I run a standard laptop at home (dual-boot Fedora 20 and Windows 7; the Windows

Question

I run a standard laptop at home (dual-boot Fedora 20 and Windows 7; the Windows side is almost never used). Soon my other computer will be working again; it will have Windows 8.1 and some flavor of Linux.

What is the best way to lock down the system and make it harder to attack? I am interested in solutions that are practical for home use.

Things that come to mind (roughly in order of intrusiveness and security):

- Run Windows in a separate VM, and various Linux applications in separate SELinux sandboxes.
- Run each Linux application, as well as Windows, in a separate VM.
- Switch to QubesOS or another security-focused Linux varient, and drop Windows altogether.

Also, I have noticed that I do a lot of software downloading (from legitimate sites like github -- but even they are not perfect) for development purposes. Should I isolate that in a VM?

Explanation / Answer

I will assume that since it is a laptop, it will exposed to external threats as you will take it with you, but you are interested in security and hardening of the system to prevent unauthorized access.

VMs are a great way to sandbox your activities without putting your entire machine at risk. You can take a snapshot of the VM's configuration at anytime you like, and if you do something dumb or something happens, who cares! You can restore it. Downside, you have to do everything in your magic VM window.

Hard-Disk encryption. If your laptop gets stolen, full HD encryption is going to be your best line of defense against having your data compromised. There are a number of solutions available that you can find online.

I'm sure that would be sufficient to prevent most data loss in the event of a breach. Just do not store any mission-critical data in your VM and you should be good to go

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects