Concerned with security in your Linux system? So is HP. That’s why the company has recently announced its Secure OS Software – a secure version of Linux.
Because of its low cost of deployment, vendor-neutral hardware support, and a growing application base, Linux has proven popular among all types of service providers (XSPs) as well as with a growing installed base of e-commerce customers.
The rapid pace of adoption of this relatively young operating system presents a compelling opportunity for application developers, but also exposes their applications to a growing range of security threats.
But while Linux customers indicate that although they need ways of protecting applications running on a Linux infrastructure, they do not want security to be an onerous cost-of-ownership burden.
Several key security features are mandatory. Any chosen platform must protect applications and associated data by minimising the avenues of malicious attacks.
What’s more, the system must limit or contain the damage that a compromised application can do to the system or to other applications. The operating system must also maintain strict control over the resources (files, devices, inter-processcommunication mechanisms, etc.) that an application can access.
Because most attackers leave only faint, if any, evidence, administrators require as much information as possible about an attack. The analysis of such information can be crucial to preventing future attacks. For that reason, the system must provide an auditing mechanism that records all security-relevant events.
In addition, a platform must allow secure remote administration and provide encrypted communication paths from network clients. The platform must also support robust back-up and restore operations.
HP’s Secure OS Software for Linux provides a secure Internet application runtime environment derived from the Red Hat Linux distribution.
HP’s secure Linux protects Internet applications and the operating system using several security mechanisms.
First, it provides application and data containment: an innovative containment mechanism separates applications and associated data within impenetrable compartments on the same system.
Second, it supports system configuration lockdown: the lockdown mechanism starts up the system with a secure configuration, disabling unnecessary services and securing the services left enabled.
Thirdly, it enables system event auditing: the kernel-level auditing mechanism maintains a history of security-relevant activity on the system, allowing administrators to collect evidence of unauthorized use, identify trends, and establish accountability of actions.
Lastly, the HP Linux system provides file system integrity: the integrity mechanism verifies that the file system has not been compromised. If an integrity violation is detected, it assists in the return of the system to a valid state.
HP Secure OS Software for Linux also provides usability features such as an integrated Web server, large-scale back-up and restore operations, utilities for managing compartments, and a secure shell for remote administration.