Linux & Open Source - eWeek


Battery 500 Project Charged Up over All-Electric Cars
Charting the Final Frontier--Google Maps for Indoors
Get Smarter Technology on Your Mobile!
  Linux & Open Source


Linux Vendors Increase Security Features



 By: Jason Brooks
2008-10-14
Article Rating:starstarstarstarstar / 4


There are 1 user comments on this Linux & Open Source story.


  Table of Contents:
  1. Linux Vendors Increase Security Features
  2. Access Control and Audit Tools

Rate This Article:
Poor Best
Linux Vendors Increase Security Features
( Page 1 of 2 )

Analysis: Red Hat, Canonical and Novell are enhancing the security features in their Fedora, Ubuntu and OpenSUSE Linux distributions, which are all slated for release later in 2008.

Linux-based operating systems are built on an open-development model, which can afford organizations an early view ofand an opportunity to influencethe technologies and implementations that will eventually work their way into these companies' infrastructures.

What's more, these early looks extend beyond points on a presentation slide to comprise run-able code that's gathered into fast-moving, community-supported Linux distributions that administrators can begin testing in advance of the long-lived, enterprise-oriented releases to come.

I examined the principal security-related developments in three such vanguard Linux distributions, Canonical's Ubuntu Linux 8.10, Novell's OpenSUSE 11.1 and Red Hat's Fedora 10, all of which are now available in beta form.

Resource Library:

Ubuntu Linux 8.10, which is slated for release at the end of October, ships with an encrypted private directory feature that enables users to store sensitive data securely without incurring the performance overhead of full-volume encryption.

Click here to read about Microsoft's October patches and its new Exploitability Index.

In my own tests with full-volume encryption in previous Ubuntu versions, I've noted processor overhead of about 20 to 30 percent during disk-intensive processes such as virtual machine image creation.

What's more, full-disk encryption, unlocked by a single pass key, poses problems for multiuser machines, in which the disk unlocking is an all-or-nothing proposition, as opposed to a user-by-user measure.

As implemented in Ubuntu 8.10, the encrypted private directory feature creates a folderlabeled "Private"in users' home directories. The system automatically encrypts files placed in this directory and unlocks the directory upon user log-on.

In my tests, I could broaden the range of home directory folders that the system protected by copying the folders to the Private location and leaving a symlink behind to allow my applications to continue accessing the protected files at their previous addresses.

As this feature now stands, it's too roughly implemented to supplant full-volume encryption entirelythere's no user interface at this point, and there's the possibility that sensitive data could be pulled from a system's unencrypted swap partition. I hope to see Ubuntu's encryption feature set firmed up to include full-volume, Private folder and home directory encryption in time for the distribution's next LTS (Long Term Support) release, which is currently scheduled for April 2010.





  Reader Comments: Linux Vendors Increase Security Features
>>> Post your comment now!
directory encryption
The "private directory" feature sounds like EFS in Windows. That's been around since, what, Windows 2000?
Posted At: 10-15-08
By: Anonymous
>>> Post your comment now!
 


 
 
>>> More Linux & Open Source Articles          >>> More By Jason Brooks
 


xiw㶲(9^+Q1ARlɶvۖn]Z I)R<$o'oU8i%vҶDP w~vv> IMsל۔N]sSãw$5vvC2I=*rdz&9%G jL7R}f]S kkL|Aშ :#:@.Pk< Z53껲5ԗoˏne0.ڎIQ6*֠Oմn<ش$1Oh] >QQږy@6GH;*C7ܩx8ս/DeO؀IQIM"h4"j>wn3gdY (ƻf {iZvP;Uyah -\r.",{{74ɿTݱm6{ -XdUZL wbC6S!1kkTը>lYG|ݑ|Y#Xo:QA3MuL_CԿ($fҀ 8#/֌<{mLjXL<:/yӝF3l˸;4 @SKVUBX)ځx.g9{ۖ3PN1돿ΔiR;]tN/s$Qw;7ܖu`*;GW^O.ggaa'H oDR*rP8&ȇ¤Ԙ8j 9RM7JQߨPKX+hv$ꁑf1<˧H0CF^8RCb9-Ҿ路.:6鷏N:c$oIJ1<JEӀH ZvBo-Eqs^qڟ;Gw:Rڟ+Hk*}k p6O{:$~z>5401\]Z-$53QeLxY$Y.r"!}Ow| nr"GrI/]o,{$̛cM|`Imdʱ(rN9~}EjV㭱J+҄& )B:A`ܺ玀R$9Vϡ8ȟ4R\ 9lb)6K .wR',|YB* b$rݠQ3>NK$o# ef"`Q%  '|#8Jn.b? [ʚ&gIrlNTVʒ0Wb{H .uƍv"E۽^ *WFnZ`3QM}sQk+%YE*X8ʍ??1m!SGñA 3&M:v`: 0hvz?>RӚOCqOCGs>2胎6ml8-Ʃ" ,70}HOQI$Qp{4ڭm= K!PI}xXS9&z(tH h&r=kIׇ.[?? [ G`r\ɭ5y0f+wMPb(=զπCρY\7 >)@}>g )nвc@VL"fˣQ4dJ Ւd6 \{8`OEMĽ~K*+j#7~4EhZ\-}s4  9P8wSJ$l%K1w=hZz F<#=`z:LGtBJmw6q - sOЭ,p8*4j+T=Ckab恈7_E3ka{60c@u\Xtf²ה])Ϥ_(W6v*1f&6X#˦>oIA̫%eTw֠q2,ƸH~6=2eX]2XrGmw٘Autn\?09CL-s˙07uX8[͆OCBE-Hx S??uPV/sz>S? !WܕVR5󀻬SwhlrC8qݱM% UsnA.y >{VN0aE>yLLZ<|˰"U:t!/cԧ8PȺU0UESUG++؞?F]h6B\4!<}g5 pf nWQ=KkjXX%RO.xzGs- 9^P˶(SL @(8u8|[\Z3 Q|l8`Č)ԨuUԪ}VWc7g)h"RkF&:FdHtΈ+6RZj*kivϷ h#քY[ў#WX xV IQdKEhjC<ϤMpR|9y->q1~7-="Jg\Ukp{9A[B< r?H_-ϺB7x^oxPYm/Oi_0LFdT~!\zRflҡ.n22˓~VF70p[C?ԍLnb*r1=_?M= [L4Gzɖ0-0g' Yn:AjAyIx;W.-^ir0NxT!"kq0n} #8DA$ۭ'#q#tM-yTJJ\ (J+HA:er,×?Yy$ 2w\u?]yO50osV; J@c$=ĸ}/gvlZ銿F>;kk!$rys!}=^C|sі's5BAHͳ>KBV=GgUx6i)qm2XG42zqǎ ST8 m̀@Hc^WX0z!ӱB3ZMUc | ʢlkܟ?vVSB&T5˓$-I^O Eqj ieʒ~ i'1ۡX#ґԛ]6/6G8 (OLkrisy/Ps~uyx2ű2i9(5~y*AB|$Hyn1ÔJg+y-)EC^}+ I4 : 3eZ& 3ӼZ;UZ"Ա0@kt#O]<;n; WS eznOa7pϲl^ta|`|;pF'5];@Ƹ DucBA=ѧǂ f ~]ު箄MZ%ז9AxL}V7]mY?{xXTb򇴺'ͳ~4/OA 6W{$ V޽?FQwP]Yz$AC~klr¸y}ߨ+=l[h?H+I㆟isP]!OhvdLc!I ɫ׺7}ʜ9%'+x|42(o9P2QtI JGs`̞xqCwbRc8w@?g뻌w.GGoqSxw6{Ze%QJW=qM@kjir\,~^YZ䑼DqD%{twoo 14m*z7=}9{fvÏ5"i ј@.mvc鼳2> AYCVrlK9Grs&cx2HB%6˶˷Fp7*gcc3/F#%kϖSϱ6m @|Րp/hZ1i`jcZop8|#؈f/'Ɏ?7e{cA|3 e\1kp௩7/7__B !]9h3[aG0^> ="t(u߂KݤCƧSˁUm[[H +DГ$.;+t7F9xKh,}rOX7֝0u)Q7vrNpHȣTrr'd9W0w=}Ds3g ߆Sx{/2;:G/`y-bv( 1ș, }F?/x4% #pĹ,(0A[I3o׊U ; wC$LxcȂwd pCEu'XON+DЀS{6) A~tԄ ԐsEG+%C+kxeD"ayUFH Ϭ{ja(a@*Jҟ.xSj9IQy'?yb[Pn2!]'LTr6ܲR%r8F1lkizZ& s̏ ];BH!t2 BEdC{bIMd?!6{cӚ& Gm%%>y2/%cj.Rq[~^B1 */|Im hd *mE)eIU)N)"r0Ћ,ÒV: %x(ŋc 4r$B2:@$VO"c FllRk+b)I*iʦR|)KREmS &TMGŒwL/cH2d wp( K߄y&&تjsEU*"5[̬K䯬[P)M[o_3JZ9FFV4P ʛ@U[HU`@%w5҃Lf>`/DaRR.UK)0 rlL >hﭩW`';[٪*n׹eNU aݎK-~y@H\%yXxDIR3O"$OXQ2V GnMȿGVg_PYN{{W-߼߼߼߼㽾jVy7_+O<+ܛGm34֮]EopY JWoGI~N,8dߒHaz ux (+{ڟ;kpsH>k)v 3&Rk}R2tD7zN:o]ءSoY; A!H}b0$AԼf؈CR6}cʯILc$JjI:waqFρ̦Q(J5 Hp.;pHx~6"a u<!{c71MAv O.1*kEI: _(UڞhkkR ZG:TJ:\=C0!G &~+$ ]5\_GERPU2 K8̴o9pYCkdU£Yg;IwCcyqgvnt>egѬ_g+^Gnʸk ̝7{Ü/Woͣi=H$4koz3!TRZSh~d&f6I{M_r&`2ljVV'EQrzf0m-mYޣS.{UrZZNLnekiY>ӈ=؃yG©Yj|ubM$tF87o \)c2fJ66:h` n"51/'?`.ޮbvpn]|@QX雰Hgh=["_Ukb2$oM [-{8Sx|1BDv1P1U$SVXlChոol` tq"wo(2k{ʞVS, x߸֊[NiΞCqñŃ4ϗא * nO2d7ؤ lq4,&zD?SM=1wk>.V8E+96i[>L]ILa!-(!-Dn~aIzU&{Lj$QuEMm&^T 0ka("l\M>'q/丱ˋAE&Lj}AKfכ$acNͦ"f xr‹B*]sN *JM]͹OQ. ]ZˣXuZ.{&V@gLpkLxrP:qU3HQ&b̢ĀJTH4isSkp)x9}nZbfģ Zkah;Xykj=!vc` eK }+n'-浻sx"(fU'j"qn0uf=rԘh pKm $:T R}y 8M/k'KPIV ף6:F̽K$MDF0FU 2hՃY贇Ӏ/]YjJEU0=j2ۘGJPJ\i [c^)XyeZ{#qȋȝGF^*iBy[4Ra *zGO臘8eO}K[TQ`o2c6υ%NІrO`ƖC0ۏUztWc7ѡJ>x"=IXCF-Hm#nABȝNNDZtl&vUZ TJ j'ϳW[ ByFskyW'X\sjF.F{񼰲n\X+L66mIU+ 7g%=څ]`aiL\#&&9ݱ=“Xzf԰tT>#F̯ ;#|#+⑍7X3qEu,E5\PobF .m2N[#ĻXxB<1EP)<1_*J@(fYir' o.'Xv/?VH|Uoh}exxJ"dr[:->i8$y"00* >#wA>po<|WPʕ=U+'=hpxڀkcE~:xd»\6ɭ2MFd.$qt5D< roEVIz# ,@gE슍\a;sBcIm* 윑u﷯za7P{ ;򦺸?qLyswjL (]A*Ý!k:̳sJ,exYuh c>r*~ᜭ#+^bʑ`Qo_)5%\dÐs{TŰD̤ c 4Q? ~1&v+"Pr0>_IA!a40װÞ36g3݁KE{ss9z!Kqyy@b7`@c"F21Cx.q⤗P)awS0Zbpn) &.X`3Yej xpx}:;wܕiV!5= 0Y:vN+' P=̌8Y1غ9PE;MjV}QyxQ?f f_A&Pj3 ݌r(?ǀ @O2 ?/?VieC:CL"^Qʿ/?gA531s{sy~a?<Ϡs Dg(Q~ dCyF9E^\dEu݌wAt3OK7C\}\f%U``Y_ S}}Y0 k(*Πkh:k K:ICP%.Np3Ka /ޯ?e8@yJ͠2,c/3\.`*r_/ˀ/q>sym%R+ ]Q%=-{[I2}ח c|U(X2M*?>#(,8%Y}MNJ 4tk 7b[yDYAI{R}tEI>t𞫫qLw/ydֺWWV5VlNA6K֐'E>YlفGh O WY-Jaġ]= =xoC/+Ogu>؃ Ҿh .'mЙO>AݷDBN$p g;6`% /`xIgO1EL=C}38]7iޣ6p]w Ɵn ؑ:C\ԴZjRs'Wd6##"(teDdU*.ZX,.g /(@#غ̷7x#xC7<8aRq p+[".)۹$=מ X?(HÂ)mød{«E/=ׇ"cX =#1P YY/u8:\5m$$&b3@ gQlVxHDZ ylo%0)% fKlClPfoU@Kx.^| 3+R1=zH|c,XoOD %^Πob_,-YݨoˊLsӃG)Jqk+yGRݤO<$nD܅{ ߠ(b<% * > , AS6N>L#c? `vwl9c˖;) Mm+#84B<ܼlQ޺%qm.a; +CO1֪m,gU|k B1қqlj_U`7'~"3VCA6p8@!(_Gk0=u6(NAERb0%yMvɳFc ?dt;bSp?>PM֧2R8WD )۱YBAł?Vg;kMNa pCQ!*^x9NAxmҕhOynQl>-%/#]^Dc`Wpۂ{-Urcd+{f:ePfEXl+ᠢW5`/92H]qS`hwq#ƫ1tcVB\ (ctAL?Q1?cm'nJQXƺi#¶u4meщ&o߉ {**lk[ȅnaTLxq;s__3mٰ޳sW=?5z3lvf~wx:Y}#s!?²Ljlf^^kti( aaɗvX cJ\g'ۂ~ՍK׶S<"Y4/G쁥"?@f"[]2*A-Z14%o,gkVTF f #yQӯ3=ٵ6Lgs\9,CdYVc.GgTyLǫ 52lv* X*!KŬ"&D0H'R:tsh;hsT*D%L0MÄrm"+roq=y[әH p8g0N^Xɩȩ(vU_\%h2b5Š_yRϸȅc\YBC^Y{N`!݋t<}!3L*`'NÓgί>!D!6{xv䴿{ֽ֍^z