I started this post as a comment to Sparks’ post about end-user security here. The response became very long, very quickly, so I posted it here instead.
The question of browser add-ons is also affected by that user’s initiative. Everybody suggests NoScript as the perfect solution to security problems, but it really isn’t. I use NoScript, but try convincing an average computer user to put up with the tinkering that NoScript requires, and it falls flat.
The following add-ons increase security/privacy without user interference:
I’ve found it’s easy enough to convince people to use and experiment with the following add-ons, once I’ve explained what they do and how it increases their online safety:
I would not consider getting rid of any of these, and there are others too. As Sparks suggests, HTTPS-Everywhere is an easy-to-use addon. Other things suggested in comments on Sparks’ article are also a good.
But that’s only one part of security available in Fedora. Sparks says we should “Use SE Linux[sic].” This is an under-statement. Especially for somebody who only uses their web browser, the default SELinux settings can be significantly strengthened without affecting the user experience. That said, I’m not an expert in SELinux by any stretch… just paranoid.
The two things I always do are change certain boolean settings and change the default user context. User beware: some of these settings can’t *just* be flipped. the ‘execmem’ boolean in particular requires a few customized exceptions.
Booleans (some set this way by default):
allow_execheap –> off
allow_execmem –> off
allow_execmod –> off
allow_execstack –> off
allow_guest_exec_content –> off
allow_java_execstack –> off
allow_mplayer_execstack –> off
allow_staff_exec_content –> off
allow_sysadm_exec_content –> off
allow_user_exec_content –> off
allow_xguest_exec_content –> off
allow_xserver_execmem –> off
For instructions on changing the default SELinux user context, refer to the Fedora 13 “Security-Enhanced Linux” user guide here. Unfortunately, this document hasn’t been published since Fedora 13, but this section still applies to Fedora 16.
And there are other things, not related to SELinux.
Disable access to the root user account in favour of using “sudo.” Set all partitions to mount with the “noexec” flag if possible. Turn off the SSH, sendmail, and potentially other services. Use LUKS disk encryption. Cryptographically (GnuPG) sign and encrypt as many emails as possible. Use secure passwords for websites (with PasswordMaker to generate them). Use the /etc/sysctl.conf file from Fedora CSI (see link below). Use the /etc/sysconfig/iptables file from Fedora CSI (see link below) BUT without the “enabled” port 22. Use ‘tune2fs’ to configure interval partition-checking and safer errors behaviour (errors in the root partition are a “panic” situation, in my mind… or at least “remount-ro”). Have a good back-up plan (I use SpiderOak because it seems more secure; see spideroak.com).
Fedora CSI (Community Services Architecture) /etc/sysctl.conf configuration here.
Fedora CSI IPtables configuration here.
All of these are things that I do for my own computers, with slight modifications depending on exactly what I do on the particular machine, and what I use it for. Things like disk encryption and BIOS passwords are more important for portable computers (but certainly recommended for all).
I’m not suggesting these exact settings for everybody. But if they don’t, why not? What do you do instead? Why? Let’s learn!