New Tool Helps Lock Down Linux

Trusted Computer Solutions next week will introduce a new software package that helps automate the configuration and monitoring of security on servers that run Red Hat Linux.

The new package, dubbed Security Blanket, could have some traction in the Linux environment, where enterprises have been getting by with a mishmash of open systems tools that sometimes leave vulnerabilities in servers, experts say.

"Although server hardening is a well-established practice, only 45 percent of interviewees harden all of their servers, and 26 percent left some Internet-facing servers unhardened," according to a recent report by Forrester Research. "Why don’t they? Perhaps because they feel they can’t spare the time –- today, 53 percent of systems administrators harden their servers manually."

TCS, which does most of its business with the government in high security environments, already offers a "locked down" version of Sun's Solaris operating system called Trusted Solaris. But while there are security suites available for many commercial versions of Unix, Linux users haven't had many choices, notes Doug Hartman, vice president of product development at TCS.

"There's an open source tool called Bastille that does some of the things that Security Blanket does, but it's basically a big shell script, and it has a smaller set of vulnerabilities that it can handle out of the box," Hartman says. "It requires some knowledge of Unix administration, and it doesn't offer a compliance model."

Security Blanket, by contrast, offers a set of 50 best practices for Linux security, based on guidelines outlined by the National Institute of Standards and Technology (NIST) and the Center for Internet Security. These practices give administrators default answers to many configuration questions, simplifying Linux security setup.

In addition, Security Blanket offers a variety of monitoring and reporting tools that can help companies in their compliance efforts, Hartman says. "We give you an idea of what your risk level is, which is an important part of compliance but isn't something really addressed by most of the open source tools out there."

Red Hat has some security tools, but the Linux vendor has partnered with TCS on this one. "TCS's new solution should be a useful tool for those organizations looking to simplify system hardening," said Karl Wirth, director of security business at Red Hat.

Security Blanket will be available on Sept. 17, at a cost of $198 per license.

Have a comment on this story? Please click "Discuss" at the top of this page. If you'd like to contact Dark Reading's editors directly, send us a message.