Red Hat Linux gets top government security rating

Software deemed safe enough for use by U.S. Department of Defense, U.S. National Security Agency, and other government groups

By Robert McMillan, IDG News Service
June 15, 2007

Talkback

E-mail

Printer Friendly

Reprints

Red Hat Linux has received a new level of security certification that should make the software more appealing to some government agencies.

Last week IBM was able to achieve EAL4 Augmented with ALC_FLR.3 certification for Red Hat Enterprise Linux, putting it on a par with Sun Microsystems' Trusted Solaris operating system, said Dan Frye, vice president of open systems with IBM.

"This is the highest level of security function that anybody has," Frye said. "We have delivered LSPP [Labeled Security Protection Profile] functionality in Red Hat Enterprise Linux 5, and we have certified that at the EAL4 level of assurance."

This rating is awarded by the government-funded National Information Assurance Partnership's (NIAP) Common Criteria Evaluation and Validation Scheme for IT Security program, which evaluates the security of commercial technology products.

Red Hat Linux has been certified EAL4 Augmented with ALC_FLR.3 on IBM's mainframe, System x, System p5, and eServer systems.

This level of security certification is not usually required for enterprise contracts, but it is mandatory for some programs within government agencies such as the U.S. Department of Defense and the U.S. National Security Agency, Frye said.

Linux had already been certified at the EAL4 level, but this is the first time that the operating system has received the LSPP certification, which relates to its access-control features.

Linux developers have been working to add these "SE Linux" access control features into the operating system for several years now. SE Linux shipped as part of Red Hat Enterprise Linux 5, and now it has been certified for government use, Frye said. "You now have a level of fine-grained control for everybody," he added. "You can set security based on groups or based on individuals."

In addition to LSPP, Red Hat Linux has also been certified with Role Based Access Control Protection (RBAC), and that too is noteworthy, said Red Hat.

"Historically, OS vendors have required you buy a separate branched OS to get something that is LSPP and RBAC certified," the company said in a statement. "This is something completely unique for commercial operating systems because the support for multilevel security is native to the OS."

According to Frye, the certification is "big news for the Linux industry" because it shows that open source software can be used for sensitive computing tasks. "If anyone had any doubts that you could do this with an open source operating system, we've proved them wrong."

Add to:

Digg

Talkback:

comment Post a Comment

MOST COMMENTS

The last chance to save Windows XP

Windows 7 is coming. Will your PC be ready?

A requiem for Windows XP

Making desktop Linux work for business

>> Talkback: Have your say

Dialing up Agility with Business Transformation
Is your organization innovating quickly enough to meet their needs, drive your business goals, and rise above the competition? Business Integration - leveraging the power of BPM and SOA - is the key to making the transition from the fragmented enterprise to a connected one. Register to attend this live webcast now!

» Click here to view this Webcast

Zombie PCs Are Attacking Your LAN
A recent study showed that malware-infected zombie PCs are now a bigger threat to ISPs and Web infrastructure than DoS attacks. As this brand new IT Strategy Guide explains, an increased use of peer-to-peer techniques by the attackers has made it harder to fight back. Download now, compliments of Verio:

» Click here to download now

- Special Advertising Partners -

WHITE PAPERS

Factors to consider when comparing DSL or Cable - As the demand for high-speed access increases, businesses are looking for cost-effective connection options for remote workers...
Class of Service: Myths and Misconceptions - There has been much discussion about the benefits of CoS; but, there are also common myths, which unless challenged, can...
Going mobile with today's technology - Mobile applications are transforming how companies operate. With new ways to work flexibly, employees are becoming more ...
Measuring mobile productivity - Companies must be able to measure productivity gains from mobile working. Productivity is notoriously difficult to measure...
Thinking about IMS - IMS's increased flexibility and the potential it offers for new services will create a fundamental shift in the way that...
Agile Development: 5 Steps to Continuous Integration - As more and more organizations adopt agile development, the need for continuous integration of a build can be a daunting...

» Technology White Papers Library

Technology White Papers by Topic

Technology White Papers E-mail Alert

Find out when the latest white paper is available:

INFOWORLD MARKETPLACE

Deliver REMOTE SUPPORT Easily. Try WebEx FREE! - DOWNLOAD WEBEX SUPPORT CENTER FREE! Deliver efficient, effective support. CRUSH SUPPORT LOG JAMS!
Migrating to an IP-VPN? XO Can Make It Happen - Learn the five critical success factors with a free whitepaper from XO Enterprise Solutions.
Sign up to TRY WEBEX SUPPORT CENTER FOR FREE! - Get your FULL FEATURED trial here. Share documents and applications, address support challenges.
IP Networks Boost Secure Health Communications - AT&T provides secure communication to keep health care moving forward.
Why a CMDB? - IT best practices (ITIL) have shown the benefits of a CMDB. Click for whitepapers.

» BUY A LINK NOW

Red Hat Linux gets top government security rating

MOST COMMENTS

» Technology White Papers Library

Technology White Papers by Topic

Technology White Papers E-mail Alert

Video

Podcasts

InfoWorld Blogs

Columnists

Find Products and Companies

Resource Center

Sponsored Technology Links

Sponsored Technology Links
Sybase iAnywhere - IT Guide: Mobile Device Management for Dummies?? CA - Efficient - Flexible - Compliant PGP - Is Your Data Safe? Novell, IBM, and Intel - Solution for Open Virtualization Provides Server Consolidation Curl - IT Guide: Rich Internet Application (RIA) Security HP/Intel - If you don't have enough I/O, your VMs aren't going to go. Symantec - Whitepaper: Secure, recover, and archive critical information Microsoft - {Open Source} Heroes Happen Here Symantec - Whitepaper: Protecting Microsoft(R) Applications Riverbed - Five Ugly Truths about WAFS and Caching InterSystems - Use Ensemble - quickly create composite applications. AT&T - Factors to consider when comparing DSL or Cable Cirba - Advanced Workload Analysis Techniques Rackspace - Go Green Without Sacrificing Server Performance CA - Manage your IT more effectively. AT&T - Measuring mobile productivity AT&T - Thinking about IMS CA - Plan IT better, Manage IT better. AT&T - Refine your company's plan for a Business Disruption Event AT&T - Going mobile with today's technology Cirba - Consolidating Workloads onto Mainframes AT&T - What to expect from a Technology Assessment.		AT&T - Class of Service: Myths and Misconceptions AT&T - Enhancing security through Quantum Cryptography Riverbed - Wide Area Data Services Microsoft - Microsoft Forefront makes defending your systems easier. Learn how. HP - Explore the interactive whitepaper: Rightsizing Blades for the mid-market. Symantec - Webcast: Beyond AntiVirus AMD - Renowned Engineering Institution Chooses AMD Processor-Based Servers AMD - Watch this flash demo of the Quad-Core AMD Opteron Processor EMC - EMC and VMware help you build your virtualized infrastructure. AMD - HP and Oracle deploy unbreakable computing infrastructure Qwest - Learn how Qwest voice and data solutions can save you time. MKS - The Power of UNIX/Linux on Windows with MKS Toolkit Vision Solutions - Is your smaller organization ready for High Availability? Vision Solutions - Is system maintenance doing more harm than good? HP - NEW HP LaserJet P4014n printer Starting at $699 after $100 IS. HP - HP LaserJet M3035 MFP series Starting at $1,599. SHOP NOW HP - Speed, agility, flexibility - The HP BladeSystem c-Class. Vkernel - Resolve Capacity Bottlenecks and Enhance Your Virtual Environment Nokia - Restore Your Mobile Devices With One Click Oracle - The Power of Two with SOA and BPM

	HOME NEWS BLOGS PODCASTS VIDEOS TECHNOLOGIES TEST CENTER EVENTS CAREERS	About \| Advertise \| Awards \| RSS \| Contact Us
Copyright © 2008, Reprints, Permissions, Licensing, IDG Network, Privacy Policy, Terms of Service. All Rights reserved. InfoWorld is a leading publisher of technology information and product reviews on topics including viruses, phishing, worms, firewalls, security, servers, storage, networking, wireless, databases, and web services. CIO :: ComputerWorld :: CSO :: Demo :: GamePro :: Games.net :: IDG Connect :: IDG World Expo Industry Standard :: IT World :: JavaWorld :: LinuxWorld :: MacUser :: Macworld :: Network World :: PC World :: Playlist