Security

Most secure Linux distros

This article focuses on some of the most secure Linux distros including QubeOS, Tails, Alpine Linux, Whonix, IprediaOS and a shared review for offensive security distributions including Kali Linux, Black Arch and Parrot OS for being the best options to pentest yourself.

Some of the Linux distributions mentioned below are optimized to prevent hacker attacks while others fit better if you want to prevent forensics against your devices.

Security offensive Linux distributions are also a good option when looking for safe OS and some were included in this list.

Qubes OS

Qubes OS uses Bare Metal, hypervisor type 1, Xen. It offers isolated virtualization of systems (domains) based on different Linux distributions and even Windows. It is free and open source and leads the market as the most, or among the most secure solutions featuring Linux (Operating Systems like OpenBSD are excluded from this article).

Qubes OS divides or isolates different domains (virtual machines) for different purposes each, in case one of the virtualizations get hacked the rest remain safe. Each domain, Qube, compartment or virtualized system has a different security level depending on the activity the user develops, for example, you can have a virtual machine, compartment or Qube to manage your bitcoins wallet, a different Qube for work, a different one for undefined tasks, etc. QubeOS shows all Qubes or compartments in a single screen each Qube is identified by a color associated with the security level.

Qubes OS is a free and open-source security-oriented operating system meant for single-user desktop computing.

And Qubes OS has a referral officially from Edward Snowden. Snowden tweeted: “If you’re serious about security, @QubesOS is the best OS available today. It’s what I use, and free. Nobody does VM isolation better.”  You can get QubeOS  for free at https://www.qubes-os.org/.

Tails (The Amnesic Incognito Live System):

Tails is a live Debian based Linux distribution considered among the most secure distributions together with the previously mentioned QubeOS.

Tails can be considered an anti-forensic Linux distribution which doesn’t leave traces of activity, in order to achieve this Tails forces all network traffic through the Tor anonymous network.

Among the tools included in Tails you can find Tor for anonymous browsing, pidgin for encrypted communication (messengers), Claws Mail for encrypted emails, Liferea, Aircrack-ng to audit wireless network connections, I2P for safe connections, Electrum to manage bitcoins, LUKS to encrypt devices, GnuPG to encrypt files, Monkeysign, PWGen, KeepPassX to manage passwords, MAT, GTkHash for checksums, Keyringer  and Paperkey to save PGP keys and more.

To prevent forensics, even when used as live cd, Tails overwrites memory to remove all traces of activity recoverable by forensic tools. Optionally Tails allows you to install it in a persistent mode in a encrypted storage device.

Tails, based on Debian, was formerly known as Incognito, a widely used Gentoo Linux based distribution used to browse anonymously.

You can download Tails for free from its official website at https://tails.boum.org/.

Alpine Linux

Alpine Linux aims to be a small, simple and secure Linux distribution.  Having these 3 main features, it can be installed in storage devices with as little as 130 mb of capability. Alpine Linux features its own packages manager (APK) and additional software from the repositories.  All software executed by the user under Alpine Linux uses PIE allowing executable to run on random locations in the memory. Alpine Linux can be obtained for free from its official website at https://alpinelinux.org/.

IprediaOS

IprediaOS is a fast and secure OS based on Fedora Linux. It provides an anonymous environment for browsing, mailing, chatting and sharing files. IpreadiOS features Robert Bit Torrent ready to share files anonymously through I2P, Wireshark, the SELinux bowser, Xchat to communicate anonymously through I2P which also includes an anonymous mail service (Susimail).

IprediaOS can be downloaded for free from https://www.ipredia.org/.

Whonix

Whonix is another secure Linux solution based on Debian. Whonix is integrated by 2 different virtualized devices, the desktop where the user works and a gateway.  The desktop environment can’t reach the network without passing through the gateway which intermediates between the desktop and the Tor network.  Whonix can run on VirtualBox, KVM or QubeOS mentioned previously.

Contrary to QubeOS, Whonix remembers Tor nodes preventing new attackers from impersonating nodes to carry out MiM attacks. Whonix was designed to provide security and anonymize users, in fact the project has the tagline: “Anonymize Everything You Do Online”.  it can be downloaded for free from its official website at https://www.whonix.org/.

Safe offensive Linux distributions:

Because this article focuses on secure Linux distributions, distributions oriented to hacking must be included for a variety of reasons.

Hacking distributions like Kali Linux, Black Arch, Parrot OS, etc. include formidable tools to test your own environment, you can always run attacks against yourself to audit your security. All the distributions mentioned above included in this category bring tools to audit your local network such as Aircrack, Reaver, Wireshark, Nmap and additional tools capable to test your own security.

Kali Linux can be downloaded from its official website at: https://www.kali.org/
Parrot OS Linux can be downloaded from its official website at: https://parrotlinux.org/
Black Arch Linux can be downloaded from its official website at: https://blackarch.org/

All of them are also available as live distributions to be used upon need.

I hope you found this article on secure Linux distros useful. Keep following LinuxHint for more tips and updates on Linux and networking.

About the author

Ivan Vanney

Ivan Vanney

Ivan Vanney has over 2 years as writer for LinuxHint, he is co-founder of the freelance services marketplace GIGopen.com where he works as a sysadmin.