Just recently, the NCSC (National Cyber Security Centre) in the UK published an advisory on configuring the latest Ubuntu 18.04 LTS in accordance with their security best practices. The NCSC generally publishes many similar guidelines for a variety of devices and internet topics, including Multi Factor authentication, and security reviews of various platforms such as Google’s G Suite and Microsoft’s Office 365.
The document released by the NCSC gives advice on the following topics for securing Ubuntu 18.04 LTS against online threats:
- Configuring remote access via VPN
- Enforcing a strong password policy
- Configuring UEFI for maximum protection
- Enabling Livepatch for kernel updates without rebooting
- Preventing execution of binary files from the home partition
- Enabling and configuring firewalling
This is part of a way to satisfy the 12 End User Device Security Principles, which means it is basically the NCSC’s set of recommendations, and is not mandatory instructions for configuring Ubuntu 18.04 LTS (should you fall under NCSC’s jurisdiction).
In the document, the NCSC recommends the following architectural choices for Ubuntu 18.04 LTS:
- All data should be routed over a secure enterprise VPN to ensure the confidentiality and integrity of the traffic, and to benefit from enterprise protective monitoring solutions.
- Users should not be allowed to install arbitrary applications on the device. Applications should be authorised by an administrator and deployed via a trusted mechanism.
- Most users should have accounts with no administrative privileges. Users that require administrative privileges should use a separate unprivileged account for email and web browsing. It is recommended that local administrator accounts have a unique strong password per device.
The rest of the document is quite lengthy, and has complete step-by-step guides for optimizing an Ubuntu 18.04 LTS system for the NCSC’s EUD standards. For anyone interested in Linux security, its certainly worth a read.