Linux Security Technologies
In today’s world there are many ways to gain access to the internet. You can go to your local library, a Starbucks, any airport, or even a McDonald’s. With all of these ways to have free access to the Web, the opportunity for hacker’s to get to your personal information is at an all time high. Linux programming has many ways to combat this situation with security technologies such as SELinux, chroot jail, iptables, and virtual private networks (VPN’s) to name a few.
The basics of Linux security start with Discretionary Access Control, which is based by users and groups. The process starts with a user, who has ...view middle of the document...
SELinux is not recommended for any level of implementation other than development and testing. It is not approved for government use. It is a work-in-progress of a new concept for OS design. SELinux does not attempt to address all known security issues, but it does offer a framework for preventing Unix processes from unauthorized behavior such as reading other process data, changing data, bypassing coarse-grained security, or interfering with other processes.
In the world of information security, you have to assume that hackers will get into your network. Whether using a zero-day exploit, sending malicious emails to your employees or taking advantage of poor coding in use on your webpage, attackers are coming for you. Your job as an administrator is to make it as difficult as possible for an attacker to gain access as well as being able to detect and mitigate an attack after it occurs. This is why practicing "defense in-depth" must be an essential part of your everyday thought process. When deploying new services, devices, or applications, you should think to yourself: "If this were compromised, how could I mitigate the risk of an attacker advancing further into my network?" In come chroot jails.
Chroot jail is the common expression used to describe a section of a filesystem that is sectioned off for a particular user. On a web server, it is particularly useful for the security of shared hosting accounts. Chroot jail changes the operating system by preventing users from navigating to the /home directory to see other users directories or even navigating up all the way up to see directories such as /etc, /usr, /var, /lib, and other system-critical directories. (Garlie, 2011) Even though the user would not have the permissions to edit them, they would be able to see the files and pick and choose which ones they may want to take advantage of. By created the “jail” you would be able to have the comfortability of knowing that your root directory will be secure from threats and that the users who think they are in your root aren’t actually in it, which is kinda cool.
The initial head of and author behind netfilter/iptables is Paul Russell. Later he was joined by other people, who together build the Netfilter core team and maintain the netfilter/iptables project as a joint effort. Harald Welte was the former leader until 2007. The current head of the netfilter core team is Patrick McHardy. (Garlie, 2011)
Iptables is a powerful way to control packet traffic to and from your Linux box. It does this by creating tables made up of chains. ...