[Mikorist]

I am not a security expert at all.

But NSA is...

U.S. NSA recently released a security-enhanced version of Linux -- code and all -- to the open source community.


From NSA Security-enhanced Linux Team:

Quote:

As part of its Information Assurance mission, the National Security Agency has long been involved with the computer security research community in investigating a wide range of computer security topics including operating system security. Recognizing the critical role of operating system security mechanisms in supporting security at higher levels, researchers from NSA's National Information Assurance Research Laboratory have been investigating an architecture that can provide the necessary security functionality in a manner that can meet the security needs of a wide range of computing environments.

End systems must be able to enforce the separation of information based on confidentiality and integrity requirements to provide system security. Operating system security mechanisms are the foundation for ensuring such separation. Unfortunately, existing mainstream operating systems lack the critical security feature required for enforcing separation: mandatory access control. As a consequence, application security mechanisms are vulnerable to tampering and bypass, and malicious or flawed applications can easily cause failures in system security.

The results of several previous research projects in this area have yielded a strong, flexible mandatory access control architecture called Flask. A reference implementation of this architecture was first integrated into a security-enhanced Linux® prototype system in order to demonstrate the value of flexible mandatory access controls and how such controls could be added to an operating system. The architecture has been subsequently mainstreamed into Linux and ported to several other systems, including the Solaris™ operating system, the FreeBSD® operating system, and the Darwin kernel, spawning a wide range of related work..



Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
FreeBSD® is a registered trademark of the FreeBSD Foundation.
Solaris™ is a trademark or registered trademark of Sun Microsystems, Inc. in the United States and other countries.

From:
Security-Enhanced Linux



Conclusion:

If NSA need a secure OS internally, and that is the Linux
we can take to be relatively secure in Linux as home desktop users.

Download


SELinux is now available in Hardy Heron.
See that page for installation instructions:

https://wiki.ubuntu.com/SELinux

[wladicus]

Mikorist,
I do not know much about these things being totally new to Linux. Is this SELinux that they are offering, a complete downloadable and self-installing system like the Kubuntu 8.04 LTS (Hardy Heron) that I downloaded and am now running on my computer?
Or is this just some of the core coding (Kernel) that will be, or can be added to any version of existing Linux versions? I went to the URL you indicate and can only see small file downloads which to me suggests it is not a complete self-installing system. Am I confused. Please help clarify. Thank you Mikorist.

[Mikorist]

SELinux is a product of government and industry, as a set of patches into the Linux kernel as of 2.6. and can be added to any version of existing Linux versions.
SELinux provides security features that are extremely useful for locking down machines, particularly servers.

Install selinux in (K)ubuntu:

1.apt-get install selinux
2.Reboot



The SELinux administrator in Fedora 8


Look:

Anatomy of Security-Enhanced Linux (SELinux)

&


Security-Enhanced Linux - Wikipedia, the free encyclopedia


Some of the top computer-scientists and
programmers in the world worked on SELinux ...

... so they may know
something about Linux that most don't.

What is that knowledge?
Linux is the most secure operating system (OS) in World...

Does NSA/US government use Linux as their main operating system??

NSA collaborate with Linux...

NSA really want to help EVERYONE LINUX users with security?

We will never not know for sure.

Your tax dollars are paying for SELinux package!

P.S
The SELinux package is OPTIONAL, you don't have to install it.

[wladicus]

Thanks a lot Mikorist. Boy you know a lot! I don't think that I really need this kind of security, but thank you for the information about this development. I also appreciate the diagram on the software interfaces. Thanks.

[Mikorist]

Quote:

Originally Posted by wladicus

Thanks a lot Mikorist. Boy you know a lot! I don't think that I really need this kind of security, but thank you for the information about this development. I also appreciate the diagram on the software interfaces. Thanks.

My final answer to this thread is in citation from NSA and Mr. Kevin Mitnick


*The most secure operating systems in World :

Quote:

1. Linux® is a registered trademark of Linus Torvalds in the United States and other countries.

2. Solaris™ is a trademark or registered trademark of Sun Microsystems, Inc.

3.FreeBSD® is a registered trademark of the FreeBSD Foundation.

4.Darwin is operating system released by Apple Inc. in 2000.

from: Security-Enhanced Linux

Quote:

Computer systems that are not connected to any network present the most secure computing environment possible

from: TESTIMONY

*Note
This conclusion is mine and citation - from NSA site...

[wladicus]

Good sources of information! Thank you.