This latest Ubuntu release will work to harden device encryption with preview support for full disk encryption, thereby reducing the need for passphrases. It also restricts unprivileged user namespaces to prevent risk of cyber exploitation.
Ubuntu Core aims to set the standard for tiny, transactional operating systems for highly secure connected devices. Likewise, Ubuntu Server is the reference operating system for the OpenStack project, and a popular operating system on AWS, Azure and Google Cloud.
Improved security via additional encryption configuration
Encryption is ultimately important as it helps to protect private information, sensitive data, and improve the security of communication between client apps and servers. When data is encrypted, even if an unauthorised individual, or threat actors, gain access to it, they will not be able to read it.
Fortified security, enhanced desktop app discovery and new hardware support govern the latest release of Ubuntu.
Ubuntu Desktop features a new app centre that will use metadata to centralise access to snap and deb packages, making finding trusted software much easier. Additionally, the new Ubuntu update will add support for the Raspberry Pi 5 and SiFive HiFive Pro P550, expanding hardware options. It aims to streamline network configuration and active directory integration for simplified fleet management.
“In this release we’ve raised the bar for what secure by default means for Ubuntu and set the stage for our next Long Term Supported release.” said Oliver Smith, Senior Product Manager for Ubuntu at Canonical. “We’re excited for users to test our preview hardware-backed disk encryption key storage on Ubuntu Desktop, alongside the new app centre which makes it easier than ever to find the software you need.”
Traditional full-disc encryption methods require a passphrase to complete the boot process, forcing administrators to choose between device security and manageability.
Ubuntu Desktop 23.10 also features preview support for hardware backed full-disk encryption, where encryption keys are stored in the Trusted Platform Module (TPM) and are recovered automatically by authenticated boot software. Canonical has highlighted that broader hardware support for this feature will be available in 2024 alongside additional encryption configuration and management options.
TPM backed full-disk encryption highlights how the company has invested more in Ubuntu’s default security posture which also includes a change to address a path that is commonly exploited by threat actors.
To address this issue, Ubantu now supports an additional mode that requires programs to have an AppArmor profile in order to use unprivileged user namespaces, significantly reducing their attack surface.
Deeper tool integration to improve administrator experience
The world of open source applications is continually expanding. Canonical has highlighted that the larger this rich ecosystem becomes, the harder it is for users to discover, manage and trust the software that they have installed.
Ubuntu’s app centre leverages the metadata provided by the Canonical Snap Store. All applications published on the Snap Store go through strict security reviews to ensure that only necessary permissions are enabled by default. Signature verification processes also ensure that the Snaps cannot be modified by anyone but the publisher.
Previously, network configuration on Ubuntu required administrators to adjust their workflows depending on whether they were targeting desktop or server use-cases. To deliver a more seamless networking experience in mixed Ubuntu estates, Ubuntu Desktop now uses Netplan, the declarative Linux networking configuration tool used on Ubuntu Server.
Authentication tools like this are necessary in a rapidly changing cyber landscape. Cyber criminals will often exploit flaws in systems and if businesses fail to keep software up-to-date it leaves security compromised and vulnerable to threats.
Please also check out our upcoming event - Net Zero LIVE on 6 and 7 March 2024.
BizClik is a global provider of B2B digital media platforms that cover Executive Communities for CEOs, CFOs, CMOs, Sustainability leaders, Procurement & Supply Chain leaders, Technology & AI leaders, Cyber leaders, FinTech & InsurTech leaders as well as covering industries such as Manufacturing, Mining, Energy, EV, Construction, Healthcare and Food.
BizClik – based in London, Dubai, and New York – offers services such as content creation, advertising & sponsorship solutions, webinars & events.