Free Essay

It302 Linux System Administration Research Assignment 1

In: Computers and Technology

Submitted By krivin
Words 423
Pages 2
IT302 Linux System Administration
Research Assignment 1

SELinux or Security Enhanced Linux uses an architecture that separates enforcement from access policy decisions. With this architecture different types of policies can be implemented, including Role-Based Access Control (RBAC), Type Enforcement (TE), and Multi-Level Security (MLS). The module assigns security labels to each subject or object. It uses a security class to determine the kinds of relationship a pair of labels might have. The triplet consisting of a pair of labels and a class are then sent to a policy server to determine if access is allowed. The security labels are assigned dynamic integer security ID's (SID's); the reply from the policy server is cached in an 'access vector cache' for performance reasons. SELinux was developed in coordination with the open source community and the National Security Agency (NSA) to provide the highest level of security for the Linux operating system.

Linux V-Server –
The three basic elements of the VServer are: * The security context. A process in one security context cannot see processes in other security contexts, neither with the 'ps' command, nor with 'cat /proc' nor in any other way. As side-effect, this means that a process in one context cannot kill processes in other contexts. * Capabilities. The existing Linux kernel provides a wide variety of capabilities which can be taken away from processes. These include the ability to change network addresses, to change the ownership of a file, etc. (See /usr/include/linux/capability.h for details.) The vserver-utils provides a tool to take away capabilities from a process. * The chroot jail. The existing Linux kernel provides a way to limit a process to a subdirectory, by changing the 'file system root' for the process to be the subdirectory. Since a process cannot 'get beyond root', it simply cannot access anything outside the subdirectory.
These three elements can be used either individually or in conjunction with the others, in order to create individual virtual server environments that are unaware that each other exist while still existing on a single computer. This is allowing some ISP’s to host multiple clients on a single computer, essentially giving each client his or her own linux machine with root access.

References.
Red Hat and Tresys Partner for Enhanced Linux Security Services. (2008, October 13). Wireless News. Retrieved from http://go.galegroup.com.proxy.itt-tech.edu/ps/i.do?id=GALE%7CA186906558&v=2.1&u=itted&it=r&p=CDB&sw=w
http://www.linas.org

Similar Documents

Free Essay

Linux System Administration

...IT302 Linux System Administration Research Assignment 1 SELinux or Security Enhanced Linux uses an architecture that separates enforcement from access policy decisions. With this architecture different types of policies can be implemented, including Role-Based Access Control (RBAC), Type Enforcement (TE), and Multi-Level Security (MLS). The module assigns security labels to each subject or object. It uses a security class to determine the kinds of relationship a pair of labels might have. The triplet consisting of a pair of labels and a class are then sent to a policy server to determine if access is allowed. The security labels are assigned dynamic integer security ID's (SID's); the reply from the policy server is cached in an 'access vector cache' for performance reasons. SELinux was developed in coordination with the open source community and the National Security Agency (NSA) to provide the highest level of security for the Linux operating system. The three basic elements of the VServer are: The security context. A process in one security context cannot see processes in other security contexts, neither with the 'ps' command, nor with 'cat /proc' nor in any other way. As side-effect, this means that a process in one context cannot kill processes in other contexts. Capabilities. The existing Linux kernel provides a wide variety of capabilities which can be taken away from processes. These include the ability to change network addresses, to change the ownership of a file...

Words: 291 - Pages: 2

Premium Essay

It255

...ITT Technical Institute IT255 Introduction to Information Systems Security Onsite Course SYLLABUS Credit hours: 4 Contact/Instructional hours: 50 (30 Theory Hours, 20 Lab Hours) Prerequisite(s) and/or Corequisite(s): Prerequisites: IT220 Network Standards and Protocols, IT221 Microsoft Network Operating System I, IT250 Linux Operating System Course Description: This course provides an overview of security challenges and strategies of counter measures in the information systems environment. Topics include definition of terms, concepts, elements, and goals incorporating industry standards and practices with a focus on availability, vulnerability, integrity and confidentiality aspects of information systems. Introduction to Information Systems Security Syllabus Where Does This Course Belong? This course is required for the Bachelor of Science in Information Systems Security program. This program covers the following core areas:    Foundational Courses Technical Courses BSISS Project The following diagram demonstrates how this course fits in the program: IS427 Information Systems Security Capstone Project 400 Level IS404 Access Control, Authentication & KPI IS411 Security Policies & Implementation Issues IS415 System Forensics Investigation & Response IS416 Securing Windows Platforms & Applications IS418 Securing Linux Platforms & Applications IS421 Legal & Security Issues IS423 Securing Windows Platforms & Applications ...

Words: 4114 - Pages: 17

Premium Essay

Seeking Help

...to Information Systems Security [Onsite] Course Description: This course provides an overview of security challenges and strategies of counter measures in the information systems environment. Topics include definition of terms, concepts, elements, and goals incorporating industry standards and practices with a focus on availability, vulnerability, integrity and confidentiality aspects of information systems. Prerequisite(s) and/or Corequisite(s): Prerequisites: IT220 Network Standards and Protocols, IT221 Microsoft Network Operating System I, IT250 Linux Operating System Credit hours: 4 Contact hours: 50 (30 Theory Hours, 20 Lab Hours) Introduction to Information Systems Security Syllabus Where Does This Course Belong? This course is required for the Bachelor of Science in Information Systems Security program. This program covers the following core areas:    Foundational Courses Technical Courses BSISS Project The following diagram demonstrates how this course fits in the program: IS427 Information Systems Security 400 Level Capstone Project IS418 IS404 Access Control, Authentication & KPI IS421 Legal & Security Issues IS423 Securing Windows Platforms & Applications IS411 Security Policies & Implementation Issues IS415 System Forensics Investigation & Response IS416 Securing Windows Platforms & Applications Securing Linux Platforms & Applications 300 Level IS305 Managing Risk in Information Systems IS308 Security...

Words: 4296 - Pages: 18