The usage of open source technologies has grown significantly in the public sector. In fact, according to a published memo, open source technologies allow the Department of Defense to “develop and update its software-based capabilities faster than ever, to anticipate new threats and respond to continuously changing requirements”. Cybersecurity threats are on the rise and organizations need to ensure that the software they use in their environments is safe. IT teams need the ability to quickly identify and mitigate breaches. They also need to deploy preventative measures and ensure that all stakeholders are protected.
Continuous Security
In a world with no perimeters, it is more imperative than ever to maintain security and regulatory compliance. While security fundamentals still apply, the security mindset is changing; security must be a continuous process. To combat cybersecurity, we recommend that organizations include security in every step of the application and infrastructure lifecycle by following the below guidelines:
- Design
Design your infrastructure and applications with security in mind. An active and current security guidance needs to be in place. This guidance should detail instructions that must be followed in case of an attack - without a prior plan, recovery is long and difficult.
- Build
Build in security features by integrating and automating security testing. Develop standard configurations and automate them so that new deployments conform to your security guidelines.
- Run
Run your infrastructure on trusted, tested, and supported platforms with capabilities that minimize attack vectors. Maintain an up-to-date catalog of assets. This catalog simplifies the process of mitigating the consequences of a possible attack.
- Manage
Deploy a centralized management system. Admins need to be able to perform a security audit on multiple remote systems from a single and centralized environment. This approach minimizes silos that make it difficult to track and prevent threats.
- Adapt
Ensure that the IT environment is continuously monitored throughout the lifecycle and kept up to date with the latest patches and security fixes.
The Red Hat Security Story
As a leader in open source infrastructure and application development solutions for the enterprise, Red Hat is uniquely positioned to enable IT organizations to leverage the innovation of open source with security, regulatory, and compliance confidence. Red Hat develops, curates, tests, and delivers certified open source infrastructure software and application platforms through a thoroughly documented supply chain. Security is something we have in mind from the beginning. There are no add-ons, security is a part of all Red Hat products. Red Hat Enterprise Linux, the underlying secure operating system, is the lynchpin that unifies all of our products. At Red Hat, we partner with open source communities, industry leaders, and government agencies to provide automated and standardized lockdown tools. Additionally, the open source software process enables Red Hat to deliver safer software that has been tried and tested through many channels.
Red Hat has deep roots in the security space. Red Hat developed SELinux in conjunction with United States National Security Agency (NSA) and the United States Department of Defense. SELinux provides mandatory access controls for every user, application, process, and file. SELinux enables a system to defend itself and protect applications against tampering and unauthorized access. Red Hat also developed sVirt, a technology that delivers secure virtualization through SELinux.
Moreover, security is baked into the Red Hat’s subscription model in 5 ways:
- Technical support
- Red Hat offers multi-channel, multi-lingual, and unlimited incidents support on a 24/7 schedule.
- Security Advisories, Patches, and Stability
- Red Hat offers stability with a product lifecycle for up to 10 years.
- The Red Hat Product Security team analyzes threats and vulnerabilities against all of our products and provides relevant advice and updates through the Red Hat Customer portal. In 2015, 96% of Red Hat Enterprise Linux critical issues had updates available the same or next day after public knowledge.
- Red Hat backports fixes for security flaws from the most recent version of an upstream software package and applies that fix to older package versions. This process minimizes disruption and provides IT organizations with the flexibility to continue to safely work with their currently deployed versions and upgrade to newer versions at the time of their choosing.
- Deep expertise
- Red Hat values knowledge sharing and facilitates conversations through the customer portal and forums. Our customers have access to knowledgebase articles, access labs and we offer a training lab.
- Red Hat maintains close relationships with component communities that benefit our customers and the open source communities. Red Hat gives back by sharing code and results of quality and secure testing.
- Commitment
- Red Hat provides hardware and software certification as well as software assurance.
- Red Hat Insights
- Red Hat Insights helps you proactively identify, prioritize, and resolve critical issues in your infrastructure before they impact your business operations. The provided intelligence is specific, clear, and actionable with tailored resolution steps presented based on unparalleled Red Hat technical knowledge and expertise.
Virtualization and Security
Virtualization allows organizations to run multiple virtual machines on one host, thus speeding up delivery of services and significantly reducing costs. However, if not properly mitigated, this convenient technology can introduce threats. Virtualization threats include:
- Denial of Service (DoS) through the termination of the guest. This threat activity occurs when there is activity within an individual guest or host that impacts the ability for the host to effectively run virtual machines.
- Memory corruption and leakage. This is the ability to corrupt or access guest memory from outside the constraints of the virtual machine.
- Guest to host escape. This vulnerability occurs when code is executed directly on the hypervisor outside the constraints of a guest virtual machine.
Red Hat Virtualization, the enterprise virtualization platform powered by Red Hat Enterprise Linux, is designed to help organizations mitigate the above threats via various mechanisms:
- Control Groups: Red Hat Virtualization includes tools and a kernel feature that controls allocation and isolation of resources. This feature enables resource limiting and control through prioritization and accounting measurements.
- SELinux: Red Hat Virtualization includes SELinux that enforces mandatory access control through a security linux module. SELinux enforces the labeling of all processes and files; and there are restrictions based on role and type. In Red Hat Virtualization, each guest is an individual process on a host. By leveraging sVirt, an extension of SELinux in libvirt, each guest can be isolated through mandatory access control.
- Encryption: Secure sockets layer(SSL)/transport layer security(TLS) encryption is used extensively within the Red Hat Virtualization environment. Encrypting traffic in the Red Hat Virtualization environment minimizes the attack surface.
To keep virtualization environments secure, we recommend that organizations keep the following in mind:
- Understand that guest virtual machines are processes that can be compromised. Give them the least possible privileges on the host.
- Disable devices/services that are not in use - This will ensure that your operations are optimal and secure.
- Do not disable SELinux.
- Keep your host and guest software up to date.
Summary
Technology is evolving so much so that sometimes security is an afterthought and not part of the initial adoption discussions. As your organization looks to expand and adopt new technologies to help you meet your customers’ demands, it is imperative to ensure that both your existing infrastructure and your future technologies offer maximum security mechanisms to prevent threats and expansion.
If you would like to learn more information about how Red Hat is building secure products, we invite you to join us at the Red Hat Government Symposium on November 2nd, 2016. Attend the event to hear about how together with our partners and customers, Red Hat is building a foundation for choice and security.
저자 소개
채널별 검색
오토메이션
기술, 팀, 인프라를 위한 IT 자동화 최신 동향
인공지능
고객이 어디서나 AI 워크로드를 실행할 수 있도록 지원하는 플랫폼 업데이트
오픈 하이브리드 클라우드
하이브리드 클라우드로 더욱 유연한 미래를 구축하는 방법을 알아보세요
보안
환경과 기술 전반에 걸쳐 리스크를 감소하는 방법에 대한 최신 정보
엣지 컴퓨팅
엣지에서의 운영을 단순화하는 플랫폼 업데이트
인프라
세계적으로 인정받은 기업용 Linux 플랫폼에 대한 최신 정보
애플리케이션
복잡한 애플리케이션에 대한 솔루션 더 보기
오리지널 쇼
엔터프라이즈 기술 분야의 제작자와 리더가 전하는 흥미로운 스토리
제품
- Red Hat Enterprise Linux
- Red Hat OpenShift Enterprise
- Red Hat Ansible Automation Platform
- 클라우드 서비스
- 모든 제품 보기
툴
체험, 구매 & 영업
커뮤니케이션
Red Hat 소개
Red Hat은 Linux, 클라우드, 컨테이너, 쿠버네티스 등을 포함한 글로벌 엔터프라이즈 오픈소스 솔루션 공급업체입니다. Red Hat은 코어 데이터센터에서 네트워크 엣지에 이르기까지 다양한 플랫폼과 환경에서 기업의 업무 편의성을 높여 주는 강화된 기능의 솔루션을 제공합니다.