Hi, I’ve been fiddling with PopOS the past year on an old laptop and I like it. I’m getting ready to convert my windows 10 desktop to Pop and leave windows behind entirely, before I do I want to be sure I understand a few security concepts.
I’ve read suggestions that say don’t run as root, create a separate user account and only use root when necessary. Do you give that user account sudo privileges? If so, is that any different from just being root?
Also I’ve installed the ufw firewall but left it with default settings. Is that something I need to look into more?
Thanks in advance!
Single user on a single (physical, local) host, best security practices:
Have root user.
Have a administrative account that has sudo privs
Have a daily driver with no excessive privs.
Set PermitRootLogin no in your ssh config to be extra.
Only use your administrative account to use sudo, only when you need it.
This is a bit over extra, but is slightly favorable from a security standpoint, opposed to simply using that admin account as your daily driver, like everyone reading this does.
Don’t lie. We all do it.
Root is more powerful only in that the system will not check for its permissions to do anything. Your user with sudo still gets its permission checked, you can just bypass that check. It’s not fundamentally different in an end-result sense.
The reason I suggest the three user approach above is because your daily driver will make the most noise that interests an attacker (provided you’re keeping your applications and services updated and properly config’d) on your machine. And if that user has no real privileges, womp womp, sucks to suck, hackerman. But if the user has sudo, they basically got root.
This is also why you don’t run as root.
As for your firewall? Short answer: yes.