Sign Up Now
Get instant access to over 1 million+ study documents
OR
Already registered? click here to login
By creating your account, you agree to our terms of service, privacy policy and student honor code.
Linux Security Strategies
Comparing Linux Security Applications
The pervasive adoption of the Linux operating system has led to a proliferation of new security tools and applications for ensuring the security of systems and applications. The intent of this analysis is to evaluate chroot jail, iptables and SELinux. These three security technologies are evaluated from the standpoint of which organizations were behind their development, in addition to an explanation of how each technology changes the Linux operating system to make it more secure. Finally the types of threats that each of the technologies is designed to eliminate is also discussed.
Analysis of chroot jail
The chroot jail command was developed and first introduced during the initial development of the Unix Version 7 operating system in 1979 to ensure that users of UNIX-based workstations could still navigate to the highest levels of directories on their systems. The Berkeley System Division (BSD) versions of UNIX were very popular in the 1982 timeframe, immediately began using this command as a means to protect the rapidly expanding number of accounts on this operating system.
The chroot jail command was designed to provide user account-level access to the / home/user directory. Without this command...
It also protected the entire file system for unwanted access and access across all system resources and programs as well., The developers of this command specifically looked at how to create a more effective strategy for managing user accounts and eradicating the threat of a single hacker gaining access to every user account on a Unix, and now Linux-based system (Rooney, 2004). The command has since become pervasively used for creating development "sandboxes" that define specific test regions on Linux systems that are protected from errant process threads. This command is now pervasively used to create testing locations online to ensure applications run effectively in controlled user-account-based environments.
Analysis of SELinux
Originally developed by the U.S. National Security Agency (NSA), this security tool was first introduced in December, 2000 as part of the GNU GPL release of the Linux operating system. It was subsequently released as part of the mainline Linux kernel 2.6.0-test3 operating system update during August, 2003. The technology behind this command supports access control policies across all user accounts, ports, applications…
References
Forristal, J. (2001). Fireproofing against DoS attacks. Network Computing, 12(25), 65-74.
Greenemeier, L. (2005). More-secure Linux still needs to win users. InformationWeek, (1029), 28-28.
MacVittie, L. (2005). Linux models a few new hats. Network Computing, 16(3), 28-30.
Rooney, P. (2004). Migrating to LINUX. CRN, (1092), 28-28.
Storage management, creating and maintaining a file system, and integrating them into networks also share a common set of functions that allow for programmer flexibility in terms of their use and sequencing through an application. These functions are specifically called as part of the kernel of the Linux operating system, and as a result they can be selectively updated very quickly. A full recompile of the entire operating system
Configuration of Microsoft Windows in more complex networking environments required an extensive amount of add-in software and programming to ensure all systems could work. Finally the levels of security inherent in the Microsoft Windows operating system continue to be problematic (Bradley, 2009). The Linux and UNIX operating systems are comparable in terms of kernel and memory architectures (MacKinnon, 1999)(Predd, Cass, 2005). There are variations in the pricing models used for
In addition the cost makes it expensive to own the hardware required to support these systems as personal computers. The university has also indicated its preference for the PC and the Windows operating system. All training and skill acquisition is also generally offered for the windows system in the college. Standardization and uniformity of the design platform of Microsoft has greatly enhanced the applicability in the workplace. Standard packages
Unix provides many more options to an administrator, and having a consultant may help decide what methods would be best for the individual circumstances; administrators making the switch from other platforms will be used to having to just make do with whatever is available rather than being able customize options for best fit. Being the administrator of a server is a skilled task, and is not something that should be
The Windows operating system architecture also allows for single sign-on and also relies on user name and password verification. The authentication process for a Windows operating system at the server level can also be configured to validate the identity of the person logging in at the Windows domain and Microsoft Active Directory Service levels as well. Certificates can be assigned to specific applications, databases and processes within a Windows sever-based
6.30. When there are no restrictions for unprivileged users and if the option for config_rdskernel configuration is set, hackers can write arbitrary values into kernel memory (by making specific types of socket function calls) since kernel software has not authenticated that the user address is actually found in the user segment. The lack of verification of the user address can provide hackers to gain privileges and access to areas that