Free Essay

It302 Reserch 1

In: Computers and Technology

Submitted By fobfather
Words 827
Pages 4
There are many ways to have internet access these days. Coffee shops, libraries, airports and even public buses have free wireless access. With all these free accesses to the World Wide Web, there is also many potential ways for hackers to potentially get your personal information and use it for their gain. There are many ways to combat this situation by using several security measures with Linux programming, which the majority of the software is free. Some of those security technologies are SELinux, TCP Wrappers, IPtables and Chroot Jail to name a few.

In basic Linux security, Discretionary Access Control is based practically by users and groups. The process is run by a user and then has access to anything other users has access to, making it not so secure. The U.S. National Security Agency (NSA) developed the SELinux (Security Enhanced Linux) to combat the lack of strong security. The SELinux implements Mandatory Access Control (MAC) in the Linux kernel which enforces policies that limits the user or a program of what they can do. It is designed to prevent process from reading and/or tampering of data and programs. MAC is an important tool for containing security threats made by user errors, hackers or software errors. It’s pretty hard to bypass the security measure since the kernel is checking the MAC rules right after checking the DAC rules on a constant basis. There are three states you can place SELinux to run in; Enforcing, Permissive and Disabled.

Enforcing is the default setting where no program or user can do anything not permitted by the security policy. Permissive is a diagnostic state where it sends warning but does not enforce the policy but you can use to build a new security policy. Disabled is where it does not enforce any security policies at all.

Another Linux based security program you can use is called TCP Wrappers. TCP Wrappers is a program that helps you accept connections from user in a remote location. It can give you a detail log of who, where and when a user is logging in the system. TCP Wrappers allows you to accept or deny connections to your network at your discretion. Its best used for internal host only so its limiting connections to a port.

Having a good firewall can prevent hackers to access your hardware router and your network. The IPtables program (which comes with Linux) allows administrators to configure the OS (Operating System) so users and programs can connect to their networks and stop other malicious user/programs from damaging the OS. IPtables also filters IP packets which is the backbone of the internet. You can use IPtables to accept or deny IP packets based on their ports or source address. Basically, it can tell which IP packets are valid or not.

There’s also a way to run programs on Linux where the program cannot access anything outside the directory or run a public server. The program is called Chroot Jail.
It creates a sandbox that allows a process to view a single sub-tree of the system. Without a Chroot Jail, a user with limited file permissions can access top level directories and hack into system critical directories. They may not have the permissions to edit the directories but they can read specific files. Chroot is a useful, but basic preventative security program but it is not made for deliberate attempts to gain root access.

There is no foolproof security program out there. Everyone is not immune to getting attacked via man-in-the-middle (eavesdropping), brute force attack (cryptography), viruses, worms, phishing, etc. Being safe on the internet requires the user to understand the kinds of software that can attack your network/computer. The right combinations of strong security software will keep you safe.

Bibliography

360is. (2006). TCP Wrappers. http://www.360is.com/03-tcpwrappers.html

Chroot Jail. (2002). Best practices for a Chroot Jail: http://www.unixwiz.net/techtips/chroot-practices.html

IPtables (2010). www.netfilter.org

Sorbell, Mark.G. (2010). A practical guide to Fedora and Red Hat Enterprises Linux (5th Ed.). Miami, FL: ITT Technical School

U.S. National Security Agency (January 2009): www.nsa.gov/research/selinux

--------------------------------------------
[ 1 ]. U.S. National Security Agency (January 2009): www.nsa.gov/research/selinux
[ 2 ]. Sorbell, M.G. (2010). A practical guide to Fedora and Red Hat Enterprises Linux (5th ed.). Miami, FL: ITT Technical School (pp. 414-415)
[ 3 ]. 360is. (2006). TCP Wrappers. Retrieved from http://www.360is.com/03-tcpwrappers.html
[ 4 ]. IPtables (2010). www.netfilter.org
[ 5 ]. Sorbell, M.G. (2010). A practical guide to Fedora and Red Hat Enterprises Linux (5th ed.). Miami, FL: ITT Technical School (pp. 819-822)
[ 6 ]. Sorbell, M.G. (2010). A practical guide to Fedora and Red Hat Enterprises Linux (5th ed.). Miami, FL: ITT Technical School (pp. 448-449)
[ 7 ]. Chroot Jail. (2002). Best practices for a Chroot Jail: http://www.unixwiz.net/techtips/chroot-practices.html…...

Similar Documents

Premium Essay

It302 Research #1

...IT302 Linux Administration Research #1 I researched three Linux security technologies which are, SELinux, chroot jail and iptables. As you read into this research you will see that they are split up into their own catagories so that it is easy to read information on whichever topic you would like. SELinux As part of its Information Assurance mission, the National Security Agency has long been involved with the computer security research community in investigating a wide range of computer security topics including operating system security. Recognizing the critical role of operating system security mechanisms in supporting security at higher levels, researchers from NSA's National Information Assurance Research Laboratory have been investigating an architecture that can provide the necessary security functionality in a manner that can meet the security needs of a wide range of computing environments. End systems must be able to enforce the separation of information based on confidentiality and integrity requirements to provide system security. Operating system security mechanisms are the foundation for ensuring such separation. Unfortunately, existing mainstream operating systems lack the critical security feature required for enforcing separation: mandatory access control. As a consequence, application security mechanisms are vulnerable to tampering and bypass, and malicious or flawed applications can easily cause failures in system security. The results of several...

Words: 1295 - Pages: 6

Free Essay

It302 Research Assignment 1

...Research Assignment 1 IT 302 Linux System Administration January 21, 2013 The purpose of this paper is to secure UNIX/Linux operating systems from unscrupulous people. It shall be focused on SELinux, chroot jail, and iptables. Each of the three focus areas will be detailed, with specific interest in the following. What organization is behind it and reason entity is involved. How each technology changes the operating system to enforce security, and if the security measure can be easily bypassed. And finally, describe the types of threats each of the technologies is designed to eliminate. Since no two UNIX-based operating system builds are exactly alike, it is important to note that each build may have its own inherent security flaws. SELinux was developed by The United States National Security Agency (NSA). The first version was made available to the open source development community under the GNU GPL on December 22, 2000. The software merged into the mainline Linux kernel 2.6.0-test3, released on 8 August 2003. Other significant contributors include Network Associates, Red Hat, Secure Computing Corporation, Tresys Technology, and Trusted Computer Solutions. Experimental ports of the FLASK/TE implementation have been made available via the TrustedBSD Project for the FreeBSD and Darwin operating systems. The reason NSA is involved in this project is because this organization is responsible for carrying out the research and advanced development of......

Words: 900 - Pages: 4

Free Essay

It302

...simply read the instructions in here without understanding # what they do. They're here only as hints or reminders. If you are unsure # consult the online docs. You have been warned. # # The configuration directives are grouped into three basic sections: # 1. Directives that control the operation of the Apache server process as a # whole (the 'global environment'). # 2. Directives that define the parameters of the 'main' or 'default' server, # which responds to requests that aren't handled by a virtual host. # These directives also provide default values for the settings # of all virtual hosts. # 3. Settings for virtual hosts, which allow Web requests to be sent to # different IP addresses or hostnames and have them handled by the # same Apache server process. # # Configuration and logfile names: If the filenames you specify for many # of the server's control files begin with "/" (or "drive:/" for Win32), the # server will use that explicit path. If the filenames do *not* begin # with "/", the value of ServerRoot is prepended -- so "logs/foo.log" # with ServerRoot set to "/etc/httpd" will be interpreted by the # server as "/etc/httpd/logs/foo.log". # ### Section 1: Global Environment # # The directives in this section affect the overall operation of Apache, # such as the number of concurrent requests it can handle or where it # can find its configuration files. # # # Don't give away too much information about......

Words: 4666 - Pages: 19

Free Essay

It302-Unit4

...IT302-Unit4- Kaplan University Part 1: Dashboard Design. For the dashboard that I anticipated is required to meet the needs of the task that I discussed in Unit 3, I believe that the best approaches are either a Semantic Network or the use of Scenarios, Flowcharts and Cognitive walkthroughs, and more specifically Scenarios. Although this may be the most productive approach, it is likely that in the process of creating the dashboard that parts of a number of the conceptual designs could contribute to the finished product. While the Semantic Network is comprised of elements that would be useful and productive, particularly by providing ease in exploring the problem space and graphical views, it does not offer us all the information that would be constructive. To accomplish that, I believe the use of Scenarios, Flowcharts and Cognitive walkthroughs would provide us with the most useful means to develop a dashboard adequate to provide the functionality we are seeking. Of these, the use of Scenarios would provide the easiest means to develop a dashboard with the desired functionality initially along with the ability to modify easily as required to accomplish what is needed. By creating scenarios and including them in the early development of the dashboard we will provide ourselves with a means to develop a versatile form that can be easily amended as needed to provide a finished console that provides the full functionality......

Words: 590 - Pages: 3

Premium Essay

It302-Unit5

...IT302-Unit5- Kaplan University Part 1: Design choice and wireframe. The range of purposes that kiosks serve is broad and varied. From providing information or services to the purchase of an extensive array of goods a kiosk can be and frequently is used to meet the desires and needs of the general public and consumers. In recent years there has been a substantial and steady increase in the frequency that we see or use some form of stand alone kiosk. The wireframe that I considered is more general in nature. This was done to provide flexibility in the design that can be easily used across a broad range of services with minimal modification. It also accommodates easy adjustment for use by disabled individuals. [pic] Part 2: Report of design principles. The final goal in designing a kiosk is to generate a product that will meet the needs of the business or organization that is using it to provide goods or services to its potential clientele. The purpose is to produce a product that is highly intuitive, and also provides clear and concise instructions on the proper use of the kiosk in general and specific features for those patrons that need assistance. The final design is influenced by several factors; • The service it provides and its ultimate function. • Ease of use and convenience for all users including handicapped. • The surroundings it needs to blend with. • Ease...

Words: 807 - Pages: 4

Free Essay

It302-Unit6

...IT302-Unit6A- Kaplan University Part1 – Introduction. The approach I used in unit 5 was a generic design which is flexible in nature with a basic layout planned so it can be easily molded, or modified to fulfill a variety of needs or applications. The wireframe associated with the design is shown without a supporting structure. The associated structure will be dictated by its application and placement. Part 2. WIMP. WIMP is an established approach that has become commonplace in its usage with and basic functionality on kiosks. The term WIMP stands for windows, icons, menus and pointers which are the primary objects used in the presentation of data to the customer or client and the means to communicate with the system. The term was coined by Merzouga Wilberts in 1980 that was part of the working group at Xerox Parc that ultimately developed the Graphical User Interface under the guidance of Allen Kay (Charlotte). Although still used, the term “WIMP” is slowly being overtaken by newer approaches and standards. As stated by Allen Kay, "We've taken the WIMP interface as far as it can go," he added, referring to the Windows-icon-mouse-pull-down menu” (Laurie, 1995). The first and most possibly the largest single item that the user sees is the monitor. Not only is it the most visible item we see whether the kiosk unit is handheld or free standing, it is the device that we depend on most for our visual interaction......

Words: 1787 - Pages: 8

Free Essay

It302-Unit6B

...IT302-Unit6B- Kaplan University As a consumer when we use a kiosk for a transaction, we expect it to provide us with a level of service or actions at least on a par with a proficient sales person or staff. If this is what we expect when we use a kiosk or similar device, then any design or implementation we are involved in must be done to the same or a higher level. After an introductory exposure to the requirements needed to meet the expectations of those who will be using the kiosk, our efforts need to be directed to create a device that meets or exceeds those expectations. In order to meet these expectations our first step is to thoroughly understand what is anticipated and needed to meet the expectations of potential users. In order to accomplish this we will need to conduct market research to truly find out what is expected by potential customers. Our design will need to attract potential customers and create an interest in products that are promoted or displayed. The clients’ initial impression will be an important part of this task. If the kiosk fails to attract the customers and impress them, it will simply become a device that takes up room. In order to maximize the any benefits that we may receive from the kiosk, we need to select the proper location and provide proper exposure for the kiosk. No matter how well designed it is or the bells and whistles it may have, if it’s in a poor location and lacks......

Words: 677 - Pages: 3

Premium Essay

Unit 8 It302

...Ariel Ruiz It302 Assignment 8.1 1. Which company originally created NIS under the name Yellow Pages, and then later changed the name since it was owned by “another corporation”? NIS was developed by Sun Microsystems. 2. What configuration file is used to tell Linux which system (NIS, DNS, files, etc.) to use for name resolution, authentication, etc.? The /etc/ncsd.conf configuration file is used to tell Linux which system to use for name resolution, authentication, etc. 3. The file format for an NIS database file is called a dbm. 4. Which Linux file generates two maps in NIS? The /etc/passwd file generates two maps: one indexed by username, the other indexed by UID. These maps are named passwd.byname and passwd.byuid. 5. What utility is used to display raw information from an NIS server? The ypmatch utility or ypcat utility is used to display raw information from an NIS server. 6. Which is the name of the init script for LDAP: ldap or slapd The name of the init script for LDAP is slapd. 7. What is the name for the root, or top level, entry in an LDAP directory? DSE is the root, or top level entry in an LDAP directory. 8. Expand and explain the following acronyms: a. CN = Common Name = is the attribute value used in the Relative Distinguished Name (RDN) b. DC = Domain Component = my-domain c. DN = Distinguished Name = uniquely identifies each entry in an LDAP directory. d. DSE = DSA Specific Entry =......

Words: 319 - Pages: 2

Free Essay

Reserch

...penyelsaian tugas yang telah dibebankan terhadap pekerja 1.4 Tujuan Penelitian Adapun tujuan penelitian ini berdasarkan rumusan masalah yang ada, yakni : Untuk mengetahui bagaimana pengaruh disiplin kerja terhadap produktivitas pada SAHABAT LAUNDRY 1.5 Manfaat Penelitian Adapun Manfaat yang dapat diperoleh dari penelitian ini adalah sebagai berikut : 1. Manfaat Teoritis a. Untuk menambah refernsi terhadap kajian Sumber daya manusia terkait dengan disiplin dalam kerja b. Sebagai bahan acuan untuk penelitian sejenis yang akan dilakukan di masa yang akan datang. 2. Manfaat Praktis a. Menambah pemahaman mengenai sumber daya manusia agar para pengusaha dapat meningkatkan disiplin kerja pada karyawannya b. Memberikan pemahaman bahwa tingkat kedisiplinan dapat mempengaruhi produktivitas dalam melakukan tugas yang telah dibebeankan terhadap karyawan 1.6 Tahapan Penelitian 1. Pencarian ide 2. Pencarian data primer 3. Analisis 4. Pencarian data sekunder 5. Analisis 6. Simpulan dan saran 1. 1.7 Waktu dan Tempat Penelitian 1. Waktu Minggu, 21 September 2014 2. Tempat Jl sukabirus Gg Hj atmawigena BAB II KAJIAN PUSTAKA 2.1 Tinjauan Teori 2.1.1 Teori Motivasi Human Relation Teori ini mengutamakan hubungan seseorang dengan ligkungannya. Menurut teori ini seseorang akan berprestasi baik jika ia diterima dan diakui dalam pekerjaan dan lingkungannya. Teori ini menekankan......

Words: 8738 - Pages: 35

Premium Essay

Unit 2 Reserch Paper 1: Experiment

...it Unit 2 Research Paper 1: Experiment Tanya Hernandez GS1140 Mr. Sanchez 10/01/2015 ITT Technical Institute Unit 2 Research Paper 1: Experiment My sister Jourdan has hired her father-in-law Andy, to remodel her back yard for her new home. The previous owners landscaped part of the backyard, but she would like help in landscaping the rest of it. Andy has the potential to be a great landscaper, but isn’t very good at math and will need Jourdan’s help before he can get started. Jourdan’s yard is 200 feet long, and its width is 75% of its length. The portion of her yard that does not need to be landscaped is along the shortest part of the yard and is 10% of the width of that part of the yard. Jourdan would like to put in grass, but does not want it to take up more than 1/25 of the space in her yard (space is in ft2). What is the largest area the grass can take up? If Jourdan’s grass takes up that much space and each grass piece 4ft wide, how long are they? Jourdan would like to add some brick to her patio. If each of those bricks is 6 inches long 3 inches wide. She only needs to cover 15 square feet, how many bricks does she need? We have discovered that the length of her yard is 150 feet. She will not need to landscape 15 square feet. 120 square feet of yard space will be covered in grass. Each piece of that grass is 30 feet in length. The last part of her landscaping will include laying down some brick and we found out that she will need 10......

Words: 317 - Pages: 2

Premium Essay

Reserch

...because it allows students to engage in “exploratory talk.” (p. 200) Hence, the trainer in this course assigned several writings to course members as their assignments and made the students exchange their works for revisions. Their writings were thesis papers, which were written based on learned writing strategies and topics of Krashen’s “theory of “Affective Filter.” At the end of writing training process for eight weeks, volunteers’ perceptions of peer feedback were collected through a list of survey questions (see Appendix II). After the answers as well as the data of this quantitative study were collected, their statements about their perceptions of peer feedback style of learning were analyzed and reported. Research Schemas 1. Session 1 (the first two weeks), the power point files introducing writing strategies had to be produced. 2. Session 2 (the 3rd and 4th weeks), course selectors’ in-class writing and peer correcting activities had to be executed. 3. Session 3 (the 5th and 6th weeks), researcher cooperators were suggested to find a positions toward peer feedback pedagogies. At the same time, the writing learners learned thesis writing strategies with their trainer and their papers were corrected by peers. 4. Session 4 (the last two weeks), data through survey provided by seven volunteers had to be transcribed, analyzed and reported. Statistical Study through Survey Questions This was a quantitative study through survey containing ten questions......

Words: 3848 - Pages: 16

Free Essay

Reserch

...of NET ZERO Imports by 2020 as a striking demonstration of intent. This ambitious goal requires coordinated action on many fronts, such as: a. Taxation, incentives b. Economies of scale, eliminating cost disadvantages c. Focus areas – Big Ticket Items * FABS, Fab-less design, Set top boxes, VSATs, Mobiles, Consumer & Medical Electronics, Smart Energy meters, Smart cards, micro-ATMs a. Incubators, clusters b. Skill development, Enhancing PhDs c. Government procurement d. Safety Standards – Compulsory registration, Support for Labs and MSMEs e. National Award, Marketing, Brand Building f. National Centres – Flexible Electronics, Security Forces g. R & D in electronics IT for jobs 1. IT Trainings to people in smaller towns and villages   2. The target of this component is to train one crore students from smaller towns & villages for IT sector jobs over 5 years. DeitY is the nodal department for this scheme. 3. IT/ITES in Northeastern States 4. This component focuses on setting up BPOs in every north-eastern state to facilitate ICT enabled growth in these states. DeitY is the nodal department for this scheme. 5. Training Service Delivery Agents 6. The focus is on training three lakh service delivery agents as part of skill development to run viable businesses delivering IT services. DeitY is the nodal department for this scheme. 7. Training Rural Workforce on Telecom and Telecom related......

Words: 1349 - Pages: 6

Free Essay

It302 Activity 1

...Chapter 2 Installation Overview 1. A Net Boot CD is a way to install a new system from a hard disk or over a network. 2. Three considerations for planning an installation are; a. SELinux improves system security by implementing mandatory access control policies in the Fedora kernel b. Install a Graphical desktop environment (GUI) such as GNOME and/or KDE. c. Install additional software and services packages to fit the need of the user. 3. By default Fedora divides the disk into three partitions, including ‘/boot’ and Logical Volume Manager (LVM). 4. Manual partitioning the hard disk has its advantages, such as being able to isolate a filesystem for security or backup needs. 5. The / (root) partition is the main filesystem on the hard disk. Any new created directories will become part of the root filesystem unless a filesystem is created. 6. The swap partition is where Linux temporarily stores programs and data when it does not have enough RAM to hold all the information it is processing. 7. The /boot partition holds the hernel and other data the system needs when it boots. In order for the /boot partition to work properly it must be one of the first partitions on the disk. 8. The /var (variable) partition holds the bulk of system logs, package information, and accounting data. The /var/log partition is commonly used in a separate partition to isolate system logs from other files in the /var directory. 9. The /home partition ......

Words: 831 - Pages: 4

Free Essay

It302

...coffee shop is there property and you will have to pay for buying it. Hence, it is rival as well as excludable. It is a private good. City fire protection is provided by the government and it is non rival and non excludable. Provided free of cost hence, it is a public good. Polar Bears are a common resource a natural resource or wildlife you can say. Clean Air is non rival and non excludable but not provided by government. Though government can take steps to ensure that air is not polluted by industries and firms. 1. Do corporate managers always act in the best interest of shareholders? • The claim that managers can ignore the interests of shareholders is deduced from the fact that ownership in large corporations is widely dispersed. As a consequence, it is often claimed that individual shareholders cannot control management. There is some merit in this argument, but it is too simplistic. The extent to which shareholders can control managers depends on (1) the costs of monitoring management, (2) the costs of implementing the control devices, and (3) the benefits of control. When a conflict of interest exists between management and shareholders, who wins? Does management or do the shareholders control the firm? There is no doubt and that ownership in large corporations is diffuse when compared to the closely held corporation. However, several control devices used by shareholders tie management to the self-interest of shareholders. 2. Research and present one......

Words: 478 - Pages: 2

Free Essay

It302 Linux System Administration Research Assignment 1

...IT302 Linux System Administration Research Assignment 1 SELinux or Security Enhanced Linux uses an architecture that separates enforcement from access policy decisions. With this architecture different types of policies can be implemented, including Role-Based Access Control (RBAC), Type Enforcement (TE), and Multi-Level Security (MLS). The module assigns security labels to each subject or object. It uses a security class to determine the kinds of relationship a pair of labels might have. The triplet consisting of a pair of labels and a class are then sent to a policy server to determine if access is allowed. The security labels are assigned dynamic integer security ID's (SID's); the reply from the policy server is cached in an 'access vector cache' for performance reasons. SELinux was developed in coordination with the open source community and the National Security Agency (NSA) to provide the highest level of security for the Linux operating system. Linux V-Server – The three basic elements of the VServer are: * The security context. A process in one security context cannot see processes in other security contexts, neither with the 'ps' command, nor with 'cat /proc' nor in any other way. As side-effect, this means that a process in one context cannot kill processes in other contexts. * Capabilities. The existing Linux kernel provides a wide variety of capabilities which can be taken away from processes. These include the ability to change network......

Words: 423 - Pages: 2