Red Hat Enterprise Linux 7.4 Set to Improve Security Features

Beta release of Red Hat's flagship Linux platform adds support for Network Bound Disk Encryption and the USBGuard software framework, providing improved security.

Red Hat

The upcoming Red Hat Enterprise Linux 7.4 release is set to provide organizations with a series of new features and enhancements that will improve security and performance. Red Hat released a beta version of Red Hat Enterprise Linux (RHEL) 7.4 on May 23, providing organizations with an opportunity to preview the new features.

One of the new capabilities in RHEL 7.4 is support for Network Bound Disk Encryption, which is a feature that enables organizations to encrypt the root volume of hard drives, without requiring users to re-enter the password after a system is rebooted.

"Essentially, it allows for the automatic decryption of secrets when a client has access to a particular server on a secure network," Steve Almy, principal product manager, Red Hat Enterprise Linux, told eWEEK.  "The key word here is automatic, reducing hassle when using encryption at scale."

For Network Bound Disk Encryption to work properly, Almy explained that the encryption needs to be initiated at installation time and it is not currently possible to encrypt an unencrypted drive with Linux Unified Key Setup-on-disk-format (LUKS). 

Another new security capability coming to RHEL 7.4 is support for the USBGuard software framework. USBGuard is an open-source project that aims to help protect systems against rogue USB devices, by implementing basic whitelisting and blacklisting capabilities, based on device attributes. In RHEL 7.4   USBGuard can be configured locally with the /etc/usbguard/rules.conf file and will be configurable at scale via Ansible roles, Almy said

Secure Socket Layer/Transport Layer Security (SSL/TLS) gets a boost in RHEL 7.4 with the updated OpenSSL 1.0.2k package.

"This update provides a number of enhancements, new features, and bug fixes, including support for Application-Layer Protocol Negotiation (ALPN) and the datagram TLS (DTLS) protocol version 1.2," Almy said.

ALPN is an extension to the Transport Layer Security (TLS) Protocol, Version 1.2 standard. DTLS in contrast provides TLS encryption over the User Datagram Protocol (UDP), instead of just TCP/IP.

"Increasingly, application-layer protocols are encapsulated in the TLS protocol [RFC5246]," the Internet Engineering Task Force (IETF)draft on the ALPN standard states. "This encapsulation enables applications to use the existing, secure communications links already present on port 443 across virtually the entire global IP infrastructure."

Containers are a large area of investment and focus for Red Hat and with RHEL 7.4 there will be full support for Containerized Identity Management (IdM) services.

"As organizations move workloads to containers, having Identity Management available in container form simplifies the integration and increases consistency with their non-container environment and practices," Almy said.

Security isn't the only area of enhancement in RHEL 7.4, as the new release will also benefit from the inclusion the Network Manager 1.8 update. Network Manager is the open-source service that enables detection and configuration of network connectivity.

"With this update, Network Manager is getting more lightweight and modular, with a sizeable PPP (Point-to-Point Protocol) component now packaged as an optional plugin," Almy said.

Additionally Network Manager 1.8 supports advanced routing features as well as more-scalable MACsec Layer 2 VPNs as an alternative to IPSec VPN tunnels.  

"Customers can change ethernet interface settings such as link speed without restarting, previously not possible," Almy said.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.