Research Assignment 2.1
Security Enhanced Linux is an extension that is designed to enforce strict access controls that confine processes to the minimum amount of privilege that they require. It was release late in 2000 by the US National Security Agency (NSA), SELinux was created to help such organizations that need heavy security like NAI labs, Secure computing Corporation, and MITRE Corporation. Security experts use a number of models to describe security access control systems. The most common is the Discretionary Access Control (DAC). It is how each user has complete control over the files that they own and the programs that they use, and programs run by a user will have all of the rights that the user has. A user can allow others access to her objects at her discretion, and under such a model the level of security of a system is left to the discretion of the applications running on it. Under MAC, administrators control every interaction on the software of the system. Standard UNIX permissions are still present, and are consulted before the SELinux policy during access attempts. When the standard file permissions allow access, the SELinux policy will be consulted and access is either gained or denied based on security of the source process and the targeted object.
The chroot system call was introduced during development of Version 7 Unix in 1979, and added to BSD by Bill Joy on 18 March 1982 – 17 months before 4.2BSD was released – in order to test its installation and build system. It was used for testing and development, dependency control, compatibility, recovery and, privilege separation. A chroot jail is created to limit the potential chance of an attacker. It is a security method that locks out any process and any user id link to that single directory.
Iptables is a firewall made by the official Ubuntu distributions. Iptables requires elevated privileges to operate and must be executed by user...
Please join StudyMode to read the full document