...07/13/2012 Linux Security Technologies In today’s world there are many ways to gain access to the internet. You can go to your local library, a Starbucks, any airport, or even a McDonald’s. With all of these ways to have free access to the Web, the opportunity for hacker’s to get to your personal information is at an all time high. Linux programming has many ways to combat this situation with security technologies such as SELinux, chroot jail, iptables, and virtual private networks (VPN’s) to name a few. The basics of Linux security start with Discretionary Access Control, which is based by users and groups. The process starts with a user, who has access to anything that any other user can have access to. At first, it may seem great to be able to have that access, but the security in it is not so great. The US National Security Agency (NSA) developed the SELinux (Security Enhanced Linux) to combat the lack of strong security. (National Security Agency Central Security Service, 2009) Other organizations behind SELinux include the Network Associate Laboratories (NAI) labs which implemented several additional kernel mandatory access controls, developed the example security policy configuration, ported to the Linux 2.4 kernel, contributed to the development of the Linux Security Modules kernel patch, and adapted the SELinux prototype to LSM. The MITRE Corporation which enhanced several utilities to be SELinux-aware, and developed application security policies. And the...
Words: 1207 - Pages: 5
...that are involved in the SELinux project, but namely the NSA seems to be in the top ranks of this particular technology. Researchers in NSA's National Information Assurance Research Laboratory (NIARL) designed and implemented flexible mandatory access controls in the major subsystems of the Linux kernel and implemented the new operating system components provided by the Flask architecture, namely the security server and the access vector cache. The NSA researchers reworked the LSM-based SELinux for inclusion in Linux 2.6. Creating a viable secure operating system remains a critical research problem. Our goal is the creation of an efficient architecture that provides requisite support for security, executes programs in a way that is largely transparent to the user, and is attractive to vendors. We believe an essential step in attaining this goal is to show how mandatory access controls can be successfully integrated into a mainstream operating system. The notion of a secure system includes many attributes (e.g., physical security, personnel security, etc.) and Security-enhanced Linux addresses only a very narrow set of these attributes (i.e., mandatory access controls in the operating system). Put another way, "secure system" means safe enough to protect some real world information from some real world adversary that the information owner and/or user care about. Security-enhanced Linux is only intended to demonstrate mandatory controls in a modern operating system like Linux and...
Words: 316 - Pages: 2
...Security System Security System, any of various means or devices designed to guard persons and property against a broad range of hazards, including crime, fire, accidents, espionage, sabotage, subversion, and attack. Most Security System emphasize certain hazards. The principal security concerns are shoplifting and employee dishonesty. A typical set of categories to be protected includes the personal safety of people in the organization, such as employees, customers, or residents; tangible property, such as the plant, equipment, finished products, cash, and securities, such as highly classified national-security information or “proprietary” information (e.g., trade secrets) of private organizations. An important distinction between a security and protection system and public services such as police and fire departments is that the former employs means that emphasize passive and preventive measures. Security systems are found in a wide variety of organizations, ranging from government agencies and industrial plants to apartment buildings and schools. Sufficiently large organizations may have their own proprietary security systems or may purchase security services by contract from specialized security organizations. The origins of security systems are obscure, but techniques for protecting the household, such as the use of locks and barred windows, are very ancient. As civilizations developed, the distinction between passive and active security was recognized, and responsibility...
Words: 621 - Pages: 3
...Research Paper: Information Security Technologies by Benjamin Tomhave November 10, 2004 Prepared for: Professor Dave Carothers EMSE 218 The George Washington University This paper or presentation is my own work. Any assistance I received in its preparation is acknowledged within the paper or presentation, in accordance with academic practice. If I used data, ideas, words, diagrams, pictures, or other information from any source, I have cited the sources fully and completely in footnotes and bibliography entries. This includes sources which I have quoted or paraphrased. Furthermore, I certify that this paper or presentation was prepared by me specifically for this class and has not been submitted, in whole or in part, to any other class in this University or elsewhere, or used for any purpose other than satisfying the requirements of this class, except that I am allowed to submit the paper or presentation to a professional publication, peer reviewed journal, or professional conference. In adding my name following the word 'Signature', I intend that this certification will have the same authority and authenticity as a document executed with my hand-written signature. Signature _____Benjamin L. Tomhave________________________ Benjamin L. Tomhave 12/7/2004 1 Research Paper: Information Security Technologies by Benjamin L. Tomhave Abstract The following research paper provides analysis of thirteen (13) information security technology topics, arranged in ten (10)...
Words: 12903 - Pages: 52
...types of Linux Security Technologies. Discretionary Access Control, SELinux (Security Enhanced Linux), chroot jail, and iptables are just a few. This paper is only going to discuss the latter three. Discretionary Access Control is the more traditional, however; DAC is not as secure and will not be discussed here.1 The U.S National Security Agency (NSA) is the organization behind the creation of SELinux. The reason the NSA is involved in this project is because this organization is responsible for carrying out the research and advanced development of technologies needed to enable NSA to provide the solutions, products, and services to achieve Information Assurance for information infrastructures critical to U.S. National Security interests. The NSA implemented a Mandatory Access control within the Linux Kernel. This MAC is named Flask.2 There are three main policies that SELinux uses to apply MAC. There is the Targeted, where the MAC controls will only be used for a specific process or processes, there is the Multilevel Security protection, and the Strict. The strict puts MAC controls to all processes. The targeted is not as secure as the strict, however; the targeted is easier to maintain. If one uses the strict, the administrator will have to customize the policy. Failure to do so could cause other users a significant problem in performing his or her assigned duties. 3 The main reason the MAC has been created is to help prevent security threats to a system...
Words: 919 - Pages: 4
...With a world that is vastly growing in size so does our use for technology. With this use of technology come lots of potential threats and hazards. Our world today is ever so growing with its relationship with the internet or World Wide Web (WWW). Many places use the internet to access sites, software, music, book, and so forth, the list goes on. But with this advance in technology come lots of threats to consumers alike. Such as hackers, viruses, people who don’t know what they are doing, and even people who you may call your best friend. Threat comes in many shapes and sizes which is why operating systems such as Linux develop ways to keep your personal files safe from these unwarranted threats. Some of these measures include, but is not limited to; iptables, SELinux, chroot jail, TCP Wrappers, firewalls, PolicyKit, NX or No eXecute, PIE or Position Independent Executables, Netfilter, and the list goes on (“Fedora Projects” & Vepstas). When a user first approaches Linux it looks similar to what a windows operating system would resemble. With Linux a user has the ability to access every file within the operating system through the use of a terminal or command prompt. Through the use of Linux programming potential threats can gain access to you file system and everything housed within it. Linux is free software that comes with many great security features that any user or administrator greater access and control over the system. The choice can be a bit much for most...
Words: 1082 - Pages: 5
...Linux Security Technologies SELinux (Security Enhanced Linux) is a mandatory access control in the Linux kernel that was originally developed by NSA (National Security Agency) with direct contributions provided by Red Hat Enterprise Linux (RHEL) via the Fedora Project. In the day and age of identity theft and attempted sabotage from terrorists against our country, it should be very apparent why an organization like NSA had such an interest in heading up development of a more secure way to better protect our nation’s computer systems. In a world so largely dependent on computer systems, inadequate security measures could lead to anything from having a single person’s financial information compromised to an electronic 9/11 against some of our country’s most secure federal computer networks. In the modern computer based society we live in, security is essential to protecting everything from personal desktops all the way up to the most secure federal databases. And many corporate and government level computers are based on the Linux kernel. SELinux has 3 states it can be in if on a system: Enabled, Disabled, and Permissive. Enforcing means SELinux security policy is active, Disabled means SELinux security policy is not active, and Permissive is a diagnostic state commonly used for troubleshooting. To better understand what improvements Mandatory Access Control (MAC) can provide for security, one needs to know about the standard Linux security provision called Discretionary...
Words: 1124 - Pages: 5
...|Linux Security Technology | | 1. SELinux SELinux, an implementation of Mandatory Access Control (MAC) in the Linux kernel, adds the ability to administratively define policies on all subjects (processes) and objects (devices, files, and signaled processes). This mechanism is in the Linux kernel, checking for allowed operations after standard Linux Discretionary Access Controls DAC are checked. Security-Enhanced Linux (SELinux) is a Linux feature that provides a mechanism for supporting access control security policies, including United States Department of Defense-style mandatory access controls, through the use of Linux Security Modules (LSM) in the Linux kernel. It is not a Linux distribution, but rather a set of Kernel modifications and user-space tools that can be added to various Linux distributions. Its architecture strives to separate enforcement of security decisions from the security policy itself and streamlines the volume of software charged with security policy enforcement. The key concepts underlying SELinux can be traced to several earlier projects by the United States National Security Agency (NSA), It has been integrated into the mainline Linux kernel since version 2.6. NSA, the original primary developer of SELinux, released the first version to the open source development community under the GNU GPL on December 22, 2000. Security-enhanced Linux...
Words: 1860 - Pages: 8
...research problem. Linux has several security developments included in its open source operating system. Among these are SELinux, chroot jail, and iptables to name a few. SELinux is Security Enhanced Linux. The National Information Assurance Research Laboratory of the National Security Agency was in charge of carrying out the research and advanced development of technologies needed to enable the NSA to provide the solutions, products, and services to achieve Information Assurance for information infrastructures essential to the security of the U.S. National Security. The Security-enhanced Linux prototype was developed by the NSA along with research partners from NAI Labs, Secure Computing Corporation (SCC), and the MITRE Corporation. Many other contributions have followed since the initial release.(NSA-National Security Agency, 2009) Researchers in the National Information Assurance Research Laboratory of NSA worked with Secure Computing Corporation (SCC) to develop a strong, flexible mandatory access control architecture based on a mechanism first developed for the LOCK system called Type Enforcement. The NSA and SCC then worked with the University of Utah’s Flux research group to transfer the architecture to the Fluke research operating system. The architecture was enhanced, when it was transferred, to provide better support for dynamic security policies. This enhanced architecture was named Flask. SELinux implements the Flask security architecture which uses flexible mandatory...
Words: 1498 - Pages: 6
...Vulnerability is a weakness or fault in a system or protection mechanism that opens it to attack or damage. Exposure is the condition or state of being exposed. 3. What are the three components of the CIA triangle? What are they used for? The three components of the CIA triangle are confidentiality, integrity, and availability. Confidentiality is used to protect information from disclosure or exposure to unauthorized individuals or systems. Integrity is when information is a whole, complete, and uncorrupted. Availability is used to enable authorized users to access information without interference and to receive it in the required format. 4. Describe the critical characteristics of information. How are they used in the study of computer security? The critical characteristics of information is the value of information it possesses. If a characteristic change, the value of information also changes. There are seven critical characteristics which are: Availability - enable authorized users to access information without interference or obstruction and receives it in the required format. Accuracy - information that is free from errors and it has the value that the end user expects Authenticity - quality or state of being genuine or original, not a reproduction or fabrication. Information is authentic when it is in the same state in which it was created, placed, stored, or transferred. Confidentiality - information that is protected from disclosure or exposure to unauthorized individuals...
Words: 422 - Pages: 2
...Cover Page Student: Melissa Zell Lee Internet Technology, Marketing, and Security Bus 508 Professor: John Theodore November 22, 2011 Heartland Payment Systems is known for fair, fully disclosed pricing and empowering merchants who like to take control of payments processing costs. More than 11 million transactions are processed daily with over $80 billion transactions a year, making Heartland the 5th largest payment processor in the United States and 9th in the world (Heartland, 2011). However, a data breach occurred last year in 2010 for Heartland which compromised tens of millions of credit and debit card transactions. Such figures make the Heartland incident one of the largest data breaches ever reported. In this paper I will analyze Heartland’s business, marketing, and security strategies and their response to this security breach as well as propose new methods of security to prevent future occurrences. Heartland is available to merchants 24/7 with a full customer support team. Additionally, their E3 end-to-end encryption solution is designed to protect cardholder data throughout the lifecycle of a payments transaction which helps business owners improve data security and reduce the cost of PCI compliance. Heartland uses end-to-end encryption because other technologies such as point-to-point encryption do not protect the data after the card is authenticated which leaves payment account data vulnerable to thieves who can use the data for fraudulent activity...
Words: 1496 - Pages: 6
...Internet Technology, Marketing and Security ------------------------------------------------- BUS508029VA016-1122-001 Prof. Etido Akpan Internet Technology, Marketing and Security An online presence is vital for today’s businesses. Many major corporations use social networking and the Internet to market and sell products, which requires the collection of data in order to facilitate these purchases. Unfortunately this can leave these corporations vulnerable to security breaches in an attempt to steal the information contained in these databases. One major corporation that suffered a security breach recently was Sony Corporation, which had two database security breaches in 2011. Sony Corporation was founded in May of 1946 and is headquartered in Tokyo, Japan with a U.S. Division called Sony Corporation of America. They have approximately 168,000 employees worldwide. Their major product lines are audio, video, televisions, information and communications, semiconductors, and electronic components. In 2010 global consolidated sales and operating revenue were $7,181,300 billion Yen or approximately $89.8 million US dollars (Sony Corporation, 2012). Sony Corporation has two websites, www.sony.com for the U.S. business lines and www.sony.net for the global corporate site. Each website is very similar in its offerings. Product information is available with detailed specs, and there are options to purchase some products online or links to purchase from a Sony store...
Words: 1790 - Pages: 8
...Internet Technology, Marketing, and Security Rocheen Pearson Dr. John H. Carter Contemporary Business BUS 508 February 22, 2012 Question #1 – Describe and evaluate a major corporation’s Website in these four areas: (1) product information, (2) corporation’s contact information, (3) customization of products for customers, and (4) customer information at purchase. Product information Sony actively uses customer feedback to improve its products. Opinions, reports of defective products, inquiries about using products and other feedback received through Customer Information Centers are reviewed and submitted to planning and design groups so that improvements can be made (Product, 2011). Sony established the Quality Hot Line in 2003, to gather product quality-related information, including reports of problems, as well as opinions from Sony Group employees. Employees can send messages regarding quality-related matters. The Quality Hot Line proposes and introduces measures to prevent previous problems from recurring and precluding potential new problems (Product, 2011). Sony has established dedicated quality management organizations in each of its business divisions. The headquarters' quality management and technology experts gather weekly and share quality issues among them. They are also responsible for monitoring the effectiveness of responses, ensuring they are consistent and help expedite Sony's quality improvement efforts (Product, 2011). Corporation’s...
Words: 1581 - Pages: 7
...Internet Technology, Marketing, and Security Renita M. Harris Strayer University BUS508 Contemporary Business Dr. Joseph Keller November 30, 2013 Internet Technology, Marketing, and Security The topic of this paper is Internet technology, marketing and security. Internet Technology and Marketing are the way that businesses advertise and market their products. Internet Technology is considered as social media. Many companies reach out to their consumers to know about their products. Marketing is the way a business reaches their target audience. Through social media companies market their product. Throughout this paper, I will discuss the popularity of social media for entrepreneurs. I will discuss in this paper the advantages and disadvantages of social media. I will analyze how the Pepsi Refresh project had to market Pepsi to their consumers. I will discuss how Zappos and Ford use social media outlets for marketing their product to their intended audience. This paper will have information relating to social media of today. Social Media Marketing The explosion of Social Media Marketing Service websites on the Internet Social media has become a detrimental part of society. Social Media allows real people to discuss real issues and concerns amongst each other. Social Media lays out the outline for truths, non-truths, facts, and opinions. It is also a viral conduit for immediate, late-breaking news, photos, and video streaming. Social Media provides users...
Words: 2092 - Pages: 9
...Title: Internet, technology, marketing and security Name: Course: Tutor: Date: Social media marketing is a method that has been adapted by most multinational as well as transnational companies all over the world. This method has been adapted for a number of reasons. The method can be said to be influenced by the expanding global market which has been influenced by globalization. Social media marketing entails the use of social media to advertise products to the market. Social Medias are where people from different walks of life get together and keep track of each other’s life progress. In light of this, it is easy for big companies to reach out to their market through social media. This shows how companies have incorporated technology for their benefit and how the method has benefited them. This is especially due to the increasing use of technology all over the world especially in the use of the internet. Why social media marketing has become popular these days The most common social media that are constantly used by companies include Face book, YouTube, twitter, instagram among others. Companies use social media marketing for various reasons. Firstly, social media marketing allows companies to have a one on one interaction with the market. This is made possible by the response of consumers to the products produced by the company. Normally, social media is meant for interaction and building up of relationships. This is the role that is taken advantage of by...
Words: 2358 - Pages: 10
