Cybersecurity can be confusing. Here are six easy things you can do, and habits you can adopt, to improve your Linux security. They work equally well on fresh installs and long-running computers.

Computers have transformed our lives. They allow us to do things we couldn’t possibly do otherwise. Because they’re indispensable, and the data they hold is precious to us, they are an obvious target for criminals.

Linux is considered to be (relatively) secure right out of the box, but there are simple actions you can take to improve your defenses, and “harden” your computer. Because Linux is so prevalent in everything from web servers to mobile devices, it’s an attractive target for cybercriminals.

The six things on our list of ways to improve your security posture are straightforward and should be within the grasp of everyone.

Some of these are settings you can apply, but some of them are habits you need to adopt, or actions that need to be repeated periodically. As you’ve likely heard, cybersecurity isn’t a destination, it’s an ongoing journey.

1 Keep Your System Updated

All non-trivial software has bugs. Some bugs can lead to vulnerabilities. Vulnerabilities are weak spots in your armor. These vulnerabilities are exploited by cybercriminals. A common attack type uses malicious software, known as malware.

Malware comes in many different forms, and it’s distributed in many different ways. Phishing attacks often try to infect your computer by coercing you into clicking a link or visiting a tainted website. Malicious behavior can be built into applications or browser extensions that seem benign but actually they have hidden criminal intentions.

Sometimes, innocent packages are compromised and malicious code is injected into the application’s code base. The tainted software package unwittingly delivers its payload to every computer it gets installed on.

The most effective way to deal with vulnerabilities is to ensure you keep your computer patched and updated to the current level. As well as fixing bugs that affect the operation of the software, patches address vulnerabilities. We have guides on updating Ubuntu and updating Arch Linux if you need some help.

Don’t forget to apply patches to your applications too, not just the operating system. Pay special attention to internet browser patches. If you can, also apply updates and patches to devices such as your broadband router, Internet of Things devices, and your tablets and smartphones.

Some of these devices will get automatic updates. For example, Amazon Echo and Google Nest smart speakers receive automatic updates for four and five years from purchase, respectively.

2 Secure User Accounts

The login screen on a laptop running Ubuntu Linux.
Hannah Stryker / How-To Geek

 

Use strong passwords. A combination of three unrelated words separated by punctuation characters produce passwords that are very resilient to brute-force attacks. And make your passwords unique. Don’t re-use passwords on more than one system, and never share passwords between people. Create unique accounts for your users.

If you’ve got too many passwords to remember, use a password manager. I checked mine while writing this, and I’ve got 263 unique passwords stored in it. I couldn’t possibly remember all of those, but with a password manager I can side-step the issue of remembering any of them, and they can be as long and as robust as they need to be.

If two-factor authentication is available, or a hosted service supports using passkeys instead of passwords, use them. A good password manager will handle passkeys just as easily as passwords.

You can add two-factor authentication to your own computers too. this is especially valuable if you connect to them remotely, using SSH.

3 Control User Access

We’ve already mentioned that each user should have their own unique log in and user account. The other golden rule is to use a regular user account for normal user tasks. Only use the root account for system administration.

Most Linux systems disable the root account by default. To access root-level functionality you need to use sudo or run0. This gives you short-term superuser status then demotes you to a normal user when you’ve completed that specific task.

4 Improve Your Network Security

Turn on the firewall in your Linux distribution, and turn on the one in your broadband router too. Use WPA2 or WPA3 encryption for your wireless network, and change the Wi-Fi password from the default, if you can.

Many modern Wi-Fi routers allow you to configure a guest Wi-Fi network. This allows them to get to the internet, but isolates them from your main network.

5 Check Your Software Management

You should only ever install software from trusted sources such as your Linux distribution’s official repositories, a project’s official website, or from their official Git repositories.

Don’t click links in emails to install software. Navigate to their official location and install the software from there. This avoids attacks that take you to dummy download sites.

Pay particular attention to Flatpaks and Snaps. These are often unofficial versions of packaged, wrapped by volunteers. Do some research and ask in forums and other online communities if these can be trusted.

If you download an application and find it doesn’t suit your needs, uninstall it. Don’t just leave it on your machine. If a project is abandoned, and no longer in development, find a replacement. Using an old version of software that no longer receives security patches increases your exposure to risks.

6 Make Backups and Stay Educated

Make backups. If disaster strikes—whether cyber-related or not—you’ll be able to reinstall Linux and restore your data. Make multiple backups on different media. Have at least one off-site copy of your data. This is easy to achieve with cheap cloud storage.

Keep abreast of the latest security threats and issues. Sometimes there are mitigating actions you can take while you wait for a patch, such as disabling a particular service or daemon. Resources like the U.S. Department of Homeland Security-sponsored database of Common Vulnerabilities and Exposures are reliable and accurate, and updated frequently.

Security should be a regular part of your IT housekeeping. Thankfully, keeping up with your cyber-chores isn’t too difficult, but it does make a huge difference to your digital safety.

It’s time well spent.