Red Hat Linux Gets Top Govt. Security Rating 128
zakeria writes "Red Hat Linux has received a new level of security certification that should make the software more appealing to some government agencies.
Earlier this month IBM was able to achieve EAL4 Augmented with ALC_FLR.3 certification for Red Hat Enterprise Linux, putting it on a par with Sun Microsystems Inc.'s Trusted Solaris operating system, said Dan Frye, vice president of open systems with IBM."
CentOS too? (Score:3, Interesting)
Re:Hrmm. Not good enough for the average user (Score:2, Interesting)
Re:For people who don't grok EAL4 and ALC_FLR.3 (Score:5, Interesting)
Re:Hrmm. Not good enough for the average user (Score:4, Interesting)
Ignoring for the the moment I agree with *some* of your points, Linux on the desktop has nothing to do with this post, it is entirely about Linux as an enterprise grade server OS.
Re:For people who don't grok EAL4 and ALC_FLR.3 (Score:3, Interesting)
--dave
Re:For people who don't grok EAL4 and ALC_FLR.3 (Score:2, Interesting)
Re:For people who don't grok EAL4 and ALC_FLR.3 (Score:3, Interesting)
Again, please don't treat this as a flame. I'm just curious to know how BSD ranks vis a vis other OSes, especially Linux, and especially in terms of security.
Only as secure as its least secure member... (Score:4, Interesting)
Yeah yeah. But what does it /mean/? (Score:4, Interesting)
What's more interesting is does the resulting system do anything useful? Web server? Mail server? DNS? File server?
Do you lose certification as soon as any extra services are running? In which case, it's fairly meaningless because the certification only applies if the system is broadly useless.
"Get the Facts" (Score:2, Interesting)
Re:no real surprise here (Score:3, Interesting)
On a side note, FreeBSD does have MAC capabilities, and could probably be configured to pass at least EAL3 (not sure about the design verification requirements for getting EAL4), but like OpenBSD it lacks a massive, financially-interested organisation to sponsor it through all the testing. Note the RHEL5 was sponsored by IBM, not by RedHat, which gives a very clear indication of just how much financial backing is necessary to seriously attempt to get a system certified under the Common Criteria. Getting an EAL certification, as the Wikipedia entry [wikipedia.org] on the topic states, is not a significant indicator of the security of a system. It just shows that the system was tested against certain criteria and passed.