Red Hat's newest version of Linux has been granted a significant security certification, bringing the company a step closer to competitors.
Get Up to Speed on... Enterprise security Get the latest headlines and company-specific news in our expanded GUTS section.
Version 3 of Red Hat Enterprise Linux has been certified to meet Evaluation Assurance Level 2 (EAL2) of the Common Criteria certification, Red Hat said Thursday. The internationally recognized Common Criteria certification is a typical requirement for government customers.
However, Red Hat still lags behind its main rival, Novell, whose SuSE Linux has been certified to meet the more stringent EAL3. It also trails versions of Unix and Windows that have EAL4 certification.
Common Criteria certification is expensive. Oracle helped Red Hat achieve its certification, while IBM helped with SuSE Linux.
Red Hat also said it will add support for Security-Enhanced Linux, a project begun by the National Security Agency. SELinux uses "mandatory access controls" to reduce security threats by giving minimum privileges to computer users and processes.
The SELinux support will arrive in RHEL 4, due in early 2005, but also will be in a hobbyist version called Fedora Core 2, due May 17. However, merging SELinux has been difficult, and in the newest Fedora test version, released Tuesday, Red Hat disabled SELinux by default.
rating. This shows that this "yardstick" must be a foot shy. What a joke. The number one cause of network intrusions is rated a "4". Microsoft must own the rating institution!
A 2 or 3 is not very impressive and should not be relied on for security if what you have to protect is important.
You can see a list of OS products that have been evaluated at <a class="jive-link-external" href="http://niap.nist.gov/cc-scheme/" target="_newWindow">http://niap.nist.gov/cc-scheme/</a> and follow the links labeled VPL (Product type) and choosing Operating Systems. <a class="jive-link-external" href="http://www.digitalnet.com/solutions/info_sec_sol/xts400_trusted_sys.htm" target="_newWindow">http://www.digitalnet.com/solutions/info_sec_sol/xts400_trusted_sys.htm</a>
DigitalNet has a secure OS called STOP that is currently rated EAL4+ and is in evaluation against a 5+ standard.
Web giant is spending $120 million to beef up its Mountain View, Calif., headquarters, according to filings with the city reviewed by the San Jose Mercury News.
Tor's "obfsproxy" technology would make encrypted data look innocuous and let it dodge government censors. That could help citizens in Iran reach blocked sites as antigovernment protests reportedly loom.
MIT creates a simulation to celebrate the 50th anniversary of Spacewar. A relic of the early days of minicomputers, it was one of the first computer video games and set the stage for many others, including Asteroids.
You can see a list of OS products that have been evaluated at <a class="jive-link-external" href="http://niap.nist.gov/cc-scheme/" target="_newWindow">http://niap.nist.gov/cc-scheme/</a>
and follow the links labeled VPL (Product type)
and choosing Operating Systems. <a class="jive-link-external" href="http://www.digitalnet.com/solutions/info_sec_sol/xts400_trusted_sys.htm" target="_newWindow">http://www.digitalnet.com/solutions/info_sec_sol/xts400_trusted_sys.htm</a>
DigitalNet has a secure OS called STOP that is currently rated EAL4+ and is in evaluation against a 5+ standard.