Linked by Amjith Ramanujam on Fri 18th Jul 2008 17:06 UTC, submitted by Rahul
Linux Linux security may seem daunting, but there are a host of best practices to simplify the maze. Recently, Steve Grubb of Red Hat Inc. outlined some important security principles, including minimizing admin access, the increasing sophistication of SELinux and the importance of auditing systems.
Permalink for comment 323633
To read all comments associated with this story, please click here.
RE: Information Security: CIAA
by SEJeff on Fri 18th Jul 2008 21:23 UTC in reply to "Information Security: CIAA"
SEJeff
Member since:
2005-11-05

Pretty good, but you are missing one of the main buzzwords that SELinux was designed to achieve, IA (Information Assurance)[1].

SELinux is a form of MAC (Mandatory Access Control)[2] that provides IA. A simpler version of MAC such as SMACK or AppArmour can't do IA by design. The pathname isn't enough information to do proper IA flow.

This is a good article though.

[1] http://en.wikipedia.org/wiki/Information_assurance
[2] http://en.wikipedia.org/wiki/Information_assurance

Reply Parent Score: 1