Linux is generally a more secure system by default compared to other operating systems, but that doesn’t mean it is hack-proof. You can take additional steps to further improve your privacy and security and reduce the risk of unauthorized access.
In this guide, I’ll walk you through the steps we used to strengthen the privacy and security of our Linux laptop, from enabling a firewall to select a privacy-focused browser.
Content
- Enable Screen Lock
- Full Disk Encryption
- Enable the Firewall
- Set Up a VPN
- Switching to a Private DNS Server
- Browse the Web Using Privacy-Focused Browser
- Always Keep Your System Updated
Enable Screen Lock
One of the simplest yet effective ways to protect your laptop from unauthorized access is by enabling the screen lock feature. This step is especially relevant if you work in public spaces like cafes, libraries, or co-working spaces.
I set my screen to lock automatically after a few minutes of inactivity. This ensures that my data stays secure even if I step away for a coffee break or chat with a colleague.
To enable this on Ubuntu, navigate to Settings, find the Privacy & Security option, and select Lock Screen.
Make sure your screen locks after a short period of inactivity, preferably within 5 minutes or less.
Better still, learn the keyboard shortcut to lock your screen (default is Ctrl + Shift + L, or Super + L) immediately.
Full Disk Encryption
If you’re installing Linux on your machine, you’ll likely have the option to encrypt your hard drive during setup. You might usually ignore this feature.
So, what is Full Disk Encryption? In simple terms, it’s like putting all your important documents into a secure vault that covers your entire hard drive. Even if someone physically steals your laptop, they won’t be able to look at any of your data without your encryption password.
Most Linux distributions offer the option to enable encryption during installation. If you didn’t enable it, then you can’t enable full disk encryption without reinstalling the operating system.
However, if you’re looking for a way to secure your data without a complete reinstall, you can use LUKS to encrypt specific partitions or your home directory after installation. This method provides some level of protection but doesn’t offer the comprehensive security that full disk encryption does.
Enable the Firewall
If your Linux laptop is connected to the Internet, it is vulnerable to network-based attacks. You can reduce this risk by enabling the firewall on your Linux system. A firewall works like a gatekeeper for your internet traffic, filtering out unwanted or malicious connections.
Linux distributions typically include built-in firewalls, such as Iptables or UFW. However, in most of these distributions, you need to enable the firewall manually.
I use an Uncomplicated Firewall (UFW), which is straightforward to set up and protects me from unauthorized access attempts. To enable it on Ubuntu, run:
sudo ufw enable
You can also configure specific rules if you want to allow or block certain traffic, but for most users, the default settings will work just fine.
If you’re not comfortable with command-line tools, you can install GUFW, a graphical interface for UFW, which makes it even easier to manage firewall settings.
Set Up a VPN
Virtual Private Network encrypts all internet activity between your Linux system and the internet, making it much harder for anyone to catch up on your online activities. If you’re serious about privacy, using a VPN is essential.
Personally, I always make sure my VPN is active when I’m connected to public Wi-Fi, like at cafes or airports. Instead of my data being sent over the open internet, the VPN encrypts it and masks my IP address, adding an extra layer of anonymity.
Setting up a VPN on Linux is fairly straightforward. Most VPN providers now offer Linux clients. I use OpenVPN because it’s open-source and prefer more control over my privacy.
You can also try other VPNs like NordVPN or ExpressVPN, which work well and have simple installation processes. No matter which VPN you use, be sure to go with a trusted provider with a strong privacy policy.
Switching to a Private DNS Server
Another easy way to enhance your privacy is by switching to a private DNS server. A DNS server is essentially the internet’s phonebook that translates website names into IP addresses, so your browser can load them.
By default, your ISP likely controls your DNS, meaning they can see every website you visit. To regain control, switch to a more private and secure DNS provider, such as Cloudflare or Google Public DNS. These services not only often provide faster browsing speeds but also offer added layers of security and privacy.
For instance, Cloudflare promises not to log your DNS queries, helping to maintain your anonymity online.
Setting this up on Linux is relatively simple. You can manually insert your preferred private DNS server by adjusting the network settings in the system’s network section. For example, on Ubuntu:
Alternatively, you can edit the /etc/resolv.conf file in the terminal to specify your preferred DNS servers. Additionally, test different DNS providers to find which one offers the best speed.
Browse the Web Using Privacy-Focused Browser
Most mainstream browsers are notorious for tracking your online activities. If privacy is a priority, it’s time to switch to a browser built with security in mind. My personal favorite is Firefox, but others include Floorp, Brave, and Tor Browser take privacy even further.
Firefox, for instance, offers enhanced tracking protection and can be set up to block third-party cookies and intrusive ads. You can also install privacy-focused add-ons like uBlock Origin (for ad blocking) or HTTPS Everywhere (to ensure secure connections to websites).
On the other hand, Tor Browser goes even further by routing your internet data through a variety of servers, making it nearly difficult to spy on your online activities.
Switching browsers might seem like a hassle, but once you do, you’ll quickly notice how much more control you have over your data.
Always Keep Your System Updated
Keeping your system updated is one of the most critical steps in maintaining system security. Software updates often include patches for security flaws that could be misused by attackers. Skipping these updates is like ignoring warning signs of potential danger.
Linux distributions, like any other operating system, release regular updates to patch known security flaws. Whether it’s a kernel update or a software package fix, staying up to date is essential for keeping your laptop secure.
I make it a habit to check for updates regularly – at least once a week – and apply them immediately when available. This proactive method guarantees that I’m always secure from the latest security risks.
Depending on your distribution, you can set up automatic updates or manually check for updates via the terminal with a simple command like:
sudo apt update && sudo apt upgrade
Furthermore, always back up your files before running any major update.
Wrapping up
With just a few simple steps, you can significantly enhance the privacy and security of your Linux laptop. Check out how some distributions are built with privacy and security in mind.
Image credit: Unsplash. All alterations and screenshots by Haroon Javed.
Haroon Javed –
Contributor
Haroon is a lifelong tech enthusiast with over five years of experience writing thousands of articles about Linux, programming languages, and more. He loves exploring new technologies and experimenting with them to find innovative ways to use them. Haroon’s work has been featured on various online platforms, including HTG, Baeldung, and LinuxHint.
Subscribe to our newsletter!
Our latest tutorials delivered straight to your inbox
Sign up for all newsletters.
By signing up, you agree to our Privacy Policy and European users agree to the data transfer policy. We will not share your data and you can unsubscribe at any time. Subscribe