From michael.dorrington at member.fsf.org Fri Jan 11 09:29:52 2019 From: michael.dorrington at member.fsf.org (Michael Dorrington) Date: Fri, 11 Jan 2019 09:29:52 -0000 Subject: [SC.LUG] MFS Meeting. Tue, 15 Jan. "NCSC End User Device security - IPsec StrongSWAN, user setup, file systems, auto updates." Message-ID: <8851643a-893e-f132-cc78-248e4e065632@member.fsf.org> NOTE: This meeting will be the first meeting at our new location of the Manchester Technology Centre. Please forward this notice to those that would welcome it. You can subscribe to the Manchester Free Software mailing list at: https://lists.nongnu.org/mailman/listinfo/fsuk-manchester * Event: Manchester Free Software's January Meeting * 45 minute slot: StrongSWAN IPsec VPN * 15 minute slot 1: Securing user setup * 15 minute slot 2: Securing file systems * 15 minute slot 3: Automatic updates * Date: Tuesday, 15th January 2019 (3rd Tuesday of the month) * Start time: 19:00 * Finish time: 21:00 * Location: Manchester Technology Centre - https://mspl.co.uk/campuses/manchester-technology-centre/ * Address: Oxford Road, Manchester. M1 7ED. - By the Mancunian Way flyover. - https://www.openstreetmap.org/#map=18/53.47222/-2.23792 == Details == === Introduction === The purpose of Manchester Free Software is to promote the Free Software philosophy. Every meeting we start with an opportunity for informal key signing. For this you'll need to bring paper OpenPGP fingerprint slips, see `gpg-key2ps` from the `signing-party` package (or equivalent in your GNU/Linux distro): https://packages.debian.org/signing-party === Schedule === 19:00-19:05 Introduction and key signing 19:05-19:20 Securing user setup 19:20-19:25 Short Break (5 minutes) 19:25-20:10 StrongSWAN IPsec VPN 20:10-20:25 Long Break (15 minutes) 20:25-20:40 Securing file systems 20:40-20:45 Short Break (5 minutes) 21:45-21:00 Automatic updates === Topic details === The topics in this month's meeting will cover elements of the National Cyber Security Centre (NCSC) End User Device (EUD) Security Guidance for GNU/Linux. Given the number of elements in the guidance we split them over 2 meetings. This is the second meeting but is essentially self-contained and independent from the first meeting. * https://en.wikipedia.org/wiki/National_Cyber_Security_Centre_(United_Kingdom) * https://www.ncsc.gov.uk/ * https://www.ncsc.gov.uk/guidance/eud-security-guidance-ubuntu-1804-lts ==== StrongSWAN IPsec VPN ==== This will be a talk and demo of StrongSWAN IPsec VPN. IPsec helps to secure network communication for computers. The talk will implement the most secure mode suggested in the NCSC guidance which is known as PRIME. We will also briefly discuss alternatives to StrongSWAN and IPsec. * https://www.strongswan.org/ * https://en.wikipedia.org/wiki/IPsec * https://www.ncsc.gov.uk/guidance/using-ipsec-protect-data ==== Securing user setup ==== This will be a talk and demo about securing user setup. This includes ensuring the quality of user passwords, screen lock timings, password ageing (or not), home directory permissions and so on. * https://packages.debian.org/libpam-pwquality ==== Securing file systems ==== This talk will be about securing file systems. File systems are mounted with mount options and these can restrict what can be done such as if files can be executed. Directories and files can have their permissions and ownership altered to be more secure. We will explore the NCSC guidance on this. * https://packages.debian.org/mount * https://packages.debian.org/coreutils ==== Automatic updates ==== One of the greatest improvements to security can be obtained by installing security updates promptly and ensuring you are on security support software. This is not only about packages installed via your distro's packaging system but also software installed by other means such as containers including Flatpak. * https://packages.debian.org/unattended-upgrades * https://packages.debian.org/debian-security-support * https://en.wikipedia.org/wiki/Flatpak == Location == The meeting will take place at our new venue of Manchester Technology Centre, details above. == Transport == === Parking === Please research and decide where to park before heading on your journey and have a Plan B. There are paid parking lots around the venue, they are marked by a blue P in OpenStreetMap centred on Manchester Technology Centre: https://www.openstreetmap.org/#map=16/53.4722/-2.2379 Most of those parking lots are owned by NCP: http://www.ncp.co.uk/ In some of the side streets in the venue surrounding area there are parking meter bays that become zero cost after 8pm on Tuesday so you will have to pay up until then and the maximum stay is 2 hours BUT MAKE SURE YOU VERIFY ALL THIS on parking. This is probably only a good option if you know the area. If you can't decide where to park then ask me for advice. === Public Transport === Closest train stations to the venue are: * Manchester Oxford Road (MCO) train station * Manchester Piccadilly (MAN) train station For other public transport see OpenStreetMap using the "Transport" layer centred on Manchester Technology Centre: https://www.openstreetmap.org/#map=15/53.4722/-2.2379&layers=T == More Information == Information about Manchester Free Software can be found on the Manchester Free Software pages on LibrePlanet: https://libreplanet.org/wiki/Manchester Regards, Mike. MFS Chair. -- FSF member #9429 http://www.fsf.org/register_form?referrer=9429 http://www.fsf.org/about "The Free Software Foundation (FSF) is a nonprofit with a worldwide mission to promote computer user freedom and to defend the rights of all free software users." -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: