|
Want to know how to make Linux really secure? Security Enhanced Linux (SE Linux), a system of security policies developed by the NSA, let you secure Linux at every level from the kernel up. Find out how EnGarde Secure Linux and others build and maintain a truly secure server environment.
|
|
|
Source: PC World - Posted by Anthony Pell
|
|
The National Security Agency has submitted new label-based data store software, called Accumulo, to the Apache Software Foundation, in hopes that other parties will further develop the technology for use in secure systems. |
|
|
Source: IT Pro Portal - Posted by Dave Wreski
|
|
A best practices document released by the US National Security Agency has advised users against using open source operating system platforms like Linux. |
|
|
Source: NSA - Posted by Anthony Pell
|
|
The October edition of Signal Magazine features an extensive interview with IA Director Dick Schaeffer on the Nation’s broad and vigilant efforts to “maintain the edge in information assurance.” In the interview, Mr. Schaeffer discusses the information assurance challenges presented by the widespread reliance on commercial technologies, by information sharing across diverse communities of interest, and by the need for cryptographic interoperability in a secure environment, a need addressed by the Suite B strategy. |
|
|
Source: LWN - Posted by Anthony Pell
|
|
Red Hat SELinux hacker Dan Walsh has a weblog posting about a new feature added to his SELinux sandbox. sandbox -X essentially combines the sandbox with the idea behind the "xguest" user to create a sandbox for arbitrary desktop applications. It came out of a request to be able to sandbox "acroread": "Acroread and most other desktop applications use multiple communication channels, interacting not just with stdin and stdout, but accessing configuration files, directly or using interprocess calls as with GConf, the X server and other applications, and usually have full run of the user's home directory. |
|
|
Source: Dan Walsh - Posted by Anthony Pell
|
|
While virtualization seems to be next big thing, providing great opportunities in resource allocation, system management, savings on power and cooling, and the ability to grow and shrink resources depending on demand.
But what about the security?
What happens when a cracker breaks into a virtual machine and takes it over? What happens if there is a bug in the hypervisor? |
|
|
Source: Phoronix - Posted by Anthony Pell
|
|
When benchmarking development releases of Fedora in particular, they often end up being much slower than the final build and perform lower when compared against some of the other leading desktop distributions. As we have mentioned in previous articles, this is generally due to the debugging support enabled within the development builds of Fedora. To see just what the performance
cost is, we have compared the Fedora 11 performance of the normal kernel against the kernel-debug package. Additionally, we also compared the performance when disabling SELinux and system auditing support. |
|
|
Source: OS News - Posted by Dave Wreski
|
|
Here's an OS News link to a LKML discussion with Eric Paris. Looks intersting.Eric Paris, a SELinux developer, has announced today a new SELinux feature: "Dan and I (mostly Dan) have started to play with using SELinux to confine random untrusted binaries. The program is called 'sandbox.' The idea is to allow administrators to lock down tightly untrusted applications in a sandbox where they can not use the network and open/create any file that is not handed to the process. Can be used to protect a system while allowing it to run some untrusted binary." |
|
|
Source: james-morris.livejournal.com - Posted by Bill Keys
|
|
Version 2.6.28 of the Linux kernel was released during Christmas, so I thought it'd be worthwhile waiting until after typical vacation days to post a summary of changes to the security subsystem. As always, thanks to the Kernel Newbies folk who track major kernel changes. Serge Hallyn added a dummy policy for SELinux to the kernel tree. This is useful for testing SELinux and a base for building minimal and experimental security policies.
Have you noticed some of the security changes to the latest upstream Linux kernel? Read on for more information on these changes. |
|
|
Source: etbe.coker - Posted by Bill Keys
|
|
There is currently a discussion on the Debian-security mailing list about how to protect data which came from an encrypted file. I was going to skip that one until someone summoned me by mentioning SE Linux.
The issue which was raised is that data from an encrypted file can be read from /dev/mem (for all memory of the machine) or /proc//mem (for the memory of the process). It was suggested that SE Linux can prevent such attacks, however it’s not that simple.
How do you secure data that came from an encrypted file? This article takes the position that SELinux is the answer. Do you agree after reading it?
|
|
|
Source: James-Morris.Livejournal.com - Posted by Burhan Syed
|
|
Recently, I've been busy getting the initial cut of sVirt out, and am currently processing community feedback before issuing an update. The basic idea behind sVirt is to apply MAC label security (SELinux, Smack etc.) to Linux-based virtualization schemes such as KVM, allowing the existing OS-level security mechanisms to be re-used for process-based VMs. This is an application one of the core advantages of Linux-based virtualization, where generally, all of the Linux process management infrastructure within the kernel and wider OS may be applied to domains which run inside Linux processes.
Would you agree that we don't need to modify the kernel security mechanism for MAC label security? Read on for more information. |
|
|
<< Start < Prev 1 2 3 Next > End >>
|
| Results 1 - 10 of 86 |
