BNET UK
silicon.com
ZDNet UK

Home
News
Blogs
Reviews
Videos
Jobs
Resources
Community

Leader
Comment
White Papers
Downloads
Special Reports

Hardware
Software
Communications
Internet
Security
IT Management
Emerging Tech
Leader

Group Blogs
News Blog
Post Room
Rupert's Diary

Hardware Reviews
Software Reviews
Editors' Choice
Buyer's Guides
Tech Guides
Competitions

Dialogue Box
Security threats
Server platforms
Mobile devices
Application development
Full video index

Articles
White Papers
Downloads
Companies
Broadband Speed Test

People
Competitions
Post Room
FAQ

You are here: ZDNet UK > News > Software

Desktop platforms Toolkit

Arming Linux against hackers

Tags:
Security-Enhanced Linux,
Us National Security Agency,
Open Source,
Hackers

Michael Mullins Tech Republic

Published: 18 Feb 2004 14:40 GMT

Don't be naive enough to think that because you run Linux you won't be a target for hackers. If you rely on Linux for hosting or transmitting sensitive data, you should check out Security-Enhanced Linux, created by the US National Security Agency (NSA) and available for free.

First released to the public in January 2001, Security-Enhanced Linux (SELinux) is a research project from the NSA that seeks to enhance the open-source Linux kernel: to provide greater protection against corruption; to prevent the bypassing of application security procedures; and to mitigate the destruction caused by malicious or defective applications.

Normal Linux vs. SELinux
Normal Linux system security relies on the kernel and the dependencies created through the setuid/setgid binaries. Under the conventional security mechanism, an exploit of a flaw with any privileged application, configuration, or process running usually leads to a total system compromise. This problem is consistent with most modern operating systems due to their complexity and interoperability with other applications.

SELinux relies solely on the kernel and the security configuration policy. Once you configure the security system correctly, improper application configuration or exploits of flawed applications and daemons will only result in compromising the user program and its system daemons. The security of other user programs and daemons remains intact, along with the underlying security system structure.

In simpler terms: no single application configuration flaw or exploit can result in a total system compromise.

Installing SELinux
The SELinux kernel, utilities, daemon/utility patches, and documentation are available for download from the Security-Enhanced Linux Web site. You must have an existing Linux system to compile your new kernel and access to unmodified system packages.

Developers have tested the current release with the Red Hat Linux distribution. The binaries are compatible with current Linux applications and include system calls for applications that are security-aware.

1 2

Did you find this article useful?
87 out of 195 people found this useful

Share this article:
Digg
Slashdot
Del.ici.ous
Stumble
Reddit

Company/Topic Alerts

Create a new alert from the list below:

linux,hackers,open source,us national security agency,Security-Enhanced Linux

Related Jobs

HEAD OF IT ASSET & CONFIGURATION MGT - BANKING

Network Specialist - Prestigious Law Firm

Application Support Specialist - Watford

Video

Install Flash Player plugin

Find out more: From The Labs: A look at...

All videos
Most popular videos
Latest videos

Microsoft Windows 7 Special Report Special Report

How Microsoft can make Windows 7 a success

Comment Many businesses have given Vista a wide berth; Microsoft must focus on five areas to make sure Windows 7 doesn't suffer the same fate, argues TechRepublic's Jason Hiner