1 / 24

Security Strategies in Linux Platforms and Applications Lesson 2

Security Strategies in Linux Platforms and Applications Lesson 2 Basic Components of Linux Security. Learning Objective. Describe components of Linux security . Key Concepts. Understand boot loaders Security considerations while using kernel and user space components

marla
Télécharger la présentation

Security Strategies in Linux Platforms and Applications Lesson 2

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Strategies in Linux Platforms and Applications Lesson 2 Basic Components of Linux Security

  2. Learning Objective • Describe components of Linux security.

  3. Key Concepts • Understand boot loaders • Security considerations while using kernel and user space components • Discretionary access control (DAC) and access control lists (ACLs) • Mandatory access control (MAC) with Security Enhanced Linux (SELinux) • Concepts of a packet filtering firewall

  4. DISCOVER: CONCEPTS

  5. Common Boot Loaders • Grand Unified Bootloader (GRUB) • Linux Loader (LILO) • Loadlin • Universal Bootloader (U-Boot)

  6. GRUB Configuration Options

  7. The Linux Firewall Location of netfilter Location of iptables Kernel Space User Space Hardware User

  8. Layered Security

  9. DISCOVER: PROCESS

  10. Common Linux Access Controls

  11. DISCOVER: ROLES

  12. Access Control Mechanisms DAC • Defines the access control for objects in the filesystem ACLs • Grants “special” permissions to users or groups for an object in the filesystem that are not specified in the DAC permissions MAC • Adds additional categories to objects in the filesystem

  13. DISCOVER: CONTEXTS

  14. Kernel Space • Kernel space has access and can control all aspects of a Linux system • Loadable kernel modules (LKMs) are a common avenue for rootkits

  15. User Space • User space is the most likely avenue that black-hat hackers attempt to exploit the Linux system. • It is common for black-hat hackers to gain unauthorized access simply by guessing an easy password from a user account.

  16. DISCOVER: RATIONALE

  17. Importance of a Firewall • Firewall on each host server provides an additional layer of security: • If the network perimeter firewall allows unauthorized traffic into the network, firewall protects servers from the unauthorized traffic. • Firewall provides additional protection to host servers if a rogue program infects the local area network (LAN).

  18. Importance of Securing Core Components • Default settings, improper file permissions, and insecure user accounts are common methods used by black-hat hackers to gain unauthorized access. • Best practices and compliance standards require basic security and can result in hefty fines, if not followed.

  19. Summary • Understand boot loaders • The process of Linux access control • Access control mechanisms such as DAC, ACLs, and MAC • Considerations for using kernel space and user space • Importance of firewall and securing core components

  20. OPTIONAL SLIDES

  21. A Linux Kernel Configuration Menu

  22. Red Hat’s AuthenticationConfiguration Tool

  23. The Security Level Configuration Tool for Firewalls

  24. The SELinux Administration Tool

More Related