Red Hat gains security certification
The company's newest version of Linux has been granted a significant security certification, bringing the company a step closer to competitors.
- Shankland covered the tech industry for more than 25 years and was a science writer for five years before that. He has deep expertise in microprocessors, digital photography, computer hardware and software, internet standards, web technology, and more.
 | ||||
| | | ||
| Get Up to Speed on... Enterprise security  Get the latest headlines and company-specific news in our expanded GUTS section. | | ||
| ||||
| ||||
Version 3 of Red Hat Enterprise Linux has been certified to meet Evaluation Assurance Level 2 (EAL2) of the Common Criteria certification, Red Hat said Thursday. The internationally recognized Common Criteria certification is a typical requirement for government customers.
However, Red Hat still lags behind its main rival, Novell, whose SuSE Linux has been certified to meet the more stringent EAL3. It also trails versions of Unix and Windows that have EAL4 certification.
Common Criteria certification is expensive. Oracle helped Red Hat achieve its certification, while IBM helped with SuSE Linux.
Red Hat also said it will add support for Security-Enhanced Linux, a project begun by the National Security Agency. SELinux uses "mandatory access controls" to reduce security threats by giving minimum privileges to computer users and processes.
The SELinux support will arrive in RHEL 4, due in early 2005, but also will be in a hobbyist version called Fedora Core 2, due May 17. However, merging SELinux has been difficult, and in the newest Fedora test version, released Tuesday, Red Hat disabled SELinux by default.