I know that the US government certifies certain OSes as "secure" for use in such industries as healthcare. Is there a distro of Linux that has this certification? For example, UNIX and WindowsNT have a concept where the files on the system cannot be accessed except from the host machine or an approved client. From what I've seen, all you'd need is a Linux install rescue disk to have access to the files on a Linux system. Is there a way similar to NTFS which Linux stores files to add that secure function?

If you can access the system enough to put a floppy in the drive and boot from it, then the system is simply not secure. The only time you have a totally secure system is ... never. You can have a system locked down to the floor, with the case locked up along with every drive, in a underground bunker guarded by all the biometric security you want as well as 20 men with guns ... it's still circumventable. There's never a point where you are "secure". You can be "more secure" and "less secure", but it's an open-ended scale - there is no "secure". There is, according to the purpose of the machine a level of "reasonably secure" or "secure enough" where adding security would be pointless. Basically when it starts costing attackers more than the data is worth to get the data, you are "secure enough".

the answer is not yet. SGI is (or was I haven't kept up with what they are doing) doing an audit and documentation trails. The NSA has done a MAC implementation that conforms to B2 standards. I'm not sure about auditing (I wouldn't be suprised if a few projects would meet the auditing needs).

BTW NT is far from conforming to any TCSEC requirements as it's shiped to normal customers. There is a version of NT that has achieved C2 evaluation, but only in a non-networked enviroment and with out the windows on windows subsystem.

When you ask about NTFS are you refering to ACL's (access control list)? Well SGI's XFS for linux supports ACL's and has the userspace tools.

The reason I ask this question is because I'm soon to be working with a healthcare database consulting firm. They provide database solutions, and can even do whole network infrastructure if needed. I'm really interested in integrating Linux into the operation because of its obvious advantages of Windows. The only thing is, though, is that I was told that if it wasn't government approved for use (either C2 or just for healthcare) we couldn't even use it as a mail server, or even an internet gateway for that matter. I'm not sure if it matters that it conforms to C2 certification, but I think (and I'll have to check that) there are certain criteria that the OS has to meet.

For Example:
WindowsNT has to run completely under NTFS. It can't be running any FAT partitions, as they are considered especially insecure.

Even if, due to the security concerns, we couldn't run Oracle 8i or a SQL server, it would be a tremendous cost vs benefit ratio if we could implement Linux for such things as mail, web gateways, and for file serving, and possibly using it as a domain controller with SAMBA. If any of you guys know about healthcare OS security guidelines pertaining to Linux(how it can/can't be used) I'd be incredibly appreciative.

<edit>: Where could I find a distro that uses SGI's xfs that you mentioned? I'd like to check that out and run it by my associates to see if that may suit their needs.</edit>

[ 18 October 2001: Message edited by: Alex Cavnar ]

look in the downloads for installer (it's an iso immage that's used with RedHat 7.1, you will still need the RedHat disks too): http://oss.sgi.com/projects/xfs/

If you need a multi-level secure MAC solution try this: http://nsa.gov/selinux/index.html

BTW if you run XFS with the lastest version of Samba (2.2.0 or > ) you can map the access controls from XFS over to NT's access control list which is what I think you were asking about to begin with. Look through samba's docs for how this works.

I know of a large hospital here that uses Solaris and Linux through out their enterprise.

Do you know how the linux machines are deployed? Also, do you know what distros they use? The person I'll be dealing with has very little knowledge of Linux and is stuck on the idea that Redhat is always going to be the way to go, but I want to see how well OpenBSD or even Debian would stack up, especially since security is a concern.

I'm at college right now, but as soon as I get home, I'm going to get the xfs patch and start on a new kernel 2.4.12 install w/ the xfs patch.

BTW: Debian uses kernel 2.2, right? Would I have to upgrade the kernel in order to use xfs?(the ftp site only has patches for 2.4.6 or higher.) How does OpenBSD stack up in terms of network security?

they are using Redhat, mostly as NFS clients, SMTP gateways and other such types of applications. All their NFS servers and database servers are on Solaris. They also run NIS but I'm not totaly sure how they are doing this (though I think they are using OpenLDAP on linux for something, might be NIS related). That's about all I know.

It's a pain to get Debian to work with XFS. Yea potato has the 2.2 kernel and an older version of glib that would have to be upgraded to run the XFS userspace utilities. I've have a hacked version of potato on my firewall box running all partitions on XFS but it was a major pain.

OpenBSD's focus is to have long feature freezes and audit code for exploits and buffer overflows. If your looking for security features such as ACL's and kernel API's like capabilities then OpenBSD won't fit that bill. Now if you want a unix like OS that's solid and pretty basic but is audited for exploits then OpenBSD is perfect.

Last I checked, Linux was approved as a C2 compliant OS. I might be wrong however.
If I were you I wouldn't run in blazing saddles with linux on my shoulders because your managers are going to have some big questions for you. Mainly because of vendor support. For example companies like Gemplus haven't enabled any client software for their smart cards. Also, within healthcare, you have to worry about HIPAA compliance. These things require FIPS 3 level security.
I'm really interested in integrating Linux into the operation because of its obvious advantages of Windows

Linux's security is very poor when provided physical access to the machine. I could swap a shadow file and replace it with one of my own, and gain root access, if I boot off of a cd. NTFS doesn't allow such access. I can rewrite the OS, but not gain access to important information as easily. If you are going to push linux at all, take a look at what Novell has to offer as far as it's services. Remember, the fact that this OS is free shouldn't be it's main selling point. When talking to your supervisors about possible migration, consider flaunting Novell's support. Novell has a contract agreement with RSA Data Security. IBM backs Novell as well. Use those big names when talking about it. Also, explain how the more platforms your different environments are running on, the more secure, and redundant they become.
i.e. Try and throw Solaris into the mix, HP_UX, AIX, along with Linux.

I work as a Healthcare Security Infrastructure Engineer Specializing in PKI, and we have a PKI set up in a production environment. I have just finished introducing RH 8 running eDirectory 8.7.1 and DirXML tying into Active Directory. I tell you this so that you know my background and don't take what I say as BS, not to be cocky. I managed to push these managers over because of recent Novell acquisitions. They purchased Suse and Ximian, and have released eDirectory 8.7.1 (LDAP server) as compatible with RH8. I wouldn't push too hard with Debian. I know it's a little more die hard reliable, and less bloated then RH, but it really doesn't have the same level of corporate support, and thats something that a production environment that can NOT have down time requires. Even if you only intend to use linux in your environments as gateways, firewalls, and other menial tasks, support is still a necessity. Im on your side when I say, think BIGGER then end user interfaces. Step outside yourself and think about what is better for the organization. Then, when you build respect and a reputation as someone whos goal is to provide a stable, secure and scalable infrastructure, then suggest linux.