Presentation is loading. Please wait.

Presentation is loading. Please wait.

Linux Security.

Published byDelphia Sherman Modified over 9 years ago

Similar presentations

Presentation on theme: "Linux Security."— Presentation transcript:

1 Linux Security

2 Linux Security Security features
Kernel provides a minimal set of security features Discretionary access control Authentication is performed outside the kernel by user-level applications such as login. Allows system administrators to redefine access control policies customize the way Linux authenticates users specify encryption algorithms that protect system resources

3 Authentication Default authentication
User enters username and password via login Passwords are hashed (using MD5 or DES) Encryption cannot be reversed Stored in /etc/passwd or /etc/shadow Pluggable authentication modules (PAMs) Can reconfigure the system at run time to include enhanced authentication techniques For example: Disallow terms found in a dictionary and require users to choose new passwords regularly Supports smart cards, Kerberos and voice authentication

4 Access Control Methods
Access control attributes Specify file permissions and file attributes File permissions Combination of read, write and/or execute permissions specified for three categories: user, group and other File attributes Additional security mechanism supported by some file systems Allow users to specify constraints on file access beyond read, write and execute Examples: append-only, immutable

5 Access Control Methods
Linux security modules (LSM) framework Allows a system administrator to customize the access control policy Uses loadable kernel modules Kernel uses hooks inside the access control verification code to allow an LSM to enforce its access control policy Example: SELinux Developed by NSA Replaces Linux’s default discretionary access control policy with a mandatory access control (MAC) policy

6 Access Control Methods
Privilege inheritance Normally a process executes with same privileges as the user who launched it Some applications require process to execute with other user privileges Example: passwd setuid and setgid allow process to run with the privileges of the file owner Improper use of setuid and setgid can lead to security breaches LSM Capabilities allow administrator to assign privileges to applications as opposed to users to prevent this

7 Cryptography Cryptographic API
Enables users to access several forms of encryption to protect their data Uses powerful algorithms such as DES, AES and MD5 Kernel uses Cryptographic API to implement IPSec Enables users to create secure (encrypted) file systems Loopback device Layer between the virtual file system and the existing file system Can be used to encrypt and decrypt data transferred between processes and the underlying file system

8 Cryptography Loopback device providing an encrypted file system using the Cryptographic API.

Download ppt "Linux Security."

Similar presentations

Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
1 Chapter 13 Securing an Access Application. 13 Chapter Objectives Learn about the elements of security Explore application-level security Use user-level.

1 Chapter 13 Securing an Access Application. 13 Chapter Objectives Learn about the elements of security Explore application-level security Use user-level.
Password Cracking Lesson 10. Why crack passwords?

Password Cracking Lesson 10. Why crack passwords?
Access Control Chapter 3 Part 3 Pages 209 to 227.

Access Control Chapter 3 Part 3 Pages 209 to 227.
Chapter 15 Security and Protection Copyright © 2008.

Chapter 15 Security and Protection Copyright © 2008.
1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.

1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.
Access Control Methodologies

Access Control Methodologies
Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)

Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)
Chapter 9 Building a Secure Operating System for Linux.

Chapter 9 Building a Secure Operating System for Linux.
Cyber Security and Key Management Models Smart Grid Networks The Network System Key Management and Utilization Why Hardware Security Christopher Gorog,

Cyber Security and Key Management Models Smart Grid Networks The Network System Key Management and Utilization Why Hardware Security Christopher Gorog,
(Remote Access Security) AAA. 2 Authentication User named flannery dials into an access server that is configured with CHAP. The access server will.

(Remote Access Security) AAA. 2 Authentication User named "flannery" dials into an access server that is configured with CHAP. The access server will.
1 Security and Protection Chapter 9. 2 The Security Environment Threats Security goals and threats.

1 Security and Protection Chapter 9. 2 The Security Environment Threats Security goals and threats.
Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.

Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
SUSE Linux Enterprise Server Administration (Course 3037) Chapter 2 Manage User Access and Security.

SUSE Linux Enterprise Server Administration (Course 3037) Chapter 2 Manage User Access and Security.
7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.

7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.
ADVANCED LINUX SECURITY. Abstract : Using mandatory access control greatly increases the security of an operating system. SELinux, which is an implementation.

ADVANCED LINUX SECURITY. Abstract : Using mandatory access control greatly increases the security of an operating system. SELinux, which is an implementation.
© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Security Strategies in Linux Platforms and.

© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Strategies in Linux Platforms and.
Privilege Levels Cisco IOS provides for 16 different privilege levels ranging from 0 to 15. Cisco IOS comes with 2 predefined user levels. User mode.

Privilege Levels Cisco IOS provides for 16 different privilege levels ranging from 0 to 15. Cisco IOS comes with 2 predefined user levels. User mode.
Security-Enhanced Linux & Linux Security Module The George Washington University CS297 Programming Language & Security YU-HAO HU.

Security-Enhanced Linux & Linux Security Module The George Washington University CS297 Programming Language & Security YU-HAO HU.
Windows Security Mechanisms Al Bento - University of Baltimore.

Windows Security Mechanisms Al Bento - University of Baltimore.

Similar presentations

Ads by Google