2.5 Explain the purpose of mitigation techniques used to secure the enterprise.

Question 1

Trusted Operating Systems (TOS)

Answer 1

Provides a secure environment with strict security policies (e.g., Mandatory Access Control) . Provides CIA

• Evaluation Assurance Level (EAL): Certifies security based on Common Criteria standards
  
  • EAL 1: Lowest assurance
  • EAL 7: Highest assurance
• Examples:
  
  • SELinux: Adds security controls to Linux distributions (e.g., CentOS, Red Hat)
  • Trusted Solaris: Provides multi-level operations with MAC and auditing

Question 2

Updates and Patches

Answer 2

• Hotfix: Urgent software patch for security issues; should be applied immediately after lab testing
• Update: Adds new functionality but doesn’t usually fix security issues; may introduce new vulnerabilities
• Service Pack: Bundle of hotfixes and updates released since the OS launch

Question 3

SELinux

Answer 3

Adds an extra security layer to Linux, enforcing Mandatory Access Control (MAC)

• SELinux Contexts:
  
  • User Context: Defines which users can access objects (e.g., ‘root’, ‘sysadm_u’)
  • Role Context: Specifies roles for accessing files (e.g., ‘object_r’)
  • Type Context: Groups objects with similar security characteristics
  • Level Context (Optional): Sets sensitivity levels for files or processes
• SELinux Modes:
  
  • Disabled Mode: SELinux off, relying on DAC
  • Enforcing Mode: All policies enforced, preventing violations
  • Permissive Mode: Policies not enforced; violations are logged
• SELinux Policies:
  
  • Targeted Policy: Confines specific processes
  • Strict Policy: Applies MAC to all subjects and objects but is complex
• Usage: Default in CentOS and Red Hat, enhances file system and network security by preventing unauthorized access and malicious actions