You should be even more specific with your question. Who wants to authenticate with who?
Which linux distribution are you interested in?
What are you comparing the "secure linux" with? Windows, your own OS?
As I don't know what exactly you want to know, I guess you are talking about user authentification with a password when logging into the machine.
A user other data related to him is saved in the file /etc/passwd
The password and a salt are hashed and saved in /etc/shadow, which only superuser can read from.
So as long as nobody gets to read /etc/shadow or can manipulate your hardware or OS (keyloggers, ...), you can assume its safe. Keep in mind that passwords can still be bruteforced though.
Linux Authentication
*SASL can use pam to determine what authorizations are allowed for a given user
*LDAP can use SASL as the authentication mechanism
*SASL can use kerberos tokens for authentication and authorization
*passwords for SASL can be looked up from an LDAP server
*PAM can use ldap for storing usernames and passord authentication information
** Linux Authentication **
Originally, Linux (and the GNU tools and libraries that run on it) was not built with a single authentication mechanism in mind. As a result of this, Linux application developers generally took to creating their own authentication scheme. They managed to accomplish this by either looking up names and password hashes in /etc/passwd (the traditional text file containing Linux user credentials) or providing an entirely different (and separate) mechanism.
The resulting plethora of authentication mechanisms was unmanageable. In 1995, Sun proposed a mechanism called Pluggable Authentication Modules (PAM). PAM provided a common set of authentication APIs that all application developers could use, along with an administrator-configured back end that allowed for multiple "pluggable" authentication schemes. By using the PAM APIs for authentication and the Name Server Switch (NSS) APIs for looking up user information, Linux application developers could write less code, and Linux administrators could have a single place to configure and manage the authentication process.
Most Linux distributions come with several PAM authentication modules, including modules that support authentication to an LDAP directory and authentication using Kerberos. You can use these modules to authenticate to Active Directory, but there are some significant limitations, as I will discuss later in this article.
You still haven't clarified your question and then you are happy with some huge copy&paste work. Hope that's not the whole answer you will deliver to the clients who you consult.
Mr. Anton kaiser I just want to know the only basic of Linux Security, and this is also not related to any particular Linux version.
And, what is your definition towards secure? Like your computer harddisk is destoryed by malicious code or the password of your bank account is known by bad guys?Traditionally, Linux OSs is regarded as more safe than Windows. But nowadays, rich applications will be run on Internet(by Web browser like Firefox, Chrome) other than local hard-drive(let's say, your Operating System),which may bring security problems. So, security issues are not only a matter of OS any more!, but also about internet protocols, Web technology :)
Chetan,
the basic of is linux secure goes beyond what Hemprasad stated. As with in computer you can have the most secure operating system running on it, but if it is not secured correctly it wont matter. If you have "bad" users security wont matter. If you have an OS flavor that is completely open it won't matter how secure it is.
While you say that there is no particular version that this is related to, the question is to open ended. For security I would never trust the Linux Distro's "Damn Vulnerable" or "LampSecurity" they are designed to be insecure. Yet I would consider using Tails and LPS for my linux distro.
This is like asking if Windows is secure.. Windows 8 does a much better job securing the OS then say Windows 3.1.
In the end Linux (any OS) security comes from the proper configuration and access control lists implemented on the system. If your users have full Admin/Root permissions nothing you do will protect the box if the user doesn't follow security standards.
As far as secure for authentication if someone has the correct user credentials then your authentication methods doesn't matter.
In fact authentication is only a requirement in order to guarantee security. Authentication alone is useless. If you are authenticated but have all the priviledges, it does not serve to anything. It is like authenticating all the persons entering in a building but permitting them everything. So, the problem is, does the system can guarantee confidentiality and integrity even with a poor authentication. And the response is somehow yes. Obviously the stronger the authentication is the better you can response yes. However be sure that even with a strong authentication the response can be no.
No existing operating system is secure. They all suffer from the same basic flaw - putting too much code at the kernel level. It is impossible to ensure that large segments of code are error free and that they implement the required protection methods correctly.
It has been known since the 1970s that the only chance we have for true security is by having a very small kernel, now known as a micro-kernel. Higher level functions, like a file system or a GUI, or TCP/IP, or device drivers, need to operate under absolute control of the micro-kernel. Higher level functions execute at a level with less privilege.
Fortunately, the L4 micro-kernel, and particularly seL4 (security enhancer L4) are now available. L4Linux puts Linux on top of the L4 micro-kernel. This will keep flaws in Linux from compromising the integrity and security of L4. But, with the complexity of Linux code, and with only many eyeballs, but not a very disciplined design, verify, and then code and test approach will the Linux core code be fortified adequately for it not to be vulnerable to compromise by viruses, etc.
Of course, no OS is immune to "social engineering" where smooth talkers manipulate important information, like passwords, from authorized users.
The research project I'm working on uses seL4 as a foundation, with embedded Erlang (modified to increase its "safety" - vulnerability) executing on top of seL4 to provide a Secure Computing Infrastructure. This software will execute on either x86 or ARM devices, which are totally dedicated to executing trusted functions. Data will be stored externally on other computers with traditional Operating Systems.
The data need not be encrypted, but a cryptographically generated hash is generated for each data record and stored along with the unencrypted data in databases on computers with traditional operating systems inside the enterprise. These data can be manipulated by enterprise computers, but this is detectable if cryptographically hashed data are sent to the Secure Computing Infrastructure.
Data (along with its hash) can be sent to a Secure Computing Infrastructure server to perform trusted functions, such as modifying the data or its ownership attributes.
There is more detail than can be shared here. Contact me by email if you have any interest or questions.
Thanks,
Fred Seigneur
- Badges
- Science topic
- Similar topics
- Computer Science and Engineering
- Software
- System Software
- Operating Systems