Linux Ii Research Assignment - Linux Security Technologies

In: Computers and Technology

Submitted By shadowedangel
Words 875
Pages 4
Research Assignment
Linux Security Technologies
Kristy Graves
ITT Tech – Dayton
Linux II

Mandatory Access Control Mandatory Access Control (MAC) is a system wide policy that relies on the current system to control access (Syracuse University, 2009). Users cannot alter or make any changes to this policy. Only the administrator has the clearance and authorization to make changes (The Computer Language Company Inc., 2012). Mandatory access control mechanisms are more than Discretionary Access Control (DAC) but have trade offs in performance and convenience to all users (The Open Web Application Security Project, 2002). Users can access lower level documentation, but they cannot access higher level without the process of declassification. Access is authorized or restricted based on the security characteristics of the HTTP client. This can be due to SSL bit length, version information, originating IP address or domain, etc. Systems supporting flexible security models can be SELinux, Trusted Solaris, TrustedBSD, etc. DAC checks the validity of the credentials given by the user. MAC validate aspects which are out of the hands of the user (Coar, 2000). If there is no DAC list on an object, full access is granted to any user (Microsoft, 2012).
SELinux has three states of operation. These states are enforcing, permissive, and disabled. SELinux was developed by the U.S. National Security Agency (NSA) and implements MAC in a Linux kernel (Sobell, 2011). Enforcing is the default state for Linux. This is enforcing the security policies. No programs or users are able to do anything not permitted by the security policies. System is somewhat degraded in performance in this state. Permissibe mode is the diagnostic state. SELinux sends warning messages to log file and does not enforce the security policy. This is useful for debugging and troubleshooting…...

Similar Documents

Linux Securities

...Security of a system when you are open to the internet is paramount in the world of servers. Linux has many layers of ever evolving security in order to keep up with the would be attackers in cyberspace. This is one of the reasons that Linux is one of the most used servers for internet sites and has few viruses engineered towards it. IP Tables Developed by the Netfilter organization the IP tables package for Linux is an evolution of the IP chains which came from the IPv4 Linux firewall package. Paul Russel was the initial head author of the organization and also behind the IP chains project The Netfilter organization began to come together in 1999 and through collaboration and research recognized the shortcomings of the IP chains package and developed this new product in order to address these concerns and make needed improvements. The improvements added to the new IP tables package helped improve performance and overall security. Better integration with the kernel led to improved speed and reliability but the true value came from the new security features. Stateful packet inspection allows the firewall to keep track of every connection passing through it allowing for better monitoring and can even view certain contents and attempt to anticipate actions of certain protocols. Also the ability to filter packets based on MAC address and TCP header flags helps to prevent attacks using malformed packets. Even a rate limiting feature that is designed to eliminate some......

Words: 1131 - Pages: 5

Linux Security Technologies

...Robin Prather January 14, 2013 Linux System Administration Week 2 Homework Assignment 2.1 There are many organizations and contributing members that are involved in the SELinux project, but namely the NSA seems to be in the top ranks of this particular technology. Researchers in NSA's National Information Assurance Research Laboratory (NIARL) designed and implemented flexible mandatory access controls in the major subsystems of the Linux kernel and implemented the new operating system components provided by the Flask architecture, namely the security server and the access vector cache. The NSA researchers reworked the LSM-based SELinux for inclusion in Linux 2.6. Creating a viable secure operating system remains a critical research problem. Our goal is the creation of an efficient architecture that provides requisite support for security, executes programs in a way that is largely transparent to the user, and is attractive to vendors. We believe an essential step in attaining this goal is to show how mandatory access controls can be successfully integrated into a mainstream operating system. The notion of a secure system includes many attributes (e.g., physical security, personnel security, etc.) and Security-enhanced Linux addresses only a very narrow set of these attributes (i.e., mandatory access controls in the operating system). Put another way, "secure system" means safe enough to protect some real world information from some real world adversary that the......

Words: 316 - Pages: 2

Linux Security Technologies

...Linux Security Technologies   SELinux (Security Enhanced Linux) is a mandatory access control in the Linux kernel that was originally developed by NSA (National Security Agency) with direct contributions provided by Red Hat Enterprise Linux (RHEL) via the Fedora Project. In the day and age of identity theft and attempted sabotage from terrorists against our country, it should be very apparent why an organization like NSA had such an interest in heading up development of a more secure way to better protect our nation’s computer systems. In a world so largely dependent on computer systems, inadequate security measures could lead to anything from having a single person’s financial information compromised to an electronic 9/11 against some of our country’s most secure federal computer networks. In the modern computer based society we live in, security is essential to protecting everything from personal desktops all the way up to the most secure federal databases. And many corporate and government level computers are based on the Linux kernel. SELinux has 3 states it can be in if on a system: Enabled, Disabled, and Permissive. Enforcing means SELinux security policy is active, Disabled means SELinux security policy is not active, and Permissive is a diagnostic state commonly used for troubleshooting. To better understand what improvements Mandatory Access Control (MAC) can provide for security, one needs to know about the standard Linux security provision called......

Words: 1124 - Pages: 5

Linux Securities

...Since its release to the public in 1991, the Linux operating system has become one of the most widely used operating systems in the world. This is largely because of the security features. The most popular of these three technologies are SELinux, chroot jail and iptables. We are going to break down the advantages and benefits of each of these features. The United States National Security Agency (NSA), the original developer of SELinux released the first version of this feature in December of 2000. According to a statement by the NSA "NSA Security-enhanced Linux is a set of patches to the Linux kernel and some utilities to incorporate a strong, flexible mandatory access control (MAC) architecture into the major subsystems of the kernel. It provides an enhanced mechanism to enforce the separation of information based on confidentiality and integrity requirements, which allows threats of tampering and bypassing of application security mechanisms to be addressed and enables the confinement of damage that can be caused by malicious or flawed applications. It includes a set of sample security policy configuration files designed to meet common, general-purpose security goals" It provides the ability to separate information based on confidentiality and integrity requirements. The flexibility allows control over what activities can be done by each daemon, user, or process. Standard Linux access controls are modifiable by the user and the applications which the user runs. SELinux......

Words: 600 - Pages: 3

Linux Security

...programs and libraries need to be copied or linked to the appropriate locations in the new directory tree.” (Haas) The term sandbox is a metaphor for the type of security that chroot jail uses. Once you put a program or utility into the jail, it only knows of what is contained in the cell, the rest of your system becomes invisible to it. It does this by changing the apparent root directory for the current running process and its children. A program that is run in a modified environment cannot name files outside the designated directory tree. For example if you place Apache into a chroot jail and somebody would hack into your system, the only thing that they would be able to see and access would be Apache and the files needed to run it, the rest of your system does not even exist according to chroot jail. Chroot makes it more difficult for attacks to take place in your environment. To set up a useful chroot jail, first determine which utilities and or programs the users of the chroot jail will need. Then you must copy the appropriate binaries and their libraries into the jail. II. SELinux SELinux was developed by The U.S. National Security Agency(NSA). “SELinux was released under the NSA under the GNU GPL open source license. SELinux is essentially a Linux kernel with a number of utilities that provide enhanced security functionality. But the critical component of SELinux is how it implements and handles mandatory access controls. SELinux is important because......

Words: 1582 - Pages: 7

Assignment 2 Linux Security

...Linux Security Technology Security of a system is important in our today’s use of the internet. That is why Linux with its many layers that are always evolving in security to protect against all kinds of hackers or othe types of attacks . SELinux, Chroot Jail, IPTables, Mandatory Access Control and Discrestionary Access Control, just to name a few. SELinux is an access control implementation for the Linux kernel. Take for instants that you are the administrator and you define rules in user space and if the Linux kernel has been added with SELinux support, then those rules will be followed by the kernel. SELinux is a NSA Security-Enhanced Linux, in which the mandatory access control is flexible. The structure of SELinux supports against all kinds of mandatory access control policies. Some of which are Role-Based Access Control and Multi-Level Security. It was designed by NSA for the purpose of protecting a server against malicious daemons, by telling the daemons what they can and can’t do. This type of technology was created by Secure Computing Corporation, but was supported by the U.S. National Security Agency. In 1992, the thought for a more intense security system was needed and a project called Distributed Trusted Match was created. Some good solutions evolved from this, some of which were a part of the Fluke operating system. Which then became the Flux and finally led to the creation of the Flask architecture. Eventually it was combined with the Linux kernel,......

Words: 873 - Pages: 4

Linux Security

...Securing Linux Platforms and Applications Project Project Part 1 Task 1: Outline Security Policy This security policy is essential to the First World Bank Savings and Loan. It is used to break up the security plan not measurable, specific, and testable goals and objectives. This security policy would be used to provide all current and prospective customers online banking services while keeping the First World Saing bank competitive in the financial marketplace. This solution is also an imperative due to an estimated revenue of $100,0000,000 flowing in by virtue of online credit card transactions specific to banking and loan application based services. This security policy will go on to outline the specific regulations and legislation that are in agreement with the statutory compliance criteria. Below is a recommended view of the characteristics and components of the recommended security based policy. Taking up the stake of the performance, cost, and security of maintaining the Linux, and open source infrastructure will be within the premise of the defined roles and responsibilities. Annual cost savings are estimated to amount to $4,000,000 (approx) by virtue of implementation of this solution. The ‘C’-‘I’-‘A’ triad will be a crucial requirement fo the First World Savings Bank and translates to Confidentiality, Integrity and Availability respectively. Confidentiality aspect with reference to First World Savings Bank – Confidentiality refers to the principle that......

Words: 3404 - Pages: 14

Linux Research Assignment 1

...stands for “Linux, Apache, MySQL and PHP.” Together these software technologies can be used to form a fully-functional web server. Linux is the most popular operating system used in web servers. The most important of these four technologies is Apache, Apache is the software that serves webpages over the Internet via the HTTP protocol. Once Apache is installed, a standard Linux machine is transformed into a web server that can host live websites. Other components of LAMP include MySQL and PHP. MySQL is a popular open source database management system (DBMS) and PHP is a popular web scripting language. Together, these two products are used to create dynamic websites. Instead of only serving static HTML pages, a LAMP server can generate dynamic webpages that run PHP code and load data from a MySQL database. 2. For Internet websites which are located throughout the entire world, what is the estimated market share for dynamic websites which use LAMP as opposed to Microsoft IIS and the Microsoft Active Server Page scripting language? A: As of today, LAMP (Apache) = 56.4% and Microsoft IIS = 12.9% and I cannot find the percentages for the Microsoft Active Server Page. 3. What is PHP? A: PHP is a widely-used open source general-purpose scripting language that is especially suited for web development and can be embedded into HTML. 4. What is the JAVA Server Page and how may it be used for creating dynamic websites? A: Java Server Pages (JSP) is a technology......

Words: 353 - Pages: 2

Linux Security

...| Linux Security | A review of some current technologies | | | | | In the pre-Internet world you have criminals looking for “hard” assets: money, jewelry and other items that could be easily turned into hard currency. We have always had “white-collar” crime such as embezzlement, fraud and insider trading. With the proliferation of the Internet and our personal and professional lives stored in the cloud; criminals can now take one ubiquitous piece of information and turn themselves into a whole other person. The ease in which such information can be used has turned people who would never think of ever holding up a bank, mugging someone or other physical crime, into criminals. This type crime has spawned a whole new “industry”: cyber security. One of the most important aspects of a network administrator’s job is to secure the system from any person who wishes to do criminal activities. These people are both within and outside the organization. With the Linux system there are three main technologies that are in use today. They are SELinux, chroot jail, and iptables. The first line of defense in a Linux system is chroot jail. Chroot is a process or application that changes the root directory for a user. To the user it appears that they are in their root directory, but they are actually in a modified root directory. This modified root directory is called jail. Without a chroot jail, a user with limited file permissions would still be able to......

Words: 942 - Pages: 4

Linux Security Technologies

...different types of Linux Security Technologies. Discretionary Access Control, SELinux (Security Enhanced Linux), chroot jail, and iptables are just a few. This paper is only going to discuss the latter three. Discretionary Access Control is the more traditional, however; DAC is not as secure and will not be discussed here.1 The U.S National Security Agency (NSA) is the organization behind the creation of SELinux. The reason the NSA is involved in this project is because this organization is responsible for carrying out the research and advanced development of technologies needed to enable NSA to provide the solutions, products, and services to achieve Information Assurance for information infrastructures critical to U.S. National Security interests. The NSA implemented a Mandatory Access control within the Linux Kernel. This MAC is named Flask.2 There are three main policies that SELinux uses to apply MAC. There is the Targeted, where the MAC controls will only be used for a specific process or processes, there is the Multilevel Security protection, and the Strict. The strict puts MAC controls to all processes. The targeted is not as secure as the strict, however; the targeted is easier to maintain. If one uses the strict, the administrator will have to customize the policy. Failure to do so could cause other users a significant problem in performing his or her assigned duties. 3 The main reason the MAC has been created is to help prevent security......

Words: 919 - Pages: 4

Linux Security Technology

...|Linux Security Technology | | 1. SELinux SELinux, an implementation of Mandatory Access Control (MAC) in the Linux kernel, adds the ability to administratively define policies on all subjects (processes) and objects (devices, files, and signaled processes). This mechanism is in the Linux kernel, checking for allowed operations after standard Linux Discretionary Access Controls DAC are checked. Security-Enhanced Linux (SELinux) is a Linux feature that provides a mechanism for supporting access control security policies, including United States Department of Defense-style mandatory access controls, through the use of Linux Security Modules (LSM) in the Linux kernel. It is not a Linux distribution, but rather a set of Kernel modifications and user-space tools that can be added to various Linux distributions. Its architecture strives to separate enforcement of security decisions from the security policy itself and streamlines the volume of software charged with security policy enforcement. The key concepts underlying SELinux can be traced to several earlier projects by the United States National Security Agency (NSA), It has been integrated into the mainline Linux kernel since version 2.6. NSA, the original primary developer of SELinux, released the first version to the open source development community under the GNU GPL on December 22, 2000. Security-enhanced......

Words: 1860 - Pages: 8

Linux Security Technologies

...With a world that is vastly growing in size so does our use for technology. With this use of technology come lots of potential threats and hazards. Our world today is ever so growing with its relationship with the internet or World Wide Web (WWW). Many places use the internet to access sites, software, music, book, and so forth, the list goes on. But with this advance in technology come lots of threats to consumers alike. Such as hackers, viruses, people who don’t know what they are doing, and even people who you may call your best friend. Threat comes in many shapes and sizes which is why operating systems such as Linux develop ways to keep your personal files safe from these unwarranted threats. Some of these measures include, but is not limited to; iptables, SELinux, chroot jail, TCP Wrappers, firewalls, PolicyKit, NX or No eXecute, PIE or Position Independent Executables, Netfilter, and the list goes on (“Fedora Projects” & Vepstas). When a user first approaches Linux it looks similar to what a windows operating system would resemble. With Linux a user has the ability to access every file within the operating system through the use of a terminal or command prompt. Through the use of Linux programming potential threats can gain access to you file system and everything housed within it. Linux is free software that comes with many great security features that any user or administrator greater access and control over the system. The choice can be a bit much for......

Words: 1082 - Pages: 5

Linux Security Technologies

...remains a critical research problem. Linux has several security developments included in its open source operating system. Among these are SELinux, chroot jail, and iptables to name a few. SELinux is Security Enhanced Linux. The National Information Assurance Research Laboratory of the National Security Agency was in charge of carrying out the research and advanced development of technologies needed to enable the NSA to provide the solutions, products, and services to achieve Information Assurance for information infrastructures essential to the security of the U.S. National Security. The Security-enhanced Linux prototype was developed by the NSA along with research partners from NAI Labs, Secure Computing Corporation (SCC), and the MITRE Corporation. Many other contributions have followed since the initial release.(NSA-National Security Agency, 2009) Researchers in the National Information Assurance Research Laboratory of NSA worked with Secure Computing Corporation (SCC) to develop a strong, flexible mandatory access control architecture based on a mechanism first developed for the LOCK system called Type Enforcement. The NSA and SCC then worked with the University of Utah’s Flux research group to transfer the architecture to the Fluke research operating system. The architecture was enhanced, when it was transferred, to provide better support for dynamic security policies. This enhanced architecture was named Flask. SELinux implements the Flask security architecture......

Words: 1498 - Pages: 6

Linux Technology

...Reserch Assignment 2.1 Research Assignment 2.1 Kyle McGraw ITT Technical Institute IT302 Linux Mr. Gort April 14, 2012 In this paper I will go over 3 different types of Linux security technologies those follow with SELinux, chroot jail, and iptables. These technologies aid in prevention of identity theft. I will help you understand what they are and who designed them and what good they are for you to use them. In the next paragraphs you will be able to decide which one is for you and more about the use of them. Under the GPL in late 2000 SElinux was released from the National Security Agency’s Office of Information Assurance. More recently it was developed by the open source community with the help of NSA. SElinux currently ships as a part of Fedora Core, and it’s supported by Red Hat. Also there are packages that exist for Debian, SuSe, and Gentoo although at this time these were unsupported by anyone. SElinux is based on the concept of Mandatory Access Control. Under MAC, administrators control every interaction on the software of the system. A least privilege concept is used, by default applications and users have no rights, because all rights have to be granted by an administrator because of the system’s security policy. Under DAC, the files are owned by the user also that user has full control over them. If an attacker penetrates that user’s account they can do whatever with the files owned by that user. Standard UNIX permissions are still present on the system...

Words: 940 - Pages: 4

Linux Security Technologies

...George McShane Research Paper 07/13/2012 Linux Security Technologies In today’s world there are many ways to gain access to the internet. You can go to your local library, a Starbucks, any airport, or even a McDonald’s. With all of these ways to have free access to the Web, the opportunity for hacker’s to get to your personal information is at an all time high. Linux programming has many ways to combat this situation with security technologies such as SELinux, chroot jail, iptables, and virtual private networks (VPN’s) to name a few. The basics of Linux security start with Discretionary Access Control, which is based by users and groups. The process starts with a user, who has access to anything that any other user can have access to. At first, it may seem great to be able to have that access, but the security in it is not so great. The US National Security Agency (NSA) developed the SELinux (Security Enhanced Linux) to combat the lack of strong security. (National Security Agency Central Security Service, 2009) Other organizations behind SELinux include the Network Associate Laboratories (NAI) labs which implemented several additional kernel mandatory access controls, developed the example security policy configuration, ported to the Linux 2.4 kernel, contributed to the development of the Linux Security Modules kernel patch, and adapted the SELinux prototype to LSM. The MITRE Corporation which enhanced several utilities to be SELinux-aware, and developed......

Words: 1207 - Pages: 5

I Feel Pretty 2018 1080p BluRay x264-GECKOS | Watch movie | RULES OF SURVIVAL