A dedicated OS for secure online banking?

A few months ago, with the help of this forum, I set up a EUFI/GPT, W7x64 and SUSE 13.2 x64 dual boot on a new build desktop. Most things are working fine – migrating to Linux is taking me a bit longer than I thought but I’m slowly getting there and always have W7 as a safety net.

However, the main subject of this submission is to ask advice/opinion regarding a specific security issue. I would like to use my new PC for online banking/finance and business/purchasing transactions. This has a few basic requirements: a secure/capable browser, some off-line business/finance processing programs and some space for document storage. But most importantly, it is vital that I have a safe and secure environment in which to perform these activities.

My question is how best to achieve this? I realise I have already made a good start by choosing Linux and Open SUSE as my main OS but is this enough? Some sources recommend a separate dedicated machine for online banking although this seems overkill/expensive to me. Other candidate solutions include: use of an external OS such as a bootable DVD or flash drive (slow/less longevity); the set up and use of some sort of virtual environment (I have little experience/knowledge of this); or just use a separate, dedicated browser (OK - but is this enough?).

This leaves what I’m beginning to think is, in my case, the best ‘balanced’ option: create a new, separate Linux OS installation dedicated solely for this purpose (thus creating a triple boot system). This seems a good balance of increased security/isolation with manageable cost/risk/effort, given that I guess my main objective is to stop any malware or other attacks entering and hijacking/compromising the security of the environment. If I choose this option, then from a maintenance/learning perspective, it seems obvious that the new OS should again be openSUSE – if two versions will co-exist happily on one PC? I notice that many on this forum have twin SUSE OS installations on their machines – one for general use and another as a development/test environment.

What do others think/use? If I choose this separate dedicated OS option, perhaps I should wait for a different version. i.e. 13.3? I guess then repeating most of my previous 13.2 installation would be the way to go - using Yast to create/install 3 new partitions (I have plenty of HDD space and, with EUFI, plenty of partitions). But how would grub2 handle things – how could I keep my existing SUSE 13.2 as the main/default-boot OS and the new 13.3 OS as a selectable option? I guess I should wait for general responses before making a decision and getting into the detail.

Look forward to hearing any opinions. Many thanks in advance.

SimonG

On 2015-06-28 20:06, SimonG wrote:

> My question is how best to achieve this? I realise I have already
> made a good start by choosing Linux and Open SUSE as my main OS but is
> this enough?

Why not?

> Some sources recommend a separate dedicated machine for
> online banking although this seems overkill/expensive to me.

I don’t see the need, unless your personal computer is used by others
which you don’t fully trust.

But you can store your documents, or your home, into an encrypted device.

> Other
> candidate solutions include: use of an external OS such as a bootable
> DVD or flash drive (slow/less longevity);

No; a DVD can not be updated, so you would not get security patches.

> This leaves what I’m beginning to think is, in my case, the best
> ‘balanced’ option: create a new, separate Linux OS installation
> dedicated solely for this purpose (thus creating a triple boot system).

I don’t see the need or advantage :-?

–
Cheers / Saludos,

Carlos E. R.

(from 13.1 x86_64 “Bottle” (Minas Tirith))

In addition to that, I use a separate dedicated browser. Actually, I used “firefox”, but with a different profile for banking.

I also use an encrypted “/home” partition and encrypted swap.

The problem with an addition linux installation, is that you will tend to neglect it (not apply security patches, for example) because you only use it infrequently.

I have been using my standard openSUSE installation for online banking for many years now. I agree totally with the previous two replies. Although I don’t go as far as @nrickert with encryption of /home and swap, I do regularly remove the bank’s many cookies but its probably just my paranoia.

In practice, your OS and browser aren’t the problem. The problems lie in the security measures the bank takes and in the care you take of the data on your PC. If your bank still uses the traditional username and password, expect problems. Your bank should at least be using two step verification of your identity.

On 2015-06-28 21:56, nrickert wrote:

> In addition to that, I use a separate dedicated browser. Actually, I
> used “firefox”, but with a different profile for banking.

Why? :-?

–
Cheers / Saludos,

Carlos E. R.

(from 13.1 x86_64 “Bottle” (Minas Tirith))

On 2015-06-28 22:46, john hudson wrote:
>
> In practice, your OS and browser aren’t the problem. The problems lie in
> the security measures the bank takes and in the care you take of the
> data on your PC. If your bank still uses the traditional username and
> password, expect problems. Your bank should at least be using two step
> verification of your identity.

The banks I have used typically use a login/password to enter and see
things, but they require much stronger measures for doing any operation
with money. Like sending a code to your phone, or reading a code from a
card, or typing another, different password…

–
Cheers / Saludos,

Carlos E. R.

(from 13.1 x86_64 “Bottle” (Minas Tirith))

I started doing that, so that I could more easily access two different Yahoo email accounts (different cookies for each profile). And I found having multiple profiles easy and useful. So I now have several different profiles for different purposes. I use the “no-remote” option on all but one profile, to allow them to be concurrently open.

My bank wants me to close the browser after banking activity. Since it is a separate profile, I can do that without interfering with my primary browsing.

On 2015-06-29 03:26, nrickert wrote:
>
> robin_listas;2717288 Wrote:
>>
>>> In addition to that, I use a separate dedicated browser. Actually, I
>>> used “firefox”, but with a different profile for banking.
>>
>> Why? :-?
>
> I started doing that, so that I could more easily access two different
> Yahoo email accounts (different cookies for each profile).

Well, I do when I login to Google, so that they can’t relate my logged
in activity to my “anonymous” activity. But my bank doesn’t track me.
Google does, very invasively.

> And I found
> having multiple profiles easy and useful. So I now have several
> different profiles for different purposes. I use the “no-remote” option
> on all but one profile, to allow them to be concurrently open.

More resources… And firefox is huge on memory.

> My bank wants me to close the browser after banking activity. Since it
> is a separate profile, I can do that without interfering with my primary
> browsing.

Not mine… I have not seen that recommendation in any of the sites I
tried. It may be to erase temporary data for people around that come and
use the same computer and account than you, something that is typical in
homes with Windows machines.

–
Cheers / Saludos,

Carlos E. R.

(from 13.1 x86_64 “Bottle” (Minas Tirith))

Thank you all for your helpful/interesting replies. So, no support for a separate/dedicated OS? Let me try to get to the root of my surprise:

Maybe its after using MS Windows for so many years, that I still have an insecurity mentality here, in particular to: key-logging type malware in browsers, data mining bots dropped as trojans and hacking attacks etc… In my view, these threats are increasing in volume, scope and sophistication as more transactions of higher value are performed on-line by more people. This mentality drives me to try and put ‘distance’ or obstacles or tortuous/hidden paths etc. between my confidential data and the sources of these malicious attacks.

It seems none of you share my level of concern. Is this because you believe OpenSUSE an environment far less vulnerable or even virtually immune to these attacks? Or that you are more careful/selective about visiting potentially malicious areas of the internet? Or that you use other tools/practises which reduce these concerns?

To respond to the specifics raised:

1. I forgot to make clear in my original post: I do not physically share my machine - so that removes one source of vulnerability.

2. I think a separate/dedicated browser is the least I would be comfortable with. This would encourage complete separation of the activities and allow dedicated configuration and set-up. Sticking to a regime where I loaded the dedicated browser, performed my financial tasks, then exited and cleared up before loading up a different browser and moving on to general use would be no problem for me at all. I have used the FF clone Pale Moon before. Do others have other suggestions? Is Konqueror a viable option?

3. As some respondents pointed out, I would only proceed if my bank and online investment house (which together would account for maybe 90% of my financial transactions) used industrial strength ID/data security measures including two stage verification procedures etc…

4. I like the idea of encryption as an additional security layer – although encrypting the whole of /home and /swap seems quite involved and I’m not sure I can do it retrospectively (I am currently reading further about this area in the Guides). Maybe I could just create and encrypt a file container (via YaST?) or is the main purpose of encryption in this case to restrict access to dynamic/temporary files rather than static data files?

Regards,
SimonG

You could download the live rescue CD, and “burn” that iso to a USB. Then boot that USB for a dedicated system.

It creates “hybrid” partition for persistent storage, so you can save bookmarks, etc. It runs XFCE.

And if you are suspicious that it has become infected, you can remove the hybrid partition and maybe write a few sectors of zeros to clobber control info. Then the hybrid partition will be recreated/reformatted on the next use.

Unlikely. Some banks will throw a fit unless the browser is recognized as firefox, chrome or IE.

I suggest either a second profile for firefox, or run firefox from a special user account. Or use “chromium” which will look like “chrome” to your bank.

4. I like the idea of encryption as an additional security layer – although encrypting the whole of /home and /swap seems quite involved and I’m not sure I can do it retrospectively (I am currently reading further about this area in the Guides).

You can install ecryptfs-utils from the repos. Then it is easy to setup an ecryptfs private directory. Anything under that directory is encrypted.

You can then move some files to under “$HOME/Private” which encrypts them, and use symlinks so that you can access them at the normal location.

I did some reading through this thread and I am afraid that the talking about what one could do will go on and on. All good and nice advice. My suggestion to the OP (and other contributers) would be to try to define against what threats you want to defend yourself. And against what threats all the different advices above will help. This will probably include threats where the mere use of (an up-to-date) openSUSE is already enough. For each of the other ones then a weighted (security aganst usability) assessment can be done. The result should be a well documented: I will do this because of that threa annd I will not do that because that is not usefull enough against a minor threat.

Only the OP knows about his situation. Desktop in the house where no strangers are normaly around or laptop that you often forget to take with you. Connected to your own managed LAN with full management access to the router or WifI wherever there is a sign: Wifi included in our services. Etc.

IMHO that is the only way you will be satisfied in the end, knowing what you do and why.

On 2015-07-02 16:56, SimonG wrote:

> Maybe its after using MS Windows for so many years, that I still have an
> insecurity mentality here, in particular to: key-logging type malware
> in browsers, data mining bots dropped as trojans and hacking attacks
> etc…

I know of them only because other people talk of them. I have never seen
them in any of my machines. I have seen them only in Windows. I know of
some “kids” installing those things on their girlfriends machines when
they were suposedly helping them, to keep track of what they did.
faithful and all that. Sigh…

Here, some banks force you to use buttons in the web page in order to
enter auth data instead of the real keyboard. And the placement of those
buttons is random, to thwart keyloggers.

I have a friend, who is also a proficient Linux user, who uses Windows
for stuff such as banking, and doesn’t run an antivirus. He says he is
safe. And you see, I trust him. I know for certain that /he/ can run
safe without an antivirus in Windows… that’s safe practice.

> It seems none of you share my level of concern. Is this because you
> believe OpenSUSE an environment far less vulnerable or even virtually
> immune to these attacks?

Yes.

> Or that you are more careful/selective about
> visiting potentially malicious areas of the internet?

Yes.

> Or that you use
> other tools/practises which reduce these concerns?

Not really…

> 2. I think a separate/dedicated browser is the least I would be
> comfortable with.

use a different user, to be more comfortable.

> Is Konqueror a viable option?

Nope.

>
> 3. As some respondents pointed out, I would only proceed if my bank
> and online investment house (which together would account for maybe 90%
> of my financial transactions) used industrial strength ID/data security
> measures including two stage verification procedures etc…

You have no control of what /they/ use.

> 4. I like the idea of encryption as an additional security layer –

Remember that it only protects you after the partition is umounted. Not
while you are using it.

> Maybe I could just create
> and encrypt a file container (via YaST?)

That’s what I do.

–
Cheers / Saludos,

Carlos E. R.

(from 13.1 x86_64 “Bottle” (Minas Tirith))

Thanks for the contributions…if I can add a postscript to this thread and move its focus on:

Despite my enquiries, here and elsewhere, I was just unable to get a high enough level of confidence regarding the security issues discussed above – although I realise that security is probably just as much a state of mind as it is a reality. When I thought about its importance to me - or rather the potential implications/cost of a security breach – verses the low cost of basic computer components these days, in the end, I decided to build a new desktop, wholly dedicated to secure online transactions. Even though it is a low spec/cost, basic machine, I’m sure many would consider it overkill, but at least I can sleep at night.

I have two consequent issues – one specific, one more general – that I would ask advice on:

1. Encryption: as suggested above, during my new OS installation (13.2x64, EUFI/GPT, ext4, KDE, from DVD), I decided to create a small encrypted partition - but it doesn’t seem to have worked out as I wanted. I was hoping for an unmounted/hidden encrypted storage partition that I could easily mount and make visible when I wanted – via Dolphin – and then access, after a password. So in the YasT set up, I specified 50GB of space, ext4, a mount point, checked ‘encrypt partition’ button and, then, in fstab – set ‘do not mount partition on start-up’. After a trouble-free installation, YasT showed that all the partitions (7 in total – including three data storage) had been created: my encrypted partition – sda5 – was flagged as encrypted (though no FS or mount-point - both of which I had specified in set up - were shown so I had to respecify these again later).

Back in Dolphin, I was able to easily add entries for the three data storage partitions to the left hand Places tree, including the encrypted one, as their IDs/mount-points had been faithfully recorded and offered as prompts. However, after this point, I got stuck, unable to find a way of mounting my encrypted partition - even as root – in order to access/configure it. (I also didn’t realise that the other data partitions would be only accessible via root – so I will need to find a way of accessing these from/as the basic user). I think a big part of the problem is to do with my lack of understanding re file permissions, file ownership/UIDs and file access rules in SUSE/KDE and I am now reading through various online tutorials/articles to try and improve this – however, I would still like to know if/how a partition can be mounted in a live system using a file manager i.e. Dolphin. (Currently, I only know how to mount it at start-up – after re-setting Yast>fstab, which then works fine on re-boot (with the password)).

2 : Security measures: I am also reading up on Linux/SUSE security and hardening – although this seems a lengthy and complex subject… In the meantime, what initial simple/effective security measures can I easily implement now so that I can feel secure and get my new machine on-line? I can then implement any advanced measures later, as I get more familiar with the subject. I suppose I am thinking in particular in the areas of firewall, network and browser (FF) settings, file access settings, hi-jack prevention etc… by explicitly restricting, limiting, locking-out etc. (I am the only physical user of my new non-portable PC; it will not be connected to a LAN – only to the internet by wire; I use login/password and a different password for root and a different password for the encrypted partition. It will use Firefox to access maybe half-a-dozen websites, plus some offline document processing/office work. No email/chat etc.).

Thanks for any input in advance,
SimonG

POSSIBLE PROBLEM
UK banks use the second verification check via a card reader and response number entry ONLY on the first time you set up a money transfer or payment to a NEW payee. Thereafter the verification step is omitted when you pay or transfer to same Payee as it is logged as a “routine Payee” in bank database. Thus if a bad guy gets you to send money once, unless you contact bank to remove ‘routine payee’ status, further attempts to get cash may be paid without question.

sleep sound at night, do following:
“I decided to build a new desktop, wholly dedicated to secure online transactions. Even though it is a low spec/cost, basic machine, I’m sure many would consider it overkill, but at least I can sleep at night.”

Having a separate computer only connected by ethernet is a FIRST STAGE,
Now do banking via DVD - specifically Live Linux Knoppix - it is not possible for any outsider to modify your life DVD Knoppix and it uses a file system ReiserFS to ensure at mount it checks for errors in file system AND before mounting inset a USB storage only key (say 16 Gb formatted in say NTFS or ext4) which when Knoppix mounts it will write to it for storage or you set permissions to write to it in Knoppix Root and then change back to ordinary Knoppix.(Knoppix allows a root password to be set)
This is then a FIRST and SECOND stage security system.
Check Knoppix DVD is correctly written from the download by usual checksums.
A: The files with the .md5](http://en.wikipedia.org/wiki/MD5) and .sha1](http://en.wikipedia.org/wiki/SHA-1) extensions contain checksums for the actual CD ISO images.

That doesn’t always work.

My bank wants to leave a browser cookie. And when I next connect, it won’t allow me to login if that cookie is not there. Instead, I am give a bunch of hoops that first have to jump through.

With a live DVD, this would be a recurring problem with every bank login.

“I am give a bunch of hoops that first have to jump through.”
So your bank tries to be secure, Where is cookie stored?

You could / "might’ be able set up Knoppix to have write read permissions to specific parts of ‘normal hard disc’, effectively setting up Knoppix to read/write ONLY the cookie directory. I have never tried this, and never let any site set ‘permanent cookies’.

Can others help on this matter? Can any other forum members advise?

All cookies on my machines are wiped at end of browser session.

I (on some machines) allow Knoppix to mount the normal hard drive, as Knoppix can be used as a ‘recovery of data’ live Linux, so it can with permission both write and read the base computer.

The main idea in the Knoppix use (by DVD) is that you guarantee a clean system with no ‘adjustments’ to the system.
Knoppix can also be used via a USB key but these are usually set up with a ability to write/read to part of USB key for storage (Live Linux with persistent store say 4GB of 16 GB USB key) This might answer your needs. You can check the stored file entries afterwards, Check out persistent store search for Live Linux distributions.

I use a persistent store USB Key live Linux sometimes (Ubuntu and Knoppix) but I have never used for banking, so do not know problems as I stick with my DVD way.

You’ll need to improve your understanding of security before you can evaluate your risk for any “protection” you implement.

So, for instance do you want to improve security

• During network transmissions?
• against malware running on your machine? And if so, are you talking about common methods/vectors or deeper. less known methods?
• Against malware that is installed on your machine or only during a session?
• Against offline intrusion? or compromising a running sessions?

The above is only a very short and very incomplete list of possible ways a system or session can be compromised.

I don’t know if you even understand what each of your 2 questions are supposed to accomplish (encryption and general, nebulous security something). So, do you know for instance that encryption only protects your data when it is at rest? That means powered off. The moment your system needs to access that data, the data has to be unencrypted and will remain so at least until no longer accessed (and likely beyond until something like a power down). Is that really what you want? And, if your data partition is ordinarily unmounted I doubt that anyone is going to access that data easily until it is mounted.

From what you have already read, you may have gotten an inkling that security can be complex and is difficult. This is why there are tools that can manage many security settings with minimal and centralized effort. On openSUSE, both SELinux and AppArmor are implemented which support security by policy. You can also explore other “secure by policy” like bastille, but be aware it’s very easy to make a mistake that will lock yourself out or lock down your machine in a way you might not figure out how to recover.

If you manage or operate in a network you own, you can strengthen network security by installing Network Security like LDAP/AD. You can even implement special security monitoring and protection (IDS and IPS).

As always, the single most important thing you can do is to keep your machines well patched… without exception.

You can also use a LiveCD (eionmac suggests Knoppix but any LiveCD including an openSUSE will do) but that only protects against malware that writes to disk. Many malware today are happy to live only during the current live session (particularly malware from advertising) and your LiveCD image may be old enough to have vulnerabilities that aren’t patched.

Software apps themselves have become popular malware targets, and the most widely used apps are the biggest targets… like web browsers. If they’re not patched, you’re likely quickly compromised.

So, bottom line possibly could be that anything more than building a machine that is dedicated to a particular use might be beyond the capabilities of many. I’d for instance recommend running a dedicated standard openSUSE, maybe in a virtual machine that checks often for patches and only has enough installed to do the particular job. It won’t have special protection against a great many possible attacks, but should be overall more than sufficient against most.

TSU