Morris: Networking in NSA Security-Enhanced Linux
Jan 24, 2005, 08:30 (0 Talkback[s])
(Other stories by James Morris)
"In this article we take a look at how SELinux can help increase
the security of networked systems, as well as the design and
implementation of its network-specific security controls. We then
walk through an example of using SELinux policy to lock down a
simple network application.
"SELinux provides strong general security for networked systems.
It allows systems to be locked down tightly so that services have
only the minimum set of rights required to operate. This
implementation of the principle of least privilege helps contain
security breaches arising from buggy code, malicious code, user
error and malicious users..."