* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Overview of Operating Systems Security Features
Computer and network surveillance wikipedia , lookup
Password strength wikipedia , lookup
Cryptography wikipedia , lookup
Address space layout randomization wikipedia , lookup
Multilevel security wikipedia , lookup
Distributed firewall wikipedia , lookup
Access control wikipedia , lookup
Airport security wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Post-quantum cryptography wikipedia , lookup
Wireless security wikipedia , lookup
Information security wikipedia , lookup
Security and safety features new to Windows Vista wikipedia , lookup
Next-Generation Secure Computing Base wikipedia , lookup
Secure multi-party computation wikipedia , lookup
Cyber-security regulation wikipedia , lookup
Cybercrime countermeasures wikipedia , lookup
Computer security wikipedia , lookup
Unix security wikipedia , lookup
UNCLASSIFIED Overview of Operating Systems Security Features - LINUX Introduction A key advantage of LINUX desktop operating system (OS) is its low cost and ease of customization to environment and/or solutions specific requirements, but this can also present security risks. A LINUX desktop that is part of the GC network environment may be compromised by malicious software (malware) or other threats that could spread through GC networks. Unsecure installation of the LINUX desktop OS could either expose stored GC information to unauthorized personnel or make critical information unavailable. For these reasons, departments should ensure that all LINUX desktop OS systems are configured and used securely. Life Cycle Security should be addressed in each phase of an OS’s life cycle: evaluation, configuration, deployment, management and decommissioning. Working Environments LINUX OS security controls can vary based on the intended use. Typical end-uses include: Dedicated Production GC office desktops (most secure), development GC Office desktops (moderately secure), and mobile desktops (least secure) such as reception desks, conference rooms, and printing areas. Authorization – Restrict access to administration tools and where possible remove extra default permissions for services and tools. Access Control – Restrict access to the internal firewall system configuration, disallow remote “root” login, lockdown system accounts, review enabled service and scheduler security, and for systems that are running web services, harden web security. Confidentiality – Ensure all accounts are protected by a password that meets departmental security requirements. Integrity – Use up-to-date patch management, ensure systems have anti virus and malware protection, and disable automatic downloads. Availability – Using partitioning software to create sections of the hard drive allows administrators to lock down access and enforce strict lock down on the startup services. Accountability and Non-Repudiation –Purge unnecessary accounts, enable logging to start automatically on boot. Implement secure log files storage and enable time synchronization with a secure authorized time source. Basic Security Recommendations Identification and Authentication – Current implementations of Linux are vulnerable through user passwords. Passwords are stored in clear text, meaning they are easily understood by any user that knows the password file location, and the default encryption tool for information does not meet the Government of Canada recommended encryption requirements. Departments are recommended to identify and use an alternative encryption tool that meets or exceeds Government of Canada requirements. Security Profile Working Environment Least Dangerous (Most Secure) GC Production Desktops Moderately Dangerous (Moderately Secure) GC Development Desktops More Dangerous (Less Secure) Most Dangerous (Least Secure) www.cse-cst.gc.ca [email protected] 613-991-7654 Shared Desktops Mobile Desktops CSG-10\L1