How To Prevent Rolling Spam Factories

More documents

Recommendations

Info

Systemd & Cgroups• Systemd is replacement for System V init daemonproviding more efficient startup and process control• Cgroups allows resource limits on processes or processgroups• Systemd automatically places system services andgroups of services into appropriate cgroups• Ensures misbehaving processes can be controlled andshut down• Potentially include Linux Containers-like features24 SSG System Software Division
Linux Containers (LxC)• Userland Application to configure Linux Kernel isolation features• Not a virtualization solution– Does not protect from user to kernel privilege escalation attacks• Allows isolating processes in different ways:– Process Namespace: Isolate processes from seeing one another– IPC Namespace: Ensures processes cannot share IPC’s– UID Namespace: Separate UID tables– Network Namespace: Separate network devices– UTSName Namespace: Separate host names– Mount Namespace: Separate mounted devices• Can be combined with filesystem snapshots (btrfs) to createdisposable environments25 SSG System Software Division
Page 1: How To PreventRolling Spam Factorie
Page 4 and 5: Connectivity EvolutionThreat Space
Page 6 and 7: Who Are WeProtecting From?6 SSG Sys
Page 8 and 9: Security Hackers EcosystemNational
Page 10 and 11: Then Why Mac OS X Flashback?7.16.96
Page 12 and 13: Red Hat Linux 9• Kernel 2.4.20- P
Page 14 and 15: Wheel of Linux Kernel Fortune!!!Num
Page 16 and 17: Critical Linux Kernel Defects (CVEE
Page 18 and 19: This Was Just The Linux Kernel!Only
Page 20 and 21: Reduce Attackable Surface Area• D
Page 22 and 23: Use Compiler Defenses• -Wformat -
Page 26 and 27: Integrity• Integrity Measurement

How To Prevent Rolling Spam Factories

Create successful ePaper yourself

Delete template?

Save as template?