United States (change)
Shortcuts: Downloads Fedora Red Hat Network
Account Links: Cart Your Account
![[ RSS feed ]](http://www.redhat.com/g/chrome/rss-feed.gif)
Today, with atsec information security, we announced that JBoss Enterprise Application Platform, v4.3 is currently ‘In Evaluation’ for Common Criteria certification at Evaluation Assurance Level (EAL)2+ (augmented for flaw remediation).
This is an important announcement on many levels. It represents the first major milestone since we announced our intent to pursue additional Common Criteria certifications in Nov. 2007. Beyond this, many U.S. federal government agencies and private-sector companies use Common Criteria evaluations as a benchmark to make informed security decisions when evaluating solutions. Why? Products are evaluated by independent labs under Common Criteria’s stringent and lengthy testing requirements, giving customers an impartial assessment of the product’s ability to meet specific security requirements. Outside of the U.S., dozens of nations now recognize Common Criteria certifications, agreeing that the evaluations “contribute significantly to confidence in the security of those products.” Because Common Criteria is a recognized international standard, it gives private-sector customers with worldwide operations confidence that the products they purchase will meet local security standards.
» Read more
In the last few weeks, there have been three significant events in the adoption of SELinux and Type Enforcement. They’re all exciting, and each is a testament to the long-term success and viability of the TE approach. Even more exciting, though, is the fact that none of these announcements came from Red Hat. After carrying the flag for so long, it’s gratifying to see other communities join the effort to make serious security a standard feature in general-purpose operating systems.
First, Sun has announced that they will be porting Flask to OpenSolaris in cooperation with the NSA, calling it Flexible Mandatory Access Control, or FMAC. If this sounds familiar, it should — it’s very similar to the deal NSA and Red Hat struck in 2004, when SELinux was just gaining interest from a broad audience.
» Read more
For the last few years, Red Hat has been a regular fixture at the RSA Conference, and this year will be no different. We will be showing the recently open sourced Certificate System Dogtag project and we’ll be launching the beta program for Red Hat Enterprise IPA. Red Hat Enterprise IPA is a new product, scheduled for release mid-year, that is based on the open source freeIPA, centralized Identity, Policy and Audit project. At the Red Hat booth at RSA, we will have a demo showing the high-level features of Red Hat Enterprise IPA, so if you are interested in participating in the beta program please visit us at the show, or sign up for more information about the beta.
Identity and access management is important for reasons of efficiency, risk reduction and compliance. Existing solutions are either no longer compliant (NIS), expensive or not that easy to use (do-it-yourself LDAP and perhaps Kerberos). Red Hat’s acquisition of Netscape’s Directory Server and Certificate System was just the start of our identity and access management strategy.
» Read more
Red Hat Certificate System was acquired from AOL three years ago as part of the Netscape technology acquisition. In keeping with our commitment to open source software, today Red Hat has released all of the source code to Red Hat Certificate System. Much of the technology in Red Hat Certificate System was already open source, including the Apache web server, Red Hat Directory Server and the FIPS140-2 level 2 validated NSS cryptographic libraries, but today’s move further demonstrates Red Hat’s belief that the open source development model creates more secure software.
» Read more
Shortly after purchasing the technologies from AOL/Netscape, we opened the source for Red Hat Directory Server in the summer of 2005. Since then, the Fedora Directory Server project has attracted attention and contributions from the community and is now also at the heart of a broader community effort around the central management of identity, policy and audit for the Unix and Linux world, called freeIPA.
Today’s 8.0 release of Red Hat Directory Server is built directly from those fully open source Fedora Directory Server bits and contains all of the contributions and community effort that went into that project. Part of the effort was around achieving full RPM compliance for Red Hat Directory Server, enabling organizations to now rely on the standard Red Hat Network update process for updates.
» Read more
We’ve recently seen a large amount of information in the press regarding information security and what happens when organizations misstep in implementing security procedures and systems. This problem is not going to be solved in the near term. To date, the volume of reports has not diminished public interest. We can expect to see additional incidents and they will become increasingly visible.
The problem requires attention from both technology people and their business partners.
» Read more
Last week, the National Security Agency (NSA) released security guidance for securely configuring a Red Hat Enterprise Linux 5 machine.
Red Hat’s Security Standards team worked with the NSA on this effort and we are excited about it because it’s the most thorough and clear security guide to date for any Linux distribution. It should prove useful to admins and tool vendors looking for guidance on how to lock down any Linux system. As the guidance is specifically aimed at the options available with Red Hat Enterprise Linux 5 and the version of packages shipped with this operating system, it will be particularly useful for locking down Red Hat Enterprise Linux 5.
» Read more
Today, Massachusetts Institute of Technology (MIT) announced the formation of the MIT Kerberos Consortium to further fund and steer the development of Kerberos beyond what MIT has been able to achieve to date supporting this protocol with its own internal IT staff.
This Consortium is a great idea that will bring more partners, developers and standards work into play for MIT Kerberos. One has to pause to celebrate the accomplishments of the impressive internal IT staff at MIT who have helped this small internal project become an important part of every major operating system, the core to thousands of enterprises’ security infrastructure and a solution used by hundreds of millions of users.
» Read more
The National Vulnerability Database (NVD) is a US Government repository of vulnerability management data that includes databases of security checklists, security related software flaws and impact metrics. It provides a public severity rating for all the vulnerabilities named by the CVE (Common Vulnerabilities and Exposures), a list of standardized names for vulnerabilities and other security exposures. The ratings can be “Low,” “Medium” or “High”. Each rating is generated automatically based on the CVSS (Common Vulnerability Scoring System) score its analysts calculate for each issue.
» Read more
Today we are pleased to announce the general availability of Red Hat Certificate System 7.3. Containing a highly configurable set of software components and tools for creating, deploying and managing certificates, Red Hat Certificate System is a powerful security framework to guarantee the identity of users and ensure privacy of communications. Based on open standards for certificate management, Certificate System provides a complete, customizable, robust, scalable and high-performance certificate management solution for public-key infrastructure (PKI), extranets and intranets.
» Read more