Security

While a fresh Ubuntu installation is usually safe for immediate use, there are some additional steps you can take to introduce a layered approach to your system’s security.

• Users and groups management for setting up user accounts, permissions and password policies

• Firewalls are recommended for network security

• AppArmor limits permissions and access for the software running on your system

• Console security for an additional physical security barrier

Authentication

These tools are particularly useful for more advanced or complex setups.

• Kerberos is a network authentication protocol providing identity verification for distributed systems

• Network user authentication with SSSD handles authentication, user/group information and authorisation from disparate network sources

• Smart card authentication provides a physical authentication method

Cryptography

The Secure Shell (SSH) cryptographic protocol that provides secure channels on an unsecured network. In Ubuntu, OpenSSH is the most commonly used implementation of SSH. It provides a suite of utilities for encrypting data transfers and can also be used for remote login and authentication.

• OpenSSH

• CA trust store

Virtual Private Network (VPN)

VPNs are commonly used to provide encrypted, secure access to a network. Two of the most popular choices in Ubuntu are OpenVPN and WireGuard VPN.

• OpenVPN is a well-established option that supports many platforms besides Linux

• WireGuard VPN is a modern and performant option that removes a lot of the complexity from configuring a VPN

Our other security content

• Explanation: Introduction to security

• Explanation: Security topics