LinuxWorld : Ultra-secure Linux evolves for the enterprise
Kernel modifications discussed at this week's LinuxWorld Expo
Network World - Linux and open-source developers are working to make Linux security tools developed by the National Security Agency more accessible and usable by regular system administrators and application developers.
Software developers and users discussed how Security Enhanced Linux (SE Linux) is evolving, and the benefits -- and potential pitfalls -- it could introduce when deployed in an enterprise data center. This discussion took place in a panel on SE Linux at the LinuxWorld Expo this week.
SE Linux is not a Linux distribution, such as SuSE or Red Hat, but is instead a set of modifications to the Linux kernel that limit the access that applications have to memory, processors, operating system configuration files and other critical components of a server or PC operating system. SE Linux uses mandatory access controls to limit applications' access only to the minimal amount of resources they need to run. The idea is to prevent hackers from taking over or breaking into a server by exploiting openings in poorly designed code, or by squeezing through small holes in well-designed software.
Introduced in 2000 by the NSA, SE Linux "only covered a small subset of the overall [Linux] system," said Stephen Smalley, a research scientist for the NSA. "SE Linux policy has since been expanded to cover more of the system. A year ago we had fairly immature support and a monolithic policy. Today we have support for modular policy, enabling third-party application developers to create policies [for SE Linux] and package them with their applications."
A major step in making SE Linux easier to use has been the development of the SE Linux Reference Policy, an open-source project for creating tools that make it easier to create and apply SE Linux policies to software.
Smalley says other developments the NSA is working on for SE Linux are ways to apply the technology to desktop Linux systems, as well as to multiple virtualized Linux systems running on top of a single hardware platform.
The U.K. government is testing SE Linux with its infrastructure of Linux and IBM WebSphere servers. The goal is to secure the Web services architecture for its municipal-service Web sites and public-facing applications.
"We wanted to enforce policies which say that application servers can only talk to the end points that they're authorized to talk to," said Mark Hocking, technical architect for the U.K. Cabinet Office's e-Government Unit. Such mandatory access controls have been used for a long time in government operating systems and highly customized systems, he said.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts