310 likes | 603 Vues
Security Strategies in Linux Platforms and Applications Lesson 2 Basic Components of Linux Security. Learning Objective. Describe components of Linux security . Key Concepts. Understand boot loaders Security considerations while using kernel and user space components
E N D
Security Strategies in Linux Platforms and Applications Lesson 2 Basic Components of Linux Security
Learning Objective • Describe components of Linux security.
Key Concepts • Understand boot loaders • Security considerations while using kernel and user space components • Discretionary access control (DAC) and access control lists (ACLs) • Mandatory access control (MAC) with Security Enhanced Linux (SELinux) • Concepts of a packet filtering firewall
Common Boot Loaders • Grand Unified Bootloader (GRUB) • Linux Loader (LILO) • Loadlin • Universal Bootloader (U-Boot)
The Linux Firewall Location of netfilter Location of iptables Kernel Space User Space Hardware User
Access Control Mechanisms DAC • Defines the access control for objects in the filesystem ACLs • Grants “special” permissions to users or groups for an object in the filesystem that are not specified in the DAC permissions MAC • Adds additional categories to objects in the filesystem
Kernel Space • Kernel space has access and can control all aspects of a Linux system • Loadable kernel modules (LKMs) are a common avenue for rootkits
User Space • User space is the most likely avenue that black-hat hackers attempt to exploit the Linux system. • It is common for black-hat hackers to gain unauthorized access simply by guessing an easy password from a user account.
Importance of a Firewall • Firewall on each host server provides an additional layer of security: • If the network perimeter firewall allows unauthorized traffic into the network, firewall protects servers from the unauthorized traffic. • Firewall provides additional protection to host servers if a rogue program infects the local area network (LAN).
Importance of Securing Core Components • Default settings, improper file permissions, and insecure user accounts are common methods used by black-hat hackers to gain unauthorized access. • Best practices and compliance standards require basic security and can result in hefty fines, if not followed.
Summary • Understand boot loaders • The process of Linux access control • Access control mechanisms such as DAC, ACLs, and MAC • Considerations for using kernel space and user space • Importance of firewall and securing core components