Trojan horses are malicious files that are disguised by a exhibiting benign attributes. The alias or file type may deceive the system or the user into believing that it is a simple and harmless file such as a image or text file. The contents however, are malicious and contain executable code that can perform any number of destructive actions to the system. One common goal for a Trojan horse is to remove or modify system binaries to achieve some subversive objective. Linux employs a tripwire mechanism to counter-act these invasive files. It is in place to ensure that binaries are not replaced by Trojan files.
The tripwire mechanism records all unauthorized attempts to modify files on the Linux system. By using this record any security breach can be analyzed by the system administrator to further harden the defenses of the system.
Another vector of external attack come in the form of viruses. These are executable files that are intended to reproduce themselves over a network. The Linux countermeasure against this threat is directory security. It is system policy that the current directory that is being used is never placed in the executable path. This causes the files found in the directory to never be executed in that environment. Instead, Linux lifts the current directory into a safe-zone for execution. All current directories with potentially executable files are placed in a bin. This way if the bin becomes compromised the damage will be limited to that environment, saving the file system from being exposed to the threat. An example of this is an Internet browser. The application is lifted from its original place in the system directory and placed into a bin. This acts like an firewall; preventing viruses and other malicious attacks from spreading to the rest of the system.
Another source of attack is from within the system. Linux employs a system of user accounts and permissions to regulate the behaviors and action of registered system users. Each user is monitored and restricted by the permissions that have been granted by the system administrator. This system is in place for many reasons. The primary reasons is to only allow users what they require for daily tasks and not give them administrative abilities. Secondly each user possesses his or her own directory system. This allow users to work in a closed environment. If a user intentionally or unintentionally sets of a virus or Trojan horse, this can only infect files that the user has access to, i.e. the files in their directory. This comes with one caveat however, the Root or superuser can infect the entire system in this arrangement.
Linux utilizes a standard Unix approach to authentication. A publicly readable password file. Is maintained by the system to keep a record of users qualities, such as their passwords and User Names. One security measure is that the user's password is salted by the system. The password that is known by the user is only part of the password that is used in the authentication process. A “salt” or system generated string of bits is appended in some way to the original password string. This way the system is the only entity that knows the actual password. This process is managed by a one way function transformation. The password cannot be determined directly from the password file without lengthy trail and error process.
The second area of security feature deals with access control. Access control is a set of permissions and rights that are assigned to users or user groups. This is based on a system of unique numerical identifiers that the system maintains in its database. Individual users are given a UID or user id. This numerical identifier is associated with a single user and a single set of access rights. In a similar manner, groups of users can be granted permissions. The Group id or GID grants rights belonging to more than one user of a user group. A user on the Linux system may have a GID and a UID simultaneously; as it is an individual user and a member of a group of users.
The major exception to the access control system is the root or superuser account. This user is granted access to the majority of system resources and is able to override security policies. During access control validation, this user is allowed to bypass all checkpoints. The superuser is a powerful account on the Linux system and is intended to function a system maintenance and administrative figure.
The Linux operating system has strategically designed mechanisms and regulations that limit the threat of aggressive code and malicious users. Though these countermeasures are successful, for every advanced way of defending there is an even more advanced method of attack. The developers behind Linux use these and other techniques to ensure that their software is as secure as it can be.
Work Cited:
Bar, Moshe. 2000. Linux Internals. New York:McGraw-Hill.
Bovet, Daniel P. and Cesati, Marco. 2001. Understanding the Linux Kernel. Cambridge: O'Reilly.
Hudson, Paul, Hudson, Andrew, Ball, Bill and, Duff, Hoyt. 2005. Red Hat® FedoraTM 4 Unleashed. Indianapolis: Sams.
Silberschatz, Abraham, Galvin, Peter Baer, and Gagne, Greg. 2009. Operating System Concepts 8th Edition. Jefferson City: Wiley
0 comments:
Post a Comment