Linux Security Basics

In: Computers and Technology

Submitted By Jedimaster0
Words 1200
Pages 5
IT302
7/9/2012
Research
Linux Security Basics Linux, being one of the most secure operating systems in the world, has many features and services that enhance security to the maximum. Linux isn’t completely secure, like some people like to claim, but many distributions strive to make security a key feature. One of the greatest reasons Linux is more secure, is the simple fact of having a smaller user base than other operating systems; this means that Linux is a smaller target for most malicious intents. That doesn’t mean that distributions rely on this to secure their OS. There are many great and complex security features and services that come with Linux. One of the most complicated security features, I believe, is SELinux. Security Enhanced Linux is a security model developed by the NSA and provides a fine grained permissions system for files, users, groups, sockets, ports, and processes. SELinux was conceived because the current user level security system that Linux, and other operating systems, offer is insufficient for. To ensure a maximum security environment, SELinux uses the MAC security model. This means that an object only has the minimal set of permissions it requires to operate. SELinux uses sets of policies to handle permissions providing the system with a great level of security. These policies can be assigned as roles to users enabling specific rules and regulations for specific individuals. SELinux may be a powerful security feature, but it can also be a pain to work with. Even though SELinux is a great and powerful tool, it can be a great hindrance to installing and using software. Security can be pictured as a sliding bar; one side security, the other usability. It isn’t uncommon for home users of Fedora to disable this feature completely to make the OS more user friendly. This, and the fact that policies can be very difficult to create and…...

Similar Documents

Linux Securities

...Security of a system when you are open to the internet is paramount in the world of servers. Linux has many layers of ever evolving security in order to keep up with the would be attackers in cyberspace. This is one of the reasons that Linux is one of the most used servers for internet sites and has few viruses engineered towards it. IP Tables Developed by the Netfilter organization the IP tables package for Linux is an evolution of the IP chains which came from the IPv4 Linux firewall package. Paul Russel was the initial head author of the organization and also behind the IP chains project The Netfilter organization began to come together in 1999 and through collaboration and research recognized the shortcomings of the IP chains package and developed this new product in order to address these concerns and make needed improvements. The improvements added to the new IP tables package helped improve performance and overall security. Better integration with the kernel led to improved speed and reliability but the true value came from the new security features. Stateful packet inspection allows the firewall to keep track of every connection passing through it allowing for better monitoring and can even view certain contents and attempt to anticipate actions of certain protocols. Also the ability to filter packets based on MAC address and TCP header flags helps to prevent attacks using malformed packets. Even a rate limiting feature that is designed to eliminate some......

Words: 1131 - Pages: 5

Linux Securities

...Since its release to the public in 1991, the Linux operating system has become one of the most widely used operating systems in the world. This is largely because of the security features. The most popular of these three technologies are SELinux, chroot jail and iptables. We are going to break down the advantages and benefits of each of these features. The United States National Security Agency (NSA), the original developer of SELinux released the first version of this feature in December of 2000. According to a statement by the NSA "NSA Security-enhanced Linux is a set of patches to the Linux kernel and some utilities to incorporate a strong, flexible mandatory access control (MAC) architecture into the major subsystems of the kernel. It provides an enhanced mechanism to enforce the separation of information based on confidentiality and integrity requirements, which allows threats of tampering and bypassing of application security mechanisms to be addressed and enables the confinement of damage that can be caused by malicious or flawed applications. It includes a set of sample security policy configuration files designed to meet common, general-purpose security goals" It provides the ability to separate information based on confidentiality and integrity requirements. The flexibility allows control over what activities can be done by each daemon, user, or process. Standard Linux access controls are modifiable by the user and the applications which the user runs. SELinux......

Words: 600 - Pages: 3

Linux Security

...programs and libraries need to be copied or linked to the appropriate locations in the new directory tree.” (Haas) The term sandbox is a metaphor for the type of security that chroot jail uses. Once you put a program or utility into the jail, it only knows of what is contained in the cell, the rest of your system becomes invisible to it. It does this by changing the apparent root directory for the current running process and its children. A program that is run in a modified environment cannot name files outside the designated directory tree. For example if you place Apache into a chroot jail and somebody would hack into your system, the only thing that they would be able to see and access would be Apache and the files needed to run it, the rest of your system does not even exist according to chroot jail. Chroot makes it more difficult for attacks to take place in your environment. To set up a useful chroot jail, first determine which utilities and or programs the users of the chroot jail will need. Then you must copy the appropriate binaries and their libraries into the jail. II. SELinux SELinux was developed by The U.S. National Security Agency(NSA). “SELinux was released under the NSA under the GNU GPL open source license. SELinux is essentially a Linux kernel with a number of utilities that provide enhanced security functionality. But the critical component of SELinux is how it implements and handles mandatory access controls. SELinux is important because......

Words: 1582 - Pages: 7

Linux Introduction an Basics

...Lecture 1 – Linux introduction and basics Module 1. Linux introduction ♦ Linux distributions ♦ Linux kernel What is a Linux distribution? ♦ it is a collection of applications, packages, management, and features ♦ ♦ ♦ ♦ that run on top of the Linux kernel. The kernel is what all distributions have in common (it is sometimes customized by the distribution maintainers) If they are all “Linux”, why are there so many different names, and which do I choose?” You may have heard names like Red Hat, Fedora, Debian, Ubuntu Distributions differ in several ways, and three of the most important are: ► ► ► Purpose Configuration and packaging Support model What’s a kernel? ♦ As you already know from the Operating Systems course ► the kernel is the core of all computer operating systems ► is usually the layer that allows the operating system to interact with the hardware in your computer ♦ The kernel contains software that allows you to make uniform use of ► hard disk drives, ► network cards, ► RAM, ► and other hardware components. ♦ In the Linux world, the kernel is based on code originally developed by Linux’s founder, Finnish developer Linus Torvalds. Back to distributions – Purpose, Configuration, Support ♦ Purpose ► Different distributions are often designed for different purposes and provide different user experiences. ► Some distributions are designed as servers, others as desktops, and some are designed to perform particular functions, for example, as......

Words: 1486 - Pages: 6

Linux Security

...The Linux security technologies I researched are SELinux, chroot jail and iptables. SELinux (Security-Enhanced Linux) is a Linux feature that provides the mechanism for supporting access control security policies, including United States Department of Defense-style mandatory access controls, through the use of Linux Security Modules (LSM) in the Linux kernel. It is not a Linux distribution, but rather a set of kernel modifications and user-space tools that can be added to various Linux distributions. Its architecture strives to separate enforcement of security decisions from the security policy itself and streamlines the volume of software charged with security policy enforcement. The key concepts underlying SELinux can be traced to several earlier projects by the United States National Security Agency. The United States National Security Agency (NSA), the original primary developer of SELinux, released the first version to the open source development community under the GNU GPL on December 22, 2000. The software merged into the mainline Linux kernel 2.6.0-test3, released on 8 August 2003. Other significant contributors include Network Associates, Red Hat, Secure Computing Corporation, Tresys Technology, and Trusted Computer Solutions. Experimental ports of the FLASK/TE implementation have been made available via the TrustedBSD Project for the FreeBSD and Darwin operating systems. It provides an enhanced mechanism to enforce the separation of information based on......

Words: 1300 - Pages: 6

Configure Basic Security Controls on a Linux Server

...Configure Basic Security Controls on a Fedora Linux Server The students are required to submit their lab assignment answers through this website. All lab assignment questions listed are for each course's week lab activity. This may be a theory based or lab based activity. Lab assessment results and answers are due at the beginning of class the following week. Students are encouraged to perform and submit their lab assessment results immediately upon completion of the lab activity or prior to the due date. During this lab students will properly secure a Linux server system. They will perform steps to secure the bootloader, enable iptables and run SELinux to help lock down the Linux OS. The students will also apply ACLs to directories and files and then check those ACLs and permissions on the system. To accomplish the lab assignment below, students will need to obtain a copy of the Fedora Image provided to you by the Substitute Instructor and complete a basic VMware installation of Fedora. The questions in the lab book will be based on the installation experience. Assigned Pages: 10-26 Questions: 1 through 10. This assignment is due by the beginning of class for Unit 3. 1. What is GRUB and why is it important to lock it down? GRUB stands for Grand Unified Bootloader (1 of 2 boot menus' for the operating system) which is important to lock down is for security reasons. These reasons include being used to start other operating systems (eg. other versions of......

Words: 745 - Pages: 3

Linux Security

...Securing Linux Platforms and Applications Project Project Part 1 Task 1: Outline Security Policy This security policy is essential to the First World Bank Savings and Loan. It is used to break up the security plan not measurable, specific, and testable goals and objectives. This security policy would be used to provide all current and prospective customers online banking services while keeping the First World Saing bank competitive in the financial marketplace. This solution is also an imperative due to an estimated revenue of $100,0000,000 flowing in by virtue of online credit card transactions specific to banking and loan application based services. This security policy will go on to outline the specific regulations and legislation that are in agreement with the statutory compliance criteria. Below is a recommended view of the characteristics and components of the recommended security based policy. Taking up the stake of the performance, cost, and security of maintaining the Linux, and open source infrastructure will be within the premise of the defined roles and responsibilities. Annual cost savings are estimated to amount to $4,000,000 (approx) by virtue of implementation of this solution. The ‘C’-‘I’-‘A’ triad will be a crucial requirement fo the First World Savings Bank and translates to Confidentiality, Integrity and Availability respectively. Confidentiality aspect with reference to First World Savings Bank – Confidentiality refers to the principle that......

Words: 3404 - Pages: 14

Linux Security

...Linux Security Mr. Rehman 02 Feb 2015 Week 2 Lab 1 Please note that the parameters in this configuration file control the # behavior of the tools from the shadow-utils component. None of these # tools uses the PAM mechanism, and the utilities that use PAM (such as the # passwd command) should therefore be configured elsewhere. Refer to # /etc/pam.d/system-auth for more information. # # *REQUIRED* # Directory where mailboxes reside, _or_ name of file, relative to the # home directory. If you _do_ define both, MAIL_DIR takes precedence. # QMAIL_DIR is for Qmail # #QMAIL_DIR Maildir MAIL_DIR /var/spool/mail #MAIL_FILE .mail # Password aging controls: # # PASS_MAX_DAYS 60 Maximum number of days a password may be used. # PASS_MIN_DAYS 0 Minimum number of days allowed between password changes. # PASS_MIN_LEN 8 Minimum acceptable password length. # PASS_WARN_AGE 14 Number of days warning given before a password expires. -- INSERT [student@centos ~]$ su-c 'vi /etc/login.defs' bash: su-c: command not found [student@centos ~]$ su -c 'vi/etc/login.defs' Password: bash: vi/etc/login.defs: No such file or directory [student@centos ~]$ su -c 'vi /etc/login.defs' Password: [student@centos ~]$ su -c '/usr/sbin/useradd dbadmin1' Password: [student@centos ~]$ su -c '/usr/sbin/useradd dbadmin2 > su -c...

Words: 488 - Pages: 2

Linux Security

...Linux Security Project Part 1 Instructor Sandro Tuccinardi Student Brian Dupee Security Policy Outline First World bank wants to provide banking services online to its customers. The institution estimates over $100,000,000 a year in online credit card transactions for loan applications and other banking services. According to a team that was formed using a Linux an open source infrastructure would roughly as estimated give an annual cost savings in licensing fees alone can be as much as $4,000,000. The assets while using Linux open source infrastructure goal would be maintaining (CIA) triad confidentiality, integrity, and availability in the infrastructure. There is legislation, regulations, federal and state laws governing online banking. Compliance regulations such as Sarbanes–Oxley Act of 2002, Gramm–Leach–Bliley Act (GLBA), Payment Card Industry Data Security Standard (PCI DSS), Federal Information Security Management Act of 2002, Control Objectives for Information and Related Technology (COBIT). Many or part of these and more must be taken into consideration while putting this project in play. There are a couple of documents: ISO\IEC 17799 and ISO\IEC 27001. The ISO\IEC 17799 IT security technique is the policy for information security management, guidelines, principles for implementing and improving security. • security policy; • organization of information security; • asset management; • human resources security; • physical and......

Words: 448 - Pages: 2

Linux Security

... The Federal Deposit Insurance Corporation (FDIC) is an insurance that guarantees the money is a customer’s account up to $250,000 per depositor. A depositor is any one on the account that has provide their Social Security Number. Member banks are required to place a sign at their place of business stating that the deposits are backed by the full faith and credit of the United State Government. The First World Bank by complying with the different regulations help the bank provides confidentiality side of the CIA triangle. Customers will feel confident with the First World Bank handling their money and most important their information. Yes open source Linux can handle the security demands that the legislation and regulation require. Linux is running some of the world’s top secure networks the U.S. department of Defense, U.S. Navy Submarine Fleet, the City of Munich, Germany, French Parliament, State-Owned Industrial and Commercial Bank of China, Novell, Google, IBM, Cisco, Amazon, New York Stock Exchange just to name a few. Linux is secure as any properly setup operating system. If the world powers listed above trust and use Linux to protect their top secret information they Linux can protect the customers data at the First World Bank. With open source Linux patches are put out quicker and once an issue is found the open source world is immediately working on it and put out the fix as soon as it is done, unlike Microsoft that put out an update when they feel like it. ...

Words: 1405 - Pages: 6

Linux Security

...Robert Hoffman Linux Research 2.1 Security for computers is one of the most important aspects of a system that has to be in place. For this paper I will be writing about four security features that Linux systems use; these are SELinux, chroot jail, openSSH, and iptables. I will briefly describe what they do to provide security. SELinux (security enhanced Linux) was developed by the NSA, who chose Linux as its operating system to create a more secure operating system. Since the development of SELinux by the NSA most Linux distributions now implement SELinux as a standard. Traditional Linux systems use a security called (DAC) discretionary access control. With this approach users and their objects, i.e., files or processes run by the user have the same access as the user. So if an attacker got hold of an admin account they would have complete control over any files or services that account runs or has access to. SELinux uses (MAC) mandatory access control. With this, services and files are controlled by policies saying what may or may not be done. MAC enforces these security policies that limit what users and programs can do. Security threats coming from user errors, attackers, or software problems are limited by MAC. SELinux has three modes that it can function in: Enforcing- This is the default state where SELinux security policy is enforced, anything not permitted by the security policy can not be......

Words: 999 - Pages: 4

Linux Security

...| Linux Security | A review of some current technologies | | | | | In the pre-Internet world you have criminals looking for “hard” assets: money, jewelry and other items that could be easily turned into hard currency. We have always had “white-collar” crime such as embezzlement, fraud and insider trading. With the proliferation of the Internet and our personal and professional lives stored in the cloud; criminals can now take one ubiquitous piece of information and turn themselves into a whole other person. The ease in which such information can be used has turned people who would never think of ever holding up a bank, mugging someone or other physical crime, into criminals. This type crime has spawned a whole new “industry”: cyber security. One of the most important aspects of a network administrator’s job is to secure the system from any person who wishes to do criminal activities. These people are both within and outside the organization. With the Linux system there are three main technologies that are in use today. They are SELinux, chroot jail, and iptables. The first line of defense in a Linux system is chroot jail. Chroot is a process or application that changes the root directory for a user. To the user it appears that they are in their root directory, but they are actually in a modified root directory. This modified root directory is called jail. Without a chroot jail, a user with limited file permissions would still be able to......

Words: 942 - Pages: 4

Basic Commands in Linux and Windows

...LESSON 2 BASIC COMMANDS IN LINUX AND WINDOWS LESSON 2 – BASIC COMMANDS IN LINUX AND WINDOWS “License for Use” Information The following lessons and workbooks are open and publicly available under the following terms and conditions of ISECOM: All works in the Hacker Highschool project are provided for non-commercial use with elementary school students, junior high school students, and high school students whether in a public institution, private institution, or a part of home-schooling. These materials may not be reproduced for sale in any form. The provision of any class, course, training, or camp with these materials for which a fee is charged is expressly forbidden without a license including college classes, university classes, trade-school classes, summer or computer camps, and similar. To purchase a license, visit the LICENSE section of the Hacker Highschool web page at www.hackerhighschool.org/license. The HHS Project is a learning tool and as with any learning tool, the instruction is the influence of the instructor and not the tool. ISECOM cannot accept responsibility for how any information herein is applied or abused. The HHS Project is an open community effort and if you find value in this project, we do ask you support us through the purchase of a license, a donation, or sponsorship. All works copyright ISECOM, 2004. 2 LESSON 2 – BASIC COMMANDS IN LINUX AND WINDOWS Table of Contents “License for Use” Information....................

Words: 2543 - Pages: 11

Linux Security Basics

...Linux Security Basics Security is always at the top of the list when setting up a network and also administering a network. Linux is an operating system that can be easily obtained over the internet due to its open source distributions. Linux is one of the most secure operating systems because of having less use than Windows for the end user. There are several security technologies in Linux that can be implemented into a network. The three technologies that I will be discussing are SELinux, chroot jail, and iptables. SELinux was developed by the National Security Administration in an effort to incorporate a strong, flexible mandatory access control architecture into the major subsystems of the Linux kernel. The NSA recognized that operating system security is critical at higher levels. It provides a tool to enforce the separation of information based on the confidentiality and integrity requirements. This helps when addressing threats of tampering and bypassing of application security. It also assists in the isolation of damage that is caused by malicious software or damaged applications. SELinux uses the Flux Advanced Security Kernel which contains components that provide support for enforcing many kinds of MAC policies like type enforcement, role-based access control, and multilevel security. The Linux kernel that is implementing SELinux enforces MAC policies that limit the user programs and system servers to only what they need to complete the job. When a......

Words: 1313 - Pages: 6

Security in Linux

...Security in Linux Linux, like any other computing platform, is constantly changing. There are a few major focus points for new and upgraded platforms, one of which is how user friendly it is. User friendliness goes beyond the ability to simply point and click, it also goes behind the lines deep into the inner workings of the system. Security is one of the most important functions of any operating system, very commonly overlooked and taken for granted. A system administrator can configure tables that are provided by the Linux kernel firewall in a program called iptables. Iptables has the ability to redirect, modify or stop packets of data all based on the state of a connection at any given time. There are many different tables that can be defined and each table contains built in chains or user defined chains. Every chain is essentially a list of rules that matches a set of packets and it specifies what to do with a packet that matches the rules. For the casual user it is best to use the predefined rules, they are often more than adequate. In an enterprise situation the administrator would likely want to define additional rules in order to best suit the business needs. Before iptables Linux mainly used ipchains as a firewall package. Iptables is an improvement on ipchains because it monitors the state of connections. Iptables can use the state of the connection as opposed to ipchains using the source destination and content only, to redirect, modify or drop a packet. At least...

Words: 965 - Pages: 4