Criteria For Security Team

**The Tronyx** · July 12th, 2008

So, this is something that has been tossed around a bit but never really nailed down. Previously some of us on IRC have discussed what security focus group members should be familiar with in terms of security, more and perhaps more specifically, Ubuntu security.

I'll do my best to keep personal opinions out of this to see what others think but what should security focus group members be familiar with? Keep in mind that a lot of us may be specialists in different fields, some may be excellent with system configuration and some may be great with networking, I would like to see suggestions adhering to a general knowledge base without getting too specialized.

Please also realize that not everyone, in fact few people, will go to the security section and even look at http://ubuntuforums.org/showthread.php?t=765421 which is great primer for newbies. My suggestion for the initial post is for members to have a good level of comfort advising and discussing the topics covered in that thread.

**Dr Small** · July 12th, 2008

Well, I thought we were to help with basically all of the Security related threads. I myself, try to answer the ones that I am knowledgable about. I am not a Security Expert, it is just my fance to work with security related stuff, which in the end is helping me become more security minded.

So, what are you suggesting we do?

**bodhi.zazen** · July 13th, 2008

My initial thought was to increase the awareness for the need for security in general.

My impression is that these threads usually go :

OP ~ Do I need antivirus?

10 posts ~ no, install linux and forget all about that stuff.

substitute "firewall" (or any other term) for antivirus and , well you get the idea.

===========

What I think is going on here is, a new user is looking for information on securing his/her system. As a new user, they are accustomed to how security works on the old OS, thus they ask about antivirus (or firewall).

The problem is, although it is relatively more secure "out of the box", Linux OS can be attacked and even cracked.

===========

With this in mind, my thoughts are to raise the awareness of Linux security both within the BT as well as on the Forums.

The old adage "security is a process" applies here, thus a focus group to remind us security is still an issue, even on Ubuntu.

**lisati** · July 13th, 2008

Perhaps basic safety, such as

don't open up email attachments from people you don't know,
use a "day to day" account that's not on the sudoer's list for normal work with Ubuntu (how many of us here automatically put in the password for sudo etc without thinking about it? I deliberately haven't looked into setting up a sudoer's list as protection against myself)
be smart which websites you visit
....

**bodhi.zazen** · July 13th, 2008

Originally Posted by lisati

Perhaps basic safety, such as

don't open up email attachments from people you don't know,
use a "day to day" account that's not on the sudoer's list for normal work with Ubuntu (how many of us here automatically put in the password for sudo etc without thinking about it? I deliberately haven't looked into setting up a sudoer's list as protection against myself)
be smart which websites you visit
....

Well we do have a security thread :

Ubuntu Security - Ubuntu Forums

Now it is long and I bet most people do not read all of it. If we can as you say refer to it when people ask about security and teach security one step at a time ...

**cprofitt** · September 10th, 2008

I am growing more and more adept at security on Linux... and can help with the basic stuff.

I think the Ubuntu Community needs an active security forum where issues can be discussed... and active 'experts' should be there to ensure that complacency does not rule the day as bodhi suggested with ten posts all saying that no security is needed.

**Dr Small** · September 11th, 2008

Originally Posted by PrivateVoid

I am growing more and more adept at security on Linux... and can help with the basic stuff.

I think the Ubuntu Community needs an active security forum where issues can be discussed... and active 'experts' should be there to ensure that complacency does not rule the day as bodhi suggested with ten posts all saying that no security is needed.

We do have a security forum, it's called "Security Discussions":
http://ubuntuforums.org/forumdisplay.php?f=338

Or, is that not what you meant?

**collinp** · September 14th, 2008

Well, i am good with Network based security (Firewalls, IDS and IPS, etc.) but isnt the topic. I think that people on the Security Team need to have a general understanding of security and they need to be able to point people in the right direction if they don't know the direct answer. They also need to have a fairly good understanding of Linux and how it works.

**Dr Small** · September 14th, 2008

Originally Posted by Hellow

Well, i am good with Network based security (Firewalls, IDS and IPS, etc.) but isnt the topic. I think that people on the Security Team need to have a general understanding of security and they need to be able to point people in the right direction if they don't know the direct answer. They also need to have a fairly good understanding of Linux and how it works.

I agree. And every person on the Security Team at this present time, are like that.