- Related Stories
-
SuSE wins Linux a new security badge
January 21, 2004 -
Red Hat Linux nears security clearance
December 3, 2003 -
Red Hat waits for new Linux kernel to pop
October 29, 2003
Get Up to Speed on...
Enterprise security
Get the latest headlines and
company-specific news in our
expanded GUTS section.
Version 3 of Red Hat Enterprise Linux has been certified to meet Evaluation Assurance Level 2 (EAL2) of the Common Criteria certification, Red Hat said Thursday. The internationally recognized Common Criteria certification is a typical requirement for government customers.
However, Red Hat still lags behind its main rival, Novell, whose SuSE Linux has been certified to meet the more stringent EAL3. It also trails versions of Unix and Windows that have EAL4 certification.
Common Criteria certification is expensive. Oracle helped Red Hat achieve its certification, while IBM helped with SuSE Linux.
Red Hat also said it will add support for Security-Enhanced Linux, a project begun by the National Security Agency. SELinux uses "mandatory access controls" to reduce security threats by giving minimum privileges to computer users and processes.
The SELinux support will arrive in RHEL 4, due in early 2005, but also will be in a hobbyist version called Fedora Core 2, due May 17. However, merging SELinux has been difficult, and in the newest Fedora test version, released Tuesday, Red Hat disabled SELinux by default.
You can see a list of OS products that have been evaluated at http://niap.nist.gov/cc-scheme/
and follow the links labeled VPL (Product type)
and choosing Operating Systems. http://www.digitalnet.com/solutions/info_sec_sol/xts400_trusted_sys.htm
DigitalNet has a secure OS called STOP that is currently rated EAL4+ and is in evaluation against a 5+ standard.