Linux security is pretty simple. You are root or not. Everything is a file. File don't have complicated ACLs like Windows but instead just a simple permission set assigned to the owner of the file, the group assigned to the file and everyone else. (Technically, Linux does have ACLs but they are not commonly used or supported on all file systems.) This is basically an implementation of Discretionary Access Control where resources have owners and access on a resource is at the discretion of its owner.
The next level of Linux security is based on Mandatory Access Control and Multi-Level Security where access is centrally managed by the administrator with little if anything left up to the discretion of the owner.
In the past, the attempts to implement MAC security was limited to defense and intelligence related environments. But that is changing with the out-of-control growth of for-profit and state-sponsored hacking. More and more organizations are seeing the need for more flexible and powerful security in Linux. The first place to look is what's already available as implementations for MAC which are principally:
In this real training for free ™ webinar I will introduce you to SELinux and AppArmor and help you understand the basic security enhancement that they both provide.
Both AppArmor and SELinux allow you to centrally define policies that limit what different applications can do on the system. Instead of just being a matter of who the user is, which file they are accessing and what they are trying to do to the file, these technologies impose restrictions on which programs can execute what those programs can actually do once they are executing. So for instance you could say that useradd is allowed to modify etc/passwd but not vi (if you now realize the significance of that you’ll want to tune into this webinar).
Then I will also contrast the 2 technologies. Because they are very different. SELinux is more powerful but as you might guess with that power comes more complexity.
Whichever technology you decide on its important to beef up Linux security because the bad guys don't care if our systems are Windows or Linux. They want our information and they'll do anything they must to reach it.
And the need to secure Linux applies even if your Linux systems don't host critical information or processes. One thing that's been demonstrated over and over again in the past couple years is how crucial it is to keep your entire network secure. It's foolhardy to think you can just focus all your effort on the systems “that really matter”. The bad guys are exploiting that ill-begotten strategy. The truth is every system matters; every account matters. Failing to understand that is what has made the horizontal kill chain strategy so successful for the bad guys.
So please join me for this advanced Linux security event. It's sponsored by HEAT Software and Brett Chadwick from HEAT will briefly demonstrate how their HEAT Endpoint Management & Security Suite simplifies the deployment and management of AppArmor and SELinux in your heterogenous environment.
Please register now!