From Corey D. Schou

Your system just halted when your customers need it most. You just realized that someone just downloaded your bank information. Your computer just became a zombie and is now attacking other systems on the Internet. The life-support system in the hospital just administered the wrong medicine to a critically ill patient. You awaken in a cold sweat!

These nightmare scenarios ”and worse ”happen every day because users and managers do not understand how to make a computer system secure enough to provide assurable information systems. They make simple mistakes such as attaching a new computer system to the Internet without tightening it the operating system down. This makes as much sense as parking a new Porsche on a downtown street with the doors unlocked, keys in the ignition, and registration on the passenger seat.

In our day-to-day lives, we take basic precautions without even thinking. When you leave your house, you lock the doors. When you have unneeded copies of documents containing your bank account numbers , you shred them. When you park your car, you take your keys away with you. You should do the same for your computer.

Once you are aware of the potential problems, you learn how to protect your system. This book is an excellent resource for both the novice who wants to learn how to improve security and the expert who wants to make sure he has covered all the bases.

A secure operating system is the first line of defense for computer systems. This book provides
a unique perspective on securing Linux systems. The authors lead you through the critical steps to ensure your Linux based systems are secure.

Their concise style makes it clear that as you tighten down your system you must be able to enforce five primary security services: confidentiality, availability, integrity, nonrepudiation, and authentication.

These security services protect valuable information assets while they are transmitted, stored, and processed . For example, Chapter Two jumps right into the protection of transmitted data by hardening network access while Chapter Ten deals with communications security. Throughout the book, the protection of stored data is addressed in a straightforward discussion that includes cryptology tools. The integrity of the processing is dealt with a discussion of hardening the kernel and patch management.

The book is made more interesting with a clear discussion of security policies. Security policies provide a formal structure for secure operations. If the policies fail, you have to learn what to do to when your system has been compromised. The authors demonstrate how to employ monitoring techniques, how to determine system damage by keeping logs, and how to read these logs.

They even discuss the often-overlooked subject of building and justifying the budget. For most technologists, this is usually the last thing they think of. If management does not know how much security services cost, they will not pay the bill. The authors help the reader recognize that technological countermeasures must be complimented by getting management buy-in to the security process. Even if management knows what security services cost, they will not pay for something they do not understand. If they will not pay the bill, the technology will not be implemented and security program will fail.

As you read the book, keep looking for the three nformation states (transmission, storage, and process), five srvices, and three countermeasure (technology, policy, and training). ^[1]

When you complete the book and use your knowledge well, you can be assured that your system is secure. Don t forget the authors admonition from Section III: Once is not enough. You must keep working with your system to make sure the security is current. You should monitor your system and read the logs. You must personally apply the training countermeasure every day to keep policy current and technology protected. This book can be summed up by the motto of my research center:

Awareness “ Training “ Education
There is no patch for ignorance.

Corey D. Schou, PhD
University Professor of Informatics
Professor of Computer Information Systems
Director of the National Information Assurance Training and Education Center
Idaho State University

Note on Security-Enhanced Linux (SeLinux)

Chapter Five discusses hardening the kernel. This is important given operating system security mechanisms are the foundation for ensuring the confidentiality, availability, and integrity of the data on a system. Mainstream operating systems lack the critical security feature required for enforcing separation: mandatory access control. Application security mechanisms are vulnerable to tampering and bypass, and malicious or flawed applications may cause system security failures.

The National Security Agency has had an ongoing open source research project, called SeLinux, (see URL at end of document) to create a security-enhanced Linux system for several years . It has a strong, flexible mandatory access control architecture incorporated into the major subsystems of the kernel. The system provides a mechanism to enforce the separation of information based on confidentiality and integrity requirements.

SeLinux enforces mandatory access control (MAC) policies to confine user programs and system servers to the minimum amount of privilege required. This reduces or eliminates the capability of programs and system daemons to cause harm via buffer overflows or mis-configurations. It further confines damage caused through exploitation of flaws during processing that requires a system-process or privilege-enhancing (setgid or setuid) program.

SeLinux can be installed on a standard Red Hat installation provided with the book. It is compatible with existing Linux applications and provides source compatibility with existing Linux kernel modules. It addition, it is compatible with existing Linux applications. Existing applications run unchanged if the security policy authorizes their operation.

SeLinux is not a complete security solution for Linux; it demonstrates how mandatory access controls can confine the actions of any process. Some of the important security issues it addresses are:

• Caching of Access Decisions for Efficiency

• Clean Separation of Policy from Enforcement

• Controls over File Systems, Directories, Files, and Open File Descriptions

• Controls over Process Initialization and Inheritance and Program Execution

• Controls over Sockets, Messages, and Network Interfaces

• Controls over Use of Capabilities

• Independent of Specific Policies and Policy Languages

• Independent of Specific Security Label Formats and Contents

• Individual Labels and Controls for Kernel Objects and Services

• Support for Policy Changes

• Well-Defined Policy Interfaces

If you want to experiment with SeLinux, you can download a complete package including documentation from http://www.nsa.gov/SeLinux/.