Security and basics

I finally got my wireless working and I’m curious as to how i should approach security(antivirus programs etc, firewall etc). Also if someone could suggest a good source to read which will explain suse or linux basics, in partticular I have no idea how to manage software, i.e where or how to install or even what that entails in linux. i dont know what and what not to put in certain directories etc. Well I guess I should have just said i know nothing! Any help would be appreciated.

You really dont need antivirus in linux, and a firewall is built in as well.
The firewall included in openSUSE will be good enough for you, unless you wish to configure it you dont need special software.

Read this first: openSUSE 11.2 | SUSE Linux | Beginner’s guide multimedia MP3 DVD codecs 3D nvidia ati wireless wlan wifi rpm kde howto

Then come back with questions.

Also if someone could suggest a good source to read which will explain suse or linux basics, in partticular I have no idea how to manage software, i.e where or how to install or even what that entails in linux. i dont know what and what not to put in certain directories etc.

These guides may also be helpful to you:

Installing & Removing Software

Concepts - openSUSE

If you start by only using YaST > Software > Software Management to search for and install software packages (rpm packages), then it will take care of install location for you. It will generally add the application to the menu for you as well.

As noted by others, relatively speaking there are no real virus threats to Linux.

The advice/suggestion I typically give is for new Linux users to to focus their efforts on where the REAL threats are to Linux security. Typically that is from hacking into a PC via an insecure ssh (or vnc/remote-desktop) entry from a worm, or capturing one’s Password and ip-address via a Phishing attack/seduction.

As noted, outside of the lab, there are next to NO virus against Linux. I think I read about a cross platform virus that could infect Open Office (called Bad Bunny) but thats about it, and it is not common, and possibly extinct.

Hence anti-virus software to defend Linux have next to NOTHING to test against. Without good testing, such Linux anti-virus software (to protect Linux) is debatably not worth much. And since the software has no Linux virus to be tested against, and since there is nothing to defend against, don’t waste your time with such software. Because IMHO it is a waste of time (at least here in end-2009 it is a waste of your time). Spend one’s precious time defending against REAL threats. And there are REAL threats against Linux but they are NOT virus.

Now you will read of anti-virus software that one can install on Linux PCs, but most of the time that virus software is installed to look for virus that might attack MS-Windows PCs (as often the Linux PC is a file server for Windows PCs).

Trojans are typically designed to go after MS-Windows PCs, and there are semi-automatic ways in which Trojans can be placed on MS-Windows PCs. Because of the tremendous diversification in Linux distributions and Linux applications, it is much harder for hackers to create a Trojan to infect a Linux PC. Vulnerability to trojan horses and viruses results from users willing to run code from sources that should not be trusted. In Linux, if one is prudent in the applications they install (which is relatively easy in Linux if one installs from repositories) then catching a Trojan is unlikely. So setup your repositories for only OSS, Non-OSS, Update and Packman, and thats a good start to being safe.

The biggest threat to a Linux desktop user IMHO comes from:

  • poorly defended ssh port attacked by worms/bots …
  • Phishing attack (via a tricky web site that looks like a legit web site) that fools one into entering their password, and hence capture’s one’s password (where one has the same password for everything). For example, an email notification from your Bank to urgently log in to a URL provided. You go to the URL, it looks like your bank page, and log in. But it is NOT your bank page (it only looks that way) and you have just given away your Bank password and likely your IP adderss. Plus if that is also your PC password, then your PC can then be attacked by an automated worm that knows your password and your ip address and can possibly guess your username.

So rather than waste time on questionably effective anti-virus software for Linux (which can not be tested), and where such questionable software will defend against next to NO real world Linux threats, instead spend time learning how to protect port#22 against ssh attacks, and put in place some quality usernames and passwords (not all the same) so as to thwart phising attacks.

For your wireless, depending on the capabilities of your router this is a few things i do.

Use WPA2-AES

Your wireless key should be the maximum length possible, preferably a 64 character HEX key.

Examples and key generator , GRC | Ultra High Security Password Generator  

Prevent wireless users from accessing the router’s configuration page.

Enable wireless mac address filtering - permit only those on the list.

Limit the number of wireless clients that can connect to your router to only what you need.

Use static IP addresses, and assign a specific address to your wireless mac address.

Reduce your router’s transmission power to provide sufficient coverage to you only.

Set the wireless access to a schedule, so its only broadcasting when you are likely to use it. Eg, from 11pm to 7am disable.

Thx for all the responses i appreciate the info, these forums are excellent.

This may be heresy for some but I always disable the firewall on all my computers and rely on the router’s firewall exclusively.

It’s not heresy. There are two types of firewalls. Hardware and software. A router is considered a hardware firewall. Some would say it’s not wise to have more than one firewall going. I have known some to run five firewalls. It is generally not advisable to run more than one firewall due to conflicts. But if you are going to run more than one, router and software firewall is the way to do it.

Same here. The router is a real firewall. That means it acts as such between the Internet and the local network. The IPtables on the individual systems are something different, But I am afraid that MS coined the same name for it (calling it Personal Firewall).

BTW you can with IPtabels (and thus with SuseFirewall2) build a real firewall. That is where all the zones are for.