Security sub forum?

I propose adding a new sub forum regarding security.

Thoughts?

2 Likes

Since offering an opinion hasn’t proved overly constructive today, I’ll simply say, “yes”. :grin:

2 Likes

Hmm, I’m not sure if we need one. :thinking:

It’s an important thing about computers. I like the suggestion, but I don’t see the need as the community isn’t talking about security-related matters to a point it needs its own category.

The only topic I’d consider a security issue is this:


My questions:

  1. Where would we put it?
  • Do we need one?
  • Are there any existing topics that are related to security?
  • What sort of topics would this section contain?
1 Like

Certainly the topic I posted, while not directly related to Linux, is pertinent to many members of our community who possibly dual boot. My idea is just to open the door for folks to ask questions.

Where would we put it?

Maybe changing uncategorized to security, or sub to support & help

Do we need one?

YES - I believe any computer help forum need to have an area about security.

Are there any existing topics that are related to security?
What sort of topics would this section contain?

The post I made earlier is a prime example. Posting pertinent timely information to our members is just plain responsible.

  • firewall configuration
  • discussion about opening ports as related to web services
  • guidelines and vulnerabilities of setting up a commercial product such as MyCloud
  • setting up open source OwnCloud
  • certificates
  • SSL
  • physical access
  • routers

I’m a member of a few Face Book private groups, primarily photography, and have received thanks for posting items similar to the one posted earlier.

I’m a retired internet security specialist from a large financial institution and firmly believe education and knowledge is paramount to safe computing.

This community reaches many folks many of which might benefit from open discussions if the door is open and welcoming.

I’m a relative newbie to this community and just want to increase the interest level. You probably know the wants, needs, and interests well enough … I stated my case and opinions … your call!

5 Likes

My thoughts on this are the following:

It would certainly be wise to have a security advisory guide for Linux users, by that I mean that people should be made aware about the risks involved when switching files back and forth to Windows/MAC and Linux as there is a danger that Windows/MAC users may well in fact expose themselves to viruses when copying files over form Linux partitions!.

I don’t think it warrants its own section though, a security how-to guide would suffice in the tuts section of the forum!. :smiley:

That’s my tuppence worth!. :smiley:

2 Likes

Hallo

Lets think about the subject and the audience.

IT security is sooo important. That’s a fact. It is also a massive subject, really huge, bigger than big! :earth_africa:

If this were the “Arch-linux” forum I’d say why not. However, Ubuntu-Mate has a lot of appeal to those starting off with Linux. The “non-tech” people starting off on Ubuntu-Mate will probably be frightened and confused if they started to read in a “security section” (as the subject gets quite technical quite quickly).

“In our distribution we trust” and ours is (a) based on Ubuntu, which shuts off many security problems “out-of-the-box”, and (b) with the Ubuntu-Mate developers we have a team of really committed people who put spadefulls of work into polishing off the rest and keeping us upto date.

I’d go with Wolfman on this, most people would be best served with a beginner’s guide to the essentials of security. I’m used to training people in a reasonably large organisation and you have to be realistic - you have to start “education” at a level low enough to pick up the “weakest link”. Afterwards you’ve a solid foundation upon which you can build.

Perhapse this could be a subject for a chapter in the “Ubuntu-Mate Beginner’s Guide” we were discussing last year (https://ubuntu-mate.community/t/thoughts-on-a-um-manual/2104).

3 Likes

My idea was to include security somewhere.

I certainly agree with both @wolfman & @alpinejohn in that we should NOT get into the nitty-gritty of security. I also think that most folks already have awareness that computer security is important and by highlighting the positive position that Linux in general is a safer operating system would reinforce user’s adoption of Ubuntu MATE.

4 Likes

I’m in agreement with pfeiffep and what’s become apparent to me after becoming a member here, has been the influx of new Linux users posting on UM’s forums. Now, I haven’t an accounting but most of them must be dual-booting with some version of Windows and still predominately depend upon that operating system. They may also not realize the risk of cross contamination through moving files back and forth -OR- that Linux itself isn’t completely immune to security issues. I think having at least a “Sticky” with security do’s & don’ts would be a very helpful and a responsible thing to do.

5 Likes

Hi Peter,

I hope this meets the requirements?:

2 Likes

This is a GREAT start…anti virus is an important part of secure [safe] computing!

I think maybe the word I used “security” might be better replaced by 2 words “safe computing”.

I don’t intend for this to replace or duplicate https://www.us-cert.gov/home-and-busines but an area for discussion and posting links to timely articles.

2 Likes

Interesting link Peter, I will add that to the thread!. :smiley:

Safe computing or security basically amount to the same thing but I understand what you mean!. :smiley:

1 Like

I’ll attempt to find Spanish and Portuguese sites similar to us-cert.gov also … maybe there’s a German site similar also.

Jawohl!:

https://www.bsi-fuer-buerger.de/BSIFB/DE/Home/home_node.html

1 Like

We will have to get @lah7 to make it a Wiki so you can edit and add things too!. :smiley:

1 Like

This is also a great step in addressing multi language / culture

1 Like

Now a wiki post to contribute edits:

3 Likes

Having a security section would certainly keep things “neat” on the forum so this information isn’t scattered about in uncategorized.

2 Likes

Is it?, are the computer viruses in your country more cultured Peter?. :smiley:

1 Like

To conclude, I did ask @Wimpy and have been informed:

Security issues should be communicated via private Launchpad issues. I have access to the Canonical security team, and Launchpad is the responsible way to report issues. I’ve handled several security issues via LP already.

I like your intentions @pfeiffep and can understand your focus on educating users to be more secure, but I agree with @wolfman and @alpinejohn on this one that a dedicated category isn’t required.

Instead, you may wish to consider creating topics in the Tutorials & Guides section and clearly label the start as [Security] so this is apparent in topic listings.

Examples:

  • [Security] Which ports should you open in the Firewall?
  • [Security] How to encrypt your home folder.
  • [Security] How to pick a strong password.

For the last one, I have a command great for generating random strong passwords, just add this to ~/.bash_aliases and type genpwd the next time you open a terminal:

genpwd(){ < /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-16};echo;}

What we also wouldn’t want to is new users thinking they should report or share unresolved security issues in the wild.

3 Likes

I think this is a super solution to identifying and posting timely pertinent information wrt security and safe computing.

So what is to become of the “wiki” suggested by @wolfman? Will it be available for me to edit - ie add information such as links to Spanish language similar to US-CERT.gov? Or possibly you’d rather not co-mingle the multi language effort?

I totally agree that sharing unresolved vulnerabilities is not a good idea and as a matter of fact should be prohibited. Of course such vulnerabilities should be reported to US-CERT and the software “owner”.

For passwords I use LastPass which provided an automated method for generating secure passwords with the additional benefit that one doesn’t have to remember or type them in :wink: