An introduction to AppArmor
Sarah Dickinson
on 26 April 2019
Cyber attacks are becoming more sophisticated, attack frequency is on the rise, and the cost of cybercrime damage is projected to reach $6 trillion annually by 2021. Traditional defensive measures such as firewalls and intrusion detection systems that operate at the network perimeter are no longer enough to protect today’s distributed enterprise networks. Rather, a ‘defence in depth’ approach is required in order to protect all facets of an organisation’s digital infrastructure.
In an ideal world, applications would be free from security vulnerabilities but, once compromised, even a trusted application can become untrustworthy. AppArmor provides a crucial layer of security around applications. By providing the capability to whitelist an application’s permissible actions, AppArmor enables administrators to apply the principle of least privilege to applications. Once in place, AppArmor can halt attacks and minimise or prevent damage in the event of a breach.
This whitepaper provides a technical introduction to AppArmor, including:
- Why a ‘defence in depth’ strategy should be employed to mitigate the potential damage caused by a breach
- An explanation of AppArmor, its key features and why the principle of least privilege is recommended
- The use of AppArmor in Ubuntu and snaps
Ubuntu cloud
Ubuntu offers all the training, software infrastructure, tools, services and support you need for your public and private clouds.
Newsletter signup
Related posts
CUPS Remote Code Execution Vulnerability Fix Available
Four CVE IDs have been assigned that together form an high-impact exploit chain surrounding CUPS: CVE-2024-47076, CVE-2024-47175, CVE-2024-47176 and...
TurtleBot3 OpenCR firmware update from a snap
The TurtleBot3 robot is a standard platform robot in the ROS community, and it’s a reference that Canonical knows well, since we’ve used it in our tutorials....
Integrating the Ubuntu Snapshot Service into systems management and update tools
Ubuntu recently released a snapshot service to use the archive as it was at a point in history. This article explains how to integrate this into systems...