| |||||||||||||
active response and adaptationactive response and adaptationPosted Jun 22, 2007 14:00 UTC (Fri) by kirkengaard (subscriber, #15022)Parent article: Red Hat and IBM get certified
A hostile environment is not plannable. Hostiles do not exclusively follow known, dependable routes that can be routinely secured, and determined hostiles will not give up once the usual routes into a system prove to be moderately secure. What a system evaluated EAL4 gives you is a reliable platform that can be kept secure through active response and adaptation to threat, or further secured by additional checks, but you're not going to get "off the shelf" EAL7 (Formally Verified Design and Tested) without the system being a "device" rather than software. EAL7 ceases to be a usable "toy" because nobody classifies hacker toys for EAL7 - spending that kind of scratch is reserved for special-purpose, secure, locked-down functionality.
It is pointless to whine about EAL4+ being untried in hostile environments, because that's not what it's for, and the mild kind of "hostile environment" a server room will see is secured by a systems administrator with other tools to work with in addition to default operating system security. You're being silly.
(Log in to post comments)
EAL4+ and no auditability? Posted Jun 22, 2007 18:50 UTC (Fri) by ljt (guest, #33337) [Link] How is it possible to be EAL4+ with a policy framework (selinux) that is not fully auditable?I know, every thing is open source you can see every thing, etc.. BUT how can I know which policy I am currently running: semodule -l gives you the list of module currently loaded but what is in those modules? (hint: the .pp lying on your fs doesn't qualify..)
EAL4+ and no auditability? Posted Jun 24, 2007 16:28 UTC (Sun) by jamesm (guest, #2273) [Link] One approach to this would be to export the currently loaded policy via selinuxfs so that it can be verified and analyzed.
Just added this to the todo list:
|
|||||||||||||