Linux Security Technologies Essay

In a world so largely dependent on computing machine transcriptions, inadequate security measures could lead to anything from having a single persons financial in mastermindation compromised to an electronic 9/11 against some of our countrys most safe federal computer lucres. In the modern computer based society we live in, security is essential to protecting everything from personal desktops all the way up to the most secure federal databases. And many corporate and government level computers are based on the Linux kernel.SELinux has 3 states it can be in if on a system Enabled, Disabled, and Permissive. Enforcing means SELinux security policy is active, Disabled means SELinux security policy is not active, and Permissive is a diagnostic state commonly used for troubleshooting. To rectify understand what improvements Mandatory entryway Control (MAC) can provide for security, one films to know about the standard Linux security provision called Discretionary Access Control (DAC ). DAC, though it is steady a form of security, only provides minimal protection to a Linux bear down system.With DAC, access to files merely requires needed permissions from the owner of the file to access (commonly referred to as file permissions), often requiring a password to open. A radical weakness of DAC is not being able to fundamentally differentiate amongst human exploiters and computer programs. And with so many systems often having such large numbers of users, it only takes hackers accessing a single users account to draw access to any and all of the files they have permissions for. If the compromised user account were to have super-user ( touch ontle) access, the hacker could then gain access to an entire file system.This became the basis for access up with a more secure way of protecting wrongful access into standard Linux based systems. SELinux utilizing MAC, on the other hand, was created to address this very weakness that DAC has as the standard Linux secur ity. The way MAC helps improve overall security of SELinux is by providing what is called granular permissions for every subject (user, program, process) and object (file, device). In other words, by MAC, you only grant any subject the specific object or objects required to perform a specific function, and no more.Compared to DAC, security is more part and has more layers of protection. Hence, SELinux provides a much more secure environment than the original Linux security features alone can. Another feature providing further security for a network is TCP Wrappers. TCP Wrappers work by controlling access through the utilization of IP addresses. In Linux, this is accomplished through 2 specific files that need to be created. The first file, hosts. deny, is a file listing name of hosts that are to be denied access to the network.The second file, hosts. allow is a file listing the names of hosts that are allowed access to the same network. The absence of theses 2 files, would allow the entire Internet access to network services, severely lowering the security of a host. This lowers a system being compromised through a sort of gate guard with an access list policy. If your name appears on the list, you gain access if its not, you fagt. Creating an artificial root directory is yet another way to provide security for Linux systems, and is commonly referred to as a chroot jail.This prevents accessing or modifying, possibly maliciously, any file exterior the directory hierarchy. The command required to create a chroot jail is /usr/sbin/chroot. Note, you must be working as root inside the Linux shell to do this. By creating a chroot jail, it prevents users from navigating up the hierarchy as high as possibly / (root). Even if the user did not have permissions required to edit higher directories, they may still be able to see files they dont have any reason to have any access to.Chroot can be useful for providing basic preventative security by making it more diffic ult to exploit information on a server. But, by limiting user access in this way, if a user account were ever hacked, it still provides yet another layer of security by limiting the amount of access each user account has to begin with. It is important to understand that you must run a program in chroot jail as a user other than root (/). This is because root can break out of jail, making the chroot jail not provide the security it is intended to against unwanted access.Setting up iptables is another form of network security in Linux. They allow for setting up a firewall on the network. Iptables allow for network packet filtering rules. The use of iptables function allows rules to be set up that can reject inbound packets opening new connections and accept inbound packets that are responses to locally initiated connections. This basic feature therefore acts as a firewall to the system, preventing unwanted outside attempts to hack into a host network.In conclusion, with the technologi cal direction of our future apparent, security technologies will be a continuing publicise that will never stop making further advances. After all, the financial, physical, and ideological future of our country, and people as a whole, cannot afford to do otherwise. As our children, and childrens children, begin to take the reins of this electronically motivated world, computer security technologies will lodge to be an important issue as long as we continue as a society. References * http//www. omnisecu. om/gnu-linux/redhat-certified-engineer-rhce/what-is-security-enhanced-linux-selinux. htm * http//fedoraproject. org/wiki/SELinux_FAQ * http//www. nsa. gov/research/_files/selinux/papers/x/img3. shtml * http//docs. redhat. com/docs/en-US/Red_Hat_Enterprise_Linux/4/html/SELinux_Guide/selg-preface-0011. html * http//docs. fedoraproject. org/en-US/Fedora/13/html/SELinux_FAQ/ * http//www. bu. edu/tech/security/firewalls/host/tcpwrappers_macosx/ * http//www. serverschool. com/dedicated-s ervers/what-is-a-chroot-jail/ * http//en. wikipedia. org/wiki/Chroot