http://www.wired.com/news/linux/0,1411,53004,00.html By Declan McCullagh and Robert Zarate 2:00 a.m. June 11, 2002 PDT Part one of a three-part series. WASHINGTON -- Super-secure additions to the Linux operating system are inching closer to the mainstream. Developers have turned Security-Enhanced Linux (SELinux), a prototype created in part by the National Security Agency, into a module that operates almost seamlessly on the Linux operating system. "Even though SELinux wasn't intended as a complete secure system, we knew that as released it could make a substantial impact to the security of systems that incorporated it," says Grant Wagner, technical director for NSA's Secure Systems Research Office. It might seem a little unusual for the NSA to be working hand-in-hand with free-software aficionados. After all, this is the agency depicted as a clutch of inveterate snoops in the movie Enemy of the State, not to mention a top contender for the highest number of "Big Brother" awards. But to the NSA, there's no disconnect. In addition to codebreaking, the NSA is responsible for keeping the U.S. government's secrets secure -- in other words, codemaking. In the finest military-ese, that task is handled by the NSA Information Assurance Directorate, which also works on such mundane tasks as sounding an unclassified warning in April about macro viruses, e-mail worms and other problems infesting Microsoft applications. When the NSA announced SELinux last year, its goal was to show it was possible to bolster a mainstream operating system with extra security features like "mandatory access controls." Such controls verify information that the user generally cannot control, such as IP address. Most operating systems use the more conventional "discretionary access controls" method, which validates only credentials given to them at the discretion of the user -- such as the typical user name and password. Translation: It becomes more difficult to impersonate someone. NSA's Wagner says that SELinux's adoption rate "has exceeded our original expectations. This release has also caused developers of non-Linux systems to consider incorporating similar controls based upon our earlier prototypes." The decision to make SELinux into an add-on for Linux was motivated by the Linux Security Modules Project. This project attempted to invent a general way to add security modules. "We have had reports of successful deployments in both the public and private sectors," Wagner said. "These reports indicate that SELinux is very effective and has countered actual attacks mounted against systems." Wagner refused to answer questions about specific government agencies that were using SELinux. Much of the work on SELinux is being done by volunteer programmers, such as those on the SELinux mailing list, a small but growing community of enthusiasts. Mark Westerman, a senior consultant at Westcam and a member of the list, said his company uses SELinux for work it does for NASA through a contract with Lockheed Martin. "I use SELinux primarily for its security aspects. SELinux gave us proper security to thwart hackers," Westerman said. "The major advantage is mandatory access control. As a platform, specifically for Internet services, I see it will be used for Web servers and DNS servers. You're not as worried about the latest vulnerability." Westerman began using SELinux when an early version was released in January 2001. "We were working on this multiple security project and using another mechanism to secure the Linux operating system," he said. "We needed a host operating system that we could secure significantly to attach a system to multiple security levels. SELinux was that system." Shaun Savage, a Linux security developer, turned to SELinux because it's well-supported. "I wanted to use secure Linux because the projects I work on require ultra-security, and it's better supported," Savage said. "The NSA is behind it and they have more money." "In my opinion, most servers should have SELinux on them because if any exploits are found -- or even if you don't know about (problems) -- it protects the system because it limits access," Savage said. One downside is that even for experienced security gurus, SELinux can be puzzling. Savage says: "Unless you know security, it's very difficult. Unless you've ever worked in multi-level security, I'd say don't even attempt to incorporate because of the terminology it uses. To most people it's gobbledygook. Most people can't understand it. If you don't know about security, it's not a good thing to learn." A Red Hat version of SELinux is available at sourceforge.net. Open-source software is a generic term applied to programs for which the source code is available -- but it may still cost money. Free software is a subset of open-source software and generally means that the software is available for use at no cost, subject to license agreements like the GNU General Public License. The Linux operating system, sometimes called the GNU Linux operating system, is free software. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Wed Jun 12 2002 - 03:41:06 PDT