 |
|
DAILY NEWS AND INFORMATION FOR THE GLOBAL GRID COMMUNITY /
|
Breaking News - Security:
Security Takes Lead In Red Hat Enterprise Linux
Red Hat, a leading provider of open source solutions to the enterprise,
announced new accomplishments as well as a two-year roadmap for security in
Red Hat Enterprise Linux. Work to achieve government security standards,
security certifications and work with the NSA-developed SELinux lead the list
of security initiatives planned by Red Hat. Red Hat's goal is to advance
industry security standards and simplify security for customers.
Web services, utility computing, .NET, CPU harvesting and distributed
computing are just a few of the technologies that fall under the Grid
computing umbrella. Gt04 -- a premiere enterprise Grid computing conference
targeting industrial and commercial users -- will gather experts, and outline
strategies and road maps for Grid deployment. For more information, visit
www.gt04.com.
Grid computing is here!
Since its availability in 2002, Red Hat Enterprise Linux has achieved
important milestones in security standards:
- In 2003 Red Hat Enterprise Linux was the first Linux platform to achieve
Department of Defense (DoD) Defense Information Systems Agency (DISA) Common
Operating Environment (COE) certification.
- In February 2004 Red Hat Enterprise Linux was awarded Common Criteria
Evaluation Assurance Level (EAL) 2 certification.
- In February 2004 Red Hat received Mitre certification for Common
Vulnerabilities and Exposures (CVE) compatibility for Security Advisories.
EAL 2 Certification And Plans For EAL 3 And 4
Last quarter Red Hat Enterprise Linux v. 3 was awarded Common Criteria
Evaluation Assurance Level (EAL) 2 certification by the UK IT Security
Evaluation and Certification Scheme. The evaluation is in compliance with the
U.S. government's security policy directives. The Common Criteria Scheme
enables consumers to obtain an impartial assessment of an IT product by an
independent lab. This impartial assessment, or security evaluation, includes
an analysis of the IT product and the testing of the product for conformance
to a set of security requirements. Security standards play a critical role in
today's computing architecture and Red Hat is working to achieve higher levels
of security evaluation with EAL 3 and 4 certification in future releases of
Red Hat Enterprise Linux.
Oracle sponsored and worked with Red Hat to submit Red Hat Enterprise Linux
for the EAL 2 security evaluation. "Red Hat's completion of the Common
Criteria evaluation at EAL2 allows security-conscious customers to be assured
of using a secure operating system to run their enterprise applications," said
Mary Ann Davidson, chief security officer at Oracle Corp.
Mitre CVE Compatibility
A second security accomplishment for Red Hat is the certification from Mitre
for Common Vulnerabilities and Exposures (CVE) compatibility for Security
Advisories. CVE aims to standardize the names for all publicly known
vulnerabilities and security exposures to simplify security practices. Red Hat
is the first Linux vendor to be awarded this certification for security
standards.
SELinux Roadmap
Most recently made available in March as part of Fedora Core 2, test 2,
Security Enhanced Linux is the most significant milestone in Red Hat's
security roadmap for Red Hat Enterprise Linux. Benefits to customers with an
implementation of SELinux will be reduced risk and exposure to many of the
common security vulnerabilities as well as system access control at a much
more granular level. SELinux will be fully integrated and available in Red Hat
Enterprise Linux v. 4 in early 2005.
"Security certifications and compliance with standards are top priorities for
Red Hat and are key drivers of innovation. " said Paul Cormier, executive vice
president of engineering at Red Hat. "We are committed to industry standards
and will continue to drive acceptance and adherence of standards, leading by
example."
|