There are many ways to have internet access these days. Coffee shops, libraries, airports and even public buses have free wireless access. With all these free accesses to the World Wide Web, there is also many potential ways for hackers to potentially get your personal information and use it for their gain. There are many ways to combat this situation by using several security measures with Linux programming, which the majority of the software is free. Some of those security technologies are SELinux, TCP Wrappers, IPtables and Chroot Jail to name a few.

In basic Linux security, Discretionary Access Control is based practically by users and groups. The process is run by a user and then has access to anything other users has access to, making it not so secure. The U.S. National Security Agency (NSA) developed the SELinux (Security Enhanced Linux) to combat the lack of strong security. The SELinux implements Mandatory Access Control (MAC) in the Linux kernel which enforces policies that limits the user or a program of what they can do. It is designed to prevent process from reading and/or tampering of data and programs. MAC is an important tool for containing security threats made by user errors, hackers or software errors. It’s pretty hard to bypass the security measure since the kernel is checking the MAC rules right after checking the DAC rules on a constant basis. There are three states you can place SELinux to run in; Enforcing, Permissive and Disabled.

Enforcing is the default setting where no program or user can do anything not permitted by the security policy. Permissive is a diagnostic state where it sends warning but does not enforce the policy but you can use to build a new security policy. Disabled is where it does not enforce any security policies at all.

Another Linux based security program you can use is called TCP Wrappers. TCP Wrappers is a program that helps you accept connections from user in a remote location. It can give you a detail log of who, where and when a user is logging in the system. TCP Wrappers allows you to accept or deny connections to your network at your discretion. Its best used for internal host only so its limiting connections to a port.

Having a good firewall can prevent hackers to access your hardware router and your network. The IPtables program (which comes with Linux) allows administrators to configure the OS (Operating System) so users and programs can connect to their networks and stop other malicious user/programs from damaging the OS. IPtables also filters IP packets which is the backbone of the internet. You can use IPtables to accept or deny IP packets based on their ports or source address. Basically, it can tell which IP packets are valid or not.

There’s also a way to run programs on Linux where the program cannot access anything outside the directory or run a public server. The program is called Chroot Jail.
It creates a sandbox that allows a process to view a single sub-tree of the system. Without a Chroot Jail, a user with limited file permissions can access top level directories and hack into system critical directories. They may not have the permissions to edit the directories but they can read specific files. Chroot is a useful, but basic preventative security program but it is not made for deliberate attempts to gain root access.

There is no foolproof security program out there. Everyone is not immune to getting attacked via man-in-the-middle (eavesdropping), brute force attack (cryptography), viruses, worms, phishing, etc. Being safe on the internet requires the user to understand the kinds of software that can attack your network/computer. The right combinations of strong security software will keep you safe.

Bibliography

360is. (2006). TCP Wrappers. http://www.360is.com/03-tcpwrappers.html

Chroot Jail. (2002). Best practices for a Chroot Jail: http://www.unixwiz.net/techtips/chroot-practices.html

IPtables (2010). www.netfilter.org

Sorbell, Mark.G. (2010). A practical guide to Fedora and Red Hat Enterprises Linux (5th Ed.). Miami, FL: ITT Technical School

U.S. National Security Agency (January 2009): www.nsa.gov/research/selinux

--------------------------------------------
[ 1 ]. U.S. National Security Agency (January 2009): www.nsa.gov/research/selinux
[ 2 ]. Sorbell, M.G. (2010). A practical guide to Fedora and Red Hat Enterprises Linux (5th ed.). Miami, FL: ITT Technical School (pp. 414-415)
[ 3 ]. 360is. (2006). TCP Wrappers. Retrieved from http://www.360is.com/03-tcpwrappers.html
[ 4 ]. IPtables (2010). www.netfilter.org
[ 5 ]. Sorbell, M.G. (2010). A practical guide to Fedora and Red Hat Enterprises Linux (5th ed.). Miami, FL: ITT Technical School (pp. 819-822)
[ 6 ]. Sorbell, M.G. (2010). A practical guide to Fedora and Red Hat Enterprises Linux (5th ed.). Miami, FL: ITT Technical School (pp. 448-449)
[ 7 ]. Chroot Jail. (2002). Best practices for a Chroot Jail: http://www.unixwiz.net/techtips/chroot-practices.html