Linux Technology

In: Computers and Technology

Submitted By kwaku
Words 940
Pages 4
Reserch Assignment 2.1
Research Assignment 2.1
Kyle McGraw
ITT Technical Institute
IT302 Linux
Mr. Gort
April 14, 2012
In this paper I will go over 3 different types of Linux security technologies those follow with SELinux, chroot jail, and iptables. These technologies aid in prevention of identity theft. I will help you understand what they are and who designed them and what good they are for you to use them. In the next paragraphs you will be able to decide which one is for you and more about the use of them.
Under the GPL in late 2000 SElinux was released from the National Security Agency’s Office of Information Assurance. More recently it was developed by the open source community with the help of NSA. SElinux currently ships as a part of Fedora Core, and it’s supported by Red Hat. Also there are packages that exist for Debian, SuSe, and Gentoo although at this time these were unsupported by anyone. SElinux is based on the concept of Mandatory Access Control. Under MAC, administrators control every interaction on the software of the system.
A least privilege concept is used, by default applications and users have no rights, because all rights have to be granted by an administrator because of the system’s security policy. Under DAC, the files are owned by the user also that user has full control over them.
If an attacker penetrates that user’s account they can do whatever with the files owned by that user. Standard UNIX permissions are still present on the system, and will be consulted before the SElinux policy during access attempts. If the standard permissions deny access the access is denied so therefore SElinux is not involved. When the standard file permissions do allow access, the SElinux policy will be consulted and access is either gained or denied based on the security contexts of the source process and the targeted object.
During the…...

Similar Documents

Linux Security Technologies

...Robin Prather January 14, 2013 Linux System Administration Week 2 Homework Assignment 2.1 There are many organizations and contributing members that are involved in the SELinux project, but namely the NSA seems to be in the top ranks of this particular technology. Researchers in NSA's National Information Assurance Research Laboratory (NIARL) designed and implemented flexible mandatory access controls in the major subsystems of the Linux kernel and implemented the new operating system components provided by the Flask architecture, namely the security server and the access vector cache. The NSA researchers reworked the LSM-based SELinux for inclusion in Linux 2.6. Creating a viable secure operating system remains a critical research problem. Our goal is the creation of an efficient architecture that provides requisite support for security, executes programs in a way that is largely transparent to the user, and is attractive to vendors. We believe an essential step in attaining this goal is to show how mandatory access controls can be successfully integrated into a mainstream operating system. The notion of a secure system includes many attributes (e.g., physical security, personnel security, etc.) and Security-enhanced Linux addresses only a very narrow set of these attributes (i.e., mandatory access controls in the operating system). Put another way, "secure system" means safe enough to protect some real world information from some real world adversary that the......

Words: 316 - Pages: 2

Linux Security Technologies

...Linux Security Technologies   SELinux (Security Enhanced Linux) is a mandatory access control in the Linux kernel that was originally developed by NSA (National Security Agency) with direct contributions provided by Red Hat Enterprise Linux (RHEL) via the Fedora Project. In the day and age of identity theft and attempted sabotage from terrorists against our country, it should be very apparent why an organization like NSA had such an interest in heading up development of a more secure way to better protect our nation’s computer systems. In a world so largely dependent on computer systems, inadequate security measures could lead to anything from having a single person’s financial information compromised to an electronic 9/11 against some of our country’s most secure federal computer networks. In the modern computer based society we live in, security is essential to protecting everything from personal desktops all the way up to the most secure federal databases. And many corporate and government level computers are based on the Linux kernel. SELinux has 3 states it can be in if on a system: Enabled, Disabled, and Permissive. Enforcing means SELinux security policy is active, Disabled means SELinux security policy is not active, and Permissive is a diagnostic state commonly used for troubleshooting. To better understand what improvements Mandatory Access Control (MAC) can provide for security, one needs to know about the standard Linux security provision called......

Words: 1124 - Pages: 5

Linux

...Linux CIS 155 Victor Gaines Dr. Weidman December 19, 2012 An operating system is, in the most basic of terms, the back bone of any modern day personal computer. They allow for users to start applications, manipulate the system, and, in general, use the computer effectively and efficiently. There are many different operating systems, all of which are used by different people for different reasons. The Apple OS operating system is the sole property of the Apple Company and is used in all of their computers and technology that they create. Then you have Windows, which is quite possibly the most widely recognizable operating system on the market today. Then there is Linux. Linux is seen as the operating system for “people who know computers”. Linux is not as user friendly as the Apple OS or Windows but it is seen as one of the most flexible operating systems around. Linux was born from the brain trust of a small group of friends lead by a Finn computer science student, Linus Torvalds. Linus built the kernel, which is the core of the Linux operating system, though the kernel itself does not fully constitute an operating system. Richard Stallman’s GNU tools were used to fully flesh out the Linux operating system. Torvald matched these two together to make these two parts one whole working body. Linux is still in its infancy but has gathered a tremendous following since its inception in 1991. Linux is greatly favored by amongst developers, being used in everything from......

Words: 1046 - Pages: 5

Linux

...NT1430 Linux Networking: Study Guide Wed 21-November-2012 Linux Commands: Know these commands and what they do: • Directory and list commands o ls, ls –l o pwd o cd / o cd and cd~ (hint: both take you to your home directory) o cd .. (takes you up one directory • Know what cp and mv do and how to use them • File viewing commands: o cat o less and more (one page at atime) o vi and view o tail (shows the last 10 lines of a file) o head (shows the top 10 lines) • chmod for changing permissions on files and directories • know the differences in read write and execute for owner group and all • > to redirect output to a file (overwrites if file exists) • >> appends to a file • & puts a process in the background while fg brings it to the foreground. • ps –ef | grep programname locates a running process for you • grep is a program that searches for a string within a directory or command output • The pipe symbol ( | ) sends output from one command to the input of another. • Know what a Linux shell script is. Direcories and file systems • / is the root of the entire file system • /usr stores program files • /home stores user home directories • /etc stores Linux configuration files • /var stores various miscellaneous files • /proc is a virtual directory that stores system performance metrics...

Words: 1137 - Pages: 5

Linux

...1) Describe some reasons why Linux is installed on only a very small fraction of desktop computers. Are there particular categories of products or users who might see Linux as more appealing than conventional operating systems? Do you think Linux's share of the desktop market will increase? Why or why not? Linux is used proportionally due to the fact that we live in a Windows world. All of the name brand software applications like Office, Peachtree and QuickBooks are Windows based. I couldn’t imagine playing Call of Duty on Linux. Not saying it couldn’t happen. Without being said there is a huge demand to make Windows applications. The overall installation process for Linux is different. I won’t say difficult but different. Linux overall doesn’t have the virus issues that Windows tends to obtain. I know there are a ton of LIVE CD’s out there that is used for forensics, firewalls, backup and recovery. I have used a few of them in the past to recover partitions on hard drives unattainable by windows. I see windows becoming more and more of an online service in the future. If Microsoft goes this route, I can see users adapting to Linux just to avoid a big brother conspiracy. One thing that could also increase the usage of Linux might be those entities that are trying to implement technology with a tight budget. 2) What are some of the benefits of cloud computing? What are some of the drawbacks? Find an article about cloud computing online. Summarize and critique the......

Words: 663 - Pages: 3

Linux

...select few believe otherwise. Many programmers and computer enthusiasts believe Linux to be a far more efficient and usable system because of its flexibility and efficient code. Even so, among the common users, Linux is probably the least known and most underused computer system in the world. The objective of this paper is to determine which system truly is better for users both common and adept. This research compares both operating systems with each other as to determine which is more customizable, easier use, and faster to run. To provide an objective and thorough comparison, this paper looks at key features present in each operating system. After assessing each system, it can be concluded that, although Windows is definitely more widely used than Linux, Linux is the better operating system because of its usability, open source code, and efficient language. However, before analyzing the necessary components, ample background for each operating system must first be provided. The main objective of Windows was "...to provide a personal computing environment for the common user," (Alampay) the common user being people who don't have in-depth knowledge in computer technology (i.e. Programmers, system analysts, etc.). This operating system was built using the corporate model (Microsoft) and therefore has a closed source code to protect their system from their competitors. The goal of Linux, on the other hand, was to provide an open source version of UNIX, a very......

Words: 3215 - Pages: 13

Linux

...University of Sunderland School of Computing and Technology File Management System in Linux CUI Interface A Project Dissertation submitted in partial fulfillment of the Regulations governing the award of the degree of BA in Computer Studies, University of Sunderland 2006 I. Abstract This dissertation details a project to design and produce a prototype Linux character environment file manipulation assisting application. The application is offering a friendly menu driven interface to handle the jobs that non-programmers keep finding cumbersome to master when it comes to working in a Unix/Linux interface, resulting in serious mistakes and much loss of productive time. The Linux File Management System is a basic program for every user at a Unix/Linux terminal. Advantages here include the fact that the support team does not have to be burdened with solving simple file based queries by the employees. The areas of Designing GUI interfaces in Linux and Windows versus Linux Security were researched and a prototype has been designed, developed and tested. An evaluation of the overall success of the project has been conducted and recommendations for future work are also given. Words II. Table of Contents 1) Introduction.................................................................................................................................4 1.1 Overview.................................

Words: 17681 - Pages: 71

Linux

...College of Information Systems & Technology POS/420 Version 9 Introduction to UNIX® | |Copyright © 2010, 2009, 2008, 2006, 2005, 2004, 2001, 2000 by University of Phoenix. All rights reserved. Course Description This course is a survey of the UNIX® operations. The student will gain an understanding of the internal operations of the UNIX® system, which enables the user to make efficient use of files, file systems, and processes. Commands for efficient management of UNIX® system files, file systems and process, systems administration and security are also examined. Policies Faculty and students/learners will be held responsible for understanding and adhering to all policies contained within the following two documents: • University policies: You must be logged into the student website to view this document. • Instructor policies: This document is posted in the Course Materials forum. University policies are subject to change. Be sure to read the policies at the beginning of each class. Policies may be slightly different depending on the modality in which you attend class. If you have recently changed modalities, read the policies governing your current class modality. Course Materials Blum, R. (2008). Linux® command line and shell scripting bible. Indianapolis, IN: Wiley. Love, P., Merlino, J., Zimmerman, C., Reed, J. C., & Weinstein, P. (2005). Beginning Unix®. Indianapolis, IN: Wiley. Software RedHat Linux 5 (Virtual Desktop) Article......

Words: 1560 - Pages: 7

Linux

...pasdfghjklzxcvbnmqwwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnm Research Assignment 2.1 4/9/2012 Kathleen Cline | Research Assignment 2.1 Linux security technologies SELinux, chroot jail, and iptables For each security technology, explain what organization (if any) is behind it and what reason that entity would have to be involved. Include how each technology changes the operating system to enforce security and if the security measure can be easily bypassed. Describe the types of threats each of the technologies is designed to eliminate. SELinux: There are several organizations behind the security technology. One being the National Security Agency (NSA) Researchers designed and implemented flexible mandatory access controls in the major subsystems of the linux kernel and implemented the new operating system components provided by the flask architecture, namely the security server and the access vector cache. Also Network Associates Laboratories (NAI labs) The secure Execution Environments group of NAI labs implemented several additional kernel mandatory access controls, developed the example security policy configuration, ported to the linux 2.4 kernel, contributed to the development of the linux Security modules kernel patch, and adapted the SELinux prototype to LSM. Now the MITRE Corporation enhanced several common utilities to be SELinux-aware and developed application security policies and......

Words: 1010 - Pages: 5

Linux Ii Research Assignment - Linux Security Technologies

...Research Assignment Linux Security Technologies Kristy Graves ITT Tech – Dayton Linux II IT302 Mandatory Access Control Mandatory Access Control (MAC) is a system wide policy that relies on the current system to control access (Syracuse University, 2009). Users cannot alter or make any changes to this policy. Only the administrator has the clearance and authorization to make changes (The Computer Language Company Inc., 2012). Mandatory access control mechanisms are more than Discretionary Access Control (DAC) but have trade offs in performance and convenience to all users (The Open Web Application Security Project, 2002). Users can access lower level documentation, but they cannot access higher level without the process of declassification. Access is authorized or restricted based on the security characteristics of the HTTP client. This can be due to SSL bit length, version information, originating IP address or domain, etc. Systems supporting flexible security models can be SELinux, Trusted Solaris, TrustedBSD, etc. DAC checks the validity of the credentials given by the user. MAC validate aspects which are out of the hands of the user (Coar, 2000). If there is no DAC list on an object, full access is granted to any user (Microsoft, 2012). SELinux SELinux has three states of operation. These states are enforcing, permissive, and disabled. SELinux was developed by the U.S. National Security Agency (NSA) and implements MAC in a Linux kernel (Sobell, 2011).......

Words: 875 - Pages: 4

Linux Security Technologies

...There are different types of Linux Security Technologies. Discretionary Access Control, SELinux (Security Enhanced Linux), chroot jail, and iptables are just a few. This paper is only going to discuss the latter three. Discretionary Access Control is the more traditional, however; DAC is not as secure and will not be discussed here.1 The U.S National Security Agency (NSA) is the organization behind the creation of SELinux. The reason the NSA is involved in this project is because this organization is responsible for carrying out the research and advanced development of technologies needed to enable NSA to provide the solutions, products, and services to achieve Information Assurance for information infrastructures critical to U.S. National Security interests. The NSA implemented a Mandatory Access control within the Linux Kernel. This MAC is named Flask.2 There are three main policies that SELinux uses to apply MAC. There is the Targeted, where the MAC controls will only be used for a specific process or processes, there is the Multilevel Security protection, and the Strict. The strict puts MAC controls to all processes. The targeted is not as secure as the strict, however; the targeted is easier to maintain. If one uses the strict, the administrator will have to customize the policy. Failure to do so could cause other users a significant problem in performing his or her assigned duties. 3 The main reason the MAC has been created is to help prevent......

Words: 919 - Pages: 4

Linux Security Technology

...|Linux Security Technology | | 1. SELinux SELinux, an implementation of Mandatory Access Control (MAC) in the Linux kernel, adds the ability to administratively define policies on all subjects (processes) and objects (devices, files, and signaled processes). This mechanism is in the Linux kernel, checking for allowed operations after standard Linux Discretionary Access Controls DAC are checked. Security-Enhanced Linux (SELinux) is a Linux feature that provides a mechanism for supporting access control security policies, including United States Department of Defense-style mandatory access controls, through the use of Linux Security Modules (LSM) in the Linux kernel. It is not a Linux distribution, but rather a set of Kernel modifications and user-space tools that can be added to various Linux distributions. Its architecture strives to separate enforcement of security decisions from the security policy itself and streamlines the volume of software charged with security policy enforcement. The key concepts underlying SELinux can be traced to several earlier projects by the United States National Security Agency (NSA), It has been integrated into the mainline Linux kernel since version 2.6. NSA, the original primary developer of SELinux, released the first version to the open source development community under the GNU GPL on December 22, 2000. Security-enhanced......

Words: 1860 - Pages: 8

Linux Security Technologies

...With a world that is vastly growing in size so does our use for technology. With this use of technology come lots of potential threats and hazards. Our world today is ever so growing with its relationship with the internet or World Wide Web (WWW). Many places use the internet to access sites, software, music, book, and so forth, the list goes on. But with this advance in technology come lots of threats to consumers alike. Such as hackers, viruses, people who don’t know what they are doing, and even people who you may call your best friend. Threat comes in many shapes and sizes which is why operating systems such as Linux develop ways to keep your personal files safe from these unwarranted threats. Some of these measures include, but is not limited to; iptables, SELinux, chroot jail, TCP Wrappers, firewalls, PolicyKit, NX or No eXecute, PIE or Position Independent Executables, Netfilter, and the list goes on (“Fedora Projects” & Vepstas). When a user first approaches Linux it looks similar to what a windows operating system would resemble. With Linux a user has the ability to access every file within the operating system through the use of a terminal or command prompt. Through the use of Linux programming potential threats can gain access to you file system and everything housed within it. Linux is free software that comes with many great security features that any user or administrator greater access and control over the system. The choice can be a bit much for......

Words: 1082 - Pages: 5

Linux Security Technologies

...Creating a usable secure operating system remains a critical research problem. Linux has several security developments included in its open source operating system. Among these are SELinux, chroot jail, and iptables to name a few. SELinux is Security Enhanced Linux. The National Information Assurance Research Laboratory of the National Security Agency was in charge of carrying out the research and advanced development of technologies needed to enable the NSA to provide the solutions, products, and services to achieve Information Assurance for information infrastructures essential to the security of the U.S. National Security. The Security-enhanced Linux prototype was developed by the NSA along with research partners from NAI Labs, Secure Computing Corporation (SCC), and the MITRE Corporation. Many other contributions have followed since the initial release.(NSA-National Security Agency, 2009) Researchers in the National Information Assurance Research Laboratory of NSA worked with Secure Computing Corporation (SCC) to develop a strong, flexible mandatory access control architecture based on a mechanism first developed for the LOCK system called Type Enforcement. The NSA and SCC then worked with the University of Utah’s Flux research group to transfer the architecture to the Fluke research operating system. The architecture was enhanced, when it was transferred, to provide better support for dynamic security policies. This enhanced architecture was named Flask. SELinux......

Words: 1498 - Pages: 6

Linux Security Technologies

...George McShane Research Paper 07/13/2012 Linux Security Technologies In today’s world there are many ways to gain access to the internet. You can go to your local library, a Starbucks, any airport, or even a McDonald’s. With all of these ways to have free access to the Web, the opportunity for hacker’s to get to your personal information is at an all time high. Linux programming has many ways to combat this situation with security technologies such as SELinux, chroot jail, iptables, and virtual private networks (VPN’s) to name a few. The basics of Linux security start with Discretionary Access Control, which is based by users and groups. The process starts with a user, who has access to anything that any other user can have access to. At first, it may seem great to be able to have that access, but the security in it is not so great. The US National Security Agency (NSA) developed the SELinux (Security Enhanced Linux) to combat the lack of strong security. (National Security Agency Central Security Service, 2009) Other organizations behind SELinux include the Network Associate Laboratories (NAI) labs which implemented several additional kernel mandatory access controls, developed the example security policy configuration, ported to the Linux 2.4 kernel, contributed to the development of the Linux Security Modules kernel patch, and adapted the SELinux prototype to LSM. The MITRE Corporation which enhanced several utilities to be SELinux-aware, and developed......

Words: 1207 - Pages: 5

The.Equalizer.2.2018.German.... | Майк Майерс | Top Management