United States (change)
Shortcuts: Downloads Fedora Red Hat Network
Account Links: Cart Your Account
![[ RSS feed ]](http://www.redhat.com/g/chrome/rss-feed.gif)
In the last few weeks, there have been three significant events in the adoption of SELinux and Type Enforcement. They’re all exciting, and each is a testament to the long-term success and viability of the TE approach. Even more exciting, though, is the fact that none of these announcements came from Red Hat. After carrying the flag for so long, it’s gratifying to see other communities join the effort to make serious security a standard feature in general-purpose operating systems.
First, Sun has announced that they will be porting Flask to OpenSolaris in cooperation with the NSA, calling it Flexible Mandatory Access Control, or FMAC. If this sounds familiar, it should — it’s very similar to the deal NSA and Red Hat struck in 2004, when SELinux was just gaining interest from a broad audience.
» Read more
For the last few years, Red Hat has been a regular fixture at the RSA Conference, and this year will be no different. We will be showing the recently open sourced Certificate System Dogtag project and we’ll be launching the beta program for Red Hat Enterprise IPA. Red Hat Enterprise IPA is a new product, scheduled for release mid-year, that is based on the open source freeIPA, centralized Identity, Policy and Audit project. At the Red Hat booth at RSA, we will have a demo showing the high-level features of Red Hat Enterprise IPA, so if you are interested in participating in the beta program please visit us at the show, or sign up for more information about the beta.
Identity and access management is important for reasons of efficiency, risk reduction and compliance. Existing solutions are either no longer compliant (NIS), expensive or not that easy to use (do-it-yourself LDAP and perhaps Kerberos). Red Hat’s acquisition of Netscape’s Directory Server and Certificate System was just the start of our identity and access management strategy.
» Read more
Red Hat Certificate System was acquired from AOL three years ago as part of the Netscape technology acquisition. In keeping with our commitment to open source software, today Red Hat has released all of the source code to Red Hat Certificate System. Much of the technology in Red Hat Certificate System was already open source, including the Apache web server, Red Hat Directory Server and the FIPS140-2 level 2 validated NSS cryptographic libraries, but today’s move further demonstrates Red Hat’s belief that the open source development model creates more secure software.
» Read more
Shortly after purchasing the technologies from AOL/Netscape, we opened the source for Red Hat Directory Server in the summer of 2005. Since then, the Fedora Directory Server project has attracted attention and contributions from the community and is now also at the heart of a broader community effort around the central management of identity, policy and audit for the Unix and Linux world, called freeIPA.
Today’s 8.0 release of Red Hat Directory Server is built directly from those fully open source Fedora Directory Server bits and contains all of the contributions and community effort that went into that project. Part of the effort was around achieving full RPM compliance for Red Hat Directory Server, enabling organizations to now rely on the standard Red Hat Network update process for updates.
» Read more
Last week, the National Security Agency (NSA) released security guidance for securely configuring a Red Hat Enterprise Linux 5 machine.
Red Hat’s Security Standards team worked with the NSA on this effort and we are excited about it because it’s the most thorough and clear security guide to date for any Linux distribution. It should prove useful to admins and tool vendors looking for guidance on how to lock down any Linux system. As the guidance is specifically aimed at the options available with Red Hat Enterprise Linux 5 and the version of packages shipped with this operating system, it will be particularly useful for locking down Red Hat Enterprise Linux 5.
» Read more
Today, Massachusetts Institute of Technology (MIT) announced the formation of the MIT Kerberos Consortium to further fund and steer the development of Kerberos beyond what MIT has been able to achieve to date supporting this protocol with its own internal IT staff.
This Consortium is a great idea that will bring more partners, developers and standards work into play for MIT Kerberos. One has to pause to celebrate the accomplishments of the impressive internal IT staff at MIT who have helped this small internal project become an important part of every major operating system, the core to thousands of enterprises’ security infrastructure and a solution used by hundreds of millions of users.
» Read more
The National Vulnerability Database (NVD) is a US Government repository of vulnerability management data that includes databases of security checklists, security related software flaws and impact metrics. It provides a public severity rating for all the vulnerabilities named by the CVE (Common Vulnerabilities and Exposures), a list of standardized names for vulnerabilities and other security exposures. The ratings can be “Low,” “Medium” or “High”. Each rating is generated automatically based on the CVSS (Common Vulnerability Scoring System) score its analysts calculate for each issue.
» Read more
Today we are pleased to announce the general availability of Red Hat Certificate System 7.3. Containing a highly configurable set of software components and tools for creating, deploying and managing certificates, Red Hat Certificate System is a powerful security framework to guarantee the identity of users and ensure privacy of communications. Based on open standards for certificate management, Certificate System provides a complete, customizable, robust, scalable and high-performance certificate management solution for public-key infrastructure (PKI), extranets and intranets.
» Read more
Identity interoperability across Windows and Linux is one area of focus highlighted by Microsoft and Novell in their November 2006 partnership announcements.
Even though there is little detail about what Microsoft and Novell will provide, this aspect of the announcement has generated interest. We will discuss the reasons for this interest, explain Microsoft and Novell’s approach as currently understood, discuss the limits of Active Directory and propose Red Hat’s broader vision for the interoperability of security information.
» Read more
A critical flaw was announced today that affects the MIT Kerberos telnet daemon, distributed with all versions of Red Hat Enterprise Linux. With this flaw, an attacker who can access the telnet port of a target machine could log in remotely as root without requiring a password.
» Read more