|
|
|
|
|
|
Digg |
|
|
|
When an attacker succeeds in infecting a victim’s system, the attacker inherits the victim’s privileges. App Armor beats the attack by reducing the potential victim’s privileges to a minimum.
Novell views AppArmor [1] as an easily configurable but effective protection system for Linux. According to the vendor, AppArmor competes with SE Linux, which has been part of the Suse distribution for quite a while now, although lacking the policies needed to run it. Whereas SE Linux is comparatively difficult to configure, but implements comprehensive MACs (Mandatory Access Control), AppArmor focuses on restricting the scope of individual applications. The Task It is an unfortunate fact that many programs suffer from bugs, and web applications are particularly badly hit. Most software is not coded by security specialists, though it may be publicly accessible via the web, and this makes it an easy target for attackers. If an attacker finds a programming error in an application, they can typically exploit the error, thus gaining access to the target system.
|
|
|
| Related Articles | |
|---|---|
| GOLDEN CAGE | Hardening systems with AppArmor |
| COUNTERPOINT | Novell and Red Hat security experts face off on AppArmor and SELinux |
| INTRUSION STORIES | Understanding, detecting, and preventing network attacks |
| SECURITY HARDENED | Mandatory Access Control with SELinux |
| BREAKING IN AND KEEPING OUT | Kernel 2.6 rootkits and the quest for Linux security |
| BOOK REVIEWS | |
| Special Linux Magazine 3 for 1 Offer |
|---|
|
Get 3 Issues + 3 DVDs for the price of a single issue! Let Linux Magazine's hands-on, technical articles guide you in your daily Linux use. Check out bonus DVDs like Ubuntu, SUSE, or Fedora and save the download. Only available for a limited time. Don't miss out! |
Comments