NSA offers supersecure Linux

Infoworld ^ | October 4, 2001 | Deni Conner

[yhwhsman]

THE NATIONAL SECURITY Agency, the government's security arm, along with help from Network Associates, last week announced it has made a security-enhanced version of Linux available for download.

The NSA said it realizes that operating system security is necessary and that mainstream operating systems often lack critical security features that could enforce the confidentiality and integrity of network communications. Dubbed Security-Enhanced (SE) Linux, the NSA's version allows programs to have only the slimmest security permissions to run.

SE Linux has a strong, yet flexible, access control architecture incorporated into the kernel to foil tampering and bypassing of security mechanisms. The NSA chose Linux as a platform for this work because of its open environment. SE Linux does not correct any flaws in Linux, but rather serves as an example of how mandatory access controls, including superuser access, can be added to Linux.

With SE Linux, it is possible to configure a system that meets a number of security objectives such as roles-based access.

At present, SE Linux only supports the Intel x86 platform and has only been tested on Red Hat Linux.

The release includes documentation and source code. Users can download it from www.nsa.gov/selinux/index.html

[yhwhsman]

Hi KIDD :)

I'm thinking about trying several different distros: Redhat, Suse, Mandrake, Gentoo, and one of the BSDs along with Win98. Win98 should multi-boot with all of these without too much difficulty. I had thought about trying WinXP, but the requirements are so high I'm not sure I'll enjoy it much on my system (I'm building a newer system, from PII 333 to a PIII 500).

My biggest concern is I have an ATI Radeon video card, and ATI hasn't been the friendliest about putting out Linux drivers.

Yhwhsman

[farmfriend]

ping

[rdb3]

The Penguin Ping.

Wanna be Penguified? Just holla!

Click and find out!

Got root?

[rdb3]

Thought this would be food for thought. Personally, I'm using Win98 (but soon, very soon, I will have my Linux box up and running).

Welcome aboard!

[Poser]

Can I run Hitman 2: Silent Assassin on it?

[Poser]

Why would NSA have to update Linux?? I thought it was perfect and bulletproof. You mean there are security problems with Linux???? Wow! I can't believe it. (sarcasm off)

[rdb3]

I thought it was perfect and bulletproof. You mean there are security problems with Linux???? Wow! I can't believe it.

Question: Who ever said that it was "perfect and bullerproof?" Oh, excuse me. Who ever said that it was "perfect and bulletproof?!¿!?!¿!?!¿!?!¿!?!¿!?!¿"

[RockyMtnMan]

The NSA has the seed keys for the crypto in Windows as well.

[Poser]

"Who ever said that it was "perfect and bullerproof?"

Some of those mind-numbed Linux moonies who continually tout it as the answer to all of the world's computer problems.

I seem to recall someone in this thread whining about Microsoft's security patches. Personally, I like the fact that Microsoft patches security problems as soon as they are identified. I don't have the programming skills to patch them myself.

If it won't run the latest business software, I can't use it.

[tortoise]

If it won't run the latest business software, I can't use it.

At many companies I've worked at, this was solved with VMWare on the Linux workstations. As for the server-side business software, it already runs on Linux.

[TheEngineer]

Why would NSA have to update Linux?? I thought it was perfect and bulletproof. You mean there are security problems with Linux???? Wow! I can't believe it. (sarcasm off)

This article also begs the question - 'Why is our government pouring tax dollars into Linux, or any operating system for that matter?

The US doesn't need a Ministry of Software Development. Software is something we (the US) do very well. We export software all over the world, and import very little. Our software businesses don't exactly need a government jump start - especially when it favors one company or group of companies over another.

I know that I wouldn't be too thrilled if the Federal Government decided to start pouring money into R&D for my competitor. Our government should butt out of private enterprise and let the free market develop the best products.

[rdb3]

Some of those mind-numbed Linux moonies who continually tout it as the answer to all of the world's computer problems.

That's funny!

If it won't run the latest business software, I can't use it.

Okay, so the real objection come out. It's understandable. If MS is for you, that's all that really matters, isn't it?

[tortoise]

This article also begs the question - 'Why is our government pouring tax dollars into Linux, or any operating system for that matter?

Because much of the DoD already runs Unix workstations and the money invested in tweaking Linux to their needs is a pittance compared to the hundreds of millions of dollars they spend on operating system licenses. In other words, it is good stewardship of your tax dollars.

If they already use Unix, and it costs them hundreds of millions of dollars to not use Linux, why not toss a nickel to Linux and save a few hundred million? It is plain and simple rational economics.

[pttttt]

Here's what Microsoft had to say about their 128-bit encryption:   

128-bit Encryption Becomes the Default in Windows 2000 Service Pack 2 (SP2)

Posted: March 27, 2001

What Change Is Being Made?

The Windows® 2000 operating system was the first Microsoft platform with 128-bit encryption to be shipped internationally after the United States government relaxed its export restrictions for strong encryption in early 2000. Microsoft has obtained the necessary approvals to ship Windows 2000 with strong encryption to all customers worldwide except U.S. embargoed destinations.

...

© 2003 Microsoft Corporation. All rights reserved.

=====================================

So what does this tell us?

It tells us NSA isn't worried about it.

Why aren't they?

Fill in the blank. There aren't that many possible reasons. Certainly not 2^128.   

[Poser]

"At many companies I've worked at, this was solved with VMWare on the Linux workstations"

And you assume I have the expertise to install Linux, VMWare and Windows software? Sorry, I don't have a personal CIS department. Linux is for the tiny percentage of nerds who can install, maintain and operate it. That pretty much guarantees that it will never be a good desktop solution. While big companies can use it and support it, their employees won't be able to run it at home. "Working from home" makes that critical.

Even if some company was able to make Linux useful for the masses, the hackers would then target it for worms and virus.

It's a PC/Mac thing. The most important feature for the vast majority of computer users is standardization. In the short term, Linux has a good future as a web server operating system. It will need major support to become useful to the masses. In five years, everything will be different. I expect that some big corporation (perhaps IBM)will take Linux and try to sell and support it. I also suspect it will enjoy the same success as OS/2.

[Golden Eagle]

Uh, do you realize your link is from 2001?

Have you even visited the NSA Linux page?

http://www.nsa.gov/selinux/

"Security-enhanced Linux is not an attempt to correct any flaws that may currently exist in Linux...There is still much work needed to develop a complete security solution. In addition, due to resource limitations, we have not yet been able to evaluate and optimize the performance of the security mechanisms."

Hardly the endorsement you intended when posting a link from 2001!

[TheEngineer]

If they already use Unix, and it costs them hundreds of millions of dollars to not use Linux, why not toss a nickel to Linux and save a few hundred million? It is plain and simple rational economics.

If that's so plain and simple, then why wouldn't a Linux company foot the bill for the development? Especially if they could sell the result (secure, cheap Linux... replace expensive Unix) to the US Government?

The market is perfectly capable of responding to these needs. Are you really prepared to argue that the Federal Government can make better market decisions than the invisible hand of the Free Market?

[pyx]

In five years, everything will be different. I expect that some big corporation (perhaps IBM)will take Linux and try to sell and support it...

Why that's downright generous of you. The thing is, IBM has been investing and developing Linux for the past three or so years now. Many other Fortune 500 companies regularly deploy Linux systems and have been doing so for several years. There are MANY desktop business applications that already run under Linux and have been doing so for several years now. Seems you might wanna update your talking points.

[Poser]

You didn't write anything I don't know. That doesn't change anything I wrote. To date, no company has made Linux user friendly and Linux applications are not the industry standard for any major desktop business application. IBMs success with OS/2 convinces me that they are not the right company to make Linux the standard.

From the point of view of the end user, Linux sucks way more than Windows. In fact, most of us like Windows. I liked CP/M, DOS, and VMS. Windows is better than any of them for desktop machines. Unix is better for servers. There will be better operating systems than Windows in the near future. I just can't see any scenario where it is Linux. Experience leads me to believe it will be a combination of the best of Windows, Linux, Unix, Mac OS and whatever else some enterprising developer can steal and improve. Bill Gates has a good track record, but his company is getting a little large and unwieldy. It looked like Red Hat had a chance about 5 years ago. They failed.

[tortoise]

The market is perfectly capable of responding to these needs. Are you really prepared to argue that the Federal Government can make better market decisions than the invisible hand of the Free Market?

Don't be willfully clueless. You've done nothing but built yourself a strawman, and this fact would be obvious if you know anything about economics.

Traditional markets respond to price, Linux doesn't have a price, therefore it doesn't respond to pricing pressure. Linux is a developer market, and responds to developer pressure. You aren't going to influence a damn thing if you are applying market pressure to the wrong market for the desired results. Linux exists in an extremely active free market, but it isn't one you can buy directly with money because it isn't denominated in currency.

The Linux market doesn't give a damn what the government wants because the government generally doesn't participate in the market that Linux exists in. The government will have to spend a little money (not much) in order to participate in the Linux market so that it CAN influence its direction. The government isn't funding an operating system, it is buying a seat in the market of an existing and well-established operating system so that it can participate in that market for its own ends. The government isn't funding Linux directly per se because there is no avenue to "pay for Linux". Any money applied has to be applied indirectly.

But more to the point, who cares whether the government develops that code in house or outsources it? Many agencies of the government have a long history of contributing code to the public domain that they developed for their own use.