Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] SE Linux embarks on Common Criteria testing

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] SE Linux embarks on Common Criteria testing
Date: Tue, 27 Sep 2005 23:47:18 -0500 (CDT) 
http://www.gcn.com/vol1_no1/daily-updates/37131-1.html

By Joab Jackson 
GCN Staff
09/27/05 

The National Security Agency's Security Enhanced Linux [1] has started
to undergo Common Criteria evaluation. Earlier this month, IBM Corp.  
submitted Red Hat Enterprise Linux v.5 (RHEL 5) - which includes the
SE Linux module - for Evaluation Assurance Level 4.

With the evaluation in place, this version of Linux, available from
Red Hat Inc. of Raleigh, N.C., in late 2006, could offer another
trusted operating system for handling sensitive information.  
Traditionally, Sun Microsystems Inc.'s Trusted Solaris operating
system has dominated this market.

"This allows our traditional customer base to look at Linux as a
viable alternative," said Ed Hammersla, chief operating officer of
Trusted Computer Solutions Inc. of Herndon, Va. Trusted Computer has
developed some of the extensions to SE Linux that were incorporated
into RHEL 5.

Atsec Information Security of Austin, Texas, is evaluating RHEL 5 on a
number of IBM servers, including the xSeries, pSeries and zSeries
mainframes, as well as IBM blade servers. IBM announced earlier this
year that it would submit [2] SE Linux to the National Information
Assurance Partnership's Common Criteria Evaluation and Validation
Scheme.

SE Linux is a set of software controls that can be used with Linux to
confine the actions of any process to a predetermined set of options,
allowing for a far finer grained policy-based management of
applications than operating systems offer.

"We're moving away from discretionary access control, so the
permissions for usage are out of the hands of users and rogue
programs," said Paul Smith, head of Red Hat's government office.

SE Linux lays the groundwork for Trusted Computer Systems' Application
Suite, for instance, which permits a single computer to run multiple
security levels. This multilevel security approach eliminates the need
to keep multiple computers at a single desktop, each for a different
security level.

Hammersla noted that because RHEL 5 is under evaluation, agencies can
use it to fulfill NSTISSP No. 11 National Policy, which calls for the
use [3] of Common Criteria-certified products to be used on networks
that carry sensitive information.

Although Red Hat won't officially release RHEL 5 until late next year,
users can test early implementations available [4] through the Fedora
Linux distribution, a volunteer effort that packages beta issues of
the Red Hat Enterprise Linux. Purchasers of Trusted Computer Systems'
Application Suite can also get the operating system, since it is
included in that software package as well.

[1] http://www.nsa.gov/selinux/
[2] http://www.gcn.com/24_8/tech-report/35516-1.html
[3] http://www.gcn.com/21_31/news/20302-1.html
[4] http://www.fedoracore.org/ 



_________________________________________
InfoSec News v2.0 - Coming Soon! 
http://www.infosecnews.org
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] SE Linux embarks on Common Criteria testing, InfoSec News <=
Previous by Date:  Re: [ISN] RP only ASEAN nation with hacked military Web domain, InfoSec News
Next by Date:  [ISN] IG: Better security needed for key Coast Guard database, InfoSec News
Previous by Thread:  [ISN] Zero-Day Exploit Exposes RealPlayer Users to Attack, InfoSec News
Next by Thread:  [ISN] IG: Better security needed for key Coast Guard database, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]