Home
Add Document
Sign In
Create An Account
Integrating Security into Vyatta - SELinux
Recommend Documents
No documents
Integrating Security into Vyatta - SELinux
Download PDF
0 downloads
249 Views
354KB Size
Report
Comment
Operating System IOS, ... JUNOS (BSD) Linux. Architecture Proprietary ... set interfaces ethernet eth0 address 1.2.3.4/2
Integrating Security into Vyatta Stephen Hemminger
Comparison of Router OS Cisco Operating System IOS, ... Architecture Proprietary Monolithic Roles 0 – 15
Juniper
Vyatta
JUNOS (BSD)
Linux
Proprietary Modular
Open
Operator read-only Superuser Unauthorized
Operator Administrator
Authentication Local, RADIUS, Local, RADIUS, Local, RADIUS, TACACS+ TACACS+ TACACS+
Router Security Requirements ✔
Freedom from fear of remote attacks
✔
Freedom from forced entry
✔
Freedom from stupidity
✔
Freedom from having to learn anything new
set interfaces ethernet eth0 address 1.2.3.4/24
Bash ip addr add dev eth0 1.2.3.4/24
templates perl
Commands Netlink: ...
Kernel
Configuration management operational
discard
commit
configure
configuration
boot config.boot
save Active configuation
Real programmers use
Perl
Unionfs
Four basic Install models ●
Traditional
→ disk install
●
Live CD
→ CDROM + floppy
●
Virtual Machine → VM image
●
Install Image
→ Distribution + changes
http://xkcd.com/149/
POSIX capability Group membership → cap_netadmin+i sudo iptables
→ /sbin/iptables
system(“mount ...”) → mount() sudo perl foo.pl
→ ???
Router AAA Router OS
Linux
●
Username
●
Uid
●
Levels
●
Groups
●
Accounting
●
Auditing
●
File access control
●
Command Authorization
Router AAA = bad directory service ●
●
●
UID we don't need no stinking user id Sorry, no traversal for you “Mother may I...”
SELinux Issues ●
Starting daemons from templates
●
Labeling during build, upgrade
●
RBAC
●
●
sysadm_r, staff_r mapping
●
No prompting
Optional?
Wishlist 1)Command authorization/accounting 2)Finer grained network capabilities 3)DAC on network objects 4)But keep Linux environment
×
Report "Integrating Security into Vyatta - SELinux"
Your name
Email
Reason
-Select Reason-
Pornographic
Defamatory
Illegal/Unlawful
Spam
Other Terms Of Service Violation
File a copyright complaint
Description
×
Sign In
Email
Password
Remember me
Forgot password?
Sign In
Our partners will collect data and use cookies for ad personalization and measurement.
Learn how we and our ad partner Google, collect and use data
.
Agree & close