Red Hat Linux locked down per DoD, CIS security guidelines

Security Blanket 1.2 locks down servers quickly and checks the security posture of Red Hat Enterprise Linux against various security guidelines.

Out-of-the-box operating systems may claim to be secure from external attack. But they aren't.

For more on Linux security tools:
Bastille Linux: Introduction and installation

Intrusion detection with Snort on Red Hat Enterprise Linux 5

Ubuntu Landscape systems management tool set to launch
According to Sherryl Dorch, marketing vice president of Trusted Computer Solutions (TCS), nearly all operating systems require the addition of lengthy manual scripts to be security compliant. Red Hat Enterprise Linux (RHEL) alone has a checklist of 340 guidelines that must be verified to ensure system security, she said.

The challenge, however, is that process of identifying and fixing these loopholes is manually intensive and time-consuming, Dorch said.

TCS decided to use its strong background in cross-domain security to help IT managers solve this problem. Cross-domain security systems enable users to access networks with different clearance requirements from a single computer.

Security Blanket 1.2  locates and identifies all potential loopholes in a Linux operating system.
,

The fruit of this expertise is Security Blanket 1.2, which the company said is the first automated security risk assessment tool for locating and identifying all potential loopholes in a Linux operating system. That in turn enables administrators to lock down servers quickly. The tool works for RHEL 4 and 5, CentOS 4 and 5, and the RHEL clone.

Neither a shield nor a firewall, Security Blanket is a preventive tool that scans an operating system for conformity with federal and commercial security guidelines, identifies what needs to be corrected, and reconfigures the system to bring it into compliance, explained Dorch.

DoD STIG, CIS, SANS Institute standards
Security Blanket was first introduced in August 2007. Version 1.2 improves on its predecessor by incorporating the complete Defense Information System Agency's Security Technical Implementation Guides (DISA STIG) as well as nongovernmental guidelines from the Center for Internet Security (CIS) and the SANS Institute. Collectively, these military and civilian guidelines identify security gaps that must be remedied to protect the operating system from malicious attack.

"[Security Blanket] saves money and time, and failure points will decline," Dorch said. "This also functions as a corporate security report card … and is an easier way of conducting a security audit."

Another key addition to the latest version is the ability to view the current state of the operating system against a baseline and compare differences, said Cindy Fritz, product development manager. And in April, Security Blanket will add an enterprise edition for large-scale implementations.

The Herndon, Va.-based TCS is also in the process of testing an Oracle Enterprise Linux version and might consider a SUSE Linux version as well, Dorch said.

Security Blanket's closest competitor is Bastille-Linux, but Bastille does not incorporate industry lockdown guidelines, offer baseline reports or include a user-friendly GUI, Dorch said. In addition, Security Blanket has also documented explanations of the STIG, CIS and SANS Institute guidelines, she added.

Pete Lindstrom, a senior analyst at Midvale, Utah-based Burton Group, said Security Blanket is a simple, low-cost ($299 per server) niche product designed to guide users in making intelligent security choices for Linux boxes. Although Security Blanket has few direct competitors, users can achieve the same end result from numerous other approaches, he said.

"The product sounds reasonable," Lindstrom said. "Its focus is to simplify what can be complex configuration requirements.. The idea is to be a very low cost, simple solution to address these challenges. And at this price, you'd be hard-pressed to pass it up." The enterprise edition will be critical in moving them from a one-off product to a viable option in larger organizations, he added.

Let us know what you think about the story; email: Pam Derringer, News Writer .

Dig deeper on Linux security tools

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchDataCenter

SearchServerVirtualization

SearchCloudComputing

SearchEnterpriseDesktop

Close