Security on Linux

I am not a security expert at all.

But NSA is.....

U.S. NSA recently released a security-enhanced version of Linux -- code and all -- to the open source community.


From NSA Security-enhanced Linux Team:

As part of its Information Assurance mission, the National Security Agency has long been involved with the computer security research community in investigating a wide range of computer security topics including operating system security. Recognizing the critical role of operating system security mechanisms in supporting security at higher levels, researchers from NSA's National Information Assurance Research Laboratory have been investigating an architecture that can provide the necessary security functionality in a manner that can meet the security needs of a wide range of computing environments.

End systems must be able to enforce the separation of information based on confidentiality and integrity requirements to provide system security. Operating system security mechanisms are the foundation for ensuring such separation. Unfortunately, existing mainstream operating systems lack the critical security feature required for enforcing separation: mandatory access control. As a consequence, application security mechanisms are vulnerable to tampering and bypass, and malicious or flawed applications can easily cause failures in system security.

The results of several previous research projects in this area have yielded a strong, flexible mandatory access control architecture called Flask. A reference implementation of this architecture was first integrated into a security-enhanced Linux® prototype system in order to demonstrate the value of flexible mandatory access controls and how such controls could be added to an operating system. The architecture has been subsequently mainstreamed into Linux and ported to several other systems, including the Solaris™ operating system, the FreeBSD® operating system, and the Darwin kernel, spawning a wide range of related work..



Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
FreeBSD® is a registered trademark of the FreeBSD Foundation.
Solaris™ is a trademark or registered trademark of Sun Microsystems, Inc. in the United States and other countries.

From:
Security-Enhanced Linux




Conclusion:

If NSA need a secure OS internally, and that is the Linux
we can take to be relatively secure in Linux as home desktop users.

Download

SELinux is now available in Hardy Heron.
See that page for installation instructions:

https://wiki.ubuntu.com/SELinux

Some of the top computer-scientists and
programmers in the world worked on SELinux ...

Security policy and enforcement are independent using SELinux.


Look:
Anatomy of SELinux

... so they may know
something about Linux that most don't.

What is that knowledge?
Linux is the most secure operating system (OS) in World.

Does NSA/US government use Linux as their main operating system??

NSA collaborate with Linux...

NSA really want to help EVERYONE LINUX users with security?

We will never not know that for sure....

...but your tax dollars are paying for SELinux package!

P.S
The SELinux package is OPTIONAL, you don't have to install it.

Linux is the most secure operating system (OS) in World.

what about OpenBSD ?

The most secure OS in the world is ANY operating system on ANY machine NOT physically accessible by intruders and NOT connected to the internet.

FYI:
(interesting comparison and links to various BSD's)
http://www.linuxques...posting-177142/

jaclaz

what about OpenBSD ?

My answer to this is in citation from NSA.


The most secure operating systems in World :

1. Linux® is a registered trademark of Linus Torvalds in the United States and other countries.

2. Solaris™ is a trademark or registered trademark of Sun Microsystems, Inc.

3.FreeBSD® is a registered trademark of the FreeBSD Foundation.

4.Darwin is operating system released by Apple Inc. in 2000.

This include all BSD & Unix OS Derivatives ...

The most secure OS in the world is ANY operating system on ANY machine NOT physically accessible by intruders and NOT connected to the internet.

jaclaz

This is really true !

I am not a security expert at all.

But NSA is.....

Linux kernel backdoor blocked

some old news & intresting quote

"If you were the NSA, how would you backdoor someone's software? You'd put in the changes subtly. Very subtly."

GOOD find, rawral,

Some OLDER news:
http://www.heise.de/...l/5/5263/1.html

And some NEWER news:
http://arstechnica.c...a-backdoor.html



jaclaz

Linux kernel backdoor blocked

some old news & intresting quote

"If you were the NSA, how would you backdoor someone's software? You'd put in the changes subtly. Very subtly."

If you were the NSA and you know that Linux is the most secure operating system (OS) in World,
how would you backdoor someone's Linux?

Security policies ??

NSA really want to help EVERYONE LINUX users with security?

very interesting /informative links !!


hears another olde to add to the collection ..

theregister.co.uk/1999/03/12/microsoft_caught_with_pants_down/

The cultural gulf between control freaks and open source freedom fighters is widening daily.