Security sub forum?

Certainly the topic I posted, while not directly related to Linux, is pertinent to many members of our community who possibly dual boot. My idea is just to open the door for folks to ask questions.

Where would we put it?

Maybe changing uncategorized to security, or sub to support & help

Do we need one?

YES - I believe any computer help forum need to have an area about security.

Are there any existing topics that are related to security?
What sort of topics would this section contain?

The post I made earlier is a prime example. Posting pertinent timely information to our members is just plain responsible.

• firewall configuration
• discussion about opening ports as related to web services
• guidelines and vulnerabilities of setting up a commercial product such as MyCloud
• setting up open source OwnCloud
• certificates
• SSL
• physical access
• routers

I’m a member of a few Face Book private groups, primarily photography, and have received thanks for posting items similar to the one posted earlier.

I’m a retired internet security specialist from a large financial institution and firmly believe education and knowledge is paramount to safe computing.

This community reaches many folks many of which might benefit from open discussions if the door is open and welcoming.

I’m a relative newbie to this community and just want to increase the interest level. You probably know the wants, needs, and interests well enough … I stated my case and opinions … your call!

My thoughts on this are the following:

It would certainly be wise to have a security advisory guide for Linux users, by that I mean that people should be made aware about the risks involved when switching files back and forth to Windows/MAC and Linux as there is a danger that Windows/MAC users may well in fact expose themselves to viruses when copying files over form Linux partitions!.

I don’t think it warrants its own section though, a security how-to guide would suffice in the tuts section of the forum!.

That’s my tuppence worth!.

Hallo

Lets think about the subject and the audience.

IT security is sooo important. That’s a fact. It is also a massive subject, really huge, bigger than big!

If this were the “Arch-linux” forum I’d say why not. However, Ubuntu-Mate has a lot of appeal to those starting off with Linux. The “non-tech” people starting off on Ubuntu-Mate will probably be frightened and confused if they started to read in a “security section” (as the subject gets quite technical quite quickly).

“In our distribution we trust” and ours is (a) based on Ubuntu, which shuts off many security problems “out-of-the-box”, and (b) with the Ubuntu-Mate developers we have a team of really committed people who put spadefulls of work into polishing off the rest and keeping us upto date.

I’d go with Wolfman on this, most people would be best served with a beginner’s guide to the essentials of security. I’m used to training people in a reasonably large organisation and you have to be realistic - you have to start “education” at a level low enough to pick up the “weakest link”. Afterwards you’ve a solid foundation upon which you can build.

Perhapse this could be a subject for a chapter in the “Ubuntu-Mate Beginner’s Guide” we were discussing last year (https://ubuntu-mate.community/t/thoughts-on-a-um-manual/2104).

My idea was to include security somewhere.

I certainly agree with both @wolfman & @alpinejohn in that we should NOT get into the nitty-gritty of security. I also think that most folks already have awareness that computer security is important and by highlighting the positive position that Linux in general is a safer operating system would reinforce user’s adoption of Ubuntu MATE.

I’m in agreement with pfeiffep and what’s become apparent to me after becoming a member here, has been the influx of new Linux users posting on UM’s forums. Now, I haven’t an accounting but most of them must be dual-booting with some version of Windows and still predominately depend upon that operating system. They may also not realize the risk of cross contamination through moving files back and forth -OR- that Linux itself isn’t completely immune to security issues. I think having at least a “Sticky” with security do’s & don’ts would be a very helpful and a responsible thing to do.

Hi Peter,

I hope this meets the requirements?:

This is a GREAT start…anti virus is an important part of secure [safe] computing!

I think maybe the word I used “security” might be better replaced by 2 words “safe computing”.

I don’t intend for this to replace or duplicate https://www.us-cert.gov/home-and-busines but an area for discussion and posting links to timely articles.

Interesting link Peter, I will add that to the thread!.

Safe computing or security basically amount to the same thing but I understand what you mean!.

I’ll attempt to find Spanish and Portuguese sites similar to us-cert.gov also … maybe there’s a German site similar also.

Jawohl!:

https://www.bsi-fuer-buerger.de/BSIFB/DE/Home/home_node.html

We will have to get @lah7 to make it a Wiki so you can edit and add things too!.

This is also a great step in addressing multi language / culture

Now a wiki post to contribute edits:

Having a security section would certainly keep things “neat” on the forum so this information isn’t scattered about in uncategorized.

Is it?, are the computer viruses in your country more cultured Peter?.

To conclude, I did ask @Wimpy and have been informed:

Security issues should be communicated via private Launchpad issues. I have access to the Canonical security team, and Launchpad is the responsible way to report issues. I’ve handled several security issues via LP already.

I like your intentions @pfeiffep and can understand your focus on educating users to be more secure, but I agree with @wolfman and @alpinejohn on this one that a dedicated category isn’t required.

Instead, you may wish to consider creating topics in the Tutorials & Guides section and clearly label the start as [Security] so this is apparent in topic listings.

Examples:

• [Security] Which ports should you open in the Firewall?
• [Security] How to encrypt your home folder.
• [Security] How to pick a strong password.

For the last one, I have a command great for generating random strong passwords, just add this to ~/.bash_aliases and type genpwd the next time you open a terminal:

genpwd(){ < /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-16};echo;}

What we also wouldn’t want to is new users thinking they should report or share unresolved security issues in the wild.

I think this is a super solution to identifying and posting timely pertinent information wrt security and safe computing.

So what is to become of the “wiki” suggested by @wolfman? Will it be available for me to edit - ie add information such as links to Spanish language similar to US-CERT.gov? Or possibly you’d rather not co-mingle the multi language effort?

I totally agree that sharing unresolved vulnerabilities is not a good idea and as a matter of fact should be prohibited. Of course such vulnerabilities should be reported to US-CERT and the software “owner”.

For passwords I use LastPass which provided an automated method for generating secure passwords with the additional benefit that one doesn’t have to remember or type them in

I don’t know, but I do like Quark !

A wiki post means that any other member (with trust level 1) is permitted to edit the post.

If you find any security websites for other regions, you can add them if you wish. It should still be primarily English until we have dedicated multilingual categories (depending on feedback!) which would be better for localized topics about security.

I think there is a misunderstanding as we all seem to have different concepts in mind when talking about security. I agree with @lah7 and @Wimpy on this:

These kind of security-related issues are indeed very technical and do not need a separate category in the forum. What I believe, however, @pfeiffep had in mind is a category that deals specifically with questions that are not necessarily related to identifying and fixing security issues with Ubuntu MATE, but more practical kind of advice any new user of this distribution will sooner or later come across. I would even extend his proposal to start an entirely new category named Security & Privacy or better Internet Literacy & Safe Computing. A list of questions that would fit in:

1. How to install an anti-virus program on Ubuntu MATE?

2. What is the difference between privacy and anonymity and what tools can I use to decrease my data track on the web?

3. How to properly configure the Tor Browser bundle in areas affected by censorship?

4. How to configure a VPN on Ubuntu MATE and why is that necessary when using public Wifi hotspots? What are the problems related to VPNs and how to choose a commercial one that you trust?

5. How to encrypt and decrypt a PDF file for someone who is not familiar with encrypted communication?

6. What e-mail providers do you consider privacy-friendly and safe to use? How to encrypt your e-mails?

7. How to encrypt your chat and video communications and what programs to use?

8. What webhost do you recommend that is secure and privacy-conscious?

9. How to switch your website from http to https?

10. In what sense is security related to free software and what are the problems with proprietary software?

Many of these questions may not necessarily be related to Ubuntu MATE (they are when it comes to configuring programs or installing them) but I believe are part of a general internet literacy. If you find Security to be too narrow or specific, I propose to extend it to Security, Privacy, Anonymity or better even Internet Literacy & Safe Computing to pick up the last suggestion from @pfeiffep. I believe this would again distinguish this already outstanding forum and help increase Ubuntu MATE user adoption.