Red Hat To Boost Security in Next Enterprise Linux - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Enterprise Applications

Red Hat To Boost Security in Next Enterprise Linux

Red Hat Enterprise Linux 4.0, due out next year, will support Security-Enhanced Linux, developed by the National Security Agency.

Red Hat will ship an enhanced security model in the next version of Red Hat Enterprise Linux, CRN has learned.

Red Hat Enterprise Linux 4.0, due out in 2005, will include support for Security-Enhanced Linux (SE Linux), according to a spokeswoman from the Raleigh, N.C.-based commercial Linux vendor.

SE Linux is a project funded by the National Security Agency (NSA) to add multilevel security to the Linux operating system so it will be more secure for a broad range of deployments, including those that require high levels of security.

In an e-mail to CRN this week, Linus Torvalds said much of the code to enable SE Linux is already a part of the recently released Linux kernel, 2.6. The Linux camp has been stepping up its efforts to make current and future versions of Linux as secure as possible in light of all the security issues around Microsoft Windows, such as last week's MyDoom virus, the ramifications of which are still being felt.

At the EclipseCon show in Anaheim, Calif., earlier this week, Red Hat CTO Michael Tiemann stressed Red Hat's commitment to SE Linux as part of its Fedora open-source project in a keynote address Wednesday.

Calling multilevel security such as that in SE Linux the "Holy Grail" of system security, Tiemann said SE Linux would be the default security policy of the next version of Fedora, due out soon.

Red Hat introduced Fedora in late 2003 as an open-source Linux project for "noncritical environments," according to Red Hat. Many believe Fedora was created to stave off criticism from the open-source community that Red Hat is too focused on the commercial aspects of Linux rather than its open-source roots.

Tiemann said Linux itself is believed to be a more secure operating system than most. However, Linux does have its vulnerabilities, though they haven't yet been as widely attacked as those in Windows.

One key vulnerability in Linux is that once a hacker accesses its root, the whole system is compromised, Tiemann said. According to the NSA Web site on SE Linux, the SE Linux kernel solves this problem because it has "no concept of a 'root' superuser and does not share the well-known shortcomings of the traditional Linux security mechanisms."

Instead, SE Linux enforces mandatory access control policies that confine user programs and system servers to the minimum amount of privilege they require to do their jobs, according to the NSA. When confined in this way, the ability of user programs and system daemons to cause harm when compromised is reduced or eliminated.

Tiemann outlined an instance of how SE Linux is more secure than traditional Linux in his EclipseCon keynote Wednesday. He said that in a security test on a previous version of Red Hat Linux in 1999, it took only 45 seconds for a hacker to break into the system. A recent test on a version of Linux running SE Linux as its security policy still has yet to be cracked, even though the IP address of the system was published to would-be hackers and the root had no IP address.

"Wouldn't it be great if we could think about building apps and OSes and tools to build applications with that strength [security] model?" Tiemann said.

But vendors and IT decision-makers widely believe it is too expensive to implement these more hacker-resistant security models, he said.

Tiemann said he is optimistic that projects like the Eclipse open-source development framework could inspire development of these secure systems because they take the development of security off the shoulders of individual corporations and put it in the hands of the community at large.

"Eclipse gives me hope because Eclipse provides the opportunity for a very targeted approach for defining, visualizing and implementing all the policy files [needed for multilevel security]," Tiemann said. "Tools that provide the kind of assistance that Eclipse can provide can give the open-source community that kind of acceleration to put policy files around."

Paula Rooney contributed to this story.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
How to Create a Successful AI Program
Jessica Davis, Senior Editor, Enterprise Apps,  10/14/2020
Think Like a Chief Innovation Officer and Get Work Done
Joao-Pierre S. Ruth, Senior Writer,  10/13/2020
10 Trends Accelerating Edge Computing
Cynthia Harvey, Freelance Journalist, InformationWeek,  10/8/2020
White Papers
Register for InformationWeek Newsletters
Current Issue
[Special Report] Edge Computing: An IT Platform for the New Enterprise
Edge computing is poised to make a major splash within the next generation of corporate IT architectures. Here's what you need to know!
Flash Poll