My mother will be traveling for a while and I need to provide her with a secure laptop so she can work. A windows laptop is out of the question because:
-
she'll be logging into dodgy hotel wireless networks and conference networks
-
price of the windows license to install on a netbook
I've installed libreoffice, media players and skype on it. Also enabled SSH so I can intervene but I am worried that I might not be in a position to do so.
Possible threats:
-
web browsing
-
USB sticks
-
insecure networks prone to intrusions
-
malware
-
SSH/VNC vulnerabilites
-
Skype vulnerabilities
All the "securing Ubuntu" guides out there assume the user has a certain level of technical knowledge but this is not the case with moms in general. If a malware can gain even user level access it might compromise her files.
Best Answer
The number one thing you can do to keep that computer secure is to ensure that the packages are updated regularly. I would enable fully automatic updates (https://help.ubuntu.com/community/AutomaticSecurityUpdates), as long as the potential for a burst of network use while connected to dodgy hotel WiFi isn't a severe problem.
After that, I think the only big problem is VNC. If VNC server is running constantly, it is probably the biggest potential security issue on the system (SSH is similar in scope but is considered to be more secure by default). If you need VNC installed and need it to be running all of the time, then there's probably nothing you can do about it -- it's either running or it's not, and there's not much you can do to secure a process that has control over input/output like VNC does. But if you don't need it to be on all the time, then just disable it. You can start it up manually via SSH if you need to.
As long as your packages are up to date, I wouldn't worry about web browsing, USB sticks, malware or SSH vulnerabilities. Linux desktops/notebooks are not a common target for them and Ubuntu is fairly well hardened by design. Even if you don't do anything special to secure against those vulnerabilities, an Ubuntu system will be less likely to be compromised than a Windows machine running even fairly good security software.
Skype is not necessarily secure, but it doesn't run with elevated privileges and there's not very much you can do to secure it given the state of the Skype linux version. Just be aware that Skype for Linux is not very stable or featureful and hasn't been worked on for a long time. That having been said, I use it for business purposes all the time and after I got used to its quirks it was adequate.