[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Fsfe-uk] MFS Meeting. Tue, 15 Jan. "NCSC End User Device security - IPs

From: Michael Dorrington
Subject: [Fsfe-uk] MFS Meeting. Tue, 15 Jan. "NCSC End User Device security - IPsec StrongSWAN, user setup, file systems, auto updates."
Date: Fri, 11 Jan 2019 09:29:34 +0000
User-agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.4.0

NOTE: This meeting will be the first meeting at our new location of the
Manchester Technology Centre.

Please forward this notice to those that would welcome it.

You can subscribe to the Manchester Free Software mailing list at:

* Event: Manchester Free Software's January Meeting

* 45 minute slot: StrongSWAN IPsec VPN
* 15 minute slot 1: Securing user setup
* 15 minute slot 2: Securing file systems
* 15 minute slot 3: Automatic updates

* Date: Tuesday, 15th January 2019 (3rd Tuesday of the month)
* Start time: 19:00
* Finish time: 21:00

* Location: Manchester Technology Centre
  - https://mspl.co.uk/campuses/manchester-technology-centre/
* Address: Oxford Road, Manchester. M1 7ED.
  - By the Mancunian Way flyover.
  - https://www.openstreetmap.org/#map=18/53.47222/-2.23792

== Details ==

=== Introduction ===

The purpose of Manchester Free Software is to promote the Free Software

Every meeting we start with an opportunity for informal key signing.
For this you'll need to bring paper OpenPGP fingerprint slips, see
`gpg-key2ps` from the `signing-party` package (or equivalent in your
GNU/Linux distro):

=== Schedule ===

19:00-19:05 Introduction and key signing
19:05-19:20 Securing user setup
19:20-19:25 Short Break (5 minutes)
19:25-20:10 StrongSWAN IPsec VPN
20:10-20:25 Long Break (15 minutes)
20:25-20:40 Securing file systems
20:40-20:45 Short Break (5 minutes)
21:45-21:00 Automatic updates

=== Topic details ===

The topics in this month's meeting will cover elements of the
National Cyber Security Centre (NCSC) End User Device (EUD) Security
Guidance for GNU/Linux.  Given the number of elements in the guidance we
split them over 2 meetings.  This is the second meeting but is
essentially self-contained and independent from the first meeting.

* https://www.ncsc.gov.uk/
* https://www.ncsc.gov.uk/guidance/eud-security-guidance-ubuntu-1804-lts

==== StrongSWAN IPsec VPN ====

This will be a talk and demo of StrongSWAN IPsec VPN.  IPsec helps to
secure network communication for computers.  The talk will implement the
most secure mode suggested in the NCSC guidance which is known as PRIME.
 We will also briefly discuss alternatives to StrongSWAN and IPsec.

* https://www.strongswan.org/
* https://en.wikipedia.org/wiki/IPsec
* https://www.ncsc.gov.uk/guidance/using-ipsec-protect-data

==== Securing user setup ====

This will be a talk and demo about securing user setup.  This includes
ensuring the quality of user passwords, screen lock timings, password
ageing (or not), home directory permissions and so on.

* https://packages.debian.org/libpam-pwquality

==== Securing file systems ====

This talk will be about securing file systems.  File systems are mounted
with mount options and these can restrict what can be done such as if
files can be executed.  Directories and files can have their permissions
and ownership altered to be more secure.  We will explore the NCSC
guidance on this.

* https://packages.debian.org/mount
* https://packages.debian.org/coreutils

==== Automatic updates ====

One of the greatest improvements to security can be obtained by
installing security updates promptly and ensuring you are on security
support software.  This is not only about packages installed via your
distro's packaging system but also software installed by other means
such as containers including Flatpak.

* https://packages.debian.org/unattended-upgrades
* https://packages.debian.org/debian-security-support
* https://en.wikipedia.org/wiki/Flatpak

== Location ==

The meeting will take place at our new venue of Manchester Technology
Centre, details above.

== Transport ==

=== Parking ===

Please research and decide where to park before heading on your journey
and have a Plan B.

There are paid parking lots around the venue, they are marked by a blue
P in OpenStreetMap centred on Manchester Technology Centre:

Most of those parking lots are owned by NCP:

In some of the side streets in the venue surrounding area there are
parking meter bays that become zero cost after 8pm on Tuesday so you
will have to pay up until then and the maximum stay is 2 hours BUT MAKE
SURE YOU VERIFY ALL THIS on parking.  This is probably only a good
option if you know the area.

If you can't decide where to park then ask me for advice.

=== Public Transport ===

Closest train stations to the venue are:

* Manchester Oxford Road (MCO) train station
* Manchester Piccadilly (MAN) train station

For other public transport see OpenStreetMap using the "Transport" layer
centred on Manchester Technology Centre:

== More Information ==

Information about Manchester Free Software can be found on the
Manchester Free Software pages on LibrePlanet:

MFS Chair.

FSF member #9429
"The Free Software Foundation (FSF) is a nonprofit with a worldwide
mission to promote computer user freedom and to defend the rights of all
free software users."

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]