Red Hat and IBM recently announced the completion of an EAL4+ CC evaluation. Those who follow my blog religiously (I know that you're out there), know that I have discussed the Common Criteria several times before here and here. What most don't know is that there are a wide range of features that can result in a completed CC evaluation.
RH and IBM indeed have the same certification tests done on paper that Sun plans to achieve for the Open Source Solaris 10 with Trusted Extensions; however, WHAT they tested and WHAT customers can use and be in compliance with the test parameters is NOT AT ALL on par with what we are doing in Solaris 10 with Trusted Extensions.
The most important part of a CC Evaluation is the "Security Target." The ST defines what will and what will NOT be considered part of the evaluation. Red Hat and IBM's Security Target eliminates a number of key features and significantly reduces the functions available to the user.
The evaluation doesn't tell the whole story at all. Each evaluation
must be looked at very closely to see exactly what was tested and what
was claimed.
- Red Hat's LSPP security policy file can be hundreds or thousands of lines long and thus potential prone to more error. Solaris Trusted Extensions uses a series of small, easily verified files and enforcement of the policy always take place, even with administrative processes.
- Solaris Trusted Extensions include the Solaris Management Console GUI for configuration.
- Sun's Solaris with Trusted Extensions can be deployed very rapidly using existing applications in a matter of minutes. This keeps the security policy simple and easy to verify and the protection provided is automatic regardless of the application being deployed.
- RHEL 5 with it's LSPP security policy has some serious, practical deployment issues that customers need to be aware of including:
- The GUI and X-Windows components are excluded from the security target. This is a server and command line offering ONLY.
- No multi-level GUI. Solaris with Trusted Extensions provides both Trusted Java Desktop System (GNOME-based) and Trusted CDE
- No multi-level file sharing. Solaris with Trusted Extensions provides multi-level NFS file sharing
- No easy interoperability with other non-labeled OSs, such as MS Windows, Mac OS X, etc. Solaris with Trusted Extensions works in multi-platform environments without issue - we do not require communication only with other 'trusted' OSs.
- No guarantee of application compatibility for non-Label-aware applications. Solaris with Trusted Extensions will run all existing applications, even allowing them to run in a 'multi-level' manner without modification to the code.
- Hot Pluggable storage devices (USB and Firewire) are excluded from the evaluation. Solaris Trusted Extensions includes these devices in our evaluation.
- Network Printers are excluded. Solaris Trusted Extensions supports the labeling of network printers.
- No use of LDAP as a naming service for centralized management of user identities. Solaris Trusted Extensions supports industry standard LDAP protocols for centrally managing user id and security policy information.
- The RHEL evaluation only applies to IBM hardware. Sun's certifications include a variety of AMD-64 and Sparc-based plaforms.
-
The RHEL evaluation only supports the ext3 and selinuxfs file systems.
Sun's evaluation for Solaris Trusted Extensions supports UFS, ZFS, PCFS. NFS, lofs, hsfs. In addition, Solaris allows you to use QFS and VXFS as well although these were not part of the evaluated platform.
Sun has achieved CAPP & RBACPP @ EAL 4+ for Solaris 10 3/05 and is
about to announce Solaris 10 11/06 has repeated this achievement and we
will have our LSPP certification by the end of the CY 07.
For other comparisons, please review these useful links:
Comparing the Multilevel Security Policies of Solaris Trusted Extensions
and Red Hat Enterprise Linux
http://www.sun.com/bigadmin/features/hub_articles/mls_trusted_exts.jsp
Sun Solaris Security Web Site :
www.sun.com/solaris/security/
Comparative Study of Containment Technology : a Thesis from Sweden :
http://opensolaris.org/os/community/security/news/20070601-thesis-bs-eriksson-palmroos.pdf
Glenn Faden's Blog : Chief Architect of Solaris Trusted Extensions (and
Trusted Solaris 8):
http://blogs.sun.com/gfaden/
Thanks to Mark Thacker and Jane Medefesser for input to this article
Why should you care?
Sun believes that when you deploy a OS in a secure, multi-level environment, that you will want all the features, third party software and support to be the same as a standard environment. We believe that Solaris 10 with Trusted Extensions provides a richer, more capable, easier to use platform for our security minded customers. It is a deployment platform developed in an open source methodology, that supports a wide variety of Sparc, Intel and AMD based platforms and is freely available.
sir,i want to know the eligible criteria for giving sun solaris10 exam
Posted by vijay patil on November 02, 2007 at 11:54 AM EDT #
http://www.sun.com/training/certification/solaris/scsa.xml
I'm not exactly sure what your question is but I suggest that you contact Sun Education and review the Solaris certification information at the link above.
Posted by Jim Laurent on November 02, 2007 at 12:37 PM EDT #
http://pipes.yahoo.com/pipes/pipe.info?_id=Yp7rIXlO3RGd3VFN1vC6Jw | buy cialis
http://pipes.yahoo.com/pipes/pipe.info?_id=a695638e13263efe7d6ae23db50932a8 | generic cialis
http://pipes.yahoo.com/pipes/pipe.info?_id=25b7955a0f898b11964010cedf0db264 | order cialis
http://pipes.yahoo.com/pipes/pipe.info?_id=3fc3d97a31f6f731bb94871be76c43f1 | cheap cialis
http://pipes.yahoo.com/pipes/pipe.info?_id=7fd66d29ed9f11d7545fd77f9dd7ef6a | cheapest cialis
http://pipes.yahoo.com/pipes/pipe.info?_id=360543c1539015851941870ce878378a | generic cialis prices
http://pipes.yahoo.com/pipes/person.info?eyuid=PYf4nl4xvXqUlX8SQucFtp8U0So- | cialis
Posted by buy cialis on July 10, 2008 at 05:10 PM EDT #
http://pipes.yahoo.com/pipes/pipe.info?_id=ZBbgpw1X3RGVSbdYJphxuA | buy levitra
http://pipes.yahoo.com/pipes/pipe.info?_id=ZBbgpw1X3RGVSbdYJphxuA | buy levitra online
http://pipes.yahoo.com/pipes/pipe.info?_id=ZBbgpw1X3RGVSbdYJphxuA | levitra online
http://pipes.yahoo.com/pipes/pipe.info?_id=Hn_cBxBX3RGru2qd1fC6Jw | cheap levitra
http://pipes.yahoo.com/pipes/pipe.info?_id=tE3Scg9X3RGfhwKV1fC6Jw | order levitra
http://pipes.yahoo.com/pipes/pipe.info?_id=Og7rVQ5X3RGtF__0EpPZnA | generic levitra
http://pipes.yahoo.com/buy2levitra | buy levitra
Posted by asda on July 27, 2008 at 11:03 AM EDT #
tnx
Posted by order viagra on August 07, 2008 at 02:06 PM EDT #
tnx
Posted by order cialis on August 07, 2008 at 02:06 PM EDT #
tnx
Posted by order levitra on August 07, 2008 at 02:07 PM EDT #
http://www.bebo.com/Profile.jsp?MemberId=7807562117
Posted by hi on September 18, 2008 at 05:36 PM EDT #
I have purposely not done any comparisons to "Linux" because "Linux" is a source code development project at kernel.org (not too dissimilar from OpenSolaris at opensolaris.org). "Linux" is not a product. Solaris 10 and RHEL 5 are products that customers can buy and get support for.
http://www.globalsale.me/Aion-gold-083.aspx
http://www.cheap-gamegold.org
http://www.gamegoldvip.org
http://www.watchrolexshop.com
http://www.gamegoldme.com
Posted by aion gold on June 24, 2009 at 10:36 PM EDT #
commercial printing
commercial printing like hot pancakes come the month of December. Every end-of-the-year transactions, impressive sales are made with commercial printing alone. Whether for personal, individual or corporate uses, cards are simply useful in all ends.<a href="http://www.7days-printing.com"> commercial printing </a>. Our commercial printing works closely with our customers to create the best card designs for your business. [URL=http://www.7days-printing.com]commercial printing[/URL]
We are an online commercial printing company that provides various services for making cards. Our company is composed of people who are experts in commercial printing and effective commercial printing facilities. Our commercial printing can create cards that you can use for type of advertisement. We can offer high quality production of cards using different commercial printing services. We usually use commercial printing for making cards.
membership cards
membership cards, membership cards are one of the best ways you can step ahead of your competion. Their durability shows your customers that you are building a long lasting relationship with them and that you value their membership cards.
<a href="http://www.7days-plasticcards.co.uk"> membership cards </a> our membership cards works closely with our customers to create the best card designs for your business. [URL=http://www.7days-plasticards.co.uk]membership cards[/URL] Check you membership cards your cards online today and we will start the process to make your new membership cards .For customers who have never ordered membership cards before, it is simple to find out membership cards .we also have made available an informative membership cards our customer support professinals today if you need help with your membership cards or if you have questions regarding the membership cards printing process.
plastic card manufacturer
plastic card manufacturer is popular with business owners who are looking for a unique way to promote their companies. A plastic card manufacturer’s card is a great way to distinguish your business from others that may be competing with you.
[URL=http://www.7daysprinting.com]plastic card manufacturer[/URL].The people to whom you give a plastic card manufacturer’s card is much more likely to remember you because your plastic card manufacturer’s card distinguishes your business. We’ll present some information about high quality plastic card manufacturer’s card for business owners who are interested in using this plastic card manufacturer’s card as it is cost-effective tool to increase traffic, sales and customer base.<a href="http://www.7daysprinting.com"> plastic card manufacturer</a>. plastic card manufacturer’s card degisns can be printed on two basic types of stock. You know that plastic card manufacturer’s card stock has a significant advantage over paper because it is more durable and feels different from typical buseness cards. This is plastic card manufacturer’s card’s advantages. A plastic card manufacturer’s card is an especially good choice for high tech companies that might want to use the plastic card manufacturer’s card as a plastic.
hologram security
after hologram security in many years of experience, we have developed a step-by-step procedure that keeps you ,the customer, in full control of your order.
[URL=http://www.hologram-sticker.co.uk]hologram security [/URL]And we know you will remember the hologram security. You can jost log yourself into our members area and and you will see the hologram security. The hologram security is quick and easy to find. If you have questions, please view our company. We with hologram security will be happy to help you.
<a href="http://www.hologram-sticker.co.uk">hologram security</a>. hologram security offer quality service as well as expert support. With hologram security, you will receive free art work&sepup of your graphic design. That’s right ,every customer has the chance to know our hologram security. that is usually enough time to recognize the hologram security. you will be pleased with our serveice in hologram security.
plastic card design
the plastic card design and other types of plastic cards for some of the most recognizable and prestigious names around. Our company made its mark with full plastic card design. plastic card design just sits there, quietly waiting to be found.
<a href="http://www.dynamicworldwide.co.uk"> plastic card design </a>. The plastic card design represent the front line image of your business, after all, plastic card design is very often used to make first contact with a prospect. plastic card design is imperative that your primary marketing tools portray professionalism and high quality. [URL=http://www.dynamicworldwide.co.uk]plastic card design[/URL]
Moreover, efforts put towards your plastic card design card, will give your customers a sense of how much attention is brought to your products and services. Our plastic card design will help you competing with others to get customers to contact you. plastic card design will help you grap attention.
metal business card
the mental business card and other types of plastic cards for some of the most recognizable and prestigious names around. Our company made its mark with full mental business card. mental business card just sits there, quietly waiting to be found.<a href="http://www.metal-card.co.uk"> metal business card </a>. The mental business card represent the front line image of your business, after all, mental business card is very often used to make first contact with a prospect. mental business card is imperative that your primary marketing tools portray professionalism and high quality. [URL=http://www.metal-card.co.uk]metal business card[/URL]
Moreover, efforts put towards your mental business card card, will give your customers a sense of how much attention is brought to your products and services. Our mental business card will help you competing with others to get customers to contact you. mental business card will help you grap attention.
gift bag printing
the gift bag printing and other types of plastic cards for some of the most recognizable and prestigious names around. Our company made its mark with full gift bag printing. gift bag printing just sits there, quietly waiting to be found.
<a href="http://www.printing-gift.co.uk"> gift bag printing </a>. The gift bag printing represent the front line image of your business, after all, gift bag printing is very often used to make first contact with a prospect. gift bag printing is imperative that your primary marketing tools portray professionalism and high quality.
[URL=http://www.printing-gift.co.uk]gift bag printing[/URL]Moreover, efforts put towards your gift bag printing card, will give your customers a sense of how much attention is brought to your products and services. Our gift bag printing will help you competing with others to get customers to contact you. gift bag printing card will help you grap attention.
smart card supplier
You might want to consider a smart card supplier with printing in a vivid color. Like most other types of business cards, smart card supplier ‘s a good idea to keep the design simple. [URL=http://www.smartcard-supplier.co.uk]smart card supplier[/URL]
This is also true of any artwork you might want to use on a unique smart card supplier. The smart card supplier will emphasize your message and make people easy to remember. smart card supplier include many things. A smart card supplier can be printed on bothe sides. A smart card supplier tends to encourage customers to keep it rather than discard it .<a href="http://www.smartcard-supplier.co.uk"> smart card supplier </a>. smart card supplier includes many techniques and tips. And the smart card supplier hasmany types. Owners who are looking for smart card supplier should seriously consider plastic rather than paper cards. Due to their versatility and impact, smart card supplier is a great and cost effective way to promote companies all over the world.
Posted by molly on July 24, 2009 at 09:49 AM EDT #
http://www.shanghaimassages.net
Posted by shanghai massage on September 28, 2009 at 01:37 AM EDT #
http://www.jsjyyb.cn
Posted by 涡轮流量计 on September 28, 2009 at 01:38 AM EDT #
http://www.watusa.cn
Posted by 专业实习 on September 28, 2009 at 01:39 AM EDT #