How to secure Ubuntu for a non-technical user? (your mom)

security laptop

The number one thing you can do to keep that computer secure is to ensure that the packages are updated regularly. I would enable fully automatic updates (https://help.ubuntu.com/community/AutomaticSecurityUpdates), as long as the potential for a burst of network use while connected to dodgy hotel WiFi isn't a severe problem.

After that, I think the only big problem is VNC. If VNC server is running constantly, it is probably the biggest potential security issue on the system (SSH is similar in scope but is considered to be more secure by default). If you need VNC installed and need it to be running all of the time, then there's probably nothing you can do about it -- it's either running or it's not, and there's not much you can do to secure a process that has control over input/output like VNC does. But if you don't need it to be on all the time, then just disable it. You can start it up manually via SSH if you need to.

As long as your packages are up to date, I wouldn't worry about web browsing, USB sticks, malware or SSH vulnerabilities. Linux desktops/notebooks are not a common target for them and Ubuntu is fairly well hardened by design. Even if you don't do anything special to secure against those vulnerabilities, an Ubuntu system will be less likely to be compromised than a Windows machine running even fairly good security software.

Skype is not necessarily secure, but it doesn't run with elevated privileges and there's not very much you can do to secure it given the state of the Skype linux version. Just be aware that Skype for Linux is not very stable or featureful and hasn't been worked on for a long time. That having been said, I use it for business purposes all the time and after I got used to its quirks it was adequate.


The most important security-risk for road warriors is an unsecure network connection (public WiFi) that allows unencrypted traffic to be read by third parties or man-in-the-middle attacks on encrypted traffic.

The only way around this is to use a VPN. If you own a server just set up a VPN on it. PPTP or OpenVPN are easily set up and at least the former is supported out-of-the-box by pretty much everything (Linux, Mac, Win, iPhone, Android, you name it).

For remote support I'd recommend Teamviewer. Works from everywhere and behind every firewall.


What about UMTS/LTE access? It would protect from sniffing and allow SSH. It's gotten really easy to configure. You would have to teach your mom how to get her IP or get a dyndns-like solution. It's a matter of pricing and coverage of course.

Related

What does BuildID SHA1 mean?
What to do if Disk Utility shows bad sectors pending in SMART?
How to change thickness/width of arrow head?
How to retrieve tweets from command line?
My 'USB flash' does not have write permission. I can't copy files into it via Nautilus?
'trying to overwrite file already in shotwell-common package' while installing shotwell from the PPA
How do I set the default terminal profile?
In gedit, what is the "file browser panel" plugin and what does it do?
How to automatically set terminal title to directory name without path
Example of NSAttributedString with two different font sizes?
How to convert object containing Objects into array of objects
Reference type still needs pass by ref?