Secure Operating Systems: Tails, Debian and Qubes OS
Before we dive to heavily into the tactics that are going to keep an individual at this level secure from a big name adversary, we have to consider the operating systems that we are doing our work on, communicating through, and using to send people information. For reasons I shouldn’t have to mention, you surely wouldn’t want to be relying on Microsoft / Windows to keep you safe so I won’t be discussing it at all here. And you really wouldn’t want to rely on OSX either due to the fact that it isn’t open source software and not developed with the complete security of the user in mind. So what operating systems are going to do the best job of:
- Keeping you as a person secure in the online world
- Making sure your information and data remains private
- Upholding a good level of anonymity to help defend you from adversaries
- Proactively defend against outside attack
Related Software Categories:
- Privacy Friendly Operating Systems
- Privacy and Security Tools for Windows 10 and 11
- Privacy Friendly Mobile Operating Systems
- Open Source Router Firmware
As far as anonymity goes, the Tails Live OS, which was developed by The Tor Project is pretty much at the top of the chain. Although it is very restricted in what it can offer you, it makes sure that all connections to the Internet are routed through the Tor network so your real IP and location are never disclosed to a third party. It comes in the form of an ISO that you would write to a CD or USB. This makes it a tool you can take with you to remain anonymous anywhere you have access to a computer. Just boot the computer from your Tails USB and you are safe to browse the Internet, communicate with others, and share anything anonymously.
Taking away some of that anonymity and trading it for an operating system that gives great versatility in terms of security, Debian is my quick pick for a Linux/GNU install. Not only is it the operating system that is on all of my servers, it has done me good on my personal computers as well. Usually I would be partial to a distribution of GNU/Linux like Kali or BackBox that provides a lot of penetration testing and network analysis tools. However, the focus of this paper is defensive and not offensive so it didn’t really make sense to me that I do a write up about BackBox, even though I would likely prefer it as a first pick install for Linux. The nice thing about Debian the ability for an individual to get full encryption of the partitions you are using AND use key files, which could be stored on an external device like a USB. Debian is also an open source and very customizable operating system. Unlike some of the other operating systems I have used, Debian is constantly being updated to keep the servers it is running on, and the individuals who are using it, secure and safe. And you can still do the majority of the things with Debian that these other operating systems provide. IP Tables or a similar firewall can be configured to only accept connections through the Tor network, VeraCrypt and TrueCrypt can be installed to create encrypted containers for even more security and privacy, and you can even separate sections of the US with permissions based controls.
A fairly new addition (Initial Release in 2012) to the operating system community is Qubes OS. It was developed to be free, open source software that is secure from the core out. Unlike something like OSX or Windows, Qubes takes security to a whole new level and wasn’t really developed for anything other than doing just that. It uses a unique approach called security by compartmentalization, which allows a user to isolate certain parts of their digital life into virtual machines very easily. This would give you the ability to do certain “activities” or “tasks” within an isolate section of Qubes so that even if that section were to be compromised, it wouldn’t compromise the integrity of the entire operating system. You can read more about Qubes OS here: https://www.qubes-os.org/tour/#what-is-qubes-os and here: http://www.linux-magazine.com/Online/Features/Qubes-OS