Security is all about trade-offs. Make the right decision, and users will be satisfied with their level of access to information and resources. Make the wrong decision, and users discover the hard way that maintaining security of of information and resources, is more than than just choosing the right password or defining a policy (which is seldom ever followed(.
Instant access to information is expected these days. With the prevalence of Linux systems and off-the-shelf distributions designed to accomplish any number of
Adding to the difficulty of finding the right balance between controlling access and protecting information, the administrators of today s Linux servers have to juggle access control (security) in addition to other
Hardening Linux takes a proactive approach to securing the general Linux systems used today, and does an
Its comprehensive coverage of technical and corporate policy issues deliver a step-by-step approach for those who need to get security done without understand all that runs under the hood.
This highly regarded
While on the pursuit towards the secured server, a copy of this book, along with other
Chief Executive Officer, Guardian Digital Corporation
Co-author Linux Security HOWTO
EnGarde Secure Linux Project Lead
Dave Wreski has been in information technology and security for more than ten
Your system just halted when your customers need it most. You just realized that someone just downloaded your bank information. Your computer just became a zombie and is now attacking other systems on the Internet. The life-support system in the hospital just administered the wrong medicine to a critically ill patient. You awaken in a cold sweat!
These nightmare scenarios ”and
In our day-to-day lives, we take basic
Once you are aware of the potential problems, you learn how to protect your system. This book is an
A secure operating system is the first line of defense for computer systems. This book provides
a unique perspective on securing Linux systems. The authors lead you through the critical steps to ensure your Linux based systems are secure.
These security services protect
The book is made more interesting with a clear discussion of security policies. Security policies provide a formal structure for secure operations. If the policies fail, you have to learn what to do to when your system has been compromised. The authors
They even discuss the often-overlooked subject of building and justifying the budget. For most technologists, this is usually the last thing they think of. If management does not know how much security services cost, they will not pay the bill. The authors help the reader recognize that technological countermeasures must be complimented by getting management buy-in to the security process. Even if management
As you read the book, keep looking for the three nformation states (transmission, storage, and process), five srvices, and three countermeasure (technology, policy, and training). 
When you complete the book and use your knowledge well, you can be assured that your system is secure. Don t forget the authors admonition from Section III: Once is not enough. You must keep working with your system to make sure the security is current. You should monitor your system and read the logs. You must
Awareness “ Training “ Education
There is no patch for ignorance.
Corey D. Schou, PhD
University Professor of Informatics
Professor of Computer Information Systems
Director of the National Information Assurance Training and Education Center
Idaho State University
Chapter Five discusses hardening the kernel. This is important given operating system security mechanisms are the foundation for ensuring the confidentiality, availability, and integrity of the data on a system. Mainstream operating systems lack the critical security feature required for enforcing separation: mandatory access control. Application security mechanisms are vulnerable to tampering and bypass, and malicious or flawed applications may cause system security failures.
The National Security Agency has had an ongoing
SeLinux enforces mandatory access control (MAC) policies to confine
SeLinux can be installed on a standard Red Hat installation provided with the book. It is compatible with existing Linux applications and provides source compatibility with existing Linux kernel modules. It addition, it is compatible with existing Linux applications. Existing applications run unchanged if the security policy authorizes their operation.
SeLinux is not a complete security solution for Linux; it
Caching of Access Decisions for Efficiency
Clean Separation of Policy from Enforcement
Controls over File Systems, Directories, Files, and Open File Descriptions
Controls over Process Initialization and Inheritance and Program Execution
Controls over Sockets, Messages, and Network Interfaces
Controls over Use of Capabilities
Independent of Specific Policies and Policy Languages
Independent of Specific Security Label Formats and Contents
Individual Labels and Controls for Kernel Objects and Services
Support for Policy Changes
Well-Defined Policy Interfaces
If you want to experiment with SeLinux, you can download a complete package including documentation from http://www.nsa.gov/SeLinux/.
 V. Maconachy, C. Schou, D. Welch, and D.J. Ragsdale, " A Model for Information Assurance: An Integrated Approach," Proceedings of the 2nd Annual IEEE Systems, Man, and Cybernetics Information Assurance Workshop , West Point, NY, June 5-6, 2001, pp.306-310