SELinux: NSA's Open Source Security Enhanced Linux | 
 enlarge | Author: Bill Mccarty
Publisher: O'Reilly Media, Inc.
Category: Book
List Price: $39.95
Buy New: $29.62
You Save: $10.33 (26%)
New (21) Used (9) from $19.50
Rating:  9 reviews
Sales Rank: 231424
Format: Illustrated
Media: Paperback
Pages: 254
Number Of Items: 1
Shipping Weight (lbs): 1
Dimensions (in): 9 x 7 x 0.7
ISBN: 0596007167
Dewey Decimal Number: 004
UPC: 636920007166
EAN: 9780596007164
Publication Date: October 11, 2004
Availability: Usually ships in 1-2 business days
Shipping: International shipping available
Condition: Brand New. Delivery is usually 5 - 8 working days from order, International is by Royal Mail Airmail
| |
| Similar Items:
|
| Editorial Reviews:
Product Description
The intensive search for a more secure operating system has often left everyday, production computers far behind their experimental, research cousins. Now SELinux (Security Enhanced Linux) dramatically changes this. This best-known and most respected security-related extension to Linux embodies the key advances of the security field. Better yet, SELinux is available in widespread and popular distributions of the Linux operating system--including for Debian, Fedora, Gentoo, Red Hat Enterprise Linux, and SUSE--all of it free and open source. SELinux emerged from research by the National Security Agency and implements classic strong-security measures such as role-based access controls, mandatory access controls, and fine-grained transitions and privilege escalation following the principle of least privilege. It compensates for the inevitable buffer overflows and other weaknesses in applications by isolating them and preventing flaws in one application from spreading to others. The scenarios that cause the most cyber-damage these days--when someone gets a toe-hold on a computer through a vulnerability in a local networked application, such as a Web server, and parlays that toe-hold into pervasive control over the computer system--are prevented on a properly administered SELinux system. The key, of course, lies in the words "properly administered." A system administrator for SELinux needs a wide range of knowledge, such as the principles behind the system, how to assign different privileges to different groups of users, how to change policies to accommodate new software, and how to log and track what is going on. And this is where SELinux is invaluable. Author Bill McCarty, a security consultant who has briefed numerous government agencies, incorporates his intensive research into SELinux into this small but information-packed book. Topics include: - A readable and concrete explanation of SELinux concepts and the SELinux security model
- Installation instructions for numerous distributions
- Basic system and user administration
- A detailed dissection of the SELinux policy language
- Examples and guidelines for altering and adding policies
With SELinux, a high-security computer is within reach of any system administrator. If you want an effective means of securing your Linux system--and who doesn't?--this book provides the means.
|
| Customer Reviews: Read 4 more reviews...
 Every Linux person could use this book December 12, 2004
S. Thomas Adelstein (Dallas, TX USA)
7 out of 7 found this review helpful
Bill McCarty has done a top notch job of explaining Security Enhanced Linux as well as the security model itself. I've attempted so many time to "get it" about SELinux and not until I read this book did it make sense.
Bill's organization of the material makes a huge difference. He breaks the subject down into easily understandable chunks. The reader can follow the simple road until everything makes sense. And, SE Linux does make sense. It should be implemented everywhere.
Another thing compelled me to get this book -- it's size. This is a relatively small book. I remember thinking that I could read it without spending two weeks in a study mode. I was right about that. I read it in quick order.
I especially like O'Reilly books. I aslo like Bill's editor, Andy Oram. With the two of them collaborating, you're going to get an interesting book, topics that flow well and a professional product worth much more than the list price.
I'm glad I found this book. I want to congratulate all parties involved for creating an excellent product. I also want to say thank you for enabling me to work with Security Enhanced Linux.
Excellnet Overview November 18, 2004
Ram (Wash, DC)
6 out of 6 found this review helpful
This book is a must read for beginners exploring the powers of SELinux and trying to setup a custom system. it has all the information needed to give a basic grounding of how everything is organised and how security is incorporqated into the kernel. it deals with the structural as well as the functional organization of the various components involved. although not exhaustive in examples there is a considerable number of'em on which one can work out his own specific interest.
SELinux->Best thing ever released by the NSA October 28, 2004
Erik E. Erwitt (Lopez Island, Wa USA)
7 out of 8 found this review helpful
Some geeks feel that the best day every would be the day that the NSA releases all their secrets to the open. I disagree, the best thing the NSA could ever have done was release SELinux. I have been a faithful user for a long time and feel it is very robust and well designed. Role Based Access Control and Mandatory Access Control are a necessity in todays computer age and it is amazing that it took the NSA to finally get it right.
This book is a very comprehensive look at the outer workings of SELinux. It seems to be the only book or organized literature out there. I hope one day the NSA will begin their own free documentation process.
Timely, Accurate and Readable December 20, 2004
Nicholas Donovan (Dallas, TX USA)
5 out of 6 found this review helpful
Bill McCarty's book is all of the above and the requirements have been met for a throughly enjoyable read.
You don't have to be a Linux geek to appreciate the security mechanisms that Information Assurance Directorate of the NSA and the myriad of contributors have helped to create.
These go way beyond IT systems decisions and at their base level represent good business management practice.
The days of using insecure, bloated operating systems to power your business are over. In this age of real competitive and even terroristic threats affecting your companies data, you owe it to your self to investigate the security mechanisms put forth in this book and give your business the competitive edge.
One of the best on creating a secure Linux system February 6, 2005
Harold McFarland (Florida)
7 out of 9 found this review helpful
So what makes Selinux more secure than standard Linux? Primarily it is the implementation of role-based access control, sandboxing, and an audit facility that allows the system to log any attempts to exceed specified permissions. It does all this without conflicting with the normal permissions of Linux. If you are able to access a file through normal discretionary access control then the role-based mandatory access control provides additional security to determine if you can run the file or not. The only way to open a file is if both systems agree that you should be able to open it.
The author covers installation, configuration, administering, and setting up a security policy. The presentation of SeLinux is straightforward and the security model is presented in a writing style that makes it clear and understandable to the reader.
SeLinux: NSA's Open Source Security Enhanced Linux is highly recommended as both a Linux security solution and an excellent book on how to utilize all the resources of SeLinux.
|
|
|
