[Bradford] MFS Meeting. Tue, 15 Jan. "NCSC End User Device security - IPsec StrongSWAN, user setup, file systems, auto updates."
Michael Dorrington
michael.dorrington at member.fsf.org
Fri Jan 11 09:29:52 UTC 2019
NOTE: This meeting will be the first meeting at our new location of the
Manchester Technology Centre.
Please forward this notice to those that would welcome it.
You can subscribe to the Manchester Free Software mailing list at:
https://lists.nongnu.org/mailman/listinfo/fsuk-manchester
* Event: Manchester Free Software's January Meeting
* 45 minute slot: StrongSWAN IPsec VPN
* 15 minute slot 1: Securing user setup
* 15 minute slot 2: Securing file systems
* 15 minute slot 3: Automatic updates
* Date: Tuesday, 15th January 2019 (3rd Tuesday of the month)
* Start time: 19:00
* Finish time: 21:00
* Location: Manchester Technology Centre
- https://mspl.co.uk/campuses/manchester-technology-centre/
* Address: Oxford Road, Manchester. M1 7ED.
- By the Mancunian Way flyover.
- https://www.openstreetmap.org/#map=18/53.47222/-2.23792
== Details ==
=== Introduction ===
The purpose of Manchester Free Software is to promote the Free Software
philosophy.
Every meeting we start with an opportunity for informal key signing.
For this you'll need to bring paper OpenPGP fingerprint slips, see
`gpg-key2ps` from the `signing-party` package (or equivalent in your
GNU/Linux distro):
https://packages.debian.org/signing-party
=== Schedule ===
19:00-19:05 Introduction and key signing
19:05-19:20 Securing user setup
19:20-19:25 Short Break (5 minutes)
19:25-20:10 StrongSWAN IPsec VPN
20:10-20:25 Long Break (15 minutes)
20:25-20:40 Securing file systems
20:40-20:45 Short Break (5 minutes)
21:45-21:00 Automatic updates
=== Topic details ===
The topics in this month's meeting will cover elements of the
National Cyber Security Centre (NCSC) End User Device (EUD) Security
Guidance for GNU/Linux. Given the number of elements in the guidance we
split them over 2 meetings. This is the second meeting but is
essentially self-contained and independent from the first meeting.
*
https://en.wikipedia.org/wiki/National_Cyber_Security_Centre_(United_Kingdom)
* https://www.ncsc.gov.uk/
* https://www.ncsc.gov.uk/guidance/eud-security-guidance-ubuntu-1804-lts
==== StrongSWAN IPsec VPN ====
This will be a talk and demo of StrongSWAN IPsec VPN. IPsec helps to
secure network communication for computers. The talk will implement the
most secure mode suggested in the NCSC guidance which is known as PRIME.
We will also briefly discuss alternatives to StrongSWAN and IPsec.
* https://www.strongswan.org/
* https://en.wikipedia.org/wiki/IPsec
* https://www.ncsc.gov.uk/guidance/using-ipsec-protect-data
==== Securing user setup ====
This will be a talk and demo about securing user setup. This includes
ensuring the quality of user passwords, screen lock timings, password
ageing (or not), home directory permissions and so on.
* https://packages.debian.org/libpam-pwquality
==== Securing file systems ====
This talk will be about securing file systems. File systems are mounted
with mount options and these can restrict what can be done such as if
files can be executed. Directories and files can have their permissions
and ownership altered to be more secure. We will explore the NCSC
guidance on this.
* https://packages.debian.org/mount
* https://packages.debian.org/coreutils
==== Automatic updates ====
One of the greatest improvements to security can be obtained by
installing security updates promptly and ensuring you are on security
support software. This is not only about packages installed via your
distro's packaging system but also software installed by other means
such as containers including Flatpak.
* https://packages.debian.org/unattended-upgrades
* https://packages.debian.org/debian-security-support
* https://en.wikipedia.org/wiki/Flatpak
== Location ==
The meeting will take place at our new venue of Manchester Technology
Centre, details above.
== Transport ==
=== Parking ===
Please research and decide where to park before heading on your journey
and have a Plan B.
There are paid parking lots around the venue, they are marked by a blue
P in OpenStreetMap centred on Manchester Technology Centre:
https://www.openstreetmap.org/#map=16/53.4722/-2.2379
Most of those parking lots are owned by NCP:
http://www.ncp.co.uk/
In some of the side streets in the venue surrounding area there are
parking meter bays that become zero cost after 8pm on Tuesday so you
will have to pay up until then and the maximum stay is 2 hours BUT MAKE
SURE YOU VERIFY ALL THIS on parking. This is probably only a good
option if you know the area.
If you can't decide where to park then ask me for advice.
=== Public Transport ===
Closest train stations to the venue are:
* Manchester Oxford Road (MCO) train station
* Manchester Piccadilly (MAN) train station
For other public transport see OpenStreetMap using the "Transport" layer
centred on Manchester Technology Centre:
https://www.openstreetmap.org/#map=15/53.4722/-2.2379&layers=T
== More Information ==
Information about Manchester Free Software can be found on the
Manchester Free Software pages on LibrePlanet:
https://libreplanet.org/wiki/Manchester
Regards,
Mike.
MFS Chair.
--
FSF member #9429
http://www.fsf.org/register_form?referrer=9429
http://www.fsf.org/about
"The Free Software Foundation (FSF) is a nonprofit with a worldwide
mission to promote computer user freedom and to defend the rights of all
free software users."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.lug.org.uk/pipermail/bradford/attachments/20190111/bec7e70c/attachment.sig>
More information about the Bradford
mailing list