SELinux is a special security system built into Linux computers that controls which programs can have access to files and perform actions they are allowed to do.
For example, The web browser can connect to the internet but it cannot read your private documents. This prevents viruses and hackers from gaining full control over your system if they get into one program.
SELinux works by implementing mandatory access controls (MAC). With MAC, sysadmins define which users and processes have access to specific resources rather than relying on less secure broadly-defined permissions. To accomplish this, SELinux uses security policies.
SELinux blocks all applications and users by default, allowing access only to those specified in the security policies.
These rules set the permissions for each user, program, and resource. SELinux keeps track of every decision in the Access Vector Cache (AVC). This makes checking permissions faster.
SELinux uses labels with the policy rules to decide what actions to allow for each resource. Admins assign labels to every process, network port, file, etc.
Labels include:
Label format
user:role:type:level
Enforcing mode: This is default and most secure. SELinux actively enforces the policy rules, denying any unauthorized access attempts. Blocked attempts are logged.
Permissive mode: Less secure but still monitors access. SELinux logs blocked processes, but allows them to execute. Usually for testing.
Disabled mode: SELinux is completely turned off removing all the access protection. This mode is only for troubleshooting.
Linux comes with prebuilt policies, but admins can create their own.
To set permanent SELinux rules, edit the /etc/selinux/config file. This file controls SELinux settings.
The file can SELinux variables which are enforcing, permissive, and disabled variables.
After editing the config file, restart the computer and run sudo sesstatus.
To set SELinux rules just for the current session, use the setenforce command.
For enforcing: setenforce 1
For permissive: setenforce 0
A firewall is a network security device that monitors incoming and outgoing traffic based on a defined set of security rules.
A firewall is essentially the wall that separates a private internal network from the open Internet at its very basic level.
Firewall match the network traffic against the rule set defined in its table. Once the rule is matched, associate action is applied to the network traffic.
Most traffic which reaches on the firewall is one of these three major Transport Layer protocols- TCP, UDP or ICMP. All these types have a source address and destination address.
Packet filtering firewall is used to control network access by monitoring outgoing and incoming packets and allowing them to pass or stop based on source and destination IP address, protocols, and ports. It analyses traffic at the transport protocol layer (but mainly uses first 3 layers). Packet firewalls treat each packet in isolation. They have no ability to tell whether a packet is part of an existing stream of traffic. Only It can allow or deny the packets based on unique packet headers. Packet filtering firewall maintains a filtering table that decides whether the packet will be forwarded or discarded.
Simple filtering table
Stateful firewalls are able to determine the connection state of packet, unlike Packet filtering firewall, which makes it more efficient. It keeps track of the state of networks connection travelling across it, such as TCP streams. So the filtering decisions would not only be based on defined rules, but also on packetâs history in the state table.
A software firewall is any firewall that is set up locally or on a cloud server. When it comes to controlling the inflow and outflow of data packets and limiting the number of networks that can be linked to a single device, they may be the most advantageous. But the problem with software firewall is they are time-consuming.
They also go by the name âfirewalls based on physical appliances.â It guarantees that the malicious data is halted before it reaches the network endpoint that is in danger.
Application layer firewall can inspect and filter the packets on any OSI layer, up to the application layer. It has the ability to block specific content, also recognize when certain application and protocols (like HTTP, FTP) are being misused. In other words, Application layer firewalls are hosts that run proxy servers. A proxy firewall prevents the direct connection between either side of the firewall, each packet has to pass through the proxy.
Secure Socket Layer (SSL)Â provides security to the data that is transferred between web browser and server. SSL encrypts the link between a web server and a browser which ensures that all data passed between them remain private and free from attack.
SSL is the older version of what we now call TLS (Transport Layer Security). ****Websites using SSL/TLS have âHTTPSâ in their URL instead of âHTTP.â
<aside> 𥠠In 1999, the Internet Engineering Task Force (IETF) proposed an update to SSL. Since this update was developed by the IETF without Netscapeâs involvement, the name was changed to TLS. The changes between the last version of SSL (3.0) and the first version of TLS were not significant; the name change mainly signified new ownership.
</aside>
SSL Record provides two services to SSL connection.
In the SSL Record Protocol, application data is divided into fragments. The fragment is compressed and then encrypted MAC (Message Authentication Code) generated by algorithms like SHA (Secure Hash Protocol) and MD5 (Message Digest) is appended. After encryption, the SSL header is appended to the data.
SSL certificate is a digital certificate used to secure and verify the identity of a website or an online service. The certificate is issued by a trusted third-party called a Certificate Authority (CA), who verifies the identity of the website or service before issuing the certificate.
SSL certificates can provide more security solutions than encryption, authentication, and integrity such asâŠ
SSL certificates use public-key cryptography for secure key exchange between the client and server. This allows the client and server to securely exchange encryption keys, ensuring that the encrypted information can only be decrypted by the intended recipient.
SSL certificates provide non-repudiation of data, meaning that the recipient of the data cannot deny having received it. This is important in situations where the authenticity of the information needs to be established, such as in e-commerce transactions.
SSL certificates allows for the management of secure sessions, giving the ability for resumption of secure sessions after interruption. This helps to reduce the overhead of establishing a new secure connection each time a user accesses a website or service.
SSL certificates are issued by trusted CAs, who are responsible for verifying the identity of the website or service before issuing the certificate. This provides a high level of trust and assurance to users that the website or service they are communicating with is authentic and trustworthy.