“Last month’s unveiling of the National Security Agency’s
attempt to create a truly secure Linux was the first good security
news of the year. On Jan. 2 the NSA announced that it had been
figuring out how to harden the popular open-source OS, and that it
was sharing its prototype, dubbed Security-Enhanced Linux, and
source code with the public….”
“So why is Fort Meade, Md., suddenly a hot spot for Linux
security enhancements? Well, Linux is no longer strictly an OS for
longhaired, ponytailed types; the Feds use it too. Some of the
Linux gurus and security experts quoted in press reports were
skeptical of the agency’s intentions, although the NSA is making
its enhancements available under the GNU Public License (GPL), and
the source code is, as noted, available for inspection. That’s a
better deal than we’re getting with Carnivore, in case one is
concerned with bona fides.,,,”
“One of my beefs about Linux is that it’s a bear to secure. Few
distributions (Red Hat being a notable exception) offer any tools
for automating the process of downloading and installing system
patches that affect security. In most cases, you’re running a
command-line tool, which is tolerable when you have to install one
or two patches. But when you’re setting up a new Linux machine, you
may have dozens of these to add before the system is safe to
connect to a public network.”
“The bad news is that the NSA’s Security-Enhanced Linux
prototype doesn’t do anything to address that problem, nor should
it; that’s a vendor’s responsibility, and it’s a shame that few
have recognized their obligation to make this process easier. The
good news is that the agency is using its decades of experience in
securing its own machines to help with the greater chore of
fortifying the OS itself and making the system architecture less
vulnerable to assault.”