We have covered basics of SELinux, and security contexts in the last blog. Now we move on to detailed explanation of policies and archiving SELinux attributes etc.

Targeted, strict and MLS Policies

Redhat supports three policies - Targeted, Strict and MLS. The targeted policy is the default policy, under which every subject and object runs in unconfined_t domain, except for the specific targeted daemons. The objects on the system that are in the unconfined_t domain have no restrictions. The daemons that are part of the targeted policy run in their own domains and are restricted in every operation they perform on the system. Demons that are exploited like network services, which are usually vulnerable to attacks, can be protected by confining them to a specific domain. Read the rest of this entry »

The purpose of this article is to cover basic concepts and operations of administering SE Linux on an RHEL or Fedora system. This was penned to make an intro level HOWTO for getting started with SE Linux. My friend has already given an intro for this topic and I am just covering more on administering policies.

Many of us have the feeling that SELinux is too complex and forces too many changes on fundamental Linux concepts. This article covers the more basic aspects of SE Linux, and it covers topics like :

* How to use all the administrative commands that relate to SE Linux

* Difference between targeted and strict policies

* Some troubleshooting tools, that come in handy.

Read the rest of this entry »

To define a firewall in simple terms, one can put it to words as a - protective system that functions between your host/network and the sometimes “deadly” Internet. An effective firewall policy, prevents unauthorized use and access to your network/server.

The role of a firewall is to analyse information entering and leaving the network/server, based on an existing firewall configuration. It usually acts as a barrier for many form of attacks.

Ideally, a security strategy puts to use both hardware, and software firewalls. That said, understanding them based on a comparative approach definitely helps framing sound firewall policies.

Read the rest of this entry »

In the previous blog, we discussed various DNS vulnerabilities such as Cache Poisoning, Client Flooding, Information Disclosure attacks, Vulnerability in sharing a nameserver and DDos in DNS. DNSSEC provides answers to all except DDoS attacks. DNSSEC is not the abbreviation for DNS security but a set of resource records (such as A record, MX record) which can seamlessly integrate with our existing DNS infrastructure.

Read the rest of this entry »

DNS is for the Internet, what oxygen is for life. Though we constantly use it, we are unaware of its presence. DNS has come a long way since Stanford Research Institute’s Network Information Center (SRI-NIC) maintained a file called hosts.txt which contained host-names and their corresponding IP addresses, to a complex network of databases called name-servers.

DNS was originally designed to make it easier for us to memorize names (host-names) rather than numbers (IP addresses). Gradually, many applications and protocols used the host-names and IP addresses as a basis to authenticate the host. Thus DNS security came into being, since wrong information from a DNS server, can disallow a legitimate request from a legitimate client.

Read the rest of this entry »

Many hackers prefer to design and use their own tools to search for and attack vulnerable sites, but a majority of them use various exploitation “kits“. Some of the most common ones are Zeus, Neosploit, Eleonore and Justexploit. The developers of these kits constantly include 0-day vulnerabilities in the latest versions of their malware. Since most of these kits are open-source, users can also modify the code to include vulnerabilities known to them. Exploitation kits have been available for many years, and millions of users have suffered. However a study by recently established security company TEHTRI-Security suggest that the malware “kits” themselves have vulnerabilities!

Read the rest of this entry »

Consider ‘Cyberspace’ as a battleground where computers and networks are saved or compromised everyday. Until recently, the struggle had been more or less equal, but now a new and a more powerful weapon is in use - The Rootkit.

Rootkit is the perfect utility, that makes a hackers life easy. An ‘opportunity for mal-ware writers’ is probably an apt definition of a rootkit. These tools enable administrator-level access to a computer or computer network. Root-kits have become more common and their sources increasingly difficult to identify. They leverage security exploits and trojans to deceive a user into trusting the installation is not malign.

Read the rest of this entry »

If you happen to know any Windows Server “fanboys“, you’d probably have noticed the smug look they have on their faces right now. Its most likely after this little announcement. A recent version of the Unreal IRC server source tar ball, stored on various mirrors, was replaced by one that contained a backdoor. It seems it was replaced some time back in November 2009 and no one noticed it till now! So if anyone downloaded and installed it since then, their servers are open to compromise. So how safer are Linux servers? Its high time we stopped thinking of Linux as Invincible.

Read the rest of this entry »

I recently stumbled upon a site I used to frequent back in college. It hadn’t changed a bit! It sure did bring back a lot of memories, but then I started thinking. Is that really good? The feeling of nostalgia was good, but other than that, I wouldn’t want to visit it again, there was nothing “new” about it. This is a trap that many people fall into. Once they find a formula that works, they stick too it! But if you take a look at some of the big names out there, you’ll see that they didn’t stick to it..they decided to change!

Read the rest of this entry »

There are many simple methods for detecting an intrusion. Though they would only help you identify intruders who do not bother covering up their activities and traces.

In real scenario’s, you might need tools that are capable of doing much more. Many of these tools are to be installed in a clean OS and you need to constantly keep track of its reports, and act accordingly.

So, what if you do not have these intrusion detection tools installed already, and suspect something is wrong in your server. Some simple steps might help you here.

Read the rest of this entry »