|
Want to know how to make Linux really secure? Security Enhanced Linux (SE Linux), a system of security policies developed by the NSA, let you secure Linux at every level from the kernel up. Find out how EnGarde Secure Linux and others build and maintain a truly secure server environment.
|
|
|
Source: SC MagazIne - Posted by Dave Wreski
|
|
The push to cloud transforms the way we apply information security principles to systems and applications. |
|
|
Source: IT World - Posted by Dave Wreski
|
|
Many of us got used to the simple owner, group, and other model of Unix security so long ago that we were somewhat taken back when the setfacl and getfacl commands were introduced and added complexity to file permissions. All of a sudden, users and groups could be assigned access privileges separately from these three groupings and we had to pay attention to + signs at the ends of our permissions matrices that reminded us that additional access permissions were in effect. |
|
|
Source: PC World - Posted by Anthony Pell
|
|
The National Security Agency has submitted new label-based data store software, called Accumulo, to the Apache Software Foundation, in hopes that other parties will further develop the technology for use in secure systems. |
|
|
Source: IT Pro Portal - Posted by Dave Wreski
|
|
A best practices document released by the US National Security Agency has advised users against using open source operating system platforms like Linux. |
|
|
Source: NSA - Posted by Anthony Pell
|
|
The October edition of Signal Magazine features an extensive interview with IA Director Dick Schaeffer on the Nation’s broad and vigilant efforts to “maintain the edge in information assurance.” In the interview, Mr. Schaeffer discusses the information assurance challenges presented by the widespread reliance on commercial technologies, by information sharing across diverse communities of interest, and by the need for cryptographic interoperability in a secure environment, a need addressed by the Suite B strategy. |
|
|
Source: LWN - Posted by Anthony Pell
|
|
Red Hat SELinux hacker Dan Walsh has a weblog posting about a new feature added to his SELinux sandbox. sandbox -X essentially combines the sandbox with the idea behind the "xguest" user to create a sandbox for arbitrary desktop applications. It came out of a request to be able to sandbox "acroread": "Acroread and most other desktop applications use multiple communication channels, interacting not just with stdin and stdout, but accessing configuration files, directly or using interprocess calls as with GConf, the X server and other applications, and usually have full run of the user's home directory. |
|
|
Source: Dan Walsh - Posted by Anthony Pell
|
|
While virtualization seems to be next big thing, providing great opportunities in resource allocation, system management, savings on power and cooling, and the ability to grow and shrink resources depending on demand.
But what about the security?
What happens when a cracker breaks into a virtual machine and takes it over? What happens if there is a bug in the hypervisor? |
|
|
Source: Phoronix - Posted by Anthony Pell
|
|
When benchmarking development releases of Fedora in particular, they often end up being much slower than the final build and perform lower when compared against some of the other leading desktop distributions. As we have mentioned in previous articles, this is generally due to the debugging support enabled within the development builds of Fedora. To see just what the performance
cost is, we have compared the Fedora 11 performance of the normal kernel against the kernel-debug package. Additionally, we also compared the performance when disabling SELinux and system auditing support. |
|
|
Source: OS News - Posted by Dave Wreski
|
|
Here's an OS News link to a LKML discussion with Eric Paris. Looks intersting.Eric Paris, a SELinux developer, has announced today a new SELinux feature: "Dan and I (mostly Dan) have started to play with using SELinux to confine random untrusted binaries. The program is called 'sandbox.' The idea is to allow administrators to lock down tightly untrusted applications in a sandbox where they can not use the network and open/create any file that is not handed to the process. Can be used to protect a system while allowing it to run some untrusted binary." |
|
|
Source: james-morris.livejournal.com - Posted by Bill Keys
|
|
Version 2.6.28 of the Linux kernel was released during Christmas, so I thought it'd be worthwhile waiting until after typical vacation days to post a summary of changes to the security subsystem. As always, thanks to the Kernel Newbies folk who track major kernel changes. Serge Hallyn added a dummy policy for SELinux to the kernel tree. This is useful for testing SELinux and a base for building minimal and experimental security policies.
Have you noticed some of the security changes to the latest upstream Linux kernel? Read on for more information on these changes. |
|
|
<< Start < Prev 1 2 3 Next > End >>
|
| Results 1 - 10 of 88 |
