Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • Servers

    Trusted Systems Move to Mainstream

    By
    Jason Brooks
    -
    September 3, 2004
    Share
    Facebook
    Twitter
    Linkedin

      When it comes to operating systems, its a matter of trust—or mistrust, as the case may be.

      Its often suggested that Microsoft Corp.s security woes stem in part from the companys tardiness in updating the security assumptions it had developed when solitary, disconnected desktop PCs had little reason to fear network-borne attacks.

      However, the problem of operating systems that are too trusting for anyones good in todays wide-open, tightly connected environment extends beyond Microsoft—although Unix and Linux systems derive certain security benefits from their networked, multiuser roots, these systems are also much more permissive than they should be.

      Perimeter-focused security elements such as firewalls play an important role in securing an enterprise infrastructure, but with many services, such as Web servers, its necessary for companies to expose portions of their infrastructure to the Internet.

      Enter the trusted operating system, which can make an enterprise infrastructure significantly more secure by bringing servers an access control scheme thats more fine-grained than the DAC (discretionary access control) of most operating systems.

      /zimages/2/28571.gifClick here to read about how trusted operating systems are certified.

      Trusted operating systems provide for and enforce mandatory access control policies, which limit user and application privileges to the minimum required to do whatever job needs to be done. With the DAC schemes of most operating systems, in contrast, a process has access to everything available to the user who launched it.

      Many applications, including potentially vulnerable Internet-facing services, require superuser privileges to do things such as bind to low-numbered ports. This means that a compromised name server or Web server can give potential attackers the keys to all the data and processes on a breached machine. By limiting processes to the resources they require, trusted operating systems let companies limit the damage that a compromise can cause.

      Trusted-operating-system products arent new, and there is a variety of options available. These include Sun Microsystems Inc.s Trusted Solaris and the National Security Agency-developed Security-Enhanced Linux, as well as PitBull LX from Argus Systems Group, a division of Innovative Security Systems Inc.

      /zimages/2/28571.gifClick here to read about how one IT services company is using PitBull LX.

      However, since the early 1980s, when trusted operating systems began to be used in government and security-sensitive private deployments, these products have typically occupied a niche position. This is because of how the systems have been marketed and, as with other computing systems, because security is inversely related to convenience—trusted operating systems typically are trickier to configure and work with than are their more trusting counterparts.

      But with increasing attention being paid to security on both the vendor and consumer sides of the enterprise IT market, trusted-operating-system features are beginning to make their way into mainstream operating systems.

      Sun, for example, has announced that Solaris 10, due early next year, will leverage some of the process rights management functionality present in the companys Trusted Solaris, which limits privileges for users and tasks.

      In addition, Microsoft has launched a major project called NGSCB (Next Generation Secure Computing Base) for improving the security of “Longhorn,” the next major Windows revision. NGSCB is designed to tighten the control that users and administrators have over their systems. However, responding to developer and user pushback, Microsoft is re-evaluating what role NGSCB will play in Longhorn when that operating system ships. (Longhorn is expected to ship sometime in 2006.)

      /zimages/2/28571.gifClick here to read about the changes Microsoft is making in order to deliver Longhorn in 2006.

      Linux serves as a base platform for trusted-operating-system products such as PitBull LX and Immunix Inc.s Secured OS, and SELinux provides a common option for bringing trusted-operating-system features to various Linux distributions.

      Red Hat Inc. officials have said that SELinux will be included in Red Hat Enterprise Linux 4, which is expected to ship in the first quarter of next year. SELinux also integrates well with the Debian and Gentoo distributions of Linux.

      Senior Analyst Jason Brooks can be reached at [email protected]

      /zimages/2/28571.gifCheck out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

      /zimages/2/77042.gif

      Be sure to add our eWEEK.com Security news feed to your RSS newsreader or My Yahoo page

      Jason Brooks
      As Editor in Chief of eWEEK Labs, Jason Brooks manages the Labs team and is responsible for eWEEK's print edition. Brooks joined eWEEK in 1999, and has covered wireless networking, office productivity suites, mobile devices, Windows, virtualization, and desktops and notebooks. Jason's coverage is currently focused on Linux and Unix operating systems, open-source software and licensing, cloud computing and Software as a Service. Follow Jason on Twitter at jasonbrooks, or reach him by email at [email protected]

      MOST POPULAR ARTICLES

      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×