Privacy and security are of growing concern to Internet users, including increased government surveillance and corporate data collection, as well as a long history of highly publicized media hacking in which this data was stolen and misused. .
Although Windows and macOS machines have some protections and other options, such as using a VPN or Tor browser, a number of Linux distributions are now available and put privacy and security at the center of their concerns. .
For some of these Linux distributions, it tries to strengthen privacy protection by default using various tools. For others, it is including security software as standard for those who need to perform penetration testing.
Each of these distributions focuses on privacy and / or security based on the interests and needs of the users. We are going to list the top 10 things to consider here.
(Image credit: Qubes OS)
1.Qubes OS
An extremely secure operating system but reserved for advanced users
Risky applications are limited to separate virtual machines
It also uses sandbox to protect system components
Can be difficult to set up and manage
Although it is definitely not for novice users, Qubes is one of the best distros for privacy protection. The graphical installer should be used to install the operating system on your hard drive, which will be encrypted.
Qubes OS uses Xen Hypervisor to run a series of virtual machines, compartmentalizing their life into "personal", "work", "Internet", and so on. for security reasons This means that if you accidentally download malware to your computer, for example, your personal files will not be compromised.
The main desktop uses color-coded windows to display different virtual machines, allowing you to easily distinguish between them.
(Image credit: tails)
2. queues
Stay anonymous online using the Tor network
All connections routed through the Tor network
Can be run in 'Live' mode
Limited set of default apps
Tails (which stands for "The Amnesiac Incognito Live System") is probably the best-known distribution focused on privacy protection. It can be run from a DVD in Live mode, allowing it to be fully loaded into your system RAM and leaving no trace of your activity. The operating system can also be used in "persistent" mode, where its configuration can be stored on an encrypted USB key.
All connections are routed through the Tor anonymity network, which hides your location. Tails applications have also been carefully selected to enhance your privacy. For example, there is the KeePassX password manager and Paperkey, a command line tool used to export OpenPGP secret keys for printing. There are also a small number of productivity applications, such as Mozilla Thunderbird and the powerful LibreOffice suite.
You can install more applications from the Debian repositories via command line, but it will take some time to download them when they are on the Tor network.
Please note that vulnerabilities are constantly being discovered with Tails. So be sure to check for updates (as you should with any operating system, of course).
(Image credit: BlackArch Linux)
3.BlackArchLinux
Has a wide range of pen and hack test tools
Lots of built-in hacking utilities
Constantly updated
64-bit Live ISO: 11+ GB
This pencil test distribution is based on Arch Linux, which can be good news or bad news depending on your familiarity with your main operating system. Although relatively new, this operating system contains over 2,000 different hacking tools, saving you from having to download every time you need to.
The BlackArch distribution is constantly updated and new ISO images are released quarterly. These are very large (currently 11GB) due to the number of pre-installed programs, but note that there is also a much smaller version of Netinstall that is only about 620MB.
BlackArch can be run live from a USB key or CD, or installed on a computer or virtual machine. It can even be installed on a Raspberry Pi to give you a pencil test laptop that you can take anywhere.
The "anti-forensic" category is particularly interesting because it contains tools for scanning the password memory of encrypted devices. This helps protect your computer from "cold boot" attacks.
(Image credit: Kali)
4. Kali
Standard Pen Test Layout
The world's most popular pen test distribution.
Hundreds of built-in pen test tools
Very good a distribution niche
Named after the Hindu goddess, Kali is one of the oldest and best known Linux distributions. Kali's download page features weekly updated ISO files that can be run in live mode or installed on a drive. Kali will also be happy to work on ARM devices like the Raspberry Pi.
Kali's reputation is so great that its creators offer training through the Kali Linux Dojo. Lessons include customizing your own Kali Linux ISO and learning the basics of pencil testing. For those who cannot attend, all course resources are available for free on the Kali website.
Anyone interested in a career in information security can also take Kali's courses in paid penetration testing, delivered online and at their own pace. There is a 24-hour certification exam that, if successful, will make you a qualified penetration tester.
(Image credit: IprediaOS)
5. Ipredia OS
Stay under the radar through the anonymous I2P network
Little risk of revealing your real IP address online
I2P connections generally faster than Tor
There is no way to easily access regular websites
IprediaOS is a Linux Fedora based operating system that is privacy oriented and can run in live mode or be installed on your hard drive. Just like Tails OS routes all your connections on the Tor network to anonymize your connection, Ipredia routes all your network traffic through the anonymous I2P network.
This is called "garlic routing," a process by which I2P establishes encrypted one-way tunnels to protect your data. This is theoretically much more secure than Tor's "routing," which transmits data over established "circuits," meaning it can be monitored.
Features include anonymous email, BitTorrent client, and the ability to browse eep sites (special domains with .i2p extension). Unlike Tor, I2P does not act as a gateway to the classic Internet. Therefore, Ipredia cannot securely access classic websites.
The advantage of only accessing eep sites is that your connection is not really found. Because I2P is specifically designed for "hidden" services, connection and download speeds are typically much faster than routing through Tor, as is TAILS.
(Image credit: Whonix)
6. Whonix
Harness the power of virtual machines to stay safe online
Connections routed through the anonymous Tor network
Many pre-installed privacy specific apps
The performance of virtual machines is not as fast as that of a local installation.
Starting a Live operating system is inconvenient because you need to restart your computer. Installing it on a hard drive also presents a compromise risk. Whonix offers an elegant compromise by being designed to function as a virtual machine in the free Virtualbox program.
Whonix is divided into two parts. The first "Gateway" routes all connections to the Tor network for the second "Workstation" part. This greatly reduces the risk of DNS leaks, which can be used to monitor the websites you visit.
The operating system has a number of privacy-friendly features. These include built-in applications like Tor Browser and Tox Instant Messaging.
Since it works in a virtual machine, Whonix is compatible with all operating systems that can run Virtualbox. Virtual machines can only use part of your real system resources. Whonix will not necessarily run as fast as an operating system installed on a local hard drive.
(Image credit: Linux Discrete)
7. Discreet Linux
Keep your data secret by storing it offline with this distribution.
Data can be safely stored offline
You can store settings in an encrypted area
The software is still in beta and therefore may not be safe to use
This intentionally misspelled distribution is the successor to the impressive Ubuntu Privacy Remix. OS Discreete does not support network hardware or internal hard drives, so all data is stored offline in RAM or on a USB flash drive. It can be run in live mode, but when booting from a volume, it also allows you to store some of your settings in an encrypted 'Cryptobox'.
Another cool feature is that kernel modules can only be installed if they have been digitally signed by the Linux Discrete Team. This prevents hackers from trying to introduce malware. Please note that this operating system is currently in beta testing phase.
(Image credit: Parrot Security)
8. Parrot security operating system
Another pointed distribution of pen test utilities
Visually stunning office and menus
Wide range of pen test tools.
Possible stability issues
This Parrot Security distribution comes from the Italian Frozenbox team. Like Kali and BlackArch, it categorizes tools for easy access and even contains a section for the ones you use most often.
Parrot is based on Debian 10 (Buster), the test branch of this operating system, so you may encounter stability issues. However, keep in mind that Parrot has much more colorful backgrounds and menus than its main operating system. As such, the hardware requirements are quite a bit more demanding than other distros like Kali.
A minimum of 4GB of RAM is recommended. If you do not have enough RAM, you can use the "Lite" edition of the Parrot Security operating system and choose to install and run only the programs you need.
Parrot Cloud is a special version of the distribution specifically designed to run on a server. It does not contain graphics, but does contain a number of research and networking tools for remote testing. For those whose budget is very limited, there is even an experimental version available for the Raspberry Pi.
(Image credit: OS sub-graphic)
9. Graphical operating system
As recommended by Edward Snowden...
Elegant appearance
Vulnerable apps run in their own sandbox
The operating system is alpha, so some security flaws
The Subgraph operating system is based on Debian Linux and is designed for extremely strict security. The core has been strengthened with many security enhancements and Subgraph is also creating virtual sandboxes around risky applications like web browsers.
A dedicated firewall also routes all outgoing connections through the anonymous Tor network. Each application must be manually approved by the user in order to connect to the network and access the sandboxes of other applications.
In April 2017, Joanna Rutkowska, creator of Qubes, and Micah Lee, security researcher, were able to bypass Subgraph's security by running a malicious application in the Nautilus file manager, which is not in sandbox mode. .
This attack would also work on other privacy-focused distributions, such as Tails. The Subgraph team has yet to develop a patch for this feat, but said the operating system was still in the alpha stage.
This distribution is designed to be installed on a hard drive. Encrypting your file system is mandatory, which means there is no risk of writing unencrypted data anywhere. As mentioned, Subgraph is still in the testing phase. So don't rely on it to protect really sensitive data (and, as always, keep regular backups).
(Image credit: TENS)
10. TEN
NSA approved and lightning fast
Engineered by US Air Force experts.
Installation is extremely easy.
May be difficult to download
Our tenth offering is rightly TENS (Trusted End Node Security). Formerly known as Lightweight Portable Security (LPS), this Linux distribution was designed by none other than the US Air Force and is NSA approved (PDF).
The public version of TENS is specifically designed to run in direct mode, which means that any malicious program is removed when it is closed. It includes a minimal set of applications, but there is also a "Public Deluxe" version that comes with Adobe Reader and LibreOffice. All versions include a customizable firewall. It is also interesting to note that this operating system supports connection through a smart card.