Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Red Hat goes for Common Criteria approval

Red Hat goes for Common Criteria approval

by Nikola Strahija on October 2nd, 2005 Red Hat Enterprise Linux (RHEL) has been entered for evaluation under the Common Criteria security scheme, and Red Hat expects its upcoming RHEL 5 to achieve Evaluation Assurance Level 4 (EAL 4), the highest level generally achieved by commercial software.


Red Hat said it is building a number of extra security features into RHEL 5 that will make it more secure than any other open-source operating system. -Red Hat Enterprise Linux will join an exclusive community of trusted operating systems that have achieved this level of security, Ed Hammersla, TCS chief operating officer, said.

The companies didn't give specifics on the new security features of RHEL 5, but said it will include kernel improvements and Security Enhanced Linux (SELinux) policy improvements, developed by IBM, Red Hat, TCS and the Linux developer community.

Red Hat is being evaluated on IBM hardware for three protection profiles, Labeled Security Protection Profile (LSPP), Controlled Access Protection Profile (CAPP), and Role-Based Access Control Protection Profile (RBAC).

Common Criteria doesn't itself guarantee that an operating system is secure, but rather is a documentation programme making it possible for organisations to verify that software reaches a certain level of security.

Microsoft achieved EAL 4 certification for Windows 2000 in 2003. No open source software was able to compete at that level until Novell's Suse Linux achieved an EAL 4+ rating in February of this year, after a process also sponsored by IBM. A year earlier Suse had beat Red Hat to EAL 3+ certification.

Achieving certification is time-consuming and costly, with each certification effort costing about $1 million. IBM, Oracle and others have stepped in to sponsor the process for both Suse and Red Hat.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »