The National Cyber Security Centre, a department of the UK spy agency, GCHQ, has published a new security guidance document for Ubuntu 18.04 which can help administrators set up and Ubuntu systems securely. The recommendations provided are in accordance with the NCSC’s best security practices and are intended for the public and private sectors who want to set up new systems, home users can also learn from it.
The security guidelines address 12 areas, among these are:
- Data-in-transit protection – how to keep your data secret while being transmitted over the internet.
- Data-at-rest protection – keeping your files safe on the computer itself.
- Authentication – making sure you are who you say you are.
- Secure Boot – Establishing trust the the operating systems boot process hasn’t been tampered with.
- Platform integrity and application sandboxing – keeping you safe from malware.
- Application whitelisting – restricting software to a specific known list.
In order to meet these requirements, the document gives comprehensive instructions about how to configure remote access via a VPN, enforcing a strong password policy, configuring UEFI for maximum protection, enabling Livepatch for kernel updates without rebooting, preventing execution of binary files from the home partition, enabling and configuring a firewall, and auditing.
Ubuntu’s Desktop Engineering Manager, Will Cooke, said:
“Ubuntu has been built on a foundation of enterprise-grade, industry leading security practices. From our toolchain to the suite of packages we use and from our update process to our industry standard certifications, Canonical never stops working to keep Ubuntu at the forefront of safety and reliability.
When combined with NCSC’s guidance and instructions you can can be assured of a reliable set up to allow you to work safely and securely from a portable computer while online.”