Improving Your Account Security
Good account security begins with excellent passwordsmake that passphrases. For detailed suggestions, check out my article "Passwords: So Important, Yet So Misused," where I go over the mathematics of passphrase strength versus password-attack tools. (I promise, no "new math" and no story problems to answer!) Both Fedora and Ubuntu provide a passphrase-strength meter that evaluates your passphrase for length and complexity. Use these meters as guides to creating passphrases that are difficult to guess.
Let's add account security features that are unique to each Linux distribution.
Fedora's Unique Security Features
Fedora lets you choose some special settings. First, Fedora's installation creates a root account, and your daily-use account has no operating system privilege. If your system is attacked, such as from a bad download you triggered, the attack won't have enough privilege to cause the worst system damage. In fact, Fedora prompts you automatically for the root passphrase for operations that require full privilege. That prompt can be a sign of a stealthy attack in progress. In theory, this design is more secure than Ubuntu's approach. (I'll cover that account design later.)
Many login hardware devices are available, including fingerprint and/or smartcard readers. Fedora includes support for these devices, enabled at installationsometimes. Disable these options if you have no such readers. Also, passphrases are hashed, using the Secure Hashing Algorithm (SHA). Fedora allows you to set the hashing strength. In most cases, SHA-512 is better than SHA-1. To set the hashing strength, choose Applications > Other > Authentication. On the Advanced Options tab, you can tune your system account security (see Figure 4).
Figure 4 Choosing authentication options.
Ubuntu's Unique Security Features
Ubuntu's account security will be as effective as you make it. If you want to have no login whatsoever, an automatic login can take you back to Windows 3.11 or Mac System 6 securitybut I wouldn't suggest it. The account you build at start up will be the Administrator-privileged account. You must build a second accountone without privilegeto use for daily work. As you perform a task that needs admin privilege, you must enter the first account's passphrase in the dialog box. This process seems awkward, but it's the same process Mac OS X follows. You can do all these tasks by opening Systems Settings > User Accounts (see Figure 5). This article will be the means to learn this security tip, so keep reading!
Figure 5 Automatic login and account type are Administrator, by default.
Now that you have the right accounts with great passphrases, it's time to implement screen locks. I know, these are pesky when you get a long phone call, but without screen locks, anyone with access to your computer can "borrow" your logged-in account access. How's that smart, especially after all the work you did to create two accounts??
As you can imagine, setting screen locks starts with adjusting System Settings for Ubuntu. The Screen applet then lets you set the lockup timing, as shown in Figure 6.
Fedora has nearly the same tool. Access it at Applications > System Tools > System Settings.
Figure 6 Managing screen locking.
Locking the real Desktop is a good step. As a final precaution against unintended use of your accounts, you must prevent use of your Remote Desktop feature. Remote Desktop is useful to allow a friend to debug your problems; however, left running and unconfigured, it can be a backdoor into your system, allowing hackers to use your system as if they shared the keyboard with you!
Figure 7 Fedora's Remote Desktop security features.
Figure 8 Ubuntu Desktop Sharing security features.