next-generation datacenters

Similar documents
How Red Hat Delivers a Secure

Red Hat Roi analysis. Red Hat JBoss fuse and Red Hat JBoss a-mq compared with apache community projects. Reduced time to market.

COMMUNITY OR ENTERPRISE? Choosing between JBoss community projects and Red Hat JBoss Middleware

SUBSCRIPTION GUIDE FOR RED HAT JBOSS MIDDLEWARE

SUBSCRIPTION OVERVIEW

ENTERPRISE-GRADE MANAGEMENT FOR OPENSTACK WITH RED HAT CLOUDFORMS

34% DOING MORE WITH LESS How Red Hat Enterprise Linux shrinks total cost of ownership (TCO) compared to Windows. I n a study measuring

RED HAT LEARNING SUBSCRIPTION

PROGRAM GUIDE RED HAT CONNECT FOR TECHNOLOGY PARTNERS

BUILDING the VIRtUAL enterprise

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

RED HAT ENTERPRISE LINUX. STANDARDIZE & SAVE.

JBoss Enterprise Middleware

Perfect Balance of Public and Private Cloud


Transforming Security from Defense in Depth to Comprehensive Security Assurance

With K5 you can. Do incredible things with Fujitsu Cloud Service K5

Red Hat Enterprise Linux 6 Server:

Internet Scanner 7.0 Service Pack 2 Frequently Asked Questions

Whitepaper. at a glance

Linux Automation.

Best Practices in Securing a Multicloud World

IT Consulting and Implementation Services

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights

Why This Major Automaker Decided BlackBerry Cybersecurity Consulting was the Right Road to Protecting its Connected Cars

GET CLOUD EMPOWERED. SEE HOW THE CLOUD CAN TRANSFORM YOUR BUSINESS.

Red Hat Enterprise Linux

Quick Guide to Red Hat

RED HAT JBOSS FUSE. A lightweight, flexible integration platform

Altiris Client Management Suite 7.1 from Symantec User Guide

The Red Hat Way. Lee Miles General Manager, Red Hat Middle East, Turkey & Africa

SECURING DEVICES IN THE INTERNET OF THINGS

AKAMAI CLOUD SECURITY SOLUTIONS

IBM Security Systems. IBM X-Force 2012 & CISO Survey. Cyber Security Threat Landscape IBM Corporation IBM Corporation

HOW TO MAKE THE CASE TO MANAGEMENT: PAYING FOR OPEN SOURCE

The Problem with Privileged Users

This Online Gaming Company Didn t Want to Roll the Dice on Security That s Why it Worked with BlackBerry

Information Infrastructure and Security. The value of smart manufacturing begins with a secure and reliable infrastructure

Delivering a cost-effective and highly manageable solution without compromising performance, scalability, or security

RiskSense Attack Surface Validation for IoT Systems

WHITEPAPER. Security overview. podio.com

Cloud for Government: A Transformative Digital Tool to Better Serve Communities

INSIDE. Symantec AntiVirus for Microsoft Internet Security and Acceleration (ISA) Server. Enhanced virus protection for Web and SMTP traffic

McAfee Public Cloud Server Security Suite

Container Deployment and Security Best Practices

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

Securing Industrial Control Systems

Symantec Endpoint Protection Integration Component User's Guide. Version 7.0

Security Solutions. Overview. Business Needs

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Red Hat enterprise virtualization 3.0

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief

McAfee Endpoint Threat Defense and Response Family

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

Simplify Hybrid Cloud

SECURING DEVICES IN THE INTERNET OF THINGS

What is it? What does it do?

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Red Hat enterprise virtualization 3.1 feature comparison

STATE OF THE NETWORK STUDY

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

RED HAT JBOSS FUSE A lightweight, lexible integration platform

CCISO Blueprint v1. EC-Council

Borderless security engineered for your elastic hybrid cloud. Kaspersky Hybrid Cloud Security. #truecybersecurity

DATACENTER SERVICES DATACENTER

Controlling Costs and Driving Agility in the Datacenter

IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.

CA Security Management

Providing a Rapid Response to Meltdown and Spectre for Hybrid IT. Industry: Computer Security and Operations Date: February 2018

AdaptiveMobile Security Practice

Using Red Hat Network Satellite to dynamically scale applications in a private cloud

Product Security Program

IBM Internet Security Systems Proventia Management SiteProtector

Securing Devices in the Internet of Things

Go Cloud. VMware vcloud Datacenter Services by BIOS

Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction

Symantec Backup Exec System Recovery Granular Restore Option User's Guide

IPLocks Vulnerability Assessment: A Database Assessment Solution

Security Automation Best Practices

RED HAT JBOSS FUSE SERVICE WORKS 6 COMPARED WITH ORACLE SOA SUITE

Manage Multi-Cloud Environments with Appcara and SUSE

Securing Your Most Sensitive Data

Professional Services for Cloud Management Solutions

Cisco CloudCenter Use Case Summary

TRUE SECURITY-AS-A-SERVICE

Second International Barometer of Security in SMBs

Endpoint Security and Virtualization. Darren Niller Product Management Director May 2012

Symantec Enterprise Support Services Manage IT Risk. Maximize IT Performance.

Securing a Dynamic Infrastructure. IT Virtualization new challenges

SAP Security Remediation: Three Steps for Success Using SAP GRC

A Guide to Closing All Potential VDI Security Gaps

Why This Major Energy Company Surged Back to BlackBerry After Trying AirWatch

HP Fortify Software Security Center

Device Discovery for Vulnerability Assessment: Automating the Handoff

Getting Hybrid IT Right. A Softchoice Guide to Hybrid Cloud Adoption

TABLE OF CONTENTS. 3 Disclaimer. 3 Program Guide Changes. 4 Introduction. 4 Partner Program Overview. 5 Partner Program Structure

IT Needs More Control

Symantec Endpoint Protection

Comprehensive Database Security

BUILDING APPLICATION SECURITY INTO PRODUCTION CONTAINER ENVIRONMENTS Informed by the National Institute of Standards and Technology

Transcription:

whitepaper How Red Hat delivers a secure enterprise platform for next-generation datacenters ExEcutivE summary Security has always been an important consideration when selecting a server operating system for enabling business-critical applications and other essential workloads. This is true now more than ever, especially for enterprises looking to build next-generation datacenters. Red Hat s recognition of this situation is demonstrated by the extensive set of processes and practices we employ to deliver an exceptionally secure, open source server platform. Key differentiators that set Red Hat Enterprise Linux apart include a history of security innovation, the coverage Red Hat provides for the thousands of software packages that comprise a complete solution, the quality of service with which Red Hat executes related security responses and software update processes. server operating systems and the need for security Unfortunately, there are many forces conspiring to diminish the effectiveness of traditional net- notable examples include the following: designed to evade network defenses by targeting vulnerabilities at higher layers of the computing stack The so-called dissolving perimeter a condition brought on by user mobility and other trends tions in the network all together The evolution to next-generation, dynamic datacenters featuring extensive use of server (and of which contribute to the dissolving perimeter phenomenon tions and workloads. facebook.com/redhatinc @redhatnews linkedin.com/company/red-hat To be clear, the need for security in a server operating system is nothing new; it s only the neither are Red Hat s efforts in this area new. For Red Hat, delivering an exceptionally secure open source server platform has always been a top priority. The remainder of this paper demonstrates this point by explaining the key practices, processes, and overall strategy Red Hat uses to achieve this all-important objective for Red Hat Enterprise Linux. The focus in this case is on

the security of the platform itself. This is in contrast to the many security features and services the solution makes available to the applications it serves, such as cryptographic libraries and routines. Vulnerabilities affecting this portfolio [end-point PCs] have increased in three years, or by 71% in the last 12 months alone. This trend is primarily the result of vulnerabilities in third-party programs, which in turn are also much harder to patch as a result of a lack of a unifying patch mechanism. By neglecting the risk of ubiquitous third-party programs, users risk being compromised by cybercriminals every day, despite the deployment of other security measures. delivering a secure platform incorporating and applying innovative security mechanisms at the core of the solution and extending coverage to account for the security of all the open source packages that comprise Red Hat Enterprise Linux. Red Hat has an extensive history of innovation and related efforts focused on enhancing the security of the base Red Hat Enterprise Linux operating system. Early initiatives dating back to the beginning of the previous decade include the formation of a dedicated security response team, the implementation of a single, secure mechanism for distributing all software updates, and the decision of Red Hat s efforts in this area are its commitment to having SELinux integrated into the operating system and enabled by default (2005). a mechanism for enforcing granular, system-level access control policies through the use of Linux enables by leveraging a combination of the default targeted policy used by Red Hat Enterprise erably less risk of these programs causing harm if they become compromised, for example due to a Enterprise Linux distribution. Red Hat takes this approach in part to compensate for fact that, with for other than our own contributions to the code base. The issue is the risk posed by third party software or, for open source projects, upstream packages that others are responsible for developing. Think of it this way. If you re a major hardware vendor, combination of material that was internally written, obtained via acquisition, leveraged from an open wrong, like a major vulnerability is discovered, it doesn t matter who or where the problem was introduced. From the customer s perspective, the issue is all yours, even if the affected piece of code isn t. 2

consider the myriad applications and utilities typically used to build a system and ultimately entire solution. following: product is essential, and takes the time and effort to build the binaries for Red Hat Enterprise Linux from the associated source code. Security-related advantages of this approach compared to simply obtaining builds from upstream projects include: enablement of a secure and reproducible build environment that (a) eliminates malware from infected machines, (b) ensures that a build can be accurately re-created at any point in the future, elimination of unnecessary features and redundant embedded libraries, thereby reducing the Red Hat tracks the security performance of soft- not monitor the network. This way customers who don t need an externally facing mail service don t. Red Hat Enterprise Linux isn t just a bare operating system but a feature-rich environment with many tools and applications that custom- of security service that it can for open-source alternatives. 3

validation The effectiveness of Red Hat s approach to delivering and maintaining an exceptionally secure server platform is demonstrated by one affecting customers of all over the past 10+ years, none associated vulnerabilities the worms being released (by as much as 18 months). could have affected Red Hat Enterprise Linux was automatically blocked from the outset by SELinux. Red Hat uses a suite of quality assurance tools to prevent an extensive array of potential security issues. Numerous protections added to the compiler (gcc) and run-time library (glibc) focus on detecting common programming mistakes require sign off from Red Hat s security engineering team. Red Hat engineers are an integral part of involved with the development of relevant security standards, and work with peers and competitors to further improve the security of open source projects in general. By helping upstream open source users, but to all users. maintaining a secure platform takes to maintain a high degree of security from after that initial delivery, that is, into the maintenance phase. Key elements of the Red Hat strategy in this area include having a dedicated security response team, a highly detailed process for managing vulnerabilities, intelligent patching practices, tion that, by itself, having the right response processes in place is not enough. Equally important is the quality of service with which these response processes are executed. process, the SRT establishes governing policies and procedures and, with knowledge, collaboration and determination, shepherd each issue along in a manner consistent with its designated severity level. Beyond overseeing the process, the team also performs many of the individual steps itself, including alert tracking, initial triage, and development of the resulting security advisories. Furthermore, the team serves as the primary interface on security issues for Red Hat customers. In this capacity, it is responsible for responding to security related inquiries, investigating customersubmitted issues, providing periodic progress reports for any prolonged investigations, and, in general, helping customers to keep their systems updated and secure. neers also responsible for getting products out the door on time. This distinction is critical and is what ultimately enables Red Hat not just to respond to security issues, but to do so with a premium quality of service. 4

red hat vulnerability management process: identify security issues assess severity distribute updates what lies at the heart of Red Hat s efforts is a very thorough process for managing vulnerabilities. as follows:. Red Hat actively scours numerous outlets to supplement its own inter- sarily to Red Hat. This is another reason why involvement in upstream projects and the open source vulnerability discovery. addition to the nature of the vulnerability and the types of exploits likely to operate against it, other applications they support, and their potential degree of exposure. In other words, this step involves not only a heavy dose of technical judgment skills, but also an understanding of the bigger picture, value of a skilled and dedicated response team. with which the SRT project manages the process going forward. For example, critical vulnerabilities are responded to on an emergency basis. Key resources are marshaled and coordinated to This part of the process also includes the usual checks and controls for product integrity, such as regression and compatibility testing, approval chains, and automated enforcement of who is vulnerabilities. 5

patches as soon as they are available. To some extent a natural byproduct of using open source Red Hat knows about an issue in advance of the public. By deliberately keeping embargoes short in this manner on average approximately three weeks for Red Hat Enterprise Linux customers are protected from the risk of exploits that are unknown to Red Hat. In comparison, alternate approaches that keep vulnerabilities private for much longer periods of time risk exposing customers to exploits that could otherwise be easily thwarted. truly informed decision. Consistent with an extend and embrace strategy of extending coverage, updating their software by making the process of doing so considerably easier. There s no need for deploy. Red Hat also ensures the integrity of all product updates by taking appropriate and proven measures, such as generating and storing all signing keys in hardware and keeping them separate from keys used for other purposes a best practice that other vendors have failed to maintain in the past. Quality of service There s no doubt that having thorough vulnerability management and responses processes is essen- not what but how everything is being done. This quality of service factor is particularly critical for facilitating the customer end of the process when it comes to maintaining system security. The they need, then nothing else we ve done actually matters. Their systems will remain insecure despite our efforts to ensure otherwise. dedicated security response team, but also in many other aspects of its approach to delivering and 6

For information on Red Hat Enteprise Linux government see Responding to all security issues. In contrast to many of our competitors, our security processes are not limited to the software that we create ourselves, but extend to cover all third party software that is ultimately available as part of a complete solution. The net result of this considerable investment on our part is a smoother, lower risk and less costly ownership experience for Red Hat customers. commensurate with their level of severity. For critical vulnerabilities, that means having an update one day. not much of a solution. This is why, for example, Red Hat: day, even during holidays.. was discovered, when it became public, and what full disclosure of precisely what is being The net result is a high quality of security service for customers of Red Hat Enterprise Linux customers, and, overall, an exceptionally secure platform for enterprise workloads. 7

conclusion workloads is the fact that it is exceptionally secure, as evidenced by its Common Criteria of our approach that help set Red Hat Enterprise Linux apart from the competition in this regard include: mechanisms intended to thwart entire classes of vulnerabilities The coverage provided in terms of both initial hardening and ongoing security response for all so only for the software Red Hat creates that Red Hat Enterprise Linux customers not only have a secure platform, but also receive a superior quality of security service. ABOUT RED HAT Red Hat is the world s leading provider of open source solutions, using a community-powered approach to provide reliable and high-performing cloud, virtualization, storage, Linux, and middleware technologies. Red Hat also offers award-winning support, training, and consulting its customers businesses. facebook.com/redhatinc @redhatnews linkedin.com/company/red-hat NORTH AMERICA 1 888 REDHAT1 EUROPE, MIDDLE EAST AND AFRICA 00800 7334 2835 europe@ ASIA PACIFIC +65 6490 4200 apac@ LATIN AMERICA +54 11 4329 7300 latammktg@ #10900617_V5_0413 Copyright 2013 Red Hat, Inc. Red Hat, Red Hat Enterprise Linux, the Shadowman logo, and JBoss are trademarks of Red Hat, Inc., registered in the U.S. and other countries. Linux is the registered trademark of Linus Torvalds in the U.S. and other countries.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback