Security Kernel Devices

[linux tech]

There are two typs of Kernel Devices -

a) /dev/random
b) /dev/urandom

These can get over collecting data randomly. They should be fully be secured in the generation of PGP keys, SSH issues and application where security is applicable. This is done in order to trick the hackers.

/dev/random makes uses of a lot of Random Bytes and the waiting time increases in order to collect for more. It is a high-quality entropy which is inter-interrupt measured.

/dev/urandom is almost the same, however when entropy store is low, it comes back to strong hash, it is not secure when compared to /dev/random.

[Sean]

Following are Kernel Compile Options :

- Network Firewalls (CONFIG_FIREWALL)

- IP: forwarding/gatewaying (CONFIG_IP_FORWARD)

- IP: syn cookies (CONFIG_SYN_COOKIES)

- IP: Firewalling (CONFIG_IP_FIREWALL)

- IP: firewall packet logging (CONFIG_IP_FIREWALL_VERBOSE)

- IP: Drop source routed frames (CONFIG_IP_NOSR)

- IP: masquerading (CONFIG_IP_MASQUERADE)

- IP: ICMP masquerading (CONFIG_IP_MASQUERADE_ICMP)

- IP: transparent proxy support (CONFIG_IP_TRANSPARENT_PROXY)

- IP: always defragment (CONFIG_IP_ALWAYS_DEFRAG)

- Packet Signatures (CONFIG_NCPFS_PACKET_SIGNING)

- IP: Firewall packet netlink device (CONFIG_IP_FIREWALL_NETLINK)

- Socket Filtering (CONFIG_FILTER)

- Port Forwarding

- Socket Filtering (CONFIG_FILTER)

- IP: Masquerading

These are few of the options that we come by at the time of Kernel Compilation.