I'm using Kubuntu 24.04. In my understanding, antivirus in Linux is not really a thing or needed, so my question is targetted specifically about firewall.
For a home laptop that will run server applications for development purposes, besides blocking all incoming connections, is there anything else that I would need to block? I assume there is no need to block/filter outgoing connections.
1 Answer
This is actually a few different related questions, I think.
- What do I need to do to secure a home network?
Using a router with network address translation is usually sufficient protection inbound Internet attacks. Home routers aren't very secure against attacks from the local network side, and provide no protection against attacks from other LAN devices, though. This means you need to keep untrusted devices off the local network. Set up WPA3 with a strong passphrase and be wary who you give it out to, or disable the WiFi entirely and use wired only. If you aren't absolutely sure you can keep untrusted devices off your LAN, it's a good idea to run a host-based firewall too. - What do I need to do to secure local development servers?
This is sort of an extension of your last question. As @Ja1024 said, making the servers only listen on loopback will help. However, that's not actually really sufficient; you really should have some form of authentication and anti-CSRF protection. Anti-CSRF is needed for any kind of HTTP server (whether or not it actually serves web pages); if it speaks HTTP/HTTPS, scripts and other web content running within your laptop's browser can attempt CSRF attacks against the server. If you must allow the server to accept connections from other devices on the LAN, then (potentially malicious) software on any less-trustworthy device (e.g. any IoT device including smart TVs or security cameras, a friend's phone or laptop, whatever) can start poking around unless you have authentication to keep them out. - What about on public WiFi networks?
So long as you're using TLS (including HTTPS and DoH), SSH (including SFTP), or similar secure protocols for all your outside-the-device network traffic, you don't have to worry too much about the security of your connections. You can run a VPN if you want to, but that isn't what they're for, and it's not trivial to guarantee your traffic uses one. However, in such an environment, you definitely want a host-based firewall, and to restrict development servers to the loopback interface. - I don't need antivirus, right?
Nobody "needs" antivirus on a personal computer, or rather, if anybody does, they should probably not be using a general-purpose OS with an internet connection. AV is a last-ditch "Hail Mary" attempt to deflect the bullet you already fired at your own foot. You can't rely on it, and should always act like you don't have it even if you do. With that said, there does exist both free and commercial anti-malware software for Linux - and, of course, malware for Linux, increasing amounts of it these days - and as part of a layered, defense-in-depth strategy, you might want to employ some. It's not likely to make any difference to the security of your development servers per se, but it might save you if you install/update an NPM module you shouldn't have.
-
1) About point #2
authentication and anti-CSRF protection.how would I set this up? 2) What AV exists in Linux? I was even checking known commercial ones and they exist for Windows/Android or for companies and business accounts. Is there one you have in mind?Jim– Jim2025-01-27 19:30:19 +00:00Commented Jan 27, 2025 at 19:30 -
Authn options depend on what the server is doing, but assuming you don't have any login or account management stuff now, I'd tend to go with a simple Bearer token (which also provides CSRF protection), or with cookies (but you need some way to set them) or Basic auth (which is much less secure). You could also establish an authentication (login) process, of course. For anti-CSRF, there are tons of options; I favor requiring a custom header where possible, but even the
samesiteflag on an auth cookie would probably work here (except against other localhost websites, if you have any).CBHacking– CBHacking2025-01-28 02:56:52 +00:00Commented Jan 28, 2025 at 2:56 -
As for AV software, here's a random result from near the top of the results page for "linux antivirus" that links to and reviews four different commercial AVs (admittedly only some for personal use): security.org/antivirus/best/linux. There's also clamav.net and comodo.com/home/internet-security/antivirus-for-linux.php and... did you even search? Those are all first-page results.CBHacking– CBHacking2025-01-28 03:03:07 +00:00Commented Jan 28, 2025 at 3:03
-
I have heard of clamav but also have read is kind of dated. For bitdefender seems an option, I hadn't noticed that it is free for personal use. For comodo, I had doubts if it is legit. Why is it free? How do they gain any profit just by offering it free? I don't see any updade for professional (e.g. like in Avast)Jim– Jim2025-01-28 19:03:22 +00:00Commented Jan 28, 2025 at 19:03
127.0.0.1, so that they are only accessible from the laptop itself.