Question

Really Cheap Used Computers, Inc. is an online seller of old school computers. The organization’s e-commerce Web

site runs on a Linux server. The server is located at the organization’s local office in Boston, Massachusetts. The

company has experienced tremendous growth and has hired you as the new security analyst. You access the server

and find that there are no layers of security other than the passwords set for user accounts.

Discuss at least three layers of access control that can be put in place on this server to create a more secure

environment. Rationalize whether the given scenario represents discretionary access control (DAC) or mandatoryaccess control (MAC).

Participate in this discussion by engaging in a meaningful debate regarding your choices of the three layers of

access control in Linux. You must defend your choices with a valid rationale. Summarize your thoughts in a Word

document and submit it to your instructor

Should be 1-2 pages

Self-Assessment Checklist



I identified at least three layers of access controls that can be used to create a secure Linux server

environment.



I determined whether the given scenario represented DAC or MAC.



I engaged in a discussion of the assigned topic with at least two of my peers.



I supported my arguments with data and factual information.



I compared and contrasted my position with the perspectives offered by peers.



I raised questions and solicited peer and instructor input on the topics discussed.



I articulated my position clearly and logically.



I followed the submission requireme

Answer 1

One of the most vital security tasks is to maintain control over incoming network connections. As system administrator, there are many layers of control over these connections. At the lowest level unplug network cables, but this is rarely necessary unless your computer has been badly cracked beyond all trust. More realistically, you have the following levels of control in software, from general to service-specific:
Network interface - The interface can be brought entirely down and up.
Firewall - By setting firewall rules in the Linux kernel, you control the handling of incoming (and outgoing and forwarded) packets. This topic is covered in Chapter 2.
A superdaemon or Internet services daemon- A superdaemon controls the invocation of specific network services. Suppose the system receives an incoming request for a Telnet connection. The superdaemon could accept or reject it based on the source address, the time of day, the count of other Telnet connections open... or it could simply forbid all Telnet access. Superdaemons typically have a set of configuration files for controlling your many services conveniently in one place.
Individual network services - Any network service, such as sshd or ftpd, may have built-in access control facilities of its own. For example, sshd has its AllowUsers configuration keyword, ftpd has /etc/ftpaccess, and various services require user authentication.
These levels all play a part when a network service request arrives. This is considered a DAC (Discretionary Access Control) as it is not something the individual user controls as they are not an administrator, which only SELinux and AppArmor are examples of systems using MAC’s.