In: Computer Science
What is Linux Security?
Linux Security is a module in a Linux Operationg System which gives Protection from security attacks and misuse of Operating Sysytem.It ensure Protection from the Enemy who's Bad Intention is to leak ,steal,change data or Hack your system. There are different types of security threat as follow:
Reading data - Typically associated with espionage or theft, computer systems often contain information that needs to be kept confidential or secure. This could vary from emails discussing the price of a bid for a project to personal information or bank details. The disclosure of this information could severely damage the company or have legal implications
Changing data - Potentially even more serious is that an attack could gain sufficient access to be able to update data. This could be for sabotage, as a means of discrediting the organisation or leaving a calling card. One of the biggest risks is that data could be modified and not noticed. The cases that tend to get a high profile in this area are where attackers replace web pages with their own modified versions.
Denial of service - Denial of Service (DoS) attacks are where the attacker disables, or makes unusable the services provided by the system
Access to computer - Whilst for some systems you may allow other users onto your system sometimes these user accounts could come under attack. The computer may not contain any confidential material and the user may not be able to write to any data however they could still use your system to cause damage. If someone manages to attack a computer that borders between a secure and insecure network then they could use your machine as a method of traversing between the two networks.
Linux OS has Security Policy which ensure that you have covered all of the principles Authorisation, Authenticity, Privacy / Confidentiality, Integrity, Non-repudiation and Availability as they apply to your system. Also consider how this is going to be implemented by the users and system administrators. If a security process is hard to implement or restricts someone from doing their job then you may find that the process gets ignored or is not complied with.
Linux security Policy Requriments according to Data Protection Act 1998 and ISO 7984-2 International Standards Organisation Security Standard are:
Authorisation - Only allow those that need
access to the data
Authenticity - Verifying they are who they say
they are
Privacy / Confidentiality - Ensure personal
information is not being compromised
Integrity - Ensuring that the data has not been
tampered with
Non-repudiation - Confirmation that data is
received. The ability to prove it in court
Availability - Ensure that the system can perform
it’s required function