Operating systems are important resources to secure. In this video, you’ll learn about Active Directory, Group Policy, and Security-Enhanced Linux (SELinux).
If you’re working in an environment with many Windows devices, then you’re probably taking advantage of Active Directory. Active Directory is a database containing all of the different components of your network. This includes all of the computers and other devices on your network. Every user account is listed in the Active Directory database. A list of the file shares and printers, the security groups, and anything else that makes up your network.
Since all of this information is stored in a central redundant database, we can manage all of our authentication from this central resource. When a user needs to log in to a device or authenticate to another resource, they would use the username and password that is already defined in the Active Directory database.
We can also use this database to assign access permissions. We can create a list of permissions and assign those permissions to an individual user. Or we can create a group of users and assign those permissions to the entire group. If you’re adding accounts, managing these access rights, modifying passwords, or removing accounts, you’re probably performing all of those functions using Active Directory.
We can also overlay a group of security policies on this list of computers and users that are stored in Active Directory. We refer to this as group policy. And it allows us to set different configuration settings or permissions for each individual user or individual devices.
This is usually run from a central console known as the Group Policy Management Editor. And it allows us to configure login scripts when a user connects to the network. We can set up network configurations such as quality of service. And of course, we can set security parameters that all of these devices and users must follow.
This combination of Active Directory and group policy allows us to create a comprehensive control mechanism for everything that’s on our network. If you need to set a configuration setting for a particular device or you need to configure security policies for an individual user, you can perform all of those functions using group policy.
The Linux operating system, by default, works as a discretionary access control device. This means that the user has their own discretion to be able to assign rights and permissions to different resources in the Linux operating system. But in many highly secure environments, a discretionary access control is not appropriate. Instead, they would like to use mandatory access control, where all of those rights and permissions are assigned by a central administrator.
One way to provide this mandatory access control is to install a number of patches that enables Security-Enhanced Linux, or SELinux. This allows the system administrator to take advantage of least privilege. This is where rights and permissions are associated with the user that allow them to do exactly what their job entails and nothing more.
This means that if there is some type of security issue, a breach, or some type of malicious code, it will have a limited scope on what it’s able to do on that Linux device. And like most things Linux related, SELinux is open source, can be downloaded and installed on many different Linux distributions.