Premium Essay

Assignment 2 Linux Security

In: Computers and Technology

Submitted By debee0203
Words 873
Pages 4
Linux Security Technology Security of a system is important in our today’s use of the internet. That is why Linux with its many layers that are always evolving in security to protect against all kinds of hackers or othe types of attacks . SELinux, Chroot Jail, IPTables, Mandatory Access Control and Discrestionary Access Control, just to name a few. SELinux is an access control implementation for the Linux kernel. Take for instants that you are the administrator and you define rules in user space and if the Linux kernel has been added with SELinux support, then those rules will be followed by the kernel. SELinux is a NSA Security-Enhanced Linux, in which the mandatory access control is flexible. The structure of SELinux supports against all kinds of mandatory access control policies. Some of which are Role-Based Access Control and Multi-Level Security. It was designed by NSA for the purpose of protecting a server against malicious daemons, by telling the daemons what they can and can’t do. This type of technology was created by Secure Computing Corporation, but was supported by the U.S. National Security Agency. In 1992, the thought for a more intense security system was needed and a project called Distributed Trusted Match was created. Some good solutions evolved from this, some of which were a part of the Fluke operating system. Which then became the Flux and finally led to the creation of the Flask architecture. Eventually it was combined with the Linux kernel, which created another project called SELinux. Since NSA realized that the Linux operation system did not have any security that would enforce access control and the information on what it should require to be consisant. NSA didn’t just happen to choose Linux by accident, the system is an open sourced system which can be changed to create whatever the need may be. SELinux wasn’t created to solve...

Similar Documents

Premium Essay

Configure Basic Security Controls on a Linux Server

...Configure Basic Security Controls on a Fedora Linux Server The students are required to submit their lab assignment answers through this website. All lab assignment questions listed are for each course's week lab activity. This may be a theory based or lab based activity. Lab assessment results and answers are due at the beginning of class the following week. Students are encouraged to perform and submit their lab assessment results immediately upon completion of the lab activity or prior to the due date. During this lab students will properly secure a Linux server system. They will perform steps to secure the bootloader, enable iptables and run SELinux to help lock down the Linux OS. The students will also apply ACLs to directories and files and then check those ACLs and permissions on the system. To accomplish the lab assignment below, students will need to obtain a copy of the Fedora Image provided to you by the Substitute Instructor and complete a basic VMware installation of Fedora. The questions in the lab book will be based on the installation experience. Assigned Pages: 10-26 Questions: 1 through 10. This assignment is due by the beginning of class for Unit 3. 1. What is GRUB and why is it important to lock it down? GRUB stands for Grand Unified Bootloader (1 of 2 boot menus' for the operating system) which is important to lock down is for security reasons. These reasons include being used to start other operating systems (eg. other versions of......

Words: 745 - Pages: 3

Premium Essay

Wk 3 Lab

...web applications * Conduct a manual Cross-site Scripting (XSS) attack against sample vulnerable web applications * Perform SQL injection attacks against sample vulnerable web applications with e-commerce data entry fields * Mitigate known web application and web server vulnerabilities with security countermeasures to eliminate risk from compromise and exploitation Overview This Lab will demonstrate a Cross-site Scripting (XSS) exploit and an SQL Injection attack on the test bed web application and web server using the Damn Vulnerable Web App (DVWA) loaded on an Apache Web Server on “TargetUbuntu01” Linux VM server. They will first identify the IP target host, identify known vulnerabilities and exploits, and then attack the web application and web server using XSS and an SQL Injection to exploit the web application using a web browser and some simple command strings. Assignment Requirements Watch the Demo Lab in Learning Space Unit 5 and then answer questions 1-10 below. Lab Assessment Questions & Answers 1. Why is it critical to perform a penetration test on a web application prior to production implementation? 2. What is a cross-site scripting attack? Explain in your own words. 3. What is a reflective cross-site scripting attack? 4. What common method of obfuscation is used in most real world SQL attacks? 5. Which web application attack is more prone to extract privacy data...

Words: 1054 - Pages: 5

Premium Essay

Test

...Technical Institute IS3340 Windows Security Onsite Course SYLLABUS Credit hours: 4.5 Contact/Instructional hours: 60 (30 Theory Hours, 30 Lab Hours) Prerequisite(s) and/or Corequisite(s): Prerequisite: NT2580 Introduction to Information Security or equivalent Course Description: This course examines security implementations for a variety of Windows platforms and applications. Areas of study include analysis of the security architecture of Windows systems. Students will identify and examine security risks and apply tools and methods to address security issues in the Windows environment. Windows Security Syllabus Where Does This Course Belong? This course is required for the Bachelor of Science in Information Systems Security program. This program covers the following core areas:    Foundational Courses Technical Courses BSISS Project The following diagram demonstrates how this course fits in the program:    IS4799 NT2799 IS4670 ISC Capstone Project Capstone ProjectCybercrime Forensics NSA    NT2580 NT2670  Introduction to  Information Security IS4680 IS4560 NT2580 NT2670 Email and Web Services Hacking and Introduction to  Security Auditing for Compliance Countermeasures Information Security Email and Web Services      NT1230 NT1330 Client-Server Client-Server  Networking I Networking II  IS3230 IS3350 NT1230 NT1330  Issues Client-Server Client-Server  SecurityContext in Legal Access Security Networking I Networking II   NT1110......

Words: 2305 - Pages: 10

Free Essay

Linux

...qwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmrtyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmrtyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmrtyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmrtyuiopasdfghjklzxcvbnmqwer...

Words: 1010 - Pages: 5

Free Essay

Linux

...Commands for efficient management of UNIX® system files, file systems and process, systems administration and security are also examined. Policies Faculty and students/learners will be held responsible for understanding and adhering to all policies contained within the following two documents: • University policies: You must be logged into the student website to view this document. • Instructor policies: This document is posted in the Course Materials forum. University policies are subject to change. Be sure to read the policies at the beginning of each class. Policies may be slightly different depending on the modality in which you attend class. If you have recently changed modalities, read the policies governing your current class modality. Course Materials Blum, R. (2008). Linux® command line and shell scripting bible. Indianapolis, IN: Wiley. Love, P., Merlino, J., Zimmerman, C., Reed, J. C., & Weinstein, P. (2005). Beginning Unix®. Indianapolis, IN: Wiley. Software RedHat Linux 5 (Virtual Desktop) Article References Ahmed, M. F., & Gokhale, S. (2009). Reliable operating systems: Overview and techniques. IETE Technical Review, 26(6), 461–469. Anthes, G. (2009, June 20-July 27). UNIX turns 40. Computerworld, 43(24), 16. Berlot, M., & Sang, J. (2008, January). Dealing with process overload attacks in UNIX. Information Security Journal: A Global Perspective, 17(1),...

Words: 1560 - Pages: 7

Free Essay

Linux Security Technologies

...Robin Prather January 14, 2013 Linux System Administration Week 2 Homework Assignment 2.1 There are many organizations and contributing members that are involved in the SELinux project, but namely the NSA seems to be in the top ranks of this particular technology. Researchers in NSA's National Information Assurance Research Laboratory (NIARL) designed and implemented flexible mandatory access controls in the major subsystems of the Linux kernel and implemented the new operating system components provided by the Flask architecture, namely the security server and the access vector cache. The NSA researchers reworked the LSM-based SELinux for inclusion in Linux 2.6. Creating a viable secure operating system remains a critical research problem. Our goal is the creation of an efficient architecture that provides requisite support for security, executes programs in a way that is largely transparent to the user, and is attractive to vendors. We believe an essential step in attaining this goal is to show how mandatory access controls can be successfully integrated into a mainstream operating system. The notion of a secure system includes many attributes (e.g., physical security, personnel security, etc.) and Security-enhanced Linux addresses only a very narrow set of these attributes (i.e., mandatory access controls in the operating system). Put another way, "secure system" means safe enough to protect some real world information from some real world adversary that the......

Words: 316 - Pages: 2

Free Essay

Unit 2 Discussion

...Unit 2 Discussion 1: Identifying Layers of Access Control in Linux Learning Objectives and Outcomes * You will be able to identify various layers of access control in a Linux server environment. * You will make security recommendations using different layers of access control. Assignment Requirements Really Cheap Used Computers, Inc. is an online seller of old school computers. The organization’s e-commerce Web site runs on a Linux server. The server is located at the organization’s local office in Boston, Massachusetts. The company has experienced tremendous growth and has hired you as the new security analyst. You access the server and find that there are virtually no layers of security other than the passwords set for user accounts. Discuss at least three layers of access control that can be put in place on this server to create a more secure environment. Rationalize whether the given scenario represents discretionary access control (DAC) or mandatory access control (MAC). Participate in this discussion by engaging in a meaningful debate regarding your choices of the three layers of access control in Linux. You must defend your choices with a valid rationale. Summarize your thoughts in a Word document and submit it to your instructor. Required Resources None Submission Requirements * Format: Microsoft Word * Font: Arial, Size 12, Double-Space * Citation Style: Chicago Manual of Style * Length: 1–2 pages * Due By:Unit 2 Assessment......

Words: 568 - Pages: 3

Free Essay

It302 Research Assignment 1

...Research Assignment 1 IT 302 Linux System Administration January 21, 2013 The purpose of this paper is to secure UNIX/Linux operating systems from unscrupulous people. It shall be focused on SELinux, chroot jail, and iptables. Each of the three focus areas will be detailed, with specific interest in the following. What organization is behind it and reason entity is involved. How each technology changes the operating system to enforce security, and if the security measure can be easily bypassed. And finally, describe the types of threats each of the technologies is designed to eliminate. Since no two UNIX-based operating system builds are exactly alike, it is important to note that each build may have its own inherent security flaws. SELinux was developed by The United States National Security Agency (NSA). The first version was made available to the open source development community under the GNU GPL on December 22, 2000. The software merged into the mainline Linux kernel 2.6.0-test3, released on 8 August 2003. Other significant contributors include Network Associates, Red Hat, Secure Computing Corporation, Tresys Technology, and Trusted Computer Solutions. Experimental ports of the FLASK/TE implementation have been made available via the TrustedBSD Project for the FreeBSD and Darwin operating systems. The reason NSA is involved in this project is because this organization is responsible for carrying out the research and advanced development of......

Words: 900 - Pages: 4

Premium Essay

Network Administrator

...LANGUAGES : ENGLISH AND KISWAHILI AGE : 26 YEARS ID NUMBER : 23769870 CARRIER OBJECTIVES To design and plan an advanced Telecom infrastructure that services over a million subscribers with ‎Triple Play Services (Voice, Data & Video Services).‎ To contribute to the growth of a progressive company with quality products and services in the field of Telecommunications and Information Technology (ICT).‎ SUMMARY OF SKILLS AND EXPERIENCE • Total 2 years and 4 months of experience with Advanced Diploma in Telecommunication Engineering and Cisco Certified Network Associate (CCNA). • 2 years and 8 months of experience as Network Engineer (Windows/Linux/Network). Possess the expertise in the following: Networking • Installations, Configurations and Troubleshooting of; • Wireless local Area network (WLAN) • Local Area Network (LAN) and Wide Area Network (WAN) Security • Wimax CPE (Alvarion) for SAFARICOM and ACCESSKENYA networks • Free Space Optic link (FSO) • Mikrotik CPE and router. • Nanostation 2.4Ghz and 5Ghz • Cisco routers and switches • Firewalls rules implementation • VoIP servers using IP PABX • Network IP planning • Software and hardware Windows •...

Words: 1141 - Pages: 5

Premium Essay

It255

...Technical Institute IT255 Introduction to Information Systems Security Onsite Course SYLLABUS Credit hours: 4 Contact/Instructional hours: 50 (30 Theory Hours, 20 Lab Hours) Prerequisite(s) and/or Corequisite(s): Prerequisites: IT220 Network Standards and Protocols, IT221 Microsoft Network Operating System I, IT250 Linux Operating System Course Description: This course provides an overview of security challenges and strategies of counter measures in the information systems environment. Topics include definition of terms, concepts, elements, and goals incorporating industry standards and practices with a focus on availability, vulnerability, integrity and confidentiality aspects of information systems. Introduction to Information Systems Security Syllabus Where Does This Course Belong? This course is required for the Bachelor of Science in Information Systems Security program. This program covers the following core areas:    Foundational Courses Technical Courses BSISS Project The following diagram demonstrates how this course fits in the program: IS427 Information Systems Security Capstone Project 400 Level IS404 Access Control, Authentication & KPI IS411 Security Policies & Implementation Issues IS415 System Forensics Investigation & Response IS416 Securing Windows Platforms & Applications IS418 Securing Linux Platforms & Applications IS421 Legal & Security Issues IS423 Securing Windows Platforms &......

Words: 4114 - Pages: 17

Free Essay

Pos 355 Week 1 Dq 2

...Course you will find the next docs: POS-355 Week 1 DQ 1.doc POS-355 Week 1 DQ 2.doc POS-355 Week 1 Lectures Lecture 1.1 Computer Basics.doc POS-355 Week 1 Lectures Lecture 1.2 OS Basics.doc POS-355 Week 2 Assignments Individual Real-time Operating System.doc POS-355 Week 2 DQ 1.doc POS-355 Week 2 DQ 2.doc POS-355 Week 3 Assignments Individual IND.doc POS-355 Week 3 DQ 1.doc POS-355 Week 3 DQ 2.doc POS-355 Week 4 Assignments Individual IND.doc POS-355 Week 4 DQ 1.doc POS-355 Week 4 DQ 2.doc POS-355 Week 5 DQ 1.doc POS-355 Week 5 DQ 2.doc General Questions - General General Questions POS 355 Week 1 Individual Assignment Memory Management Paper For this assignment, you will choose one the following options: ·  Option 1: Write a 2-page paper that explains memory management requirements. ·  Option 2: Write a 2-page paper that explains the differences in memory management between Windows® and Linux®. Format your paper consistent with APA guidelines. UNIX/Linux Versus Mac Versus Windows Write an 8- to 10-page paper that compares and contrasts the basic system differences between UNIX®/Linux®, Mac®, and Microsoft ® Windows® operating systems. Include discussion and comparison of the following: ·  Memory management ·  Process management ·  File management ·  Security Format your paper consistent with APA guidelines. Create a 10- to 12-slide......

Words: 367 - Pages: 2

Premium Essay

Nt2580 Unit 1

...NT2580-M1 Introduction to Information Security Unit 1: Information Systems Security Fundamentals 2015-Summer, 6/20/2015, Saturday (9:00am – 1:30pm) Student Name ___________________________________ Lesson Plan Theory (in class, Lab #2)……………………………..…………………..……...2 Reading  Kim and Solomon, Chapter 1: Information Systems Security. Objectives……………..………………….……………………………….2 Student Assignments for this Unit Unit 1 Lab Perform Reconnaissance & Probing Using ZenMap GUI (Nmap) Lab #1: Performing Network Reconnaissance using Common Tools Overview and access vLab..............................................................................................3 Part 1: Exploring the Tools used in the Virtual Lab Environment……………16 Unit 1 Assignment Match Risks/Threats to Solutions Part 2: Connecting to a Linux Machine …………………. .........................44 Unit 1 Assignment Impact of a Data Classification Standard Part 3: Using Zenmap to Perform Basic Reconnaissance ……………………59 Appendix A. SYLLABUS………………………………………………..……..………….69 B. Forgot your password?………………………………………………..……..73 Instructor: Yingsang “Louis” HO Tel: 425-241-8080 (cell), (206) 244-3300 (school) Email: yho@itt-tech.edu NT2580_2015_Summer_M1_UNIT1.doc Page 1 of 76 Unit 1: Information Systems Security Fundamentals Learning Objective  Explain the concepts of information systems security (ISS) as applied to an IT infrastructure. Key Concepts  Confidentiality, integrity, and......

Words: 3379 - Pages: 14

Premium Essay

Seeking Help

...Systems Security [Onsite] Course Description: This course provides an overview of security challenges and strategies of counter measures in the information systems environment. Topics include definition of terms, concepts, elements, and goals incorporating industry standards and practices with a focus on availability, vulnerability, integrity and confidentiality aspects of information systems. Prerequisite(s) and/or Corequisite(s): Prerequisites: IT220 Network Standards and Protocols, IT221 Microsoft Network Operating System I, IT250 Linux Operating System Credit hours: 4 Contact hours: 50 (30 Theory Hours, 20 Lab Hours) Introduction to Information Systems Security Syllabus Where Does This Course Belong? This course is required for the Bachelor of Science in Information Systems Security program. This program covers the following core areas:    Foundational Courses Technical Courses BSISS Project The following diagram demonstrates how this course fits in the program: IS427 Information Systems Security 400 Level Capstone Project IS418 IS404 Access Control, Authentication & KPI IS421 Legal & Security Issues IS423 Securing Windows Platforms & Applications IS411 Security Policies & Implementation Issues IS415 System Forensics Investigation & Response IS416 Securing Windows Platforms & Applications Securing Linux Platforms & Applications 300 Level IS305 Managing Risk in Information Systems IS308 Security......

Words: 4296 - Pages: 18

Free Essay

Eed 430 Week 5 Assignment Integrated Unit

...This work of POS 355 Week 2 Discussion Question 1 contains: Discuss something in week 2's textbook reading that you found interesting and/or which resonated with you. General Questions - General General Questions POS 355 Week 1 Individual Assignment Memory Management Paper For this assignment, you will choose one the following options: ·  Option 1: Write a 2-page paper that explains memory management requirements. ·  Option 2: Write a 2-page paper that explains the differences in memory management between Windows® and Linux®. Format your paper consistent with APA guidelines. UNIX/Linux Versus Mac Versus Windows Write an 8- to 10-page paper that compares and contrasts the basic system differences between UNIX®/Linux®, Mac®, and Microsoft ® Windows® operating systems. Include discussion and comparison of the following: ·  Memory management ·  Process management ·  File management ·  Security Format your paper consistent with APA guidelines. Create a 10- to 12-slide Microsoft® PowerPoint® presentation based on the paper. Discussion Question Main Memory Should DMA access to main memory be given higher priority than processor access to main memory? What is the purpose and technique of DMA logic? Note: Be prepared to discuss in class.  Do not submit a written response. POS 355 Week 2 Individual Assignment File Management Paper For this assignment, you will choose one of......

Words: 355 - Pages: 2

Free Essay

Nt1430 Linux Networking

...NT1430: Linux Networking Unit 4 Homework Assignment Chapter 14: 1. Which commands can you use from the command line to send a file to the default printer? a. lpoptions –d printer 2. Which command would you give to cancel all print jobs on the system? a. cancel job-id 3. Which commands list your outstanding print jobs? a. lpc status 4. What is the purpose of sharing a Linux printer using Samba? a. Sharing a Linux printer using Samba allows Windows and OS/2 clients to send print jobs to the printer. 5. Name three printing protocols that CUPS supports. Which is the CUPS native protocol? a. 1.) System-config-printer 2.) lpinfo Displays available drivers 3.) lpadmin configures printers b. IPP is the native protocol Chapter 10: 1. Describe the similarities and differences between these utilities: a. Scp and ftp i. SCP stands for Secure Copy Protocol, and FTP is an acronym for the File Transfer Protocol, which was the original file transfer protocol. SCP and FTP are two applications for copying files from one computer to another. Both were based on their own protocols, but both now use different prtocols. b. Ssh and telnet i. Both are text-based protocols: mouse movements cannot be transferred only keystrokes. Both are connection-oriented and are client-server protocols. The main difference is in security. SSH offers security mechanisms that protect the user against anyone with malicious intent while Telnet has no security measures whatsoever. c. Rsh......

Words: 284 - Pages: 2