It sounds to me like you basically want to harden your device, generally. Reducing your attack surface is probably the place to start. Remove unneeded programs and libraries (if you installed any desktop meta package, I can guarantee there will be quite a lot).Everything...but in this case I am specifically referring to the operating system itself, whereas the internet is a window to the operating system and potentially to firmware, the underlying operating system
Look at deborphan, check-dfsg-status, and definitely give a crawl through the reduce Debian page.
One thing to consider is whether the firmware on your device is actually writable from something like flashrom. Few devices are physically write protected.
Minimize the execution of untrusted code: block javascript (and maybe CSS) in your browser on all web pages except for those you frequent and absolutely must have formatting and interactivity.
Enable available mitigations in your kernel for side channel attacks identified by spectre-meltdown-checker. This one will probably conflict with your custom gaming kernel ... but you did say "Everything".
Also, I would take the time to learn nftables, as gufw is simply a frontend for ufw which is a frontend for iptables ... which is no longer the default recommended firewall in Debian. Needless complexity can often lead to insecurity. Moreover, knowing your system inside and out is better still.
And what he said vvv
Keep in mind that while many things can be considered a standard practice, security is more of a subjective point of view. What may be considered secure by one may not be considered the same by another, which in turn is based on ones needs.
Statistics: Posted by Uptorn — 2024-04-19 01:11
