2015-11-15 - supercomputing 2015 - applied cross domain
TRANSCRIPT
AppliedCrossDomain:RedHatFoundations
ShawnWellsOfficeoftheChief Technologist, RedHatPublic Sector
[email protected] ||443-534-0130
CSCF participates in community-powered upstream projects, such asSELinux, OpenSCAP and theSCAP Security Guide
CSCF collaborates with Red Hatto integrate upstream projects intoEnterprise Linux, fosteringopen community platforms.
We commercialize these platforms together with a rich ecosystem of servicesand certifications, such as ICD 503 and CNSSI 12-53 accreditations.
PARTICIPATE
INTEGRATE
STABILIZE
100,000+PROJECTS
● Type Separation: How users, processes, and data are isolated● Role Based Access Control (RBAC)● MLS Policy
SELinux
● Type Separation: How users, processes, and data are isolated● Role Based Access Control (RBAC)● MLS Policy
SELinux
Security Automation● Configuration Monitoring● Compliance Reports● Secure Provisioning● Remediation
● Type Separation: How users, processes, and data are isolated● Role Based Access Control (RBAC)● MLS Policy
SELinux Refresher
● Common Criteria & NIAP● Intelligence Community Directive 503 (ICD 503)● US Government Configuration Baseline (USGCB)
Certifications & Standards Security Automation● Configuration Monitoring● Compliance Reports● Secure Provisioning● Remediation
SELinux Refresher
Multi-LevelSecurity(MLS)Policy•Focusesonconfidentiality(i.e.separationofmultipleclassificationsofdata)
Multi-LevelSecurity(MLS)Policy•Focusesonconfidentiality(i.e.separationofmultipleclassificationsofdata)
•Abilitytomanage{processes,users}withvaryinglevelsofaccess.(i.e.“theneedtoknow”)
Multi-LevelSecurity(MLS)Policy•Focusesonconfidentiality(i.e.separationofmultipleclassificationsofdata)
•Abilitytomanage{processes,users}withvaryinglevelsofaccess.(i.e.“theneedtoknow”)
•Usescategory&sensitivitylevels
SensitivityLabels
CategoryLabels
Polyinstantiation#id –Zstaff_u:WebServer_Admin_r:WebServer_Admin_t:s0:c0#ls -l/datasecret-file-1secret-file2
#id –Zstaff_u:WebServer_Admin_r:WebServer_Admin_t:s1:c0#ls -l/datasecret-file-1secret-file2top-secret-file-1
Certifications&Standards
NSAC63(akaNIAP)&RedHat:Wherewe’vebeen…andnextstop
RHEL 3 CAPP / EAL3+
RHEL 4 CAPP / EAL3+
RHEL 5 LSPP / EAL4+
RHEL 6 OSPP / EAL4+
RHEL 7 OSPP v3.9 / EAL4+
FIPS 140-2 Certs
docs.redhat.com- Security Guide- Admin. Guide- Priv User Guide
Red Hat corporatedevelopment &responsibilities
We use Atsechttp://red.ht/1kWN8ZZ
CommonCriteria!=
CompliancePolicy
ICD503,STIG,FISMA==
CompliancePolicy
SCAPSecurityGuidehttp://open-scap.org,
http://github.com/OpenSCAP
ShawnWellsDirector,Innovation ProgramsOfficeoftheChief Technologist, RedHatPublic [email protected] ||443-534-0130