In Dec. 1999, I went to a SANS conference in San Francisco. One of the
courses that I took was "Securing Linux". There was a section of that
course where representatives of the NSA presented what they felt needed to
be done in order to make Linux secure, and they wanted feedback from the
community on what they felt needed to be done. There were a lot of people
that had severe reservations about trusting anything that the NSA put out,
because they are known for building back doors into systems. The response
to this was simple: " That's not the type of security that we are talking
about. We're not talking about hardening a distribution, or locking down
the services that are running, we're talking about hardening the kernel.
Removing potential buffer overflows, adding access control at the kernel
level, etc." (that really isn't an exact quote). One of the main goals was
to compartmentalize the system so that no one user had complete control
over the entire system. Basically, there would be no such thing as root.
Access to resources is granted on an as-needed policy, and inherited rights
need to be explicitly granted to a user, it is not the rule.
As a result of these things, better overall system security can be
achieved. You can have an insecure FTP service running, but that doesn't
mean that the entire system can be compromised. However, you can take
SELinux as the baseline, and build upward and harden the services as well.
I know, it's a revolutionary concept to start at the bottom and secure
upward, rather than start at the top and strip down.
As for why they chose Linux instead of one of the other OS's, they
considered that to be a no-brainer. Linux allowed for more community input,
as the community is far more flexible then say, Theo is. As for it being
impossible to secure Linux, that is just an inept comment from someone who
hasn't bothered to educate themselves in computer security.
And that is all I have to say about that.
Kenny
-----------------------------------------------------
Kenneth E. Lussier
Geek by nature, Linux by choice
PGP keyID: 0xD71DF198
Public key available @ http://pgp.mit.edu
At 08:54 AM 3/15/01 -0500, Jeffry Smith wrote:
>Of course, you've carefully examined what SELinux does, and how it
>operates? I can tell not. SELinux is not about audit, but about the
>design of a system to be secure in the face of errors. Specifically it is
>about a means to structure access (via policies), that allows you to
>remove root access entirely!
>
>Yes, I've seen it, I'm on the mailing list, I actually understand
>security. It's more than just audit. Much more. Audit will fix holes.
>This will enable you to be secure despite holes.
>
>Suggest you check out the links there (http://www.nsa.gov/selinux), as
>well as:
>http://www.niap.nist.gov/cc-scheme/
>http://csrc.nist.gov/publications/secpubs/rainbow/
>
>and educate yourself on security.
>
>(BTW: the FTP server is NOT part of SELinux, which is only concerned with
>adding the policy pieces to the kernel, and adding the user-space tools to
>manage policy).
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
