LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

LWN.net Weekly Edition for February 2, 2012

A tempest in a toybox

LWN.net Weekly Edition for January 26, 2012

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Red Hat gains security certification (News.com)

Red Hat gains security certification (News.com)

Posted May 8, 2004 9:31 UTC (Sat) by apollock (subscriber, #14629)
In reply to: Red Hat gains security certification (News.com) by anselm
Parent article: Red Hat gains security certification (News.com)

Remember that at these levels EAL certification mostly means that somebody has checked that the documentation is complete. It does not involve looking at the actual system in any detail, let alone doing so from the point of view of a dedicated attacker.

That's not strictly correct. When a product is evaluated under the Common Criteria, it's done so under specific Terms of Evaluation (TOE). In the case of Windows, I do believe the TOE included not having it plugged into a network (or at least it used to for NT4). I'm yet to read the TOE for Red Hat, but it'll be under a certain configuration, and if you deviate from that one inch, it's no longer certified to EAL2. End of story. And they do take into consideration the software, the source code etc. I remember once, Firewall-1 fell off an Evaluated Products List because they didn't get source code in by a deadline...

(Log in to post comments)

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds