StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Best Practice for OS, FW, and SELinux - Assignment Example

Cite this document
Summary
This assignment "Best Practice for OS, FW, and SELinux" discusses organizations that have a duty to ensure that the operating systems underuse are in a position to protect the sensitive data contained in them. One way to attain this is the adoption of certain best practices…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER91.6% of users find it useful
Best Practice for OS, FW, and SELinux
Read Text Preview

Extract of sample "Best Practice for OS, FW, and SELinux"

Best Practice for OS, FW and SELinux Best Practice for OS, FW and SELinux Question Best Practice for Operating Systems Organizations have a duty to ensure that the operating systems under use are in a position to protect the sensitive data contained in them. One way to attain this is adoption of certain best practices. This question discusses given best practices that will help in the protection of the operating systems plus the data stored therein. Running Software Updates It is necessary protecting the operating system with software updates. The updates will create patches for newer or the existing vulnerabilities and aid in the protection against malicious attacks and software flaws. In Windows Server r 12, windows update is set to run automatically or manually to help accomplish this. If prompted, this operation will let the update procedures to run (Minasi, 2014). In CentOS, the update option provides a means to upgrade any system software to the most recent version using one operation. Similarly, “yum update” command will be appropriate in case of a need to update an entire system (Membrey, Verhoeven & Angenendt, 2009). The yum package that comes with CentOS entails scripts for performing system-wide updates on daily basis. Users would need to enter the command su -c /sbin/chkconfig --level 345 yum on; /sbin/service yum start. This command should be followed by the root password in case a need arises to activate the daily automatic update. Back Up Files It is necessary that users create copies of computer files for use in cases where the original files diminish through ways like computer crash or theft (IBM, 2013). Accidents are inevitable. Therefore, it is crucial that users regularly store work documents within a backed up network server. Use of Updated Antivirus Software Use of the updated antivirus software lets the operating systems to detect and isolate new viruses before they perform potential damages within the computer systems (Hailperin, 2007). Password Protection Safety of the operating system will be easier to attain if certain password protection mechanisms are put in place. Examples of such mechanisms include regular change of passwords, users stopping the habit of sharing passwords or login ID (s) and the administrator of the operating system under use ensuring that the systems are accessed only after users have supplied matching combinations of the login credentials, automatic disabling of user accounts in case of login attempts that go past six. In case of the highly vulnerable environments, it would be appropriate using Kerberos. Kerberos will employ strong encryption coupled with complex ticket granting algorithm in authenticating users on a network and to permit streams of data over IP networks. This approach will fit environments like colleges where the implementation of other security mechanisms has remained to be a challenge. Question 2 Best Practices for Firewalls Organizations will often need firewalls to protect the confidential information from unauthorized and malicious users. Even as organizations use different access control features embedded in firewall systems to attain system security, they have to follow certain best practices so as to realize the full potential of the firewall systems. Some of the best practices are discussed here below: Verification of Firewall Change against Change Requests and Compliance Policies The operation of firewalls revolves around identifying problems, fixing the problems and installation of new system. While we install new firewall rules aimed at solving problems or supporting new business units and products, there is a tendency to forget that the firewall system also forms part of the physical implementations of the enterprise-wide security policies (Santana, 2014). For this reason, there would be a need to review every rule to establish whether it complies with corporate security policy. Firewall Reviews Firewall reviews form part of the crucial aspects of maintenance of the rule base associated with firewall systems. The network or computer services are never static and so the rule base should never be considered static. There is a need to review the way to enforce traffic on firewalls as long as the compliance standards and the corporate policies evolve. This would be a good opportunity to clear all redundant rules that are already replaced by the newly introduced rules and to get rid of rules that are associated with services that are no longer used within the organization. Install Every Access Rule with Minimal Access Rights Firewall rules constitute three fields namely service, source and destination. In order to make sure that there are sufficient open ports for all individuals to gain access to the systems they require, it is normal to assign a wide scope of objects in at least one of those fields. In allowing several IP addresses to gain access to a large group’s network in the name of ensuring business continuity, we make the rules to be excessively permissive thus introducing insecurity. For instance, a rule whose service field bears something like “ANY” will end up opening 65,535 ports and this will certainly contrast a firewall administrator’s efforts to minimize the number of attack vectors for hackers. IPTables refers to a rule-based firewall that is pre-installed in numerous Linux Operating Systems. By default, it will always run without rules. It is necessary to save the IPTables rulesset using the command #service iptables save considering that system reboot will often end up restarting the IPTables service making the existing rules to be reset or flushed out. The stated command will by default save TPTables rulesets inside the /etc/sysconfig/iptables file then rules will be restored or applied in the event that the IPTables flushes out. Users should restart the Iptables service after any new port is opened. This move can be accomplished using the command # service iptables restart and is helpful in ensuring that the service is updated before making the system permissive to connections associated with the opened ports. Question 3 SELinux End systems are better placed if they are capable of enforcing the separation of information based on the integrity and confidentiality requirements so as to attain system security. Fortunately, the introduction of SELinux provided a means to attain this separation. The arrival of this end system does not however mean that the security mechanisms that are in place can never be bypassed. This gives the implication that end users still have the duty to follow certain best practices to exploit the full capabilities of SELinux. Configuration Issues It is possible setting the SELINUX variable to enforcing, permissive or disabled. Out of these three possible options, the enforcing options leaves the SELinux code enabled and also causes the code to enforce and audit the access denials (Jang, 2011). The enforcing option prevents operations from moving past the initial denial. Whenever a user creates a new policy package, it would be appropriate for him to make sure that the created package is loaded into the kernel. The user can achieve this by executing the command semodule -i myapp.pp. The command modifies the policy that is already stored inside the machine. The policy module will then be loaded with the other policies. Booting Mode Users should avoid booting the machine using non SELinux kernel because it can lead to mislabeling of file systems. In case a need arises to establish whether there are issues with file system labeling, a user will need to check out for an error message encompassing file_t. In case the labeling issues arise, creation of the flag file /.autorelabel followed by system reboot would be an appropriate measure. system-config-selinux can also help in attaining this. In addition the restorcon/fix- files commands could also be employed while relabeling files. Users wishing to turn SELinux off at boot would need to get to the file /etc/setlinux/config then set SELINUX=disabled. Another option would be the addition of setlinux=0 in the kernel boot parameters though this option poses the challenge that any file created under this condition will lack SELinux context information. Policy Rules Policy rules normally constitute explicit permissions like the domains a user have to possess prior to performing given actions with the particular targets like file reading and execution or connect and bind operations in case of the network ports. A policy for use in defining the domain transition should constitute a labeling file, an interface file as well as a rule file. The three files should be compiled together in combination with the SELinux tools in order to produce an individual policy file. The final policy file is then loaded inside the kernel to make it active. Whether generated from the user-friendly SELinux management tools or handwritten, the policy should be tested using the permissive mode first during which violations are to be logged though permitted. Users could resort to audit2allow tool as a means to produce further rules that expand the policy to permit every legitimate activity associated with the application that is being confined. Architecture Users would need to use architectures like flask that offer a mechanism to enforce the isolation of information using the integrity and confidentiality requirements. This move permits the addressing of threats of tampering plus bypassing of the application security mechanisms whilst enabling the confinement of the damage that could be brought about by flawed or malicious applications. A successful implementation of a security mechanism inside a system will offer flexible support for different ranges of security policies. It is through such a mechanism that users will find it possible configuring the system to comply with different ranges of security requirements. Back Up It would be necessary to perform regular back up of files from SELinux file system. This can be attained through the use of tar command. In addition, the Bacula program offers support for the xattr extensions during the use of SELinux and can aid in backing up SELinux file systems. SELinux enhances local security by bettering the isolation between the involved processes and offering security policies that are more fine-grained. In a case like Fedora 14 system, individuals who find themselves in the circle of multi-user machines should not neglect SELinux based on the more flexible policies that it offers alongside the additional barriers that it introduces amidst users thus introducing a means of production against malicious users. End users charged with the operation of different server environments would also need to embrace SELinux to limit the effect of the security vulnerabilities that are found in server environments. Supposing an attacker is in a position to gain the privileges of a root or a local user, SELinux might only permit him or her to disable one specific service. In case of a home-based need, there will never be a security gain from SELinux considering that the user will be capable of doing everything remotely after authentication. In view of this, it will never be worthwhile for the home-based users to go through the hassle of enabling SELinux. References Hailperin, M. (2007). Operating systems and middleware: Supporting controlled interaction. Boston (Massachusetts: Thomson Course Technology. Ibm, R. (2013). Ibm systems director 6.3 best practices. S.l.: Vervante. Jang, M. H. (2011). Security strategies in Linux platforms and applications. Sudbury, MA: Jones & Bartlett Learning. Membrey, P., Verhoeven, T., & Angenendt, R. (2009). The definitive guide to CentOS. Berkeley, Calif: Apress. Minasi, M. (2014). Mastering Windows server 2012 R2. Santana, G. A. A. (2014). Data center virtualization fundamentals. Indianapolis, IN: Cisco Press. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Best Pratices for OS, FW and SELinux Coursework”, n.d.)
Retrieved de https://studentshare.org/information-technology/1655953-best-pratices-for-os-fw-and-selinux
(Best Pratices for OS, FW and SELinux Coursework)
https://studentshare.org/information-technology/1655953-best-pratices-for-os-fw-and-selinux.
“Best Pratices for OS, FW and SELinux Coursework”, n.d. https://studentshare.org/information-technology/1655953-best-pratices-for-os-fw-and-selinux.
  • Cited: 0 times

CHECK THESE SAMPLES OF Best Practice for OS, FW, and SELinux

Impact of Globalization

The paper "Impact of Globalization" states it is critical to analyze the businesses and industries prevailing in the world today, and an important aspect is analyzing what is lacking in them.... This case clearly reveals that the firm is lacking direction of where it is and where it wants to be....
7 Pages (1750 words) Case Study

A Commercial Office Environment

This is a common practice in commercial office environments and Linux makes it as easy and convenient as possible.... This paper ''A Commercial Office Environment'' tells that Considering the software licensing costs that are always increasing, as well as the poor performance witnessed by other operating systems, Linux has stood out as one of the best-operating systems satisfying both servers and desktop roles.... Such an environment operates best with Java development as the office activities call for the need to access network resources in a way that cuts across platforms allowing for additional applications into the network in the shortest time possible....
9 Pages (2250 words) Essay

Technical Aspects, Best Practice Recommendations and Hardening SMTP

The paper "Technical Aspects, best practice Recommendations and Hardening SMTP" recommends the IIS SMTP server administrator protects the system with regular software updates to create patches for possible vulnerabilities and helps to protect the operating system against any attack or software flaw....
7 Pages (1750 words) Case Study

Is a University Degree Necessary to Success

The author of the following paper "Is a University Degree Necessary to Success" will begin with the statement that over the years, education has been considered an important part of people's lives and for a long time, its value has not been disputed.... hellip; Education has been related to success and it is expected that advancing educational status increases chances of success in life....
6 Pages (1500 words) Essay

Linux or Windows: Which is More Secure

The author compares Windows and Linux security and states that the final decision does go towards Linux simply because they have proven themselves to be true while Microsoft Windows still has a long way to go before security can be a proven feature of the os.... nbsp;… While Vaughan-Nichols was kind enough to say that it would take a few hours for a Windows-based server to be hacked, Schweitzer (2005) gave windows little credit at all by saying that there was a 50/50 chance that a Windows-based system would be compromised within minutes if it was connected to the internet for even a few minutes....
7 Pages (1750 words) Case Study

The Dental Practice

The following paper under the title 'The Dental practice' focuses on the dental practice which needs a computer-based information system and the manual system they are currently using seems to be inefficient even though it is easy to understand and use.... The next step would be to obtain the necessary hardware and software for managing their system electronically and a few test runs of the systems should be included in this process to ensure that the systems perform according to the specifications that had been given by the dental practice....
7 Pages (1750 words) Case Study

The Role of Innovation of a Product in Success of a Company

The inception of os is quite old.... The later version of os includes DOS and Linux based operating systems.... However, the world of computers experienced a drastic change when the concept of GUI based os was made practical.... To fully utilize these resources, innovative techniques are applied to make the best use of available resources....
6 Pages (1500 words) Assignment

Advantages and Disadvantages of Open-Source Software

The author of this essay discusses the idea of openness in the area of software, especially for the companies which are involved in purchasing of hardware and software.... The author also details the advantages and disadvantages of open-source software.... nbsp;… The way in which data or systems operate in multiple versions of an environment is called Interoperability....
10 Pages (2500 words) Term Paper
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us