In 2016, keeping your Ubuntu network secure is more important than ever. Despite what some people might think, there’s much more to this than merely putting up a router to protect a network. You must also configure each of your PCs properly to ensure you’re operating within a secure Ubuntu network. This article will show you how.
Much like avoiding a break-in or a home invasion, absolute Ubuntu network security in most environments is a myth. The best we can hope for is to make it extremely difficult to have your network compromised. In my case, this means protecting an Ubuntu network with as much security as practical.
To be clear, the only way you can achieve 100% network security is to turn off your devices, put them into a safe and never use them again. Why is this? Simple – because most security issues come from our own mistakes. Human error is the number one issue you’ll run into with network security in my opinion.
Placing blind trust in any firewall appliance, user “best practices,” or “security through obscurity” is just asking for trouble. All it takes is a flash drive, phishing scheme or even a failure to successfully apply a patch and you could be putting your Ubuntu network in danger.
Because there is no silver bullet to keep your network safe, I recommend using all the tools at our disposal. In addition to that, it’s also important to verify that everything is operating correctly on a schedule. For myself personally, I usually setup an “audit” day once a month to really drill down on everything. This means checking logs, verifying applied patches and looking for anything out of the ordinary.
Many of you might believe that security for your network starts at your router. I disagree and instead recommend starting your security overhaul on each individual PC on your network. Ubuntu (and other distros), Windows and Mac PCs need to all be locked down as much as possible. In an era of laptops, it’s just too easy to take a poorly locked down computer over to a secondary network and expose said laptop to who knows what type of network security.
Because of this, I recommend doing the following with all of your Ubuntu powered (and other distros) PCs.
If you want to dive deep into securing your system even further, you can also secure your tmp directory, shared memory and even limit the number of allowed services. I do not recommend doing any of these things without fully exploring what misconfiguring each of these things can do to your system. And since most of you are running workstations and not public facing servers, I’d suggest avoiding such things.
Now that we have the Ubuntu PCs locked down, the next step is to make sure all data in transit from these PCs is secure. To do this, I recommend using SSH for remote access to each PC and utilizing SSL whenever possible over the Internet. An example of this would be if you decided to setup a CCTV setup using ZoneMinder, but needed to access it remotely over the Internet. My recommendation would be to setup a user specific SSL certificate. This would allow you to remotely access it with apps such as zmNinja. All traffic between your ZoneMinder Ubuntu PC and the Android phone running zmNinja would be encrypted.
Speaking of accessing Ubuntu PCs over your network, let’s talk about the right way to setup SSH. First off, use a SSH key rather than a password. From there, you’ll want to then disable SSH password access on any SSH enabled server. As an added precaution, I’d also disable root SSH access altogether. If you find in your weekly log audits that you’re seeing a lot of traffic trying to get into your system over SSH, you can install Fail2Ban to block malicious login attempts. Do not rely on odd ball ports as a solution – security through obscurity isn’t the answer.
Finally, let’s talk about securing samba/NFS and printer shares. To be frank, none of these things are all that secure by default. My recommendation is to use strong passwords for your network shares. In addition, make sure to use ufw to only allow access from within the LAN. If you feel you need addition security, you can research how to use groups and permissions to further lock down samba shares. My default recommendation is to limit write access to read only. And for goodness sake, never-ever samba share over the Internet. That’s just asking for trouble.
The router or firewall you decide to run is a deeply personal choice. I happen to use pfSense for my home network. However, you might prefer a dd-wrt or similar instead to handle your Internet facing needs.
At the very minimum, here’s what you shouldn’t use: default router login credentials for your router. Additionally, please check for firmware updates for your router. Those two things alone can make all the difference. And finally, audit how exposed you are when running IoT devices. You’ll have to Google around to find what works for the devices you own. But when in doubt, check for updates or don’t use them. That’s my genuine heartfelt advice on how to keep your network as secure as possible.
What say you? How confident that your Ubuntu network security is setup as well as possible? Perhaps you’ve found other distros to be more secure overall and thus providing you with better network security? Hit the Comments and tell me about it.
Huawei’s AI Update: Things Are Moving Faster Than We Think
FEATURE | By Rob Enderle,
December 04, 2020
Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era
ARTIFICIAL INTELLIGENCE | By Guest Author,
November 18, 2020
Key Trends in Chatbots and RPA
FEATURE | By Guest Author,
November 10, 2020
FEATURE | By Samuel Greengard,
November 05, 2020
ARTIFICIAL INTELLIGENCE | By Guest Author,
November 02, 2020
How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
October 29, 2020
Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
October 23, 2020
The Super Moderator, or How IBM Project Debater Could Save Social Media
FEATURE | By Rob Enderle,
October 16, 2020
FEATURE | By Cynthia Harvey,
October 07, 2020
ARTIFICIAL INTELLIGENCE | By Guest Author,
October 05, 2020
CIOs Discuss the Promise of AI and Data Science
FEATURE | By Guest Author,
September 25, 2020
Microsoft Is Building An AI Product That Could Predict The Future
FEATURE | By Rob Enderle,
September 25, 2020
Top 10 Machine Learning Companies 2020
FEATURE | By Cynthia Harvey,
September 22, 2020
NVIDIA and ARM: Massively Changing The AI Landscape
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
September 18, 2020
Continuous Intelligence: Expert Discussion [Video and Podcast]
ARTIFICIAL INTELLIGENCE | By James Maguire,
September 14, 2020
Artificial Intelligence: Governance and Ethics [Video]
ARTIFICIAL INTELLIGENCE | By James Maguire,
September 13, 2020
IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI
FEATURE | By Rob Enderle,
September 11, 2020
Artificial Intelligence: Perception vs. Reality
FEATURE | By James Maguire,
September 09, 2020
Anticipating The Coming Wave Of AI Enhanced PCs
FEATURE | By Rob Enderle,
September 05, 2020
The Critical Nature Of IBM’s NLP (Natural Language Processing) Effort
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
August 14, 2020
Datamation is the leading industry resource for B2B data professionals and technology buyers. Datamation's focus is on providing insight into the latest trends and innovation in AI, data security, big data, and more, along with in-depth product recommendations and comparisons. More than 1.7M users gain insight and guidance from Datamation every year.
Advertise with TechnologyAdvice on Datamation and our other data and technology-focused platforms.
Advertise with Us
Property of TechnologyAdvice.
© 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this
site are from companies from which TechnologyAdvice receives
compensation. This compensation may impact how and where products
appear on this site including, for example, the order in which
they appear. TechnologyAdvice does not include all companies
or all types of products available in the marketplace.