Free Essay

Linux Security Technologies

In: Computers and Technology

Submitted By ckerr
Words 1498
Pages 6
Creating a usable secure operating system remains a critical research problem. Linux has several security developments included in its open source operating system. Among these are SELinux, chroot jail, and iptables to name a few.
SELinux is Security Enhanced Linux. The National Information Assurance Research Laboratory of the National Security Agency was in charge of carrying out the research and advanced development of technologies needed to enable the NSA to provide the solutions, products, and services to achieve Information Assurance for information infrastructures essential to the security of the U.S. National Security. The Security-enhanced Linux prototype was developed by the NSA along with research partners from NAI Labs, Secure Computing Corporation (SCC), and the MITRE Corporation. Many other contributions have followed since the initial release.(NSA-National Security Agency, 2009)
Researchers in the National Information Assurance Research Laboratory of NSA worked with Secure Computing Corporation (SCC) to develop a strong, flexible mandatory access control architecture based on a mechanism first developed for the LOCK system called Type Enforcement. The NSA and SCC then worked with the University of Utah’s Flux research group to transfer the architecture to the Fluke research operating system. The architecture was enhanced, when it was transferred, to provide better support for dynamic security policies. This enhanced architecture was named Flask. SELinux implements the Flask security architecture which uses flexible mandatory access control. Flask was created to demonstrate the value of flexible mandatory access controls and how such controls could be added to an operating system. The Flask architecture has been subsequently mainstreamed into Linux® and ported to several other systems, including the Solaris™ operating system, the FreeBSD® operating system, and the Darwin kernel, generating a wide range of related work. The Flask architecture provides general support for the enforcement of many kinds of mandatory access control policies, including those based on the concepts of Type Enforcement®, Role-based Access Control, and Multi-level Security. (NSA-National Security Agency, 2009)
The core SELinux user code consists of libsepol a library for binary policy manipulation, checkpolicy a policy compiler, libselinux a library for security-aware applications, libsemanage a library for policy management tools, and policycoreutils that contains several policy-related utilities. (NSA-National Security Agency, 2009)
Privacy and integrity requirements are the new features that enforce the separation of information in SELinux. They prevent processes from reading data and programs, tampering with data and programs, bypassing application security, executing untrusted programs, or hindering the use of other processes in violation of the system security policy. They also help to restrict the potential damage that can be caused by malicious or flawed programs. They should also be useful for enabling a single system to be used by users with different security authorizations to access several kinds of information with different security requirements without compromising their security requirements. (NSA-National Security Agency, 2009)
SELinux is a fairly new security protocol. It is very proud of its security enhancements. It can also be very complicated and cause problems with permissions and denials if the many policies are not set correctly. You can make SELinux do what you need it to do if you learn the basic concepts and become familiar with the list of terms and study some representative policy files. Any security protocol can be bypassed, but SELinux does a good job of limiting the amount of damage that an intruder can do to the operating system.
On Unix-like operating systems, such as Linux, a chroot jail is the common expression used to describe a section of a filesystem that is sectioned off for a particular user. On a web server, it is particularly useful for the security of shared hosting accounts. When you set up a chroot jail, the name of the file you give it thinks that it is root, and there are no directories above it. The jail is secure as long as it can’t run as root.
During development of Version 7 Unix in 1979, the chroot system call was introduced and added to the Berkley Software Distribution (BSD). (chroot, 2011)
A chroot environment can be used to create and host a separate virtual copy of the software system to test software that might be too risky to deploy on a productive system. Software can be developed, built, and tested with its expected dependencies. Virtualized chroot jail can test compatibility with legacy software, and can assist with recovery if a system is unbootable.
In order for the chroot jail to work for a particular file, a copy of all the file dependencies must be present. This can be complicated depending on the file; without the file dependencies the file would be unusable.
It is possible to break out of chroot jail as long as the program is run with root privileges. For example, a script has been published to break out of jail using a C compiler or a Perl interpreter and security holes to gain root access. System patches that usually would fix the security holes in a security update would not know about the copies of the files in chroot jail. In order for the chroot jail to be maintained, system patches have to be applied to the chroot jail. It is very important that setuid (set user ID) binaries are not used in the chroot jail. When executing a file with setuid permissions, the process that executes the file takes on the permissions of the file owner. If that same file is owned by root, this enables an attacker to easily escape chroot jail. A security hole in a setuid can be used to compromise the security of the chroot jail. The chroot jailed file should also have the least privileges it can have and still be useable. Also, be sure that the user cannot access the executable files that are owned by root.. You can’t throw a file, a directory, or a process in the chroot jail and forget it, it will come back to haunt you. IPtaples and Netfilters work together in harmony on the kernel level the netfilter component is a group of tables that the kernel uses to control network packet filtering. On the user level, the iptables component sets up, maintains and displays the rules stored in netfilter. It was first used to configure the Linux 2.4.x and 2.6.x IPv4 packet filtering set of rules, and targeted towards system administrators.
The earlier versions of netfilter and iptables were called ipchains and ipnatcti. In the earlier stages, several people contributed some of the code, but it was mostly written by the core team. The core team was made up of Emeritus Members (no longer contributing) Paul “Rusty” Russell, Marc Boucher, and James Morris. Active members of the core team now include Patrick McHardy (head), Harald Welte, Jozsef Kadlecsik, Martin Josefsson, Yasuyuki Kozakai, and Pablo Neira Ayuso. Many others have contributed but not all have been elected to the team.
Netfilter is a set of hooks in the Linux kernel that allows the kernel modules to record callback functions with the network stack. For every packet that passes through the respective hook within the network stack a registered callback function is then called back.
Iptables is a generic table for the definition of a set of rules. Each rule within an Iptable consists of iptables matches (a number of classifiers) and iptables target (one connected action).
Together Netfilter, iptables, connection tracking (ipconntrack, nfconntrack) and the NAT subsystem build the major parts of the framework. (What is netfilter.org?).
The main features of iptables are stateless and stateful packet filtering for both IPv4 and IPv6, all kinds of network address (NAT) and port translation (NAPT) in IPv4 only, adaptable and extensible infrastructure, multiple layers of API's for 3rd party extensions, and a ‘patch-o-matic’ repository that holds a large number of plugins and modules.
Some of the things you can do with netfilter/iptables are build internet firewalls based on stateless and stateful packet filtering. If you don't have enough public IP addresses you would use NAT and masquerading for sharing internet access, to implement transparent proxies you would use NAT, aid the tc and iproute2 systems used to build sophisticated QoS and policy routers, and you can do further packet manipulation like altering the TOS/DSCP/ECN bits of the IP header. (What is netfilter.org?)
A secure iptables/netfilter machine relies on the rules that are programmed by the administrator. It is important to have a strong firewall ruleset and not let in just any internet traffic. There are hacks that let in packets from the web, using peer-to-peer software, by punching a hole in the firewall. (Vivek Gite, 2006)
Creating a viable secure operating system remains a critical research problem. In the open resource world of computing, many programmers are working on ways to create secure systems, and as soon as they do, many more hackers figure out a way to get around their security.

Similar Documents

Premium Essay

Linux Security Technologies

...Paper 07/13/2012 Linux Security Technologies In today’s world there are many ways to gain access to the internet. You can go to your local library, a Starbucks, any airport, or even a McDonald’s. With all of these ways to have free access to the Web, the opportunity for hacker’s to get to your personal information is at an all time high. Linux programming has many ways to combat this situation with security technologies such as SELinux, chroot jail, iptables, and virtual private networks (VPN’s) to name a few. The basics of Linux security start with Discretionary Access Control, which is based by users and groups. The process starts with a user, who has access to anything that any other user can have access to. At first, it may seem great to be able to have that access, but the security in it is not so great. The US National Security Agency (NSA) developed the SELinux (Security Enhanced Linux) to combat the lack of strong security. (National Security Agency Central Security Service, 2009) Other organizations behind SELinux include the Network Associate Laboratories (NAI) labs which implemented several additional kernel mandatory access controls, developed the example security policy configuration, ported to the Linux 2.4 kernel, contributed to the development of the Linux Security Modules kernel patch, and adapted the SELinux prototype to LSM. The MITRE Corporation which enhanced several utilities to be SELinux-aware, and developed application security policies. ......

Words: 1207 - Pages: 5

Free Essay

Linux Security Technologies

...With a world that is vastly growing in size so does our use for technology. With this use of technology come lots of potential threats and hazards. Our world today is ever so growing with its relationship with the internet or World Wide Web (WWW). Many places use the internet to access sites, software, music, book, and so forth, the list goes on. But with this advance in technology come lots of threats to consumers alike. Such as hackers, viruses, people who don’t know what they are doing, and even people who you may call your best friend. Threat comes in many shapes and sizes which is why operating systems such as Linux develop ways to keep your personal files safe from these unwarranted threats. Some of these measures include, but is not limited to; iptables, SELinux, chroot jail, TCP Wrappers, firewalls, PolicyKit, NX or No eXecute, PIE or Position Independent Executables, Netfilter, and the list goes on (“Fedora Projects” & Vepstas). When a user first approaches Linux it looks similar to what a windows operating system would resemble. With Linux a user has the ability to access every file within the operating system through the use of a terminal or command prompt. Through the use of Linux programming potential threats can gain access to you file system and everything housed within it. Linux is free software that comes with many great security features that any user or administrator greater access and control over the system. The choice can be a bit much for......

Words: 1082 - Pages: 5

Premium Essay

Linux Security Technology

...|Linux Security Technology | | 1. SELinux SELinux, an implementation of Mandatory Access Control (MAC) in the Linux kernel, adds the ability to administratively define policies on all subjects (processes) and objects (devices, files, and signaled processes). This mechanism is in the Linux kernel, checking for allowed operations after standard Linux Discretionary Access Controls DAC are checked. Security-Enhanced Linux (SELinux) is a Linux feature that provides a mechanism for supporting access control security policies, including United States Department of Defense-style mandatory access controls, through the use of Linux Security Modules (LSM) in the Linux kernel. It is not a Linux distribution, but rather a set of Kernel modifications and user-space tools that can be added to various Linux distributions. Its architecture strives to separate enforcement of security decisions from the security policy itself and streamlines the volume of software charged with security policy enforcement. The key concepts underlying SELinux can be traced to several earlier projects by the United States National Security Agency (NSA), It has been integrated into the mainline Linux kernel since version 2.6. NSA, the original primary developer of SELinux, released the first version to the open source development community under the GNU GPL on December 22, 2000. Security-enhanced......

Words: 1860 - Pages: 8

Free Essay

Linux Security Technologies

...different types of Linux Security Technologies. Discretionary Access Control, SELinux (Security Enhanced Linux), chroot jail, and iptables are just a few. This paper is only going to discuss the latter three. Discretionary Access Control is the more traditional, however; DAC is not as secure and will not be discussed here.1 The U.S National Security Agency (NSA) is the organization behind the creation of SELinux. The reason the NSA is involved in this project is because this organization is responsible for carrying out the research and advanced development of technologies needed to enable NSA to provide the solutions, products, and services to achieve Information Assurance for information infrastructures critical to U.S. National Security interests. The NSA implemented a Mandatory Access control within the Linux Kernel. This MAC is named Flask.2 There are three main policies that SELinux uses to apply MAC. There is the Targeted, where the MAC controls will only be used for a specific process or processes, there is the Multilevel Security protection, and the Strict. The strict puts MAC controls to all processes. The targeted is not as secure as the strict, however; the targeted is easier to maintain. If one uses the strict, the administrator will have to customize the policy. Failure to do so could cause other users a significant problem in performing his or her assigned duties. 3 The main reason the MAC has been created is to help prevent security......

Words: 919 - Pages: 4

Free Essay

Linux Security Technologies

...Linux Security Technologies   SELinux (Security Enhanced Linux) is a mandatory access control in the Linux kernel that was originally developed by NSA (National Security Agency) with direct contributions provided by Red Hat Enterprise Linux (RHEL) via the Fedora Project. In the day and age of identity theft and attempted sabotage from terrorists against our country, it should be very apparent why an organization like NSA had such an interest in heading up development of a more secure way to better protect our nation’s computer systems. In a world so largely dependent on computer systems, inadequate security measures could lead to anything from having a single person’s financial information compromised to an electronic 9/11 against some of our country’s most secure federal computer networks. In the modern computer based society we live in, security is essential to protecting everything from personal desktops all the way up to the most secure federal databases. And many corporate and government level computers are based on the Linux kernel. SELinux has 3 states it can be in if on a system: Enabled, Disabled, and Permissive. Enforcing means SELinux security policy is active, Disabled means SELinux security policy is not active, and Permissive is a diagnostic state commonly used for troubleshooting. To better understand what improvements Mandatory Access Control (MAC) can provide for security, one needs to know about the standard Linux security provision called......

Words: 1124 - Pages: 5

Free Essay

Linux Security Technologies

...Robin Prather January 14, 2013 Linux System Administration Week 2 Homework Assignment 2.1 There are many organizations and contributing members that are involved in the SELinux project, but namely the NSA seems to be in the top ranks of this particular technology. Researchers in NSA's National Information Assurance Research Laboratory (NIARL) designed and implemented flexible mandatory access controls in the major subsystems of the Linux kernel and implemented the new operating system components provided by the Flask architecture, namely the security server and the access vector cache. The NSA researchers reworked the LSM-based SELinux for inclusion in Linux 2.6. Creating a viable secure operating system remains a critical research problem. Our goal is the creation of an efficient architecture that provides requisite support for security, executes programs in a way that is largely transparent to the user, and is attractive to vendors. We believe an essential step in attaining this goal is to show how mandatory access controls can be successfully integrated into a mainstream operating system. The notion of a secure system includes many attributes (e.g., physical security, personnel security, etc.) and Security-enhanced Linux addresses only a very narrow set of these attributes (i.e., mandatory access controls in the operating system). Put another way, "secure system" means safe enough to protect some real world information from some real world adversary that the......

Words: 316 - Pages: 2

Premium Essay

Linux Ii Research Assignment - Linux Security Technologies

...Research Assignment Linux Security Technologies Kristy Graves ITT Tech – Dayton Linux II IT302 Mandatory Access Control Mandatory Access Control (MAC) is a system wide policy that relies on the current system to control access (Syracuse University, 2009). Users cannot alter or make any changes to this policy. Only the administrator has the clearance and authorization to make changes (The Computer Language Company Inc., 2012). Mandatory access control mechanisms are more than Discretionary Access Control (DAC) but have trade offs in performance and convenience to all users (The Open Web Application Security Project, 2002). Users can access lower level documentation, but they cannot access higher level without the process of declassification. Access is authorized or restricted based on the security characteristics of the HTTP client. This can be due to SSL bit length, version information, originating IP address or domain, etc. Systems supporting flexible security models can be SELinux, Trusted Solaris, TrustedBSD, etc. DAC checks the validity of the credentials given by the user. MAC validate aspects which are out of the hands of the user (Coar, 2000). If there is no DAC list on an object, full access is granted to any user (Microsoft, 2012). SELinux SELinux has three states of operation. These states are enforcing, permissive, and disabled. SELinux was developed by the U.S. National Security Agency (NSA) and implements MAC in a Linux kernel (Sobell, 2011).......

Words: 875 - Pages: 4

Premium Essay

Assignment 2 Linux Security

...Linux Security Technology Security of a system is important in our today’s use of the internet. That is why Linux with its many layers that are always evolving in security to protect against all kinds of hackers or othe types of attacks . SELinux, Chroot Jail, IPTables, Mandatory Access Control and Discrestionary Access Control, just to name a few. SELinux is an access control implementation for the Linux kernel. Take for instants that you are the administrator and you define rules in user space and if the Linux kernel has been added with SELinux support, then those rules will be followed by the kernel. SELinux is a NSA Security-Enhanced Linux, in which the mandatory access control is flexible. The structure of SELinux supports against all kinds of mandatory access control policies. Some of which are Role-Based Access Control and Multi-Level Security. It was designed by NSA for the purpose of protecting a server against malicious daemons, by telling the daemons what they can and can’t do. This type of technology was created by Secure Computing Corporation, but was supported by the U.S. National Security Agency. In 1992, the thought for a more intense security system was needed and a project called Distributed Trusted Match was created. Some good solutions evolved from this, some of which were a part of the Fluke operating system. Which then became the Flux and finally led to the creation of the Flask architecture. Eventually it was combined with the Linux kernel,......

Words: 873 - Pages: 4

Free Essay

It302 Research Assignment 1

...Assignment 1 IT 302 Linux System Administration January 21, 2013 The purpose of this paper is to secure UNIX/Linux operating systems from unscrupulous people. It shall be focused on SELinux, chroot jail, and iptables. Each of the three focus areas will be detailed, with specific interest in the following. What organization is behind it and reason entity is involved. How each technology changes the operating system to enforce security, and if the security measure can be easily bypassed. And finally, describe the types of threats each of the technologies is designed to eliminate. Since no two UNIX-based operating system builds are exactly alike, it is important to note that each build may have its own inherent security flaws. SELinux was developed by The United States National Security Agency (NSA). The first version was made available to the open source development community under the GNU GPL on December 22, 2000. The software merged into the mainline Linux kernel 2.6.0-test3, released on 8 August 2003. Other significant contributors include Network Associates, Red Hat, Secure Computing Corporation, Tresys Technology, and Trusted Computer Solutions. Experimental ports of the FLASK/TE implementation have been made available via the TrustedBSD Project for the FreeBSD and Darwin operating systems. The reason NSA is involved in this project is because this organization is responsible for carrying out the research and advanced development of technologies......

Words: 900 - Pages: 4

Free Essay

Security in Linux

...Security in Linux Linux, like any other computing platform, is constantly changing. There are a few major focus points for new and upgraded platforms, one of which is how user friendly it is. User friendliness goes beyond the ability to simply point and click, it also goes behind the lines deep into the inner workings of the system. Security is one of the most important functions of any operating system, very commonly overlooked and taken for granted. A system administrator can configure tables that are provided by the Linux kernel firewall in a program called iptables. Iptables has the ability to redirect, modify or stop packets of data all based on the state of a connection at any given time. There are many different tables that can be defined and each table contains built in chains or user defined chains. Every chain is essentially a list of rules that matches a set of packets and it specifies what to do with a packet that matches the rules. For the casual user it is best to use the predefined rules, they are often more than adequate. In an enterprise situation the administrator would likely want to define additional rules in order to best suit the business needs. Before iptables Linux mainly used ipchains as a firewall package. Iptables is an improvement on ipchains because it monitors the state of connections. Iptables can use the state of the connection as opposed to ipchains using the source destination and content only, to redirect, modify or drop a packet. At least...

Words: 965 - Pages: 4

Free Essay

Linux

...qwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmrtyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmrtyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmrtyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmrtyuiopasdfghjklzxcvbnmqwer...

Words: 1010 - Pages: 5

Premium Essay

Term Paper

...Term paper Linux Security Technologies There are many ways to have internet access these days. Coffee shops, libraries, airports and even public buses have free wireless access. With all these free accesses to the World Wide Web, there is also many potential ways for hackers to potentially get your personal information and use it for their gain. There are many ways to combat this situation by using several security measures with Linux programming, which the majority of the software is free. Some of those security technologies are SELinux, TCP Wrappers, IPtables and Chroot Jail to name a few. In basic Linux security, Discretionary Access Control is based practically by users and groups. The process is ran by a user and then has access to anything other users has access to, making it not so secure. The U.S. National Security Agency (NSA) developed the SELinux (Security Enhanced Linux) to combat the lack of strong security. The SELinux implements Mandatory Access Control (MAC) in the Linux kernel which enforces policies that limits the user or a program of what they can do. It is designed to prevent process from reading and/or tampering of data and programs. MAC is an important tool for containing security threats made by user errors, hackers or software errors. It’s pretty hard to bypass the security measure since the kernel is checking the MAC rules right after checking the DAC rules on a constant basis. There are three states you can place SELinux to run in;......

Words: 311 - Pages: 2

Premium Essay

Linux Security

...The Linux security technologies I researched are SELinux, chroot jail and iptables. SELinux (Security-Enhanced Linux) is a Linux feature that provides the mechanism for supporting access control security policies, including United States Department of Defense-style mandatory access controls, through the use of Linux Security Modules (LSM) in the Linux kernel. It is not a Linux distribution, but rather a set of kernel modifications and user-space tools that can be added to various Linux distributions. Its architecture strives to separate enforcement of security decisions from the security policy itself and streamlines the volume of software charged with security policy enforcement. The key concepts underlying SELinux can be traced to several earlier projects by the United States National Security Agency. The United States National Security Agency (NSA), the original primary developer of SELinux, released the first version to the open source development community under the GNU GPL on December 22, 2000. The software merged into the mainline Linux kernel 2.6.0-test3, released on 8 August 2003. Other significant contributors include Network Associates, Red Hat, Secure Computing Corporation, Tresys Technology, and Trusted Computer Solutions. Experimental ports of the FLASK/TE implementation have been made available via the TrustedBSD Project for the FreeBSD and Darwin operating systems. It provides an enhanced mechanism to enforce the separation of information based on......

Words: 1300 - Pages: 6

Free Essay

It302 Reserch 1

...several security measures with Linux programming, which the majority of the software is free. Some of those security technologies are SELinux, TCP Wrappers, IPtables and Chroot Jail to name a few. In basic Linux security, Discretionary Access Control is based practically by users and groups. The process is run by a user and then has access to anything other users has access to, making it not so secure. The U.S. National Security Agency (NSA) developed the SELinux (Security Enhanced Linux) to combat the lack of strong security. The SELinux implements Mandatory Access Control (MAC) in the Linux kernel which enforces policies that limits the user or a program of what they can do. It is designed to prevent process from reading and/or tampering of data and programs. MAC is an important tool for containing security threats made by user errors, hackers or software errors. It’s pretty hard to bypass the security measure since the kernel is checking the MAC rules right after checking the DAC rules on a constant basis. There are three states you can place SELinux to run in; Enforcing, Permissive and Disabled. Enforcing is the default setting where no program or user can do anything not permitted by the security policy. Permissive is a diagnostic state where it sends warning but does not enforce the policy but you can use to build a new security policy. Disabled is where it does not enforce any security policies at all. Another Linux based security......

Words: 827 - Pages: 4

Free Essay

Linux Security Basics

...IT302 7/9/2012 Research Linux Security Basics Linux, being one of the most secure operating systems in the world, has many features and services that enhance security to the maximum. Linux isn’t completely secure, like some people like to claim, but many distributions strive to make security a key feature. One of the greatest reasons Linux is more secure, is the simple fact of having a smaller user base than other operating systems; this means that Linux is a smaller target for most malicious intents. That doesn’t mean that distributions rely on this to secure their OS. There are many great and complex security features and services that come with Linux. One of the most complicated security features, I believe, is SELinux. Security Enhanced Linux is a security model developed by the NSA and provides a fine grained permissions system for files, users, groups, sockets, ports, and processes. SELinux was conceived because the current user level security system that Linux, and other operating systems, offer is insufficient for. To ensure a maximum security environment, SELinux uses the MAC security model. This means that an object only has the minimal set of permissions it requires to operate. SELinux uses sets of policies to handle permissions providing the system with a great level of security. These policies can be assigned as roles to users enabling specific rules and regulations for specific individuals. SELinux may be a powerful security feature, but it can also be a......

Words: 1200 - Pages: 5