“This document outlines the kernel security improvements that
have been made in the 2.4 kernel. A number of significant
improvements including cryptography and access control make 2.4 a
serious contender for secure corporate environments as well as
private virtual networking.”
“One of the most obvious and significant improvements in the
2.4 kernel is the packet filtering capabilities. However, there are
a number of other improvements that make Linux one of the most
secure operating systems available.”
“Quite a number of improvements have been made since the crypto
that was developed for the 2.2 kernel. Alexander writes,
“Previously cipher modules could be looked up by number or by name.
This was to be compatible with the old /dev/loop interface that
requested “transforms” by number. In 2.4, the numbering scheme is
removed which means that users no longer have to include a lot of
entries into /etc/modules.conf to use encrypted block devices. It
also means that other developers that wants to create their own
module for various projects don’t have to allocate global “IDs” for
their modules.” Alexander continues by stating that he is confident
that crypto will be integrated into the kernel, but feels there are
some further code changes that need to be made before this can be
done. Once these final code changes are complete, the group will
push further for inclusion in the mainline kernel tree.”