Network Security

Guarding against inappropriate network access

• Securing the port numbers of networked devices.
• Unprotected port numbers may allow people to bypass the network security.

Guarding against unauthorized users

• Securing the authentication system.
• Using non-guessable passwords, encrypting and hiding passwords, ensuring human precautions (not being careless with password info).

• Generally, have to assume that every user currently logged in is a valid user (that they ARE who they claim to be); as such it's essential to prevent unauthorized people from being able to login in the first place.

Preventing users from gaining additional access rights.

• Securing the administrative files and utilities.

Monitoring the network

• Looking for signs of anything inconsistent with what's expected or allowed (for signs of intrusion, worms, viruses, or otherwise inappropriate activities).

Preventing users from having access to inappropriate user data and apps.

• Deciding which users and groups should have which rights for each set of files or directories.
• Setting the access rights as needed (on a per-directory or per-file basis).

Preventing users from misusing the access rights they've been given.

• Securing user data and apps with a very fine level of granularity, on a per-user or per-group basis.
• This might only be feasible with a DRM (digital rights management) approach.

• Permissive approach

• Is there some risk in allowing everyone a certain level of access to a given set of files or directories?
• If not, then don't restrict access beyond that level for any of the users.

• Restrictive approach

• Does a given [group of] user(s) require a certain level of access to a given set of files or directories to be able to do their job?
• If not, then don't allow them that level of access.

• Access rights in Linux are inherently additive rather than subtractive.

• Additive model

• A low level of access rights is used as the base (the "other" rights), and group members and the owner are granted additional rights.
• Owner rights  ≥ group rights ≥ other rights

• Other rights are the base level of rights, on a per-file basis.
• Group rights are additional rights granted to a specific subset of users, identified by the group attribute of the file, on a per-file basis.
• Owner rights are additional rights granted to the owner / creator / maintainer of the file, identified by the owner attribute of the file, on a per-file basis.

• The additive model is fundamentally secure, because by default, all users have a low level of access rights to all files and directories, until the proper user / group ownership are set for the files and directories, and until the users are added to the proper groups.
• Every user, file, or directory that's overlooked means a user has less access rights than they need to do their job, but it doesn't inherently create a potential security hole.

• Subtractive model

• A high level of access rights is used as the base (the "other" rights) and group members and the owner are denied a portion of these rights.
• Owner rights ≤ group rights ≤ other rights

The subtractive model is an extreme security risk, because by default, all users have a high level of access rights to all files and directories, until the proper user / group ownership are set for the files and directories, and until the users are added to the proper groups. Every user, file, or directory that's overlooked is a potential security hole.

• The additive and subtractive security models are mutually exclusive by nature.

Directory-based security

• When there are different sets of overlapping user groups, it's easier to restrict access through directory rights than through file rights.

• The security of a file (which users are always denied which access rights to it) is based on the access rights and group membership of the directory (or directory tree) the file is in.
• Users not in the group the directory (or directory tree) belongs to are denied access to the files.
• Beforehand, a user with root access must create the main directory trees and assign the access rights and group membership for a subset of the directories - for at least one parent directory of each leaf-node directory, or for the leaf-node itself.

• The group membership of the files is not important for restricting access; User Private Groups (UPGs) can reasonably be used as the primary group for users.
• In effect, the "other" rights for the files can serve as the access rights for the group - the users with access rights to the directory.

• Originally developed by the NSA.
• SELinux provides an infrastructure on which DRM (digital rights management) could be implemented.