National Cyber Security Centre publish Ubuntu 18.04 LTS Security Guide

Last week the NCSC (National Cyber Security Centre) in the UK issued their latest publication which gives advice on how to configure Ubuntu 18.04 LTS in accordance with their security best practices.

The National Cyber Security Centre (NCSC)is the UK government department responsible for providing guidance on Information Security to the UK public and private sectors as well as responding to online security incidents and securing networks.

They have published many advisories on topics such as Multi Factor authentication for online services, security reviews of Google’s G Suite and Microsoft’s Office 365 as well as Bring Your Own Device (BYOD) policy.

EUD Security Principles

The “End User Device” (EUD) Security Collection provides “guidance for organisations deploying a range of end user device platforms as part of a remote working solution” but many of the documents are equally applicable to more general enterprise and home use.  There is a wealth of information and best practice guidance which can help you stay secure online. The EUD documents are based around a number of Security Principles which include:

  • Data-in-transit protection – how to keep your data secret while being transmitted over the internet
  • Data-at-rest protection – keeping your files safe on the computer itself
  • Authentication – making sure you are who you say you are
  • Secure Boot – Establishing trust the the operating systems boot process hasn’t been tampered with
  • Platform integrity and application sandboxing – keeping you safe from malware
  • Application whitelisting – restricting software to a specific known list

Securing Ubuntu 18.04 LTS

The latest publication from NCSC gives advice on how to configure Ubuntu 18.04 LTS Desktop to meet the 12 EUD principles with specific worked examples.  The document gives advice and instructions on, among other things:

  • Configuring remote access via VPN
  • Enforcing a strong password policy
  • Configuring UEFI for maximum protection
  • Enabling Livepatch for kernel updates without rebooting
  • Preventing execution of binary files from the home partition
  • Enabling and configuring firewalling
  • Auditing

Ubuntu has been built on a foundation of enterprise-grade, industry leading security practices. From our toolchain to the suite of packages we use and from our update process to our industry standard certifications, Canonical never stops working to keep Ubuntu at the forefront of safety and reliability.

When combined with NCSC’s guidance and instructions you can can be assured of a reliable set up to allow you to work safely and securely from a portable computer while online.

You can view the whole publication from NCSC here:

https://www.ncsc.gov.uk/guidance/eud-security-guidance-ubuntu-1804-lts

You can read more about Ubuntu’s security practices here: https://www.ubuntu.com/security

 

About the author

Will's photo

Will leads the team working on the Ubuntu desktop at Canonical. He has a diverse background originally specialising in data networks and global communications systems and has provided consultancy to clients such as BT, Verizon, Inmarsat and Schlumberger. Will has been using and contributing to Ubuntu since 2005 and in 2015 he was recognised as an Ubuntu Member. He has three kids, plays golf badly and is a member of The Royal Institution of Great Britain.

More articles by Will

Posted in: