[ISN] Super-Secure Linux, Inch by Inch

From: InfoSec News (isnat_private)
Date: Wed Jun 12 2002 - 01:02:39 PDT

  • Next message: InfoSec News: "[ISN] Do you sit next to a security risk?"

    By Declan McCullagh and Robert Zarate 
    2:00 a.m. June 11, 2002 PDT 
    Part one of a three-part series. 
    WASHINGTON -- Super-secure additions to the Linux operating system are
    inching closer to the mainstream.
    Developers have turned Security-Enhanced Linux (SELinux), a prototype
    created in part by the National Security Agency, into a module that
    operates almost seamlessly on the Linux operating system.
    "Even though SELinux wasn't intended as a complete secure system, we
    knew that as released it could make a substantial impact to the
    security of systems that incorporated it," says Grant Wagner,
    technical director for NSA's Secure Systems Research Office.
    It might seem a little unusual for the NSA to be working hand-in-hand
    with free-software aficionados. After all, this is the agency depicted
    as a clutch of inveterate snoops in the movie Enemy of the State, not
    to mention a top contender for the highest number of "Big Brother"  
    But to the NSA, there's no disconnect. In addition to codebreaking,
    the NSA is responsible for keeping the U.S. government's secrets
    secure -- in other words, codemaking.
    In the finest military-ese, that task is handled by the NSA
    Information Assurance Directorate, which also works on such mundane
    tasks as sounding an unclassified warning in April about macro
    viruses, e-mail worms and other problems infesting Microsoft
    When the NSA announced SELinux last year, its goal was to show it was
    possible to bolster a mainstream operating system with extra security
    features like "mandatory access controls."
    Such controls verify information that the user generally cannot
    control, such as IP address. Most operating systems use the more
    conventional "discretionary access controls" method, which validates
    only credentials given to them at the discretion of the user -- such
    as the typical user name and password.
    Translation: It becomes more difficult to impersonate someone.
    NSA's Wagner says that SELinux's adoption rate "has exceeded our
    original expectations. This release has also caused developers of
    non-Linux systems to consider incorporating similar controls based
    upon our earlier prototypes."
    The decision to make SELinux into an add-on for Linux was motivated by
    the Linux Security Modules Project. This project attempted to invent a
    general way to add security modules.
    "We have had reports of successful deployments in both the public and
    private sectors," Wagner said. "These reports indicate that SELinux is
    very effective and has countered actual attacks mounted against
    Wagner refused to answer questions about specific government agencies
    that were using SELinux.
    Much of the work on SELinux is being done by volunteer programmers,
    such as those on the SELinux mailing list, a small but growing
    community of enthusiasts.
    Mark Westerman, a senior consultant at Westcam and a member of the
    list, said his company uses SELinux for work it does for NASA through
    a contract with Lockheed Martin.
    "I use SELinux primarily for its security aspects. SELinux gave us
    proper security to thwart hackers," Westerman said. "The major
    advantage is mandatory access control. As a platform, specifically for
    Internet services, I see it will be used for Web servers and DNS
    servers. You're not as worried about the latest vulnerability."
    Westerman began using SELinux when an early version was released in
    January 2001. "We were working on this multiple security project and
    using another mechanism to secure the Linux operating system," he
    said. "We needed a host operating system that we could secure
    significantly to attach a system to multiple security levels. SELinux
    was that system."
    Shaun Savage, a Linux security developer, turned to SELinux because
    it's well-supported.
    "I wanted to use secure Linux because the projects I work on require
    ultra-security, and it's better supported," Savage said. "The NSA is
    behind it and they have more money."
    "In my opinion, most servers should have SELinux on them because if
    any exploits are found -- or even if you don't know about (problems)  
    -- it protects the system because it limits access," Savage said.
    One downside is that even for experienced security gurus, SELinux can
    be puzzling.
    Savage says: "Unless you know security, it's very difficult. Unless
    you've ever worked in multi-level security, I'd say don't even attempt
    to incorporate because of the terminology it uses. To most people it's
    gobbledygook. Most people can't understand it. If you don't know about
    security, it's not a good thing to learn."
    A Red Hat version of SELinux is available at sourceforge.net.
    Open-source software is a generic term applied to programs for which
    the source code is available -- but it may still cost money. Free
    software is a subset of open-source software and generally means that
    the software is available for use at no cost, subject to license
    agreements like the GNU General Public License. The Linux operating
    system, sometimes called the GNU Linux operating system, is free
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Wed Jun 12 2002 - 03:41:06 PDT