LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: October 27th, 2014
Linux Advisory Watch: October 24th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Improve Security At the Kernel Level Print E-mail
User Rating:      How can I rate this item?
Source: Linux.com - Posted by LinuxSecurity.com Team   
Server Security Many Linux administrators often think about securing their systems from the top down (or perhaps the outside in). Significant focus is placed on Firewalls, packet filtering, limiting or denying dangerous services and controlling available programs and local permissions. . . . Many Linux administrators often think about securing their systems from the top down (or perhaps the outside in). Significant focus is placed on Firewalls, packet filtering, limiting or denying dangerous services and controlling available programs and local permissions. An aspect of security that many ignore (or aren't even aware of) is that security can be improved on a host from the bottom up. I'm talking about security at the kernel level.

The flexibility of the Linux kernel offers administrators the facility to improve security on their systems at the lowest level (try that in Windows). Several new kernel patches have recently been released that can improve the overall security of any Linux system by modifying attributes of the kernel's operation.

The Linux Intrustion Detection System (LIDS) is a patch that can completely secure files on your system. When the LIDS patch is in place, specified files on the system cannot be moved or altered in any way, not even by root.

Another patch, the Secure Linux Patch, helps to improve security by decreasing the ability of hostile parties to perform some of the more common types of buffer overflows, limits the ability of attackers to place symbolic links or FIFOs in the /tmp directory and helps to implement controls over File Descriptors 0, 1 and 2 (standard input, standard output and standard error). It can also be used to block certain parts of the /proc filesystem from being viewed by users.

The Crypto IP Encapsulation (CIPE) kernel patch can be used to send encrypted UDP packets between two routers. This allows for the creation of a relatively simply version of a VPN. This patch is a modification of the Internation Kernal Patch.

The International Kernal Patch allows for the inclusion of strong encryption within the Linux kernel. This patch allows the system to encrypt mounted devices and to encrypt a user's home directory so that a passphrase is required to access any files located there.

Administrators of Linux hosts are often looking for better ways to improve the security of their critical (and even not so critical) systems. One option that should definately be investigated is the use of a security patched kernel.

Read this full article at Linux.com

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Hackers Are Using Gmail Drafts to Update Their Malware and Steal Data
Hackers target unclassified White House network
BYOD: Why the biggest security worry is the fool within rather than the enemy without
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.