---
myst:
  html_meta:
    description: Ubuntu Server security guides for user management, firewalls, AppArmor, Kerberos, SSSD, OpenSSH, smart cards, and VPN configuration.
---

(how-to-security)=
# Security

While a fresh Ubuntu installation is usually safe for immediate use, there are some additional steps you can take to introduce a layered approach to your system's security. If you are new to Ubuntu, you may want to refer to our {ref}`Introduction to security <introduction-to-security>` first for a general overview.

## General configuration

* {ref}`Users and groups management <user-management>` for setting up user accounts, permissions and password policies
* {ref}`Firewalls <firewalls>` are recommended for network security
* {ref}`AppArmor <apparmor>` limits permissions and access for the software running on your system
* {ref}`Console security <console-security>` for an additional physical security barrier

```{toctree}
:hidden:

User management <security/user-management>
Firewalls <security/firewalls>
AppArmor <security/apparmor>
Console security <security/console-security>
```

## Authentication

These tools are particularly useful for more advanced or complex setups.

* {ref}`how-to-kerberos` is a network authentication protocol providing identity verification for distributed systems
* {ref}`how-to-network-user-authentication-with-sssd` handles authentication, user/group information and authorisation from disparate network sources
* {ref}`Smart card authentication <smart-card-authentication>` provides a physical authentication method

```{toctree}
:hidden:

kerberos
sssd
Smart cards <security/smart-card-authentication>
```

## Cryptography

The Secure Shell (SSH) cryptographic protocol that provides secure channels on an unsecured network. In Ubuntu, OpenSSH is the most commonly used implementation of SSH. It provides a suite of utilities for encrypting data transfers and can also be used for remote login and authentication.

```{toctree}
:titlesonly:

OpenSSH <security/openssh-server>
Install a root CA certificate <security/install-a-root-ca-certificate-in-the-trust-store>
```

## Virtual Private Network (VPN)

VPNs are commonly used to provide encrypted, secure access to a network. Two of the most popular choices in Ubuntu are OpenVPN and WireGuard VPN.
 
* {ref}`OpenVPN <install-openvpn>` is a well-established option that supports many platforms besides Linux
* {ref}`how-to-wireguard-vpn` is a modern and performant option that removes a lot of the complexity from configuring a VPN

```{toctree}
:hidden:

OpenVPN <security/install-openvpn>
wireguard-vpn
```

## See also

* Explanation: {ref}`Introduction to security <introduction-to-security>`
* Explanation: {ref}`Security topics <explanation-security>`