Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

2015-11-15 - Supercomputing 2015 - Applied Cross Domain

56 views

Published on

2015-11-15 - Supercomputing 2015 - Applied Cross Domain

Published in: Software
  • Be the first to comment

  • Be the first to like this

2015-11-15 - Supercomputing 2015 - Applied Cross Domain

  1. 1. Applied Cross Domain: Red Hat Foundations Shawn Wells Office of the Chief Technologist, Red Hat Public Sector shawn@redhat.com || 443-534-0130
  2. 2. CSCF participates in community- powered upstream projects, such as SELinux, OpenSCAP and the SCAP Security Guide CSCF collaborates with Red Hat to integrate upstream projects into Enterprise Linux, fostering open community platforms. We commercialize these platforms together with a rich ecosystem of services and certifications, such as ICD 503 and CNSSI 12-53 accreditations. PARTICIPATE INTEGRATE STABILIZE 100,000+ PROJECTS
  3. 3. ● Type Separation: How users, processes, and data are isolated ● Role Based Access Control (RBAC) ● MLS Policy SELinux
  4. 4. ● Type Separation: How users, processes, and data are isolated ● Role Based Access Control (RBAC) ● MLS Policy SELinux Security Automation ● Configuration Monitoring ● Compliance Reports ● Secure Provisioning ● Remediation
  5. 5. ● Type Separation: How users, processes, and data are isolated ● Role Based Access Control (RBAC) ● MLS Policy SELinux Refresher ● Common Criteria & NIAP ● Intelligence Community Directive 503 (ICD 503) ● US Government Configuration Baseline (USGCB) Certifications & Standards Security Automation ● Configuration Monitoring ● Compliance Reports ● Secure Provisioning ● Remediation
  6. 6. SELinux Refresher
  7. 7. Multi-Level Security (MLS) Policy •Focuses on confidentiality (i.e. separation of multiple classifications of data)
  8. 8. Multi-Level Security (MLS) Policy •Focuses on confidentiality (i.e. separation of multiple classifications of data) •Ability to manage {processes, users} with varying levels of access. (i.e. “the need to know”)
  9. 9. Multi-Level Security (MLS) Policy •Focuses on confidentiality (i.e. separation of multiple classifications of data) •Ability to manage {processes, users} with varying levels of access. (i.e. “the need to know”) •Uses category & sensitivity levels
  10. 10. Sensitivity Labels
  11. 11. Category Labels
  12. 12. Polyinstantiation # id –Z staff_u:WebServer_Admin_r:WebServer_Admin_t:s0:c0 # ls -l /data secret-file-1 secret-file 2 # id –Z staff_u:WebServer_Admin_r:WebServer_Admin_t:s1:c0 # ls -l /data secret-file-1 secret-file 2 top-secret-file-1
  13. 13. Certifications & Standards
  14. 14. NSA C63 (aka NIAP) & Red Hat: Where we’ve been… and next stop RHEL 3 CAPP / EAL3+ RHEL 4 CAPP / EAL3+ RHEL 5 LSPP / EAL4+ RHEL 6 OSPP / EAL4+ RHEL 7 OSPP v3.9 / EAL4+
  15. 15. FIPS 140-2 Certs
  16. 16. docs.redhat.com - Security Guide - Admin. Guide - Priv User Guide
  17. 17. Red Hat corporate development & responsibilities
  18. 18. We use Atsec http://red.ht/1kWN8ZZ
  19. 19. Common Criteria != Compliance Policy
  20. 20. ICD 503, STIG, FISMA == Compliance Policy
  21. 21. SCAP Security Guide http://open-scap.org, http://github.com/OpenSCAP
  22. 22. Shawn Wells Director, Innovation Programs Office of the Chief Technologist, Red Hat Public Sector shawn@redhat.com || 443-534-0130

×