Security Strategies in Linux Platforms and Applications Lesson 2

© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.

Security Strategies in Linux Platforms and Applications

Lesson 2Basic Components of Linux Security

Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.

Learning ObjectiveDescribe components of Linux security.


Key ConceptsUnderstand boot loadersSecurity considerations while using kernel

and user space componentsDiscretionary access control (DAC) and

access control lists (ACLs)Mandatory access control (MAC) with

Security Enhanced Linux (SELinux)Concepts of a packet filtering firewall


DISCOVER: CONCEPTS


Common Boot LoadersGrand Unified Bootloader (GRUB)Linux Loader (LILO)LoadlinUniversal Bootloader (U-Boot)


Configuration Options Comments

default=0 Is for default kernel to boot

timeout=0 Sets the timeout to zero

color green/blue Specifies the color for the GRUB screen

password – md5 <encrypted password>

Is for the encrypted password

splashimage=(hd0,0)/grub/splash.xpm.gz

Is for “splash” image that shows when you access the GRUB menu

GRUB Configuration Options


The Linux Firewall

Hardware

Kernel Space

User Space

Location of iptables

Location of netfilter

User


Layered Security

Physical security

Firewall

Access control mechanisms

Encryption

Monitoring

Backups


DISCOVER: PROCESS


Common Linux Access Controls

MAC allows the file sharing service to interact with the shared filesystem.

DAC provides the required

permissions to access files.

The firewall allows user access based on the file service

port and user’s Internet Protocol

address.


DISCOVER: ROLES


Access Control Mechanisms

DAC Defines the access control for objects in the filesystem

ACLs Grants “special” permissions to users or groups for an

object in the filesystem that are not specified in the DAC permissions

MAC Adds additional categories to objects in the filesystem


DISCOVER: CONTEXTS


Kernel Space

Kernel space has access and can control all aspects of a Linux system

Loadable kernel modules (LKMs) are a common avenue for rootkits


User Space

User space is the most likely avenue that black-hat hackers attempt to exploit the Linux system.

It is common for black-hat hackers to gain unauthorized access simply by guessing an easy password from a user account.


DISCOVER: RATIONALE


Importance of a FirewallFirewall on each host server provides an

additional layer of security: If the network perimeter firewall allows

unauthorized traffic into the network, firewall protects servers from the unauthorized traffic.

Firewall provides additional protection to host servers if a rogue program infects the local area network (LAN).


Importance of Securing Core ComponentsDefault settings, improper file permissions,

and insecure user accounts are common methods used by black-hat hackers to gain unauthorized access.

Best practices and compliance standards require basic security and can result in hefty fines, if not followed.


SummaryUnderstand boot loadersThe process of Linux access controlAccess control mechanisms such as DAC,

ACLs, and MACConsiderations for using kernel space and

user space Importance of firewall and securing core

components


OPTIONAL SLIDES


A Linux Kernel Configuration Menu


Red Hat’s AuthenticationConfiguration Tool


The Security Level Configuration Tool for Firewalls


The SELinux Administration Tool

Security Strategies in Linux Platforms and Applications Lesson 2

Documents

Transcript of Security Strategies in Linux Platforms and Applications Lesson 2