Q

Security and usability in SELinux

Cost versus usability for security professionals and organizations.

Do you think usability is a big problem with SELinux? Is it worth it for an organization to trade usability for security?

Personally, I think SELinux can have a steep learning curve and it requires a careful implementation, including extensive testing of your applications with your proposed policies. If this process is followed, then I think the impact of potential SElinux usability issues is lessened.

As to the broader question of usability versus security? I always say security people are only in business if the business they support can do business. If security makes an application unusable and the business is then hampered in their ability to do business, then this can be as bad as if the application is unavailable due to an attack or compromise. Usability versus security should always be a risk-based balance/trade-off.

Implement the best possible set of security controls, for the optimal cost, to mitigate the most risk. If, for reasons of usability (or cost), you are unable to implement a control then articulate the risk, preferably in business terms like dollars, to of not implementing that control. If they accept that risk (and only they can), then document that acceptance and report it to the appropriate parts of your organization, like risk and audit groups/committees. Ultimately, your salary gets paid by the business making money. If you:

  • Appropriately articulate any risk involved in doing business
  • Present appropriate and cost-effective controls to mitigate those risks
  • Document any risks that have not been mitigated, either by choice or some fundamental inability to mitigate
  • Regularly re-evaluate risks and controls.

then you have done your best to secure your organisation in the most appropriate way.

This was first published in December 2006

Dig deeper on Linux system security best practices

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchDataCenter

SearchServerVirtualization

SearchCloudComputing

SearchEnterpriseDesktop

Close