Security features in LINUX

Q.  Discuss the security features in LINUX with respect to the following : (i) User Accounts (ii) File Permissions (iii) Encrypted Storage (iv) Remote Access

Security Features in LINUX

(i) User Accounts

1. Multi-User Environment: Linux allows multiple user accounts, isolating user data and processes for enhanced security.
2. Root Privileges: The superuser (root) has administrative rights, and access to these rights is tightly controlled.
3. User Groups: Organizes users into groups, enabling precise access control to files and resources.
4. Login Security:
   • PAM (Pluggable Authentication Modules) supports customizable authentication mechanisms.
   • Tools like faillog track failed login attempts to detect brute-force attacks.
5. Password Policies: Enforces strong passwords through tools like passwd and policies for expiration and complexity.

(ii) File Permissions

1. Permission Levels:
   • Files and directories have three levels of permissions (read, write, execute) for three categories:
     • Owner: User who owns the file.
     • Group: Users in the file’s group.
     • Others: All other users.
2. chmod Command: Modifies permissions using symbolic (e.g., chmod u+x) or numeric (e.g., chmod 755) notation.
3. Special Permissions:
   • SUID: Allows a program to run with the owner’s privileges.
   • SGID: Grants group-level privileges for executed programs or shared directories.
   • Sticky Bit: Restricts file deletion in shared directories.
4. Access Control Lists (ACLs): Provide finer-grained control beyond standard permissions.

(iii) Encrypted Storage

1. Full-Disk Encryption:
   • LUKS (Linux Unified Key Setup) encrypts entire disk partitions.
   • Ensures that data is inaccessible without the correct passphrase or key.
2. File-Level Encryption:
   • Tools like GPG encrypt individual files for secure sharing.
   • eCryptfs offers file-based encryption for secure storage.
3. Filesystem-Level Encryption:
   • Modern filesystems like ext4 support encryption for directories and files.
4. Key Management: Secure handling of encryption keys using tools like cryptsetup.

(iv) Remote Access

1. SSH (Secure Shell):
   • Provides encrypted remote login and command execution.
   • Supports key-based authentication for enhanced security.
2. Firewall Protection:
   • Tools like iptables and firewalld control access to remote services.
   • Limits the exposure of sensitive ports.
3. VPN (Virtual Private Network):
   • Secure remote connectivity using tools like OpenVPN or WireGuard.
4. Fail2ban: Detects and blocks brute-force attacks on remote access protocols.
5. Auditing: Logs remote access sessions to detect unauthorized activities.