1
00:00:06,530 --> 00:00:09,429
In this video I want
to introduce Mandatory Access Control.

2
00:00:10,449 --> 00:00:15,435
Mandatory Access Control is an optional
security system that uses the Linux

3
00:00:15,435 --> 00:00:20,420
kernel security modules to restrict access
based on security policies and profiles.

4
00:00:21,059 --> 00:00:27,589
It was introduced because Linux security was
never developed with an overall perspective in mind.

5
00:00:28,289 --> 00:00:31,429
It's more about different parts
of the Linux operating system.

6
00:00:32,700 --> 00:00:39,149
Now, Mandatory Access Control is independent of the
system of Linux permissions and both will apply.

7
00:00:39,689 --> 00:00:45,579
And that means that if it can't be done according to
the permissions, Mandatory Access Control is not going to change that.

8
00:00:46,880 --> 00:00:53,250
Now it is mainly used as a solution that
locks down a system for types of access that

9
00:00:53,250 --> 00:00:59,619
have not specifically been allowed and that protects Linux
against different types of problems, including zero day exploits.

10
00:01:01,030 --> 00:01:06,496
A zero day exploit is an unknown
problem in an application. How are you

11
00:01:06,496 --> 00:01:11,963
ever going to protect against an unknown
problem because you don't know about it?

12
00:01:11,963 --> 00:01:17,430
Well, that is exactly what Mandatory Access
Control is about. You deny unexpected behavior.

13
00:01:17,689 --> 00:01:21,689
You only allow types of
behavior that have been specifically allowed.

14
00:01:22,670 --> 00:01:29,299
There are two main systems for mandatory access control and
these are Selinux on Red Hat and Apparmor on Ubuntu.