsikon vieressä

  • Ensin syötä Nykyinen salasana

  • Nyt voit joko

    • Luoda satunnaisen salasanan valitsemalla Luo satunnainen salasana ja napsauttamalla Luo

    • Valita uuden salasanasi itse kirjoittamalla uuden salasanan Uusi salasana ja Vahvistus -kenttiin

  • Lopulta, napsauta OK vahvistaaksesi salasanan vaihtamisen

[Varo]

Vaikka Xubuntun voi asettaa kirjautumaan automaattisesti käynnistyksen yhteydessä, on automaattinen sisäänkirjautuminen erittäin epäsuositeltavaa, sillä se tarjoaa järjestelmällesi vähemmän turvaa. Käytä automaattista sisäänkirjautumista vain jos voit luottaa jokaiseen, jolla on pääsy tietokoneellesi.

Watch out for stolen passwords occasionally

Websites like haveibeenpwned.com can tell you if your email address or username appears amongst databases of stolen passwords. It is a good idea to check it every other month. Besides, you may occasionally hear about a service you use in the news, or get an email from a service provider informing you that they have been hacked. When you are confident that a password has been compromised, you should:

  1. identify all the services where you used that password

  2. change your password on all those services

  3. verify the recent activity on the concerned accounts (watch out for money transfers; also, email services often keep a log of your recent connections with IP addresses and locations)

[Varoitus]

Never reveal your password to a third-party website. The website above is OK to use because asks for an email address, which is relatively public information. It does not ask for a password. Websites that ask for your password will most likely misuse it.

What about password managers?

Password managers are a very convenient way of using many unique passwords without having to remember them all!

[Vihje]

There are several password managers available in the Ubuntu Software Center, including KeePassX and PaSaffe.

Some password managers, like KeePassX can synchronise your passwords across devices, including Windows or OS X computers. You should be aware of a few limitations, if you decide to use a password manager:

  • Online password managers can be hacked too. Do not store your email or bank passwords in a password manager.

  • Use a memorable password to unlock your password manager! If you lose that password, you could end up losing access to all your accounts (another good reason not to store emails in your password manager).

  • Proprietary password managers should not be trusted. Nobody knows what they do with your passwords.

  • You may need to use some accounts from your friends or family’s devices. For those accounts, you can tell your password manager to use a specific and memorable password instead of a random password.

If you keep the above advice in mind, password managers can be a great way to stay more secure, more easily!

Tips for good online security

Do not run scripts or install applications from unknown sources

  • Install applications from the repository whenever possible.

  • When running a script found on a troubleshooting or support website or given to you on IRC, take a moment to look at it, or ask a third-party to confirm what the script does. Be especially wary of scripts that require root access, as they could compromise other users' accounts.

Keep your browser clean for sensitive activities

Web browser extensions are a popular mechanism among hackers for harming users. They are especially relevant to Linux, since they are compatible with all platforms. Malicious extensions could steal your passwords, monitor your activity online for advertising, abuse your social media accounts or steal your money.

You can take measures to limit the risks you expose yourself to:

  • Never install an extension that is not distributed by your browser vendor

  • On Firefox, use a separate user profile for sensitive activities like banking and e-shopping. Firefox user profiles do not share extensions (see Use the Profile Manager to create and remove Firefox profiles).

  • On Chrome and other browsers, use the Incognito mode for sensitive activities like banking and e-shopping. Incognito mode disables extensions.

Remember email security

  • Do not open email attachments from people that you don’t know, or if you think the content of the email is incoherent or suspicious (for example invoices coming from people you have never heard of).

  • Do not reply to spam. This will inform spammers that your email address is active, and it will incite them to send you more spam.

Consider firewalls if your computer hosts Internet services

If you run public facing Internet services, or are not on a NAT, you should consider using a firewall. Most home users are not concerned by this measure.

Understand that firewalls are not very useful in their default settings. You should consider what you want to achieve and configure the firewall accordingly. Firewalls can protect you against denial of service attacks, limit access to a service to specific IP addresses or inspect and reject suspicious packets. However, they cannot protect you against unknown or emerging threats, and they do not replace the need to install security updates.

Varmuuskopioi säännöllisin välein

Ongelma, jonka voit toisinaan kohdata on töidesi ja asetuksiesi odottamaton katoaminen syystä tai toisesta. Kyseiselle tietojen katoamiselle on useita ja vaihtelevia syitä aina sähkökatkoksista tiedoston vahingossa poistaminen. On erittäin suositeltavaa että otat säännöllisiä varmuuskopioita tärkeistä tiedostoistasi jotta et ongelman kohdatessasi ole menettänyt näitä tiedostoja.

On järkevää säilyttää varmuuskopiot erillään tietokoneestasi; toisin sanoen sinulla tulisi olla jonkinlainen tiedostonsäilytysjärjestelmä joka ei ole pysyvästi liitetty tietokoneeseesi. Vaihtoehtoja ovat muun muassa kirjoitettavat CD- ja DVD-levyt, ulkoiset kiintolevyt, USB-tikut ja muut verkkoon liitetyt tietokoneet.

A simple way of backing up your files is to manually copy them to a safe location (see above) by using the File Browser as well as the Archive Manager which lets you compress files and pack them together. Alternatively, you can use a dedicated backup application.

Yleisiä ohjeita hyvien varmuuskopioiden pitämiseen:

  • Varmuuskopioi säännöllisin välein

  • Testaa aina varmuuskopiosi niiden tekemisen jälkeen jotta voit varmistua että varmuuskopiointi on onnistunut

  • Merkitse varmuuskopiosi selkeästi ja pidä ne turvallisessa paikassa

[Vihje]

Varmuuskopiointiin on saatavilla useita sovelluksia Ubuntun sovellusvalikoima -sovelluksesta, mukaan lukien Dejà Dup ja luckyBackup.

[Vihje]

If you use online backup services like Dropbox, it is a good idea to first encrypt your documents and upload an encrypted archive. This will prevent the online services staff from accessing your documents.

[Vihje]

Backups can also be an effective protection against ransomware, which encrypts your data and will only decrypt it if you pay the developers. To keep clean from ransomware, avoid installing applications from unknown sources. For more information, see ”Do not run scripts or install applications from unknown sources”.

Consider encryption

Full disk encryption is a good measure to protect your computers content should it get stolen. You should consider it if, for instance, your job involves valuable Intellectual Property or executive responsibilities. Remember that full disk encryption will not protect you if you do not shutdown your computer when you are not using it.

[Vihje]

The easiest way to enable full disk encryption is to do it during the installation.

[Vihje]

You can also create encrypted volumes using dedicated software, for example LUKS. Encrypted volumes can contain arbitrary data of any length. You can mount them like you would insert a USB key when you need to access their content, and keep them closed the rest of the time. Describing the process to do this is outside the scope of this documentation, but there are numerous tutorials online.

Using your computer in a shared environment

Do not use shared accounts

Kun Xubuntu on asennettu, se on valmisteltu yhden käyttäjän käyttöön. Jos useampi kuin yksi henkilö käyttää tietokonetta, on parasta luoda jokaiselle käyttäjälle oma käyttäjätunnus. Lukeaksesi lisää käyttäjien lisäämisestä, lue ”Käyttäjät ja ryhmät”.

Lukitse näyttösi kun olet poissa

Näytön lukitseminen estää muiden henkilöiden pääsyn tietokoneellesi kun et itse ole paikalla. Kaikki sovelluksesi ja työsi säilytetään avoimina sen aikaa kun näyttösi on lukittu.

Lukitaksesi näytön, paina Ctrl+Alt+Delete tai napsauta Lukitse näyttö.

Avataksesi näytön lukituksen, siirrä hiirtä tai paina mitä tahansa näppäintä. Sitten syötä salasanasi ja paina joko Enter tai napsauta Avaa lukitus -painiketta.

Jos useammalla kuin yhdellä henkilöllä on käyttäjätili tietokoneellasi ja näyttö on lukittu, muut käyttäjät voivat napsauttaa nuolipainiketta käyttäjän nimen oikealla puolella, valita nimensä listasta ja syöttää salasanansa käyttäkseen tietokonetta vaikka näyttö olisi lukittu. He eivät pääse näkemään avoimena olevia töitäsi. Voit palata lukittuun istuntoosi kun he eivät enää käytä tietokonetta.