...Abstract This document will briefly discuss the need and methods of patch management, the importance and considerations of a written business security policy and cross-platform security. Contents Table of Contents 1 Abstract 2 Contents 2.1 Table of Contents 2.2 Table of Figures 2.3 List of Tables 3 Patch Management 3.1 Patch Management Defined 3.2 Patch Management Applications 3.3 Patch Management Scripting 4 The Written Business Security Policies 4.1 Importance of the Written Business Security Policy 4.2 Considerations of Creating the Written Business Security Policy 5 Cross-Platform Security Configurations 6 Conclusion Table of Figures Figure 1: Windows to Linux Authentication List of Tables Table 1: Patch Management Applications Patch Management Patch Management Defined Over the years common security practices have evolved. With these practices the view on patch management has evolved as well. Just a few years ago the common mentality regarding patches was to install and forget. Many systems were deployed and left to their own, few were ever updated. With the rise of worms and malicious code such mentality is no longer accepted. With the new threat levels comes a new focus on patch management. In today’s network environment different methods of deploying and managing patches exist. Networks are unique, like fingerprints, most often no...
Words: 890 - Pages: 4
...Security Mac Viruses Many Mac users believe their systems are impervious to threats. This is a naïve falsity of course because no computer system is invulnerable. It is a known fact that Windows can be very prone to virus infections, but since there are so little Mac viruses, people like to get it in their heads that it isn’t possible. Mac OS X is built on the UNIX kernel, one of the most secure operating systems. UNIX creates a file system in which the user isn’t the most powerful role on the computer and needs root permission to really make any major changes. It is technically more secure, but the only other real benefit is that Apple doesn’t populate a large percentage of the PC marketplace. Apple used to encourage this way of thinking, but after the Flashback virus (Perlroth, 2012), they decided it wasn’t a good idea to lie to their customers. Apple replaced their “Why you’ll love a Mac” website containing “It doesn’t get PC viruses” to “It’s built to be safe” (Mlot, 2012). Since malware really only exploits existing bugs or holes in an operating system, it is up to Apple to fix those holes, and they do a pretty good job of it. But in any case, it’s better to be safe than sorry. Some pretty good Mac antivirus include MacKeeper, Kaspersky, and Trend Micro (Sutherland, 2014). Preventative Maintenance With the threats to OS X made real, there are some simple tricks to keep a Mac up and running. The first of which is the ever-important data backup. Time Machine, is Apple’s...
Words: 2141 - Pages: 9
...COMPARISON: WINDOWS VS. LINUX This report is a critical comparison of the computer operating systems (OS), Windows and Linux. It is written for an average audience that uses a computer almost everyday and is now curious to know which operating system is better. The audience is assumed to have sufficient knowledge to understand the various aspects of an OS, but is not aware of the specific details of each OS. This report analyzes the different features of both operating systems in order to arrive at a conclusion on which OS is better for daily use. Both systems are evaluated on a wide range of criteria such as cost, installation process, software applications, hardware, user interface, security/stability, troubleshooting, and the implementation of the OS itself. These will help decide which of the two systems is better to use on a daily basis. Before I begin the comparison the reader needs to know that Windows is created, maintained, and updated by Microsoft. No one from outside can access the underlying code. However, Linux is created and updated by volunteers all over the world, which is why there are so many different variations of Linux like Red Hat, SuSE, MandrakeSoft and a few more. The important features of the operating systems are discussed below. COST The Windows operating system is significantly more expensive than the Linux operating system. In fact, the Linux OS can...
Words: 1216 - Pages: 5
...LESSON 2 BASIC COMMANDS IN LINUX AND WINDOWS LESSON 2 – BASIC COMMANDS IN LINUX AND WINDOWS “License for Use” Information The following lessons and workbooks are open and publicly available under the following terms and conditions of ISECOM: All works in the Hacker Highschool project are provided for non-commercial use with elementary school students, junior high school students, and high school students whether in a public institution, private institution, or a part of home-schooling. These materials may not be reproduced for sale in any form. The provision of any class, course, training, or camp with these materials for which a fee is charged is expressly forbidden without a license including college classes, university classes, trade-school classes, summer or computer camps, and similar. To purchase a license, visit the LICENSE section of the Hacker Highschool web page at www.hackerhighschool.org/license. The HHS Project is a learning tool and as with any learning tool, the instruction is the influence of the instructor and not the tool. ISECOM cannot accept responsibility for how any information herein is applied or abused. The HHS Project is an open community effort and if you find value in this project, we do ask you support us through the purchase of a license, a donation, or sponsorship. All works copyright ISECOM, 2004. 2 LESSON 2 – BASIC COMMANDS IN LINUX AND WINDOWS Table of Contents “License for Use” Information....................
Words: 2543 - Pages: 11
...Chapter 2 Installation Overview 1. A Net Boot CD is a way to install a new system from a hard disk or over a network. 2. Three considerations for planning an installation are; a. SELinux improves system security by implementing mandatory access control policies in the Fedora kernel b. Install a Graphical desktop environment (GUI) such as GNOME and/or KDE. c. Install additional software and services packages to fit the need of the user. 3. By default Fedora divides the disk into three partitions, including ‘/boot’ and Logical Volume Manager (LVM). 4. Manual partitioning the hard disk has its advantages, such as being able to isolate a filesystem for security or backup needs. 5. The / (root) partition is the main filesystem on the hard disk. Any new created directories will become part of the root filesystem unless a filesystem is created. 6. The swap partition is where Linux temporarily stores programs and data when it does not have enough RAM to hold all the information it is processing. 7. The /boot partition holds the hernel and other data the system needs when it boots. In order for the /boot partition to work properly it must be one of the first partitions on the disk. 8. The /var (variable) partition holds the bulk of system logs, package information, and accounting data. The /var/log partition is commonly used in a separate partition to isolate system logs from other files in the /var directory. 9. The /home partition is...
Words: 831 - Pages: 4
...threats to consumers alike. Such as hackers, viruses, people who don’t know what they are doing, and even people who you may call your best friend. Threat comes in many shapes and sizes which is why operating systems such as Linux develop ways to keep your personal files safe from these unwarranted threats. Some of these measures include, but is not limited to; iptables, SELinux, chroot jail, TCP Wrappers, firewalls, PolicyKit, NX or No eXecute, PIE or Position Independent Executables, Netfilter, and the list goes on (“Fedora Projects” & Vepstas). When a user first approaches Linux it looks similar to what a windows operating system would resemble. With Linux a user has the ability to access every file within the operating system through the use of a terminal or command prompt. Through the use of Linux programming potential threats can gain access to you file system and everything housed within it. Linux is free software that comes with many great security features that any user or administrator greater access and control over the system. The choice can be a bit much for most, but we will discuss a few of these choices here. Security-Enhanced Linux also known as SELinux is a security program that was developed in partner by the National Security Agency or NSA and Red Hat Developers (“Fedora Project”). So what exactly is it that SELinux does? SELinux was designed so that the Administrator could enforce policies that will limit what a user or particular program...
Words: 1082 - Pages: 5
...would be SELinux, there are many contributors to SELinux but it all really comes back to four major organizations that are responsible for the initial public release of SELinux. These organizations include The National Security Agency, Network Associates Laboratories, The MITRE Corporation, and finally the Secure Computing Corporation. From my research I have found that it all really started with the NSA when they developed the LSM-based SELinux and made it part of Linux 2.6, and this has also led to the development of similar controls in the X Window System (XACE/XSELinux) and for Xen (XSM/Flask). Then NAI Labs implemented several additional kernel mandatory access controls, developed the example security policy configuration and also contributed to the development of the Linux Security Modules kernel patch. The MITRE Corporation helped several common Linux utilities because SELinux-aware and developed application security policies. The SCC developed a preliminary security policy configuration for the system that was used as a starting point for NAI Labs’ configuration, and also developed several new or modified utilities. SELinux controls access between applications and resources, and it does this by using mandatory security policy SELinux enforces the security goals of the system regardless of whether applications misbehave or users act carelessly. You can check of SELinux is enabled in Red Hat, or Fedora by using the getenforce command, if it returns enforcing SELinux is...
Words: 541 - Pages: 3
...Fedora 12 Security-Enhanced Linux User Guide Murray McAllister Scott Radvan Daniel Walsh Dominick Grift Eric Paris James Morris Security-Enhanced Linux Fedora 12 Security-Enhanced Linux User Guide Edition 1.4 Author Author Author Author Author Author Copyright © 2009 Red Hat, Inc. Copyright © 2009 Red Hat, Inc. The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. The original authors of this document, and Red Hat, designate the Fedora Project as the "Attribution Party" for purposes of CC-BY-SA. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version. Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law. Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, MetaMatrix, Fedora, the Infinity Logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries. For guidelines on the permitted uses of the Fedora trademarks, refer to https://fedoraproject.org/wiki/ Legal:Trademark_guidelines. Linux® is the registered trademark of Linus Torvalds in the United States and other countries. All other trademarks are the property of their respective owners...
Words: 26838 - Pages: 108
...| Linux and Windows Device Support | 6-3 Short Paper Submission | | By Lauren K Homa | 7/10/2013 | | It is true that the internet hosts an abundance of support websites, forums, links and other discussions regarding Linux and Windows device support. It would seem that this topic has been highly debated for some time as to whose support is best. In my own research, I have found that responses and web sources tend to be biased towards one OS or another based on personal experiences and preferences depending on the task that the system is being used for. I have found one non-subjective difference between Windows and Linux that could help get to the bottom of the discussion: When it comes to Windows, “Microsoft writes generic drivers to help ensure users can get up and running, then 3rd party supplied drivers can be installed to optimize performance. With Linux, drivers are all included with the Linux kernel, and devices are detected and the appropriate drivers are then activated on the fly. There are no 3rd parties to contact for drivers (unless a proprietary driver is needed, in which it has to be manually installed, similar to Windows.” (Clay, 2013) This offers some benefits and costs to each system. With Windows being more prevalent, it’s evident that Microsoft makes an effort to ensure that software is compatible and available with all their hardware drives and devices, and that resources can be readily available to customers if needed. With Microsoft...
Words: 633 - Pages: 3
...Security in Linux Linux, like any other computing platform, is constantly changing. There are a few major focus points for new and upgraded platforms, one of which is how user friendly it is. User friendliness goes beyond the ability to simply point and click, it also goes behind the lines deep into the inner workings of the system. Security is one of the most important functions of any operating system, very commonly overlooked and taken for granted. A system administrator can configure tables that are provided by the Linux kernel firewall in a program called iptables. Iptables has the ability to redirect, modify or stop packets of data all based on the state of a connection at any given time. There are many different tables that can be defined and each table contains built in chains or user defined chains. Every chain is essentially a list of rules that matches a set of packets and it specifies what to do with a packet that matches the rules. For the casual user it is best to use the predefined rules, they are often more than adequate. In an enterprise situation the administrator would likely want to define additional rules in order to best suit the business needs. Before iptables Linux mainly used ipchains as a firewall package. Iptables is an improvement on ipchains because it monitors the state of connections. Iptables can use the state of the connection as opposed to ipchains using the source destination and content only, to redirect, modify or drop a packet. At least...
Words: 965 - Pages: 4
...Paper 07/13/2012 Linux Security Technologies In today’s world there are many ways to gain access to the internet. You can go to your local library, a Starbucks, any airport, or even a McDonald’s. With all of these ways to have free access to the Web, the opportunity for hacker’s to get to your personal information is at an all time high. Linux programming has many ways to combat this situation with security technologies such as SELinux, chroot jail, iptables, and virtual private networks (VPN’s) to name a few. The basics of Linux security start with Discretionary Access Control, which is based by users and groups. The process starts with a user, who has access to anything that any other user can have access to. At first, it may seem great to be able to have that access, but the security in it is not so great. The US National Security Agency (NSA) developed the SELinux (Security Enhanced Linux) to combat the lack of strong security. (National Security Agency Central Security Service, 2009) Other organizations behind SELinux include the Network Associate Laboratories (NAI) labs which implemented several additional kernel mandatory access controls, developed the example security policy configuration, ported to the Linux 2.4 kernel, contributed to the development of the Linux Security Modules kernel patch, and adapted the SELinux prototype to LSM. The MITRE Corporation which enhanced several utilities to be SELinux-aware, and developed application security policies. And the...
Words: 1207 - Pages: 5
...Linux Security Technology Security of a system is important in our today’s use of the internet. That is why Linux with its many layers that are always evolving in security to protect against all kinds of hackers or othe types of attacks . SELinux, Chroot Jail, IPTables, Mandatory Access Control and Discrestionary Access Control, just to name a few. SELinux is an access control implementation for the Linux kernel. Take for instants that you are the administrator and you define rules in user space and if the Linux kernel has been added with SELinux support, then those rules will be followed by the kernel. SELinux is a NSA Security-Enhanced Linux, in which the mandatory access control is flexible. The structure of SELinux supports against all kinds of mandatory access control policies. Some of which are Role-Based Access Control and Multi-Level Security. It was designed by NSA for the purpose of protecting a server against malicious daemons, by telling the daemons what they can and can’t do. This type of technology was created by Secure Computing Corporation, but was supported by the U.S. National Security Agency. In 1992, the thought for a more intense security system was needed and a project called Distributed Trusted Match was created. Some good solutions evolved from this, some of which were a part of the Fluke operating system. Which then became the Flux and finally led to the creation of the Flask architecture. Eventually it was combined with the Linux kernel, which...
Words: 873 - Pages: 4
...In This paper we will talk about SELinux what it is, what it does, and who uses such a product. What is SELinux? In short, Security-Enhanced Linux or SELinux is a Linux feature that provides a way for supporting access control security policies, through the use of Linux Security Module or LSM in the Linux kernel. Its architecture works in a way to separate enforcement of security decisions from the security policy itself and streamlines the volume of software charged with security policy enforcement. So, what does it do? Here is list I found on the internet for all techs out there who love this technical stuff. * Clean separation of policy from enforcement * Well-defined policy interfaces * Support for applications querying the policy and enforcing access control (for example, crond running jobs in the correct context) * Independent of specific policies and policy languages * Independent of specific security label formats and contents * Individual labels and controls for kernel objects and services * Support for policy changes * Separate measures for protecting system integrity (domain-type) and data confidential multileveled security * Flexible policy * Controls over process initialization and inheritance and program execution * Controls over file systems, directories, files, and open file descriptors * Controls over sockets, messages, and network interfaces * Controls over use of "capabilities" * Cached information...
Words: 656 - Pages: 3
...Research Assignment 1 IT 302 Linux System Administration January 21, 2013 The purpose of this paper is to secure UNIX/Linux operating systems from unscrupulous people. It shall be focused on SELinux, chroot jail, and iptables. Each of the three focus areas will be detailed, with specific interest in the following. What organization is behind it and reason entity is involved. How each technology changes the operating system to enforce security, and if the security measure can be easily bypassed. And finally, describe the types of threats each of the technologies is designed to eliminate. Since no two UNIX-based operating system builds are exactly alike, it is important to note that each build may have its own inherent security flaws. SELinux was developed by The United States National Security Agency (NSA). The first version was made available to the open source development community under the GNU GPL on December 22, 2000. The software merged into the mainline Linux kernel 2.6.0-test3, released on 8 August 2003. Other significant contributors include Network Associates, Red Hat, Secure Computing Corporation, Tresys Technology, and Trusted Computer Solutions. Experimental ports of the FLASK/TE implementation have been made available via the TrustedBSD Project for the FreeBSD and Darwin operating systems. The reason NSA is involved in this project is because this organization is responsible for carrying out the research and advanced development of technologies...
Words: 900 - Pages: 4
...Security of a system when you are open to the internet is paramount in the world of servers. Linux has many layers of ever evolving security in order to keep up with the would be attackers in cyberspace. This is one of the reasons that Linux is one of the most used servers for internet sites and has few viruses engineered towards it. IP Tables Developed by the Netfilter organization the IP tables package for Linux is an evolution of the IP chains which came from the IPv4 Linux firewall package. Paul Russel was the initial head author of the organization and also behind the IP chains project The Netfilter organization began to come together in 1999 and through collaboration and research recognized the shortcomings of the IP chains package and developed this new product in order to address these concerns and make needed improvements. The improvements added to the new IP tables package helped improve performance and overall security. Better integration with the kernel led to improved speed and reliability but the true value came from the new security features. Stateful packet inspection allows the firewall to keep track of every connection passing through it allowing for better monitoring and can even view certain contents and attempt to anticipate actions of certain protocols. Also the ability to filter packets based on MAC address and TCP header flags helps to prevent attacks using malformed packets. Even a rate limiting feature that is designed to eliminate some denial...
Words: 1131 - Pages: 5
