|Get news?||2011 2010 2009 2008 2007 2006 2005 2004 2003 2002 2001 2000 1999 1998 1997 About Contact||Want to help?|
9th International Linux System Technology Conference
September 4-6, 2002 in Cologne, Germany
|Home Events Program Abstracts Tutorials BoFs Fees Exhibition Location Accommodations Keysigning Party Sponsors Supporters Reports and Photos Papers and Slides Call for Papers|
|Title||Partitioning a Server with NSA SE Linux|
Postscript: lk2002-coker.ps (121733 Bytes)
The requirement to purchase multiple machines is often driven by the need to have multiple administrators with root access who do not trust each other.
Having large numbers of expensive under-utilised servers with the associated management costs is not ideal.
I will describe my solution to this problem using SE Linux to partition a server such that the "root" users can't access each other's files, kill each other's processes, change passwords for each other's users, etc.
DOS attacks will still be possible by excessive use of memory and CPU time, but apart from that all the benefits of separate hardware will be provided.
|About the Author||
I have been a Debian developer for several years.
My paid work is usually running ISPs although I am currently working on Linux appliances for Internet use.
In the past I have worked as a C/C++ programmer.
I used to spend a lot of time writing benchmark programs, but now that Linux is reliable enough that I can't kill it, and hardware is cheap and fast enough that I don't usually have to wait excessively I have been less interested in that area.
Now I believe that security is an area where improvement is needed.
Last year at OLS I spent some time talking to Peter A. Loscocco, and became convinced of the value of SE Linux. Now I plan to install it on my servers as soon as I get it packaged for Debian...
|Comments or Questions? Mail to email@example.com||Last change: 2005-09-17|