Edit - General text for newbies about Servers; the main wiki page is https://wiki.ubuntu.com/BasicSecurity
Until you do understand how it works, my recommendation would be to not set those things up, and if they are set up by default, disable them. When you're ready to start learning new services like SSH, VNC, Samba (smb), FTP, telnet, remote desktop, etc., then consider playing with them in a virtual machine. Ubuntu has Oracle VM Virtual Box right in the Software Center. This can reduce your exposure to security problems you don't know while you learn. Of course it's not fool-proof.
SSH and Samba are running by default in Ubuntu Server. SSH can be made safer by using an RSA key instead of password to log in.
So, if you don't need an SSH server or VNC server running on your personal computer don't do it. If you don't know what those acronyms are, then you should DEFINITELY not use them until you do some significant research.
I've read bodhl.zazen's security thread about 5 times already and I'm still picking up new things.
Then you get a part that says:
The two most common cracks posted on these forums are ssh and vnc, both running with password authentication.
Have you installed servers for ssh and vnc? Probably not unless you run Ubuntu Server. Without them your computer is not vulnerable to such attacks. You can check in a terminal window with the following command
and instead of Enter press Tab twice
and and instead of Enter press Tab twice.
If you get only ssh and vncviewer you have only the client programs. You can login on remote computers with them. If you get a response with several alternatives, for example
ssh ssh-agent ssh-askpass sshd ssh-keygen ssh-vulnkey
ssh-add ssh-argv0 ssh-copy-id sshfs ssh-keyscan
you have the servers installed. But are they running? If you type the following command in the terminal (and press Enter)
vnc4-common vnc-java vnc-server vnc-viewer vnstat
vnc4server vncserver vncsnapshot vncviewer vnstati
and get the following response (mine is running behind a firewall)
ps -au root | grep ssh # the command
then the ssh server is running
873 ? 00:00:00 sshd # the response
and similarly for
Finally, the ssh and vnc sessions themselves are like sending letters in an envelope, not open post-cards like email, but they can be attacked. But you should know when you are using ssh and vnc, because you are (inter)active, or at least you have set up an automatic sesssion yourself.
ps -au root | grep vnc
That would be great
the best help I can be is to try and compile a guide filled with guru tips.
Have fun finding out about Ubuntu