SELinux: NSA's IOpen Source Security Enhanced Linux

SELinux: NSA's IOpen Source Security Enhanced Linux

by Bill McCarty
     
 

The intensive search for a more secure operating system has often left everyday, production computers far behind their experimental, research cousins. Now SELinux (Security Enhanced Linux) dramatically changes this. This best-known and most respected security-related extension to Linux embodies the key advances of the security field. Better yet, SELinux is

Overview

The intensive search for a more secure operating system has often left everyday, production computers far behind their experimental, research cousins. Now SELinux (Security Enhanced Linux) dramatically changes this. This best-known and most respected security-related extension to Linux embodies the key advances of the security field. Better yet, SELinux is available in widespread and popular distributions of the Linux operating system—including for Debian, Fedora, Gentoo, Red Hat Enterprise Linux, and SUSE—all of it free and open source.SELinux emerged from research by the National Security Agency and implements classic strong-security measures such as role-based access controls, mandatory access controls, and fine-grained transitions and privilege escalation following the principle of least privilege. It compensates for the inevitable buffer overflows and other weaknesses in applications by isolating them and preventing flaws in one application from spreading to others. The scenarios that cause the most cyber-damage these days—when someone gets a toe-hold on a computer through a vulnerability in a local networked application, such as a Web server, and parlays that toe-hold into pervasive control over the computer system—are prevented on a properly administered SELinux system.The key, of course, lies in the words "properly administered." A system administrator for SELinux needs a wide range of knowledge, such as the principles behind the system, how to assign different privileges to different groups of users, how to change policies to accommodate new software, and how to log and track what is going on. And this is where SELinux is invaluable. Author Bill McCarty, a security consultant who has briefed numerous government agencies, incorporates his intensive research into SELinux into this small but information-packed book. Topics include:

  • A readable and concrete explanation of SELinux concepts and the SELinux security model
  • Installation instructions for numerous distributions
  • Basic system and user administration
  • A detailed dissection of the SELinux policy language
  • Examples and guidelines for altering and adding policies
With SELinux, a high-security computer is within reach of any system administrator. If you want an effective means of securing your Linux system—and who doesn't?—this book provides the means.

Product Details

ISBN-13:
9780596007164
Publisher:
O'Reilly Media, Incorporated
Publication date:
10/15/2004
Pages:
258
Sales rank:
1,023,446
Product dimensions:
7.12(w) x 9.24(h) x 0.68(d)

Meet the Author

Bill McCarty is a Professor of Information Technology at Azusa Pacific University, Azusa, California. Bill is also the author of over fifteen technical books and numerous papers and presentations. He serves as editor of the Honeynet Files department of the journal IEEE Security and Privacy, and directs the Azusa Pacific University Honeynet Research Project, which is affiliated with the Honeynet Project's Honeynet Research Alliance. Bill has briefed members of US organizations such as the CIA, DISA, FBI, NASA, and NSA, and non-US organizations such as the UK's CESG and GHQ, on his honeynet research. He has worked with the FBI to prevent and detect computer crimes.

Customer Reviews

Average Review:

Write a Review

and post it to your social network

     

Most Helpful Customer Reviews

See all customer reviews >