Message-ID: <8338395.1075856439696.JavaMail.evans@thyme> Date: Thu, 19 Apr 2001 09:21:00 -0700 (PDT) From: vince.kaminski@enron.com To: vkaminski@aol.com Subject: Super-secret Linux Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-From: Vince J Kaminski X-To: vkaminski@aol.com X-cc: X-bcc: X-Folder: \Vincent_Kaminski_Jun2001_3\Notes Folders\Sent X-Origin: Kaminski-V X-FileName: vkamins.nsf ---------------------- Forwarded by Vince J Kaminski/HOU/ECT on 04/19/2001 04:21 PM --------------------------- NW on Linux on 04/16/2001 06:20:01 PM Please respond to Linux Help To: vkamins@enron.com cc: Subject: Super-secret Linux NETWORK WORLD NEWSLETTER: PHIL HOCHMUTH on LINUX 04/16/01 - Today's focus: Super-secret Linux Dear Wincenty Kaminski, In this issue: * National Security Agency is bulletproofing the operating system * Links related to Linux * Featured reader resource * CAREER CORNER: Mission-critical opportunities with marketplace winners _______________________________________________________________ If a friend has forwarded this newsletter to you, why not sign-up for your own free copy? Visit http://www.nwwsubscribe.com/FOC162 for your own free subscription. _______________________________________________________________ Today's focus: Super-secret Linux By Phil Hochmuth Network Associates is teaming up with the National Security Agency, the government's top electronic cryptography and spying institution, to help the agency fine-tune its highly secure version of Linux. The goal is to create a version of Linux that is impervious to outside attacks. Security Enhanced Linux, or SELinux, is a project under development by the NSA to create a version of the operating system that is more secure than the commercial distributions of Linux available from software vendors and the open-source community. The PGP Security division of Network Associates is working with the NSA to modify the Linux source code so that applications running on a Linux server or PC have reduced access to a Linux machine's underlying operating system. The aim is to give Linux servers the ability to shirk off "buffer overrun" and "format string" attacks, which take advantage of loose ends in Linux applications to access a server's core operating system and shut it down. A Linux worm dubbed "Lion" was recently identified as using this method to hack Linux servers. NSA has worked with other software firms to shore up other weaknesses in the operating system. Secure Computing has worked on the SELinux project to add its Type Enforcement technology to SELinux. Type Enforcement protects the operating system and applications by segmenting them into security "domains" with specifications on what types of files can be accessed by each domain. (For example, this could be used to prevent access to a configuration file through an application, such as Apache Web server). NSA is also working with VMWare to come up with a more secure user permissions system for allowing users with different security access to work on the same server. The good news for Linux users who are not high-level NSA operatives is that SELinux will be released to the open-source community once finished. This means that commercial Linux vendors could include SELinux security enhancements in future releases, resulting in more bulletproof Linux Web and database servers in enterprises. _______________________________________________________________ To contact Phil Hochmuth: Phil Hochmuth is a staff writer for Network World, and a former systems integrator. You can reach him at mailto:phochmut@nww.com. _______________________________________________________________ RELATED LINKS Get the source code for SELinux http://www.nsa.gov/selinux/src-disclaim.html Check out a site with Linux security tools and tips http://www.linuxsecurity.com PGP working with NSA on Linux security prototype - Network World, 04/16/01 http://www.nwfusion.com/news/2001/0416apps.html Breaking Linux news from Network World and around the 'Net, updated daily: http://www.nwfusion.com/topics/linux.html Archive of the Linux newsletter: http://www.nwfusion.com/newsletters/linux/index.html ______________________________________________________________ FEATURED READER RESOURCE Buyer's Guides Researching for a purchase? Check out Network World Fusion's Buyer's Guides. Whether you're researching VPN products or SAN switches or wireless LAN gear, these guides provide reviews and compare vendors head to head. See the list of guides at: http://www.nwfusion.com/research/bg.html _______________________________________________________________ CAREER CORNER presented by http://www.ITcareers.com LINUX TALENT IN DEMAND Technology business trends are shifting, but job creation is still high. Register with LeadersOnline and let our web-based recruiting service bring exceptional Linux opportunities your way. With positions ranging from $75-200K, we work with the best companies on their mission-critical jobs. LeadersOnline is just what you'd expect from Heidrick & Struggles, the world's leading executive search firm. It takes just 10 minutes to register and our service is free and confidential. http://ad.doubleclick.net/clk;2712563;5704255;f _______________________________________________________________ SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World e-mail newsletters, go to: http://www.nwwsubscribe.com/news/scripts/notprinteditnews.asp To unsubscribe from promotional e-mail go to: http://www.nwwsubscribe.com/ep To change your e-mail address, go to: http://www.nwwsubscribe.com/news/scripts/changeemail.asp Subscription questions? Contact Customer Service by replying to this message. Have editorial comments? Write Jeff Caruso, Newsletter Editor, at: mailto:jcaruso@nww.com For advertising information, write Jamie Kalbach, Fusion Sales Manager, at: mailto:jkalbach@nww.com Copyright Network World, Inc., 2001 ------------------------ This message was sent to: vkamins@enron.com