{{Header}}
{{#seo:
|description=Computer Security Introduction and General Advice. Steps for Better Security before Installing {{project_name_long}}.
|image=Abstract-989922-640.jpg
}}
[[File:Abstract-989922-640.jpg|thumb]]
{{intro|
{{security_intro}}

This page is an introduction to computer security.
}}
= Introduction =

{{mbox
| image   = [[File:Ambox_warning_pn.svg.png|40px|alt={{project_name_short}} first time users warning]]
| text    =
Before reviewing chapters in the Computer Security section, be sure to also read the [[Warning]] page.
}}

{{mbox
| type      = notice
| image   = [[File:Ambox_notice.png|40px|alt=Info]]
| text    = Wiki entries in this section purposefully focus on:
* General computing security information.
* Host operating system security advice.
* Preparatory steps before installing {{project_name_short}} using a Type I hypervisor ({{q_project_name_long}}) or a Type II hypervisor like VirtualBox or KVM.
}}

== Essentials ==

{{mbox
| type    = notice
| image   = [[File:Ambox_notice.png|40px|alt=Info]]
| text    = ''"Security is a process, not a product."'' -- Bruce Schneier, encryption and security expert. <ref name=schneier_security>
https://www.schneier.com/essays/archives/2000/04/the_process_of_secur.html
</ref> <ref>
In other words, security is a continual process -- not an end destination -- that is informed by new knowledge that is constantly gathered.
</ref>
}}

It is important to understand that {{project_name_short}} and all general software cannot guarantee absolute anonymity or security; 'perfect security' is a mirage. The reason is flaws in hardware and software are ever-present, as continual upgrades and patches inevitably introduce further coding <ref>
Security bugs generally fall into two categories: those which pose a passive threat due to eventual erroneous behavior, and the introduction of accidental vulnerabilities that are exploitable with malicious inputs.
</ref> or design errors which attackers of varying skill can profit from. As a consequence, the best approach is to try and mitigate risk exposure and provide defense in depth. <ref name=schneier_security /> <ref>
Schneier also notes several other security principles: limit privilege, secure the weakest link, use choke points, fail securely, leverage unpredictability, enlist the users, embrace simplicity, detect attackers, respond to attackers, be vigilant, and watch the watchers.
</ref>

With this understanding, a material improvement in security and anonymity requires 'raising the bar' against potential attackers and eavesdroppers: <ref>
https://github.com/maqp/tfc/wiki/Threat-model
</ref>

<blockquote>Security is a process, not a product. It is also about economics. Briefly explained, each attacker has a set of capabilities, privileges, and a certain amount of budget, time and motivation. Given enough of these resources, security of any process will fail; the goal when securing a system is to add layers of security that make attacks too expensive. Nation-state actors have massive budgets, and no single system can be made secure enough against targeted attacks. However, if widely deployed, systems that cannot be compromised with automated attacks, increase the attacker's cost linearly and thus force the attacker to pick targets. Such systems are the only way to make mass surveillance infeasibly expensive.</blockquote>

* The Computer Security Education section
* [[Post Install Advice|Post-installation Security Advice]]
* [[Warning|Warnings]]

If you have more time available, then it is recommended to read the [[Documentation]] widely.

== Motivation ==

If motivation is needed to secure your computer, refer to these articles:

* [https://krebsonsecurity.com/2012/10/the-scrap-value-of-a-hacked-pc-revisited/ The Scrap Value of a Hacked PC, Revisited (blog post).]
* [https://krebsonsecurity.com/2013/06/the-value-of-a-hacked-email-account/ The Value of a Hacked Email Account (blog post).]

If the reader is time-poor, then just review the [https://krebsonsecurity.com/wp-content/uploads/2012/10/HackedPC2012.png Hacked PC] or [https://krebsonsecurity.com/wp-content/uploads/2013/06/HE-1-600x333.jpg Hacked Email] figures, or briefly scan the summary tables below.

=== Hacked PC ===

US journalist and investigative reporter Brian Krebs notes there are a large number of malicious uses for hacked PCs, including ransomware, bot activity, stolen account credentials, webmail spam and much more.

'''Table:''' ''Value of a Hacked PC'' <ref>
https://krebsonsecurity.com/2012/10/the-scrap-value-of-a-hacked-pc-revisited/ Figure 1.
</ref>

{| class="wikitable"
|-

! scope="col"| '''Category'''
! scope="col"| '''Attacker Activity'''
|-

! scope="row"| Account Credentials
| eBay/Paypal fake auctions
Online gaming, website FTP, Skype/VoIP credentials <br />
Client-side encryption certificates
|-

! scope="row"| Bot Activity
| Zombies: spam, DDoS extortion, click fraud and CAPTCHA-solving
Anonymization proxy
|-

! scope="row"| Email Attacks
| Webmail spam
Stranded abroad advance scams <br />
Harvesting email contacts and associated accounts <br />
Access to corporate email
|-

! scope="row"| Financial Credentials
| Bank account and credit card data
Stock trading account <br />
Mutual fund / 401k account
|-

! scope="row" | Hostage Attacks
| Fake anti-virus
Ransomware and email account ransom<br />
Webcam image extortion
|-

! scope="row"| Reputation Hijacking
| Facebook, Twitter, LinkedIn, Google
|-

! scope="row"| Virtual Goods
| Online gaming characters, goods/currency
OS and PC game license keys
|-

! scope="row"| Web Server
| Phishing, malware download site <br />
Warez/privacy, child pornography server <br />
Spam site
|-

|}

=== Hacked Email Account ===

Krebs also notes the significant value of a hacked email account. Just one breach of an online email service permits the theft of valuable personal data, account/contact harvesting, re-sale of retail accounts, spam and much more. An email account is a particularly weak link, since once under the attacker's control they can reset the password, along with the passwords of many linked services and accounts.

'''Table:''' ''Value of a Hacked Email Account'' <ref>
https://krebsonsecurity.com/2013/06/the-value-of-a-hacked-email-account/ Figure 1.
</ref>

{| class="wikitable"
|-

! scope="col"| '''Category'''
! scope="col"| '''Attacker Activity'''
|-

! scope="row" | Employment
| Forwarded work documents and work email
Fedex, UPS, Pitney Bowes account <br />
Salesforce, ADP accounts
|-

! scope="row"| Financial
| Bank accounts
Email account ransom <br />
Change of billing <br />
Cyberheist lure
|-

! scope="row"| Harvesting
| Email, chat contacts
File hosting accounts <br />
Google Docs, MS Drive, Dropbox, Box.com <br />
Software license keys
|-

! scope="row"| Privacy
| Your messages, calendar, photos, Google/Skype chats
Call records (+ mobile account) <br />
Your location (+ mobile/itunes)
|-

! scope="row"| Retail Resale
| Facebook, Twitter, Tumbler, Macys, Amazon, Walmart
i-Tunes, Skype, Bestbuy, Spotify, Hulu+, Netflix <br />
Origin, Steam, Crossfire
|-

! scope="row"| Spam
| Commercial email
Phishing, malware <br />
Stranded abroad, email signature and Facebook/Twitter scams <br />
|-

|}

= General Advice =
Achieving greater security depends on how much time the user is willing to invest in {{project_name_short}} configuration. Security also rests upon the daily practices and procedures that have been adopted by the user, see [[Documentation]].

== Backups ==

{{mbox
| type      = notice
| image   = [[File:Ambox_notice.png|40px|alt=Info]]
| text    = It is important to store multiple, <u>encrypted</u> backups of sensitive data.
}}

If the user does not possess at least two copies of the original data, then it should be considered lost. The reason is data on one medium might become inaccessible and beyond repair at any minute. In this case, the computer would not even detect the risk, so data recovery tools would not be of help either. <ref>In such cases the user might get lucky with professional data recovery companies, but the usual cost is a few thousand dollars.</ref>

Best practice recommendations:

* Store the original, encrypted file on a medium like the internal hard drive.
* Create a first encrypted backup: for example, on an external hard drive from manufacturer A.
* Create a second encrypted backup: for example, on an external hard drive from manufacturer B.

For greater security and to protect from incidents like fire or theft, backups in separate physical locations are recommended. Additionally, backups can be stored on remote servers, but the user must be sure it is encrypted properly. <ref>That is, with a recommended encryption method and a [[Passwords#Generating_Unbreakable_Passwords|suitably long passphrase]].</ref>

== Safer Upgrades ==

* [[{{non_q_project_name_short}}|{{non_q_project_name_short}}]]: If running VM instances are not shutdown, there is a cross-contamination risk for new machines being imported into the virtualizer. For example, this is possible if a powerful adversary has taken control over those VMs currently in use. This action is not required if the user intends to create a new virtual network for the machines being imported.
* [[Qubes|{{q_project_name_short}}]]: Before upgrading {{project_name_short}} Templates, close as many open VMs as possible. Do not run VMs from different domains at the same time as upgrading.

= File Storage Location =

It is unsafe to store files directly in the root section of the home folder (like <code>/home/user</code>). <ref>This is because AppArmor profiles (and possibly other mandatory access control frameworks) are often required to grant read access to the root home folder due to technical limitations.</ref> It is far better to use a sub-folder and store the file there, for example:

* <u>Non-ideal storage location</u>: <code>/home/user/some-document</code>
* <u>Safer storage location</u>: <code>/home/user/my-documents/some-document</code>

The following sub-folders in the home directory should also be avoided: <ref>/etc/apparmor.d/abstractions/user-download</ref>

* <code>~/tmp</code>
* <code>~/Download</code>
* <code>~/Downloads</code>
* <code>~/download</code>
* <code>~/downloads</code>
* <code>~/Desktop</code>

If files are downloaded to the <code>~/Downloads</code> folder -- the only folder available if the Tor Browser [[AppArmor]] profile is enforced -- then move them elsewhere. A folder of your own choosing will keep its contents private from any confined application that is later (hypothetically) compromised.

Other folders that should also be avoided include: <ref>/etc/apparmor.d/abstractions/ubuntu-browsers.d/user-files</ref>

* <code>/media</code>
* <code>/srv</code>
* <code>/net</code>

It is easy to choose folder names which are better than the default naming convention. As soon as a user prepends or appends a random number or string to a folder (such as <code>my-</code>), this makes it unlikely that AppArmor profiles or possibly other mandatory access control frameworks will allow access to these folders by default.

Another reason is that some commands such as <code>sudo rm -rf /var/lib/apt/lists/*</code> (sometimes useful in case of APT issues) are unsafe if a typo is made. If a space is added before the asterisk symbol ("<code>*</code>") by mistake then this would by default delete all files (except hidden files) in the user's current folder (often the home folder). (But not folders in that folder). <ref>
Because deleting folders requires <code>rm -r</code>.
</ref>

= Known Bugs =

To learn about known bugs affecting all platforms, see [[Known_Issues|here]]. Refer to the [[Reporting_Bugs#Issue_Tracker|issue tracker]] for a list of all all open issues affecting {{project_name_short}}.

= Greater Security and Next Steps =

After reading and applying relevant steps outlined in this section:

* {{non_q_project_name_short}}:
** [[VirtualBox]]: [[Download|download]] and [[Verify the images|verify]] the {{project_name_short}} images before importing them.
** [[KVM]]: Follow the [[KVM#KVM_Setup_Instructions|KVM setup instructions]] to download, verify and import the {{project_name_short}} images.
** [[Qubes|{{q_project_name_short}}]]: Follow the [[Qubes/Install|stable {{q_project_name_short}} instructions]].

In all cases, users should follow the [[Post Install Advice|Post-installation Security Advice]].

For greater security pre- and post-{{project_name_short}} installation, users should read the [[Documentation]] pages widely to learn more about potential threats and mitigations. For instance, users might like to consult the [[Design]] pages, and consider the recommendations outlined in the Basic Security Guide and Advanced Security Guide sections. Users with limited time can refer to the [[System_Hardening_Checklist|System Hardening Checklist]].

== Stay Tuned ==

It is recommended to read the [[Stay Tuned|latest {{project_name_short}} news]] to stay in touch with ongoing developments, such as notifications about important security vulnerabilities, improved {{project_name_short}} releases, other software updates and additional advice.

== Advanced Security Guide ==

After reading this chapter, it is recommended to refer to the [[Advanced_Security_Guide_Introduction|Advanced Security Guide Introduction]] section for even more security advice.

= Footnotes =
{{reflist|close=1}}

{{Footer}}

[[Category:Documentation]]