image
The RSA Distributor of The Year - EMEA - 2012 My employer, COMPUTERLNKS ME, The RSA Distributor in Middle East and Africa has been awarded as "The RSA Distributor of The Year" for the product I manage, RSA - The Security Division of EMC in Middle East and Africa. Read the Full Story
image
The Service Partner of The Year - Kaspersky Lab - 2011 My employer, ValueSYS, Kaspersky Distributor in North Africa has been awarded as "The Service Partner of The Year" for the product I manage, Kaspersky Anti-virus in North Africa. Read the Full Story
image
All Content Under Creative Common License! All Content is under Creative Common License: Attribution - Noncommercial - No Derviative Works 3.0 Unported - to share under conditions Read the Full Story
image
The Most Innovative Partner Award - Kaspersky Lab - 2010 ValueSYS, my employer won the award of "The Most Innovative Partner of 2010" for the product I manage, Kaspersky Anti-virus in North Africa. Read the Full Story
* * * *
image image image image

This article provides a comparison between two of the best Open Source Firewalls, SELinux and Novell AppArmor along with brief overview for each one of them.

SELinux

  • SELinux consider the future of the Linux OS but it's very complex and suffer lack of documentation.
  • It's reommended to not use X on SELinux working Servers. (Problems with granted access control in X server)
  • Security Policies are difficult to be created from scratch, Use the security policy come with the distributor.
  • Has bigger performance impact than AppArmor (nearly 7 Percentage) Of perf.
  • Both SELinux and AppArmor utilize the Linux Security Modules (LSM) framework,which provides security hooks for operational control of certain Linux kernel objects.
  • SELinux is based on Flask Security Architecture.
  • Processes are represented as domains, and objects represented as Types.
  • SELinux Control processes interactions (Domain to domain)
  • SELinux Control access to objects (domain to type)
  • SELinux Control any entry to the domain.
  • SELinux has tools such as SETools and Slat for Policy Analysis, Audit Analysis, and User management.
 

AppArmor

  • Original developed by ImmUnix Company. (Linux Security Company)
  • Provides a policy-based approach for application-behavior enforcement.
  • Automatically generating security policies through YaST.
  • Pre-built security profiles for commonly used applications, such as OpenSSH, DHCP, Samba, Sendmail and MySQL.
  • AppArmor has less impact on overall system performance than RedHat's SELinux ( 0 to 2 Percentage of Performance) 
  • Easier to develop and maintain than SELinux.
  • AppArmor allow user to create a profile (Policy) to describe which files any application can use.
  • AppArmor defined profile for application specifies program capabilities (POSIX.1e) and set of files the program can access.
  • Both SELinux and AppArmor utilize the Linux Security Modules (LSM) framework,which provides security hooks for operational control of certain Linux kernel objects.
  • AppArmor comes with System analyzer called UNCONFINED (Scan open ports, listening programs, programs' related profiles 
  • AppArmor comes with pre-built profiles for network input data such as docs from mails, or ssh clients.
  • AppArmor comes with pre-build profiles for local input devices such as keyboard, mouse, card reader .. etc
  • AppArmor includes a Log Analyzing program that help user to create program profile in "Learning Mode".
  • AppArmor Learning Mode allow to build the application profile by
    • Running the application and observing what it does and produce the output to log file.
    • Log Analysis Program scans the log file and prompt the user with questions.
    • Upon questions, automatically create the program's profile.
  • Learning Mode and Log Analyzer can be incrementally improved.
  • Ability to use Application profile for forked child processes of application or create its own profiles or leave it unprofiled.
  • Ability to monitored the profiled applications through severity level of events notifications, Reports, Application Audit Reports and ability to create on demand report.
  • Ability to backup built-in and defined security profiles.
  • AppArmor can monitor and profile sub-applications of parent application such as Web Application from Apache by making the application "ChangeHat Aware", so any changes in Apache by adding application will be profiled automatically.
 
Cheers,
Ashraf abdelazim

 

Category: Security
Share on Myspace