Secure Linux With AppArmor: Name-Oriented Access Control - Essay Sample

Introduction

AppArmor is a Linux Kernel security module deployment of name-oriented access controls. Mandatory access technology is integrated with AppArmor to improve the security of the operating systems. AppArmor can be configured to notify the consumers when a breach of policy happens (Schreuders et al., 2012). With these roles, AppArmor impedes zero-day attacks on applications as the apps are restrained to performing their designated functions.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

Files, consumers, and directories linked with one system cannot be used to break into the other one when the mandatory access technology is combined with AppArmor. The latter makes it challenging for crackers to access any file or service when they break-in. AppArmor is installed with SUSE Ubuntu-Linux families and is characterized by utilities that assist in automating the process (Schreuders et al., 2012).

The enforce and complain mode highlight the two modes of execution in AppArmor profiles. The latter constitutes the list of access control regulations that are stored in the /etc/apparmor.d directory. A user can download the preplanned profiles of AppArmor or develop profiles customized to the needs using the "Aa-genprof" command (Ooms, 2013).

The complain mode profile permits tasks to be executed without limitation. When a process conducts illegal deeds, it records them in the system log file. Users are advised to use the complain mode when testing a new profile. It is a good reference to evaluate what it is anticipated when established in enforce mode as each error is logged in the period of the complain mode. The user should use aa-complain to establish the profile into complain mode

The enforce mode is the default setting profile that follows Ubuntu. It applies policies to the process impeding access where it requires to. Applications are not capable of taking any limited deeds which are evaluated by the owner of the system. AppArmor uses pathname enforcement, and this depicts that it is irrelevant to insert labels into the extended attributes of directories. The user should use aa-enforce to establish the profile into enforce mode. As expounded, it is crucial that the user to initially install the AppArmor-utils package by using the following command: sudo apt-get install AppArmor-utils in order to use the aa-enforce and aa-complain programs (Ooms, 2013).

HTTPS

HTTPS (Hypertext Transfer Protocol Secure) is a secure version of the HTTP protocol that uses the SSL/TLS protocol for authentication and encryption (What is https). It uses a secure socket layer to guarantee a secure conveyance of documents, files, and credit information over a network. There is the development of a safe link between web servers when a secure socket layer protocol is used with HTTPS. The use of SSL ensures that the transmitted data is encrypted and not accessible by the third-party (Ssllabs). Automated tools such as solar winds Microsoft management scrutinizes Internet Information Services and improves efficiency.

A web server is a software that uses Hypertext Transfer Protocol (HTTP) and others to react to the requests of the client made over the World Wide Web. Web servers tend to listen to many ports for requests and accept them in the form of HTTP Headers and Uniform Resource Locator (URL). Web browsers, including Firefox and Chrome, use HTTPS for safe connection and surfing. Notably, a web browser is a program that enables the consumer to position, access, and displays the web pages. Browsers translate the web pages and websites that are delivered using HTTP into content that can be read by human beings. Furthermore, browsers have the potential to display other prefixes and protocols, including safe HTTP (Durumeric et al., 2013).

Many symbols might be portrayed by the HTTPS when a user is surfing the internet. When a user observes a padlock display on the web browser, it depicts that there is a safe connection. Conversely, a green address bar highlights that the web browser is safe and trustable due to the use of an SSL digital certificate. HTTPS decrypts and encrypts the page requests and therefore impedes persons from changing the requests (Durumeric et al., 2013). Also, it improves safe browsing because the passwords and credit card information are blocked from being accessed by third-parties. TCP port 443 is deployed when permitting the traffic of HTTPS.

Part 2: Hardening Recommendations

AppArmor

Hardening Recommendation #1: Use Strong Passwords

It is vital to guarantee that there is a strong password policy. There should be limitations for the passwords, including expiration, strength, history, and period of lock-out. To ensure strong passwords established criteria for the upper, length, and lower case characters and special characters that require to be utilized (Dasgupta et al., 2010).

Hardening Recommendation #2: Use Disk Encryption

Disk encryption is one of the security practices that the majority of the administrators disregard unless they are necessitated to engage by-laws, the sensitivity of the stored data, or by the availability of a general high-security setting. It requires extra work to establish and decreases disk performance. It is important to encrypt the disks because it allows the user to acknowledge the security level it offers and that security it cannot provide (Dasgupta et al., 2010).

Encryption safeguards the data at rests, and disk encryption will encrypt data because it is written to disk though offers the data in unencrypted form, whereas the file system is mounted. The unmounted disk implies that the data is encrypted and cannot be read except the user understands to passphrase (Zwinkau, 2017). Even though it will not safeguard against all attacks, it matters for what we regard as data at rest. This implies that when the system is stolen, the data can only be retrieved when the hacker has the related key or passphrase to decrypt the data.

Hardening Recommendation #3: Use SSH Configuration

It is recommended that the user should configure a secure shell (SSH), a protocol that offers a secure remote access connection to network devices. The interaction between the server and client is encrypted in both SSH version 2 and SSH version 1. It is suggested that the user should adopt the SSH version 2 when likely as it uses a more improved security encryption algorithm (Nazir, 2019).

HTTPS

Hardening Recommendation #1: Remove Server Version Banner

Removing server banner from HTTP header is one of the initial practices to carry out as hardening. Having a server banner will expose the version and product that the user is using. As a result of this, the vulnerability to information leakage increases (Linuxize, 2019). Therefore, getting rid of the server banner from the HTTP header will impede information leakage.

Hardening Recommendation #2: Disable Directory Browser Listing

Disabling of the directory browser listing is considered as a hardening practice. The user has the potential of using the directory listing to obtain the important files in the directory and navigate the http://server/directory element. A user can attain this by navigating the Internet Information Services (IIS) in the server manager and then guaranteeing that they uncheck the directory browsing that is categorized under the standard HTTP functionalities. Furthermore, the user will have safeguarded the webserver and encrypted the entire details, which might have used the platform to migrate.

Hardening Recommendation #3: Protect Binary and Configuration Directory Permission

The user is recommended to safeguard binary and seek consent for the configuration directory. The permission for binary and configuration is 755, and this implies that any user on a server can observe the configuration. The user can disallow another one to break into the conf and bin folder. The user is mandated to $Web_Server directory and alter consent of bin and conf folde (Server World).

References

Dasgupta, D., Saha, S., & Negatu, A. (2010, July). Techniques for validation and controlled execution of processes, codes and data: A survey. In 2010 International Conference on Security and Cryptography (SECRYPT) (pp. 1-9). IEEE.

Durumeric, Z., Kasten, J., Bailey, M., & Halderman, J. A. (2013, October). Analysis of the HTTPS certificate ecosystem. In Proceedings of the 2013 conference on Internet measurement conference (pp. 291-304).

Linuxize. (2019, November 11). How to Install Tomcat 9 on Ubuntu 18.04. Retrieved from https://linuxize.com/post/how-to-install-tomcat-9-on-ubuntu-18-04/

Nazir, M. (2019, July 30). How to Configure and Secure SSH Service in Linux? Retrieved from https://www.znetlive.com/blog/how-to-configure-and-secure-ssh-service-in-linux/

Ooms, J. (2013). The rapparmor package: Enforcing security policies in r using dynamic sandboxing on linux. arXiv preprint arXiv:1303.4808.

Schreuders, Z. C., McGill, T., & Payne, C. (2012). Towards usable application-oriented access controls: qualitative results from a usability study of SELinux, AppArmor and FBAC-LSM. International Journal of Information Security and Privacy (IJISP), 6(1), 57-76.

Server World (n.d.). Retrieved from https://www.server-world.info/en/note?os=Windows_Server_2019&p=iis&f=5

Ssllabs. (n.d.). ssllabs/research. Retrieved from https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices

What is https. (n.d.). Retrieved from https://www.tutorialsteacher.com/https/what-is-https

Zwinkau, A. (2017). Hardening. Retrieved from https://qznc.github.io/my-homeserver/hardening.html