Skip to main content

Secured against disaster: Governments look to Linux to avoid viruses

posted onDecember 6, 2001
by hitbsecnews

Source: News Forge

SELinux employs an access control system that uses data types and a variety of rules-based enforcement protocols as a means for setting up both confidentiality and integrity rules on user systems. The result is a highly flexible, yet highly secure system with enforcement rules embedded into a discrete "security server." The server contains the policies for each type of data and on each each type of data acts on another piece of data. SELinux revalidates the security permission schema for each file type each time it is used.
The result is that a virus cannot succeed in a SELinux system. In the unlikely event that a virus could even be introduced into an SELinux-based system, and then executed, the virus should not be able reproduce onto an executable file.

In theory, this shouldn't happen because Unix programs shouldn't have more than read or write permissions anyway, but in this case, SELinux would also prevent propagation of the virus because the reach of each program executable is restricted to its own "type." Therefore, any of the executables that would normally be targets for the virus are effectively walled off. Even attacking the root won't have an effect on the policies structure. The system may not be foolproof, but as a secure, intelligently configured alternative it beats traditional Unix configurations, and it beats Windows hands down.

Perhaps your company doesn't think replacing Windows with Linux is worth the hassle. But if their systems crashed because of Code Red or Systran or Goner -- or perhaps all three, have them take a look at SELinux, and -- have a conversation."

Source

Tags

Red Hat

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th