INTERNAUT: What does it mean to build secure Linux?

Shawn P. McCarthy

As the Linux operating system makes ever-deeper inroads into government data centers, agencies need to feel comfortable that the open-source computing infrastructures they're rolling out are indeed secure.

In general, firewalls protect enterprise networks from intruders. But enterprises also require other types of protection in case a hacker gets past the firewall.
Traditional Unix vendors have always provided added security at the operating-system level, including so-called 'trusted' versions designed to provide data centers and security operations with machine-level security. These trusted versions defend against unauthorized access to data and applications.

How does this translate to the Linux world? Truthfully, so many different security-related terms get thrown around when it comes to Linux that it's not always easy to sort out which means what. So here's a quick primer on some of the key terms.

Security-Enhanced Linux: Driven by several National Security Agency research projects, SELinux is built on the Linux kernel to include several additional utilities. Its improved security functions revolve around mandatory access controls and how they should be built into Linux.

Some SELinux technologies have been integreated into Linux products, such as recent Red Hat distributions (Fedora Core 3 or later, Red Hat Enterprise Linux 4); Hardened Gentoo for servers; and SUSE Linux.

Trusted Linux: By itself, SELinux is not a 'trusted' operating system. A trusted OS includes support for multilevel security and complies with a set of government requirements that fill a whole book. Trusted Computers Solutions Inc. is one company working to build a Trusted Linux system. Meanwhile IBM Corp. and Red Hat are working with TCS to gain higher security certifications for future versions of Red Hat Enterprise Linux.

When it comes to the full range of OS security requirements, many people are familiar with the so-called NSA rainbow books. These include the security orange book, and other color-coded volumes. Details on the rainbow series library can be found at GCN.com, GCN.com/551.

Secure Linux: This is not a specific product, but rather a decentralized effort to build security enhancements into the Linux operating system. One key effort, the Trustix Linux Project, has been underway since 1999. It's distributed for servers, with a heavy focus on security, stability and secure connections. Details can be found at www.trustix.org.

So who's going to be the government ar-biter of a more secure Linux? Keep your eyes peeled for CCEVS Certification. The Common Criteria Evaluation and Validation Scheme is coordinated by the National Institute of Standards and Technology and NSA through the National Information Assurance Partnership.

Common knowledge

SELinux is not submitted for Common Criteria certification, but versions of Linux that incorporate SELinux are beginning to undergo evaluation, as GCN's Joab Jackson has reported [go to GCN.com and type 552 into the GCN.com/box].

When it comes to OS security, portions of the rainbow series of books have been superseded by Common Criteria, so agencies interested in wider deployments of Linux should be following the software as it makes its way through CCEVS labs.

When NIAP starts ruling on Linux, we'll have a much better idea of what it means to securely deploy the OS.

Former GCN writer Shawn P. McCarthy is senior analyst and program manager for government IT opportunities at IDC of Framingham, Mass. E-mail him at smccarthy@idc.com.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above