UNIX Linux Operating Systems

Linux Security Strategies Comparing Linux Security Applications The pervasive adoption of the Linux operating system has led to a proliferation of new security tools and applications for ensuring the security of systems and applications. The intent of this analysis is to evaluate chroot jail, iptables and SELinux. These three security technologies are evaluated from the standpoint of which organizations were behind their development, in addition to an explanation of how each technology changes the Linux operating system to make it more secure.

Finally the types of threats that each of the technologies is designed to eliminate is also discussed. Analysis of chroot jail The chroot jail command was developed and first introduced during the initial development of the Unix Version 7 operating system in 1979 to ensure that users of UNIX-based workstations could still navigate to the highest levels of directories on their systems.

The Berkeley System Division (BSD) versions of UNIX were very popular in the 1982 timeframe, immediately began using this command as a means to protect the rapidly expanding number of accounts on this operating system. The chroot jail command was designed to provide user account-level access to the / home/user directory. Without this command in place, any user would be able to navigate to the very top of the / user tree structure and view any account and its contents they chose to.

It also protected the entire file system for unwanted access and access across all system resources and programs as well., The developers of this command specifically looked at how to create a more effective strategy for managing user accounts and eradicating the threat of a single hacker gaining access to every user account on a Unix, and now Linux-based system (Rooney, 2004). The command has since become pervasively used for creating development "sandboxes" that define specific test regions on Linux systems that are protected from errant process threads.

This command is now pervasively used to create testing locations online to ensure applications run effectively in controlled user-account-based environments. Analysis of SELinux Originally developed by the U.S. National Security Agency (NSA), this security tool was first introduced in December, 2000 as part of the GNU GPL release of the Linux operating system. It was subsequently released as part of the mainline Linux kernel 2.6.0-test3 operating system update during August, 2003.

The technology behind this command supports access control policies across all user accounts, ports, applications and integration points throughput a Linux operating system single instance and network. SELinux can also be configured to the role-based and user levels to ensure all access points by user account are protected from inbound attacks across ports that may be opened by individual applications. It is also a very useful tool for managing the coordination of services across the entire Linux kernel, both before and after re-compile of specific sections and functional areas.

The SELinux command has increasingly been relied on for managing the ports active on smartphones and portable laptops that also have compatible Linux kernels installed on them (Greenemeier, 2005). All of these factors are often combined in an enterprise-wide strategy that supports access control protocols and the continual monitoring of ports and programs across an entire Linux-based network running TCP/IP for example.

Analysis of the iptables Command The impetus of this command was the insight of Rusty Russell, a programmer who today works at IBM that the existing Linux kernel-based commands had significant security shortcomings. He observed that the firewall software in previous generation Linux operating systems had significant shortcomings, including support for just a handful of protocols including TCP/IP, UDP and ICMP, in addition to just having support for 32-bit operating system modules (MacVittie, 2005). In 1998 Mr. Russell initiated the netfilter/iptables project and by 2000 this command was merged into Linux 2.3.

The.