0

How to secure Ubuntu 12.04

ubuntu_1204_security

This article looks at how to secure Ubuntu 12.04 from cyber attack. Securing Ubuntu 12.04 takes a similar approach to securing Windows 8 devices and securing Apple iOS 7, the controls featured are basic in terms of information security and aims to lock down the device by removing unnecessary services, verifying the boot procedure of the device, blocking unauthorised devices or execution of malicious code as well as securing data on the device and in transit.

Architectural Considerations

Firstly, it is necessary to ensure that a secure architecture is implemented. This supports the main controls as listed above in that organisations should ensure that:

  • All data is routed via a secure virtual private network (VPN) connection. The VPN will ensure that the data is encrypted and  reduce the likelihood of the confidentiality or integrity of that data being compromised. If in an enterprise environment, the organisation should ensure that data goes via the enterprise VPN tunnel and that users are not able to browse outside of this tunnel. This can be achieved by ensuring that split tunnelling is not enabled on the VPN client.
  • Only trusted programs should be able to be executed on the Ubuntu 12.04 device. This can be achieved via application white listing, where only trusted applications can be run.

Encryption

As stated, all data leaving the device should be encrypted in transit by use of the native VPN client. This should be configured by default and, if in an enterprise environment, organisations should ensure that users are not able to terminate or deviate from the VPN tunnel. It is highly recommended that the StrongSwan IPSEC VPN is utilised to protect data in transit.

LUKS/dm-crypt full disk encryption is available to provide data at rest protection for the device. It is strongly recommended that authentication for encryption is implemented with a strong policy, to include 9 character length passwords with a combination of letters, alphanumeric and special characters. This will prevent brute force attacks on the device if lost or stolen. While LUKS/dm-crypt does provide some assurance for data at rest, it should be noted that attacks have been discovered that could compromise this state of encryption. Patches exist to enable the use of trusted platform modules (TPMs), this may increase the security posture of the encryption on the device and should be considered.

Further vulnerabilities have been discovered in Ubuntu 12.04 regarding encryption, specifically management of keys on the device. It is noted that the keys utilised to encrypt data may be accessible by an attacker without having to enter the password. If the device is powered on, left on and accessible physically then data at rest may be at risk – this should be considered when deciding whether or not to use Ubuntu 12.04 as the operating system for your organisation.

Application Control

Ubuntu 12.04 can be locked down to prevent users accessing unauthorised software. This can be achieved both for an individual or for an enterprise environment via configuring devices to ensure that applications cannot be run from disk partitions that can be written to. By only allowing a privileged user, such as administrator, to install applications then regular users are prevented from accessing, installing or executing applications not in within the admins control.

Authentication

Strong authentication controls should be implemented to reduce the risk of compromise of a device. Users should be forced to authenticate to the device, which in turn decrypts and provides access to all files, folders and resources on the device. Policies should be enforced to ensure that authentication controls are strict and adhered to. Passwords should be complex, including up to 9 character passwords with a mix of letters, alphanumeric and special characters, and changed regularly.

Removable Media / Direct Memory Access

Ubuntu 12.04 may allow direct memory access based attackers through attackers plugging in through external interfaces such as USB ports. This may allow an attacker to extract data and encryption keys from the device, even when locked. The organisation should strongly consider locking down devices to prevent this type of access – or installing a third party piece of software to prevent access to external interfaces without authentication. Alternatively, devices with no external faces should be adopted or disabled appropriately.

Conclusion

Many users, and enterprises, can be hesitant to procure open source platforms such as Ubuntu. As the risks are not well documented and there is limited advice available regarding how to secure Ubuntu 12.04 and other similar platforms, it is easy for organisations to stick with common operating systems such as Windows.

However, by sticking to the same type of controls as other operating systems, it is evident that Ubuntu 12.04 offers a similar set of core functions that may prevent some identified risks, if configured appropriately. It is up to the user, or enterprise, to identify these risks and configure the device appropriately. As ever, at enterprise level, the device should be locked down using a standard build and replicated across the estate to maintain a level of consistency. Settings can be applied via policies and distributed out where required, however, it is recommended that this guidance on how to secure Ubuntu 12.0.4 should be used as a starting point to build on.

Filed in: Articles, News Tags: , , , , , , , ,

Get Updates

Share This Post

Recent Posts

Leave a Reply

Submit Comment

© 2017 Cyber Security News. All rights reserved.