IT Security Solutions
VanTosh provides IT security consulting relating to increasing the security of IT systems in general.
SELinux, Security-Enhanced Linux, is a feature that provides that provides Manditory Access Control (MAC) in Linux. This mechanism provides access control through security policies enforced by the Linux Security Modules (LSM), which runs as a Linux kernel module. SELinux is not a Linux distribution, but rather a set of kernel modifications and user-space tools that can be added to various Linux distributions It creates compartments for each process, socket, file and user to allow seperation and isolation to each compartment.
Here are some of the features of SELinux :
- Labels as the main way to allocate security rules
- Separation of policy from enforcement
- Manditory quering of application policy enforcing access control
- Support for policy changes and custom policy
- Separate measures for protecting system integrity (domain-type) and data confidentiality (multilevel security)
- Control over process initialization and inheritance and program execution
- Control over file systems, directories, files, and open file descriptors
- Control over sockets, messages, and network interfaces
- Cached information on access-decisions using Access Vector Cache (AVC)
It has been integrated into the mainline Linux kernel and into most commonly used Linux distributions.
Server hardening is a process whereby the security of the server gets increased by reducing the area of possible vulnerabilities.
Generally systems have unnecessary software, usernames, logins and services running, disabling or removal of them already can increase security.
Another simple way is to implement seperation of duties by using single function systems or single process systems.
The use of specific extensions in web servers, database servers or other services can also increase security, while leaving the application untouched.
A database server generally is installed using a default template, this templates are not secure at all, it is therefor required to increase security of these database servers.
A list or database servers supported for hardening :
- IBM DB2
Please contact us for more specific information.
Standard applications are installed and updated regularly for security reasons, however most of these standard applications have not been secured or are installed incorrectly allowing all users to gain access or even outsiders to gain access.
An adjustment to the applications to increase security, isolation of the application on the system, user access to the application are some possible ways to increase security.
Please contact us for more information.