RHEL 5 going for Common Criteria EAL 4 rating
This CCEVS evaluation means Red Hat Enterprise Linux will reach a level of security previously achieved by only a handful of trusted operating systems. Red Hat Enterprise Linux is now positioned to provide best-of-breed security capabilities for commercial operating systems, offering the government, as well as businesses, unprecedented choice for security applications."
Posted Sep 27, 2005 14:32 UTC (Tue)
by Felix_the_Mac (guest, #32242)
[Link] (2 responses)
http://msdn.microsoft.com/embedded/getstart/news/news/cce...
Posted Sep 27, 2005 14:44 UTC (Tue)
by MathFox (guest, #6104)
[Link] (1 responses)
Posted Sep 27, 2005 14:53 UTC (Tue)
by pjdc (guest, #6906)
[Link]
Posted Sep 27, 2005 14:58 UTC (Tue)
by jamesmrh (guest, #31622)
[Link] (13 responses)
EAL4 is the assurance level of the certification, which is considered to be the highest level that can be reached for an off the shelf OS that was not designed from scratch specifically as a security technology.
Certifcation-wise, this will put Linux in the same arena as Trusted Solaris etc.
[not speaking for Red Hat officially, just part of the team]
Posted Sep 27, 2005 16:58 UTC (Tue)
by drag (guest, #31333)
[Link] (12 responses)
My previous understanding of EAL4 and below certifications was that it's mostly paper work and accountablity rather then actual real-life security of the operating system... Stuff like having documentation aviable about how a admin should configure the system, how obvious is it that the system is misconfigured. Stuff like that. There is nothing like full-blown code audits by the government or security evaluated 'code paths' and the such... Nothing realy terribly usefull for actual real-world security.
For instance W2k had EAL4, but obviously W2k is not a terribly secure operating system. Now OBSD on the other hand is a VERY secure system, but I wouldn't be suprised at all if they couldn't get EAL4 in it's current state. It's a more beuacratic thing, then real-world thing, at least that's my understanding.
Also as was pointed out above Windows 2000 had a CAPP/EAL4 certification, but only in a certain configuration and with huge restrictions on what software you could run... basicly you couldn't realy use it on a network or something like that.
Here is a critic of the Windows cert http://eros.cs.jhu.edu/~shap/NT-EAL4.html
Is this certification going to be for a specific config or a only a default install? Is this with the 'restrictive' style SELINUX config or the default ruleset?
Also I noticed that the article had terms like LSPP, CAPP, and RBAC.. so is it were Win2k had CAPP/EAL4, RH5 will have LSPP/RBAC/CAPP/EAL4? Which I suppose is more difficult/stringent.
Still good luck for Redhat. Hope they get it nailed.. it should make it much easier to get government contracts in many situations. More money for Redhat means we get more things like GFS and Fedora/Redhat directory services (formally netscape directory).
:)
Posted Sep 27, 2005 19:37 UTC (Tue)
by jamesmrh (guest, #31622)
[Link] (4 responses)
What we're trying to do with SELinux, though, is make the technology available in the standard, current product, rather than an old fork of the OS like traditional "trusted" OS vendors. We're also trying to implement the technology in a more generalized way, so it can be re-used for other purposes. An example of this is MCS, which is an adaptation of MLS which allows users to assign security categories to files that they own.
There are several security technologies being rolled out for general use (Type Enforcement, MLS, MCS, RBAC etc), and rather than take a prescriptive stance, that is, to say "this is how your security should work", there's a lot of scope for users to innovate and feed their ideas back into the community.
The short answer to your question is that you get a bunch of security technologies which have not existed in a generally available, modern OS.
The certification will be for a specific configuration and on specific hardware, I believe, and I'm not sure which security policy (there are several mailing lists including the redhat-lspp list where these issues can be discussed in more detail).
Posted Sep 27, 2005 20:14 UTC (Tue)
by bojan (subscriber, #14302)
[Link] (1 responses)
Good move. Do the same with GFS and Xen in RHEL5 and you'll have many more people jumping on the virualisation and cluster bandwagon. The current GFS/Cluster suite subscription fees are really not something your average company can afford. And yet, getting the hardware to run it almost is.
Bring it to the masses and see the adoption rate skyrocket.
Posted Sep 27, 2005 21:33 UTC (Tue)
by drag (guest, #31333)
[Link]
Still kinda skirted around the issue, but it's a good enough answer so I'm happy. Just be carefull how it gets promoted, you don't want people to think: "Oh, look Redhat just reached the same level of security that Microsoft got back with Windows 2000 SP3." (which is obviously untrue)
Posted Oct 11, 2005 6:31 UTC (Tue)
by Vladimir (guest, #33011)
[Link] (1 responses)
I don't need to be a government type to be able to use LSPP or Type Enforcement or RBAC for everyday business.
Regards,
VG
Posted Oct 12, 2005 5:07 UTC (Wed)
by etbe (subscriber, #17516)
[Link]
Posted Sep 27, 2005 19:37 UTC (Tue)
by ncm (guest, #165)
[Link] (6 responses)
That's the entire point. This isn't about security, this is about getting Free Software into the bidding pool. Unfortunately a certified RHEL wouldn't give anybody (except RH themselves) a bidding advantage, unless the bid were on a lot more than just the hardware and OS.
Posted Sep 27, 2005 19:55 UTC (Tue)
by bojan (subscriber, #14302)
[Link] (2 responses)
Maybe you haven't heard, but RHEL is an open source operating system. You are free to take the code (that's already been certified) and run certification for your own flavour you're building from it. I reckon that's a huge advantage for *all* Linux distros, not just Red Hat.
Posted Sep 29, 2005 4:03 UTC (Thu)
by lutchann (subscriber, #8872)
[Link] (1 responses)
Posted Sep 29, 2005 5:30 UTC (Thu)
by bojan (subscriber, #14302)
[Link]
For instance, if CentOS wanted to certify their version 5, it would be much easier for them to do so (in terms of work required) once RHEL5 gets certified. No proprietary OS can claim the same. In other words, even in the certification space, the barrier to entry is reduced through open source.
Posted Sep 27, 2005 22:28 UTC (Tue)
by veillard (guest, #31604)
[Link] (2 responses)
I think the certification is only for a specific software on a specific
DV
Posted Sep 27, 2005 22:37 UTC (Tue)
by drag (guest, #31333)
[Link] (1 responses)
see:
Posted Sep 29, 2005 19:57 UTC (Thu)
by kweidner (guest, #6483)
[Link]
FYI, you can get the official lists of evaluated products and products in evaluation directly, no need to dig for old press releases ;)
Mandatory Access Control (MAC) means that the OS enforces restrictions and users can't override them. For example, you can't copy a file marked "secret" to an insecure device even if you own the file. By contrast, users can change the standard filesystem permissions (aka Discretionary Access Control or DAC) and give read or write access to others for files they own.
MAC is potentially interesting even outside government environments since it can protect against malicious software - for example it could ensure that your web browser cannot read your financial data even if an attacker has full control over it due to a security flaw.
Posted Oct 3, 2005 14:22 UTC (Mon)
by rmfought (guest, #32833)
[Link] (1 responses)
Another important thing to understand (as many other have pointed out) is that EAL level has no relation to how secure an IT product is, only *assurance* of how well it was implemented (i.e. bug and malware-free) based on the security requirements set forth (a la different protection profiles). The protection profile/security target is really where the rubber meets the road as to what actual security features the product provides. The Red Hat PP is stronger security-wise than the one MS used. This is a good overview of the MS cert:
http://eros.cs.jhu.edu/~shap/NT-EAL4.html
Something as complex as an OS is a tough thing to keep certified because changes are so frequent. I guess the real value is in showing that it can be done, and then it is up to the users to trust that the same care will be taken for further revisions.
Posted Oct 4, 2005 20:08 UTC (Tue)
by kweidner (guest, #6483)
[Link]
It's not just a matter of trust. In this case the security target adds the claim to meet the highest CC level of flaw remediation procedures beyond what the protection profiles would require ("augmented with ALC_FLR.3"), this means that the evaluators are examining and confirming that the software developers have effective procedures in place to systematically address security flaws in the product and inform their users about them. Check out page 124 in the standard [PDF link] if you want more details about how this works.
Apparently Win2k has this too :-)
Is the certification with or without Internet Explorer?Apparently Win2k has this too :-)
Windows 2003's Internet Explorer ships with a restrictive default configuration that makes it almost impossible to use the Web at all, so the certification may well include IE.Apparently Win2k has this too :-)
An important aspect of this is that it will include LSPP (Labeled Security Protection Profile) certifcation. LSPP is the modern equivalent of the B1 "trusted" certification, and requires an implementation of MLS and more stringent auditing facilities.RHEL 5 going for Common Criteria EAL 4 rating
Now I am not trying to be a dick or anything.. I just want to understand more or less what this means for us non-government types.RHEL 5 going for Common Criteria EAL 4 rating
LSPP has some very specific security requirements, which are aimed at managing information at different classifications and users at different clearances. So, the direct value of this to non-govt types is unknown and historically limited.RHEL 5 going for Common Criteria EAL 4 rating
>What we're trying to do with SELinux, though, is make the technology available in the standard, current product, rather than an old fork of the OS like traditional "trusted" OS vendors.RHEL 5 going for Common Criteria EAL 4 rating
Ya, I've been following0 SELinux developements since it was just patches from NSA. It's pretty neat stuff and I've always been apreciative of Redhat/Fedora's work to make it more usefull for the average person. RHEL 5 going for Common Criteria EAL 4 rating
Just wanted to comment on this:RHEL 5 going for Common Criteria EAL 4 rating
"LSPP has some very specific security requirements.... So, the direct value of this to non-govt types is unknown and historically limited."
How on Earth would you let sysadmins to use root and in the same type to not have access to classified data stored on the servers the run?
The administrator has to perform tasks such as fixing file system RHEL 5 going for Common Criteria EAL 4 rating
corruption, backing up data, and installing new applications (including
custom applications). These tasks are not compatible with preventing the
administrator from accessing secret data.
We have a secadm_r role for security administration which can be separate
from the sysadm_r for general system administration. This is currently
an experimental feature and is designed to be discretionary in nature.
We can't entirely prevent the sysadm from doing the wrong thing in regard
to security administration, but if they do so then they can't claim it to
be an accident, mistake, or an issue where their duties were unclear.
"it should make it much easier to get government contracts in many situations."
RHEL 5 going for Common Criteria EAL 4 rating
> Unfortunately a certified RHEL wouldn't give anybody (except RH themselves) a bidding advantageRHEL 5 going for Common Criteria EAL 4 rating
The whole product is certified, not just chunks of code. Having RHEL certified will make it easier for other vendors to get certified (although there's a lot to the certification package which won't be available under an open source license, particularly documentation) but any individual components you extract and put in another similar-but-slightly-different environment will have no special status what-so-ever.RHEL 5 going for Common Criteria EAL 4 rating
Of course, but consider this. If you are building an OS and want it EAL 4 certified, does the fact that Windows is certified help you? Not much. If you are building an open source operating system, maybe even based on RHEL5 source, does the fact that it is certified help you? A lot more - you have the same source!RHEL 5 going for Common Criteria EAL 4 rating
Hi ncm :-)RHEL 5 going for Common Criteria EAL 4 rating
hardware platform, so in a sense this is limited. But this is still a
very important step to see *one* Linux distro get there.
Well I bet you'd be happy to know that Suse has had a EAL4 certification for some time now. :)RHEL 5 going for Common Criteria EAL 4 rating
http://www.heise.de/english/newsticker/news/56451
This is different, the SUSE evaluation used the CAPP profile (same as the MS Windows evaluation mentioned here), and the new RH evaluation will be adding LSPP and RBAC for mandatory access control and role based security, making it comparable to Trusted Solaris and similar systems.
RHEL 5 going for Common Criteria EAL 4 rating
From my understanding, the instant you patch or change the configuration of the evaluated software in any way, the certification is invalid. Thus the Win2k cert was only good for a short while (if at all) until patches were applied (IIRC, the version actually shipped was many revisions past the one certified).RHEL 5 going for Common Criteria EAL 4 rating
RHEL 5 going for Common Criteria EAL 4 rating
[...]it is up to the users to trust that the same care will be taken for further revisions.