240 likes | 446 Views
Security Strategies in Linux Platforms and Applications Lesson 3 Basic Security: Facilities Through the Boot Process. Learning Objective. Lock down the Linux boot process. Key Concepts. Physical server security Challenges of the standard kernel and possible security issues
E N D
Security Strategies in Linux Platforms and Applications Lesson 3 Basic Security: FacilitiesThrough the Boot Process
Learning Objective • Lock down the Linux boot process.
Key Concepts • Physical server security • Challenges of the standard kernel and possible security issues • Secure boot loaders • Obscurity as a security enhancement
Challenges of Standard Kernel • Different kernels for different architectures • What kernels can be installed on your system? • What kernel is best for your needs? • When do you consider a different kernel? • You may need to customize a kernel or install a new kernel for more security.
Boot Loader Security • Black-hat hacker use poorly configured boot systems and boot loaders to gain administrative access to systems
Locking Down Boot Loaders • Back up boot loader before making changes • If something goes wrong: • Use rescue mode on local distribution or a live CD to boot system • Access local drives • Restore the boot loader from backup • Use the appropriate command (grub-install or lilo)
TPM and Trusted Computing • Trusted Platform Module (TPM) • Not open source • Password protection • Software license protection • Digital rights management (DRM) • Disk encryption • Chain of trust • TPM in a open source environment • trousers, package with the TCG software stack, tpm-tools
Summary • Physical server security • Challenges of the standard kernel and possible security issues • Secure boot loaders • Obscurity as a security enhancement