Secure solutions begin with the creation of secure Linux system configurations that serve as a secure, regulatory compliant platform for application hosting.
Building on the secure foundations of strong Linux security, Tresys works with customers to design and configure server and desktop environments to meet evolving security requirements. Areas of focus include: netfilter/iptables; discretionary access controls; centralized system management integration; system integrity monitoring (e.g., AIDE); security event monitoring (syslog and Linux audit); administrative privilege controls (e.g., sudo); user authentication; remote access via secure protocols; network file system security; and Security Enhanced Linux (SELinux) policies. All phases of the system lifecycle are addressed, from repeatable configuration using kickstart to system decommissioning. Compatibility and integration with existing security infrastructure, such as Microsoft Active Directory, is emphasized.
Expand
With adoption of Linux on the rise, it is increasingly important that customers maintain a level of internal expertise around SELinux to ensure strong operating system security.
The default SELinux policy included with Red Hat Enterprise Linux is widely acknowledged as being effective at hardening the system and containing many zero-day exploits. However, where custom applications prevail or where specific system-level security requirements must be integrated, that policy requires additional customization. Tresys is the recognized leader in developing SELinux policies for applications or complete systems that ensure security, compliance, and compatibility. Areas of focus include: analysis of security risk factors and regulatory compliance needs; mapping to organization's security requirements or standards; assessment of the security configuration of existing and planned Linux systems (including the base operating system, security critical tools, and hosted applications); optimization of base SELinux policy; review of related security infrastructure (including network controls, identity management, administrative privilege controls, change management systems, and security event auditing); and review of change management for security controls, system updating and patching, security monitoring, and security incident response.
Expand
At the core of today's desktop and data center initiatives around green IT, consolidation, and cost savings, virtualization offers many benefits, but it is not in itself a security tool.
While virtualization offers many benefits, it also requires careful engineering to maintain security between virtual environments. By maintaining the integrity of the virtualization layer, Tresys believes that virtualization can be used to enhance overall security. Our services and technologies reflect that approach. Focus areas include: hardening the virtualization layer (focusing on the security configuration of the Xen hypervisor); architecting a secure virtualization strategy (including guest OS co-location and migration) to increase application workload separation and maintain appropriate levels of physical separation; developing multi-OS virtualization plan (such as separating Windows environments and/or applications in different virtual environments to ensure data integrity and overall system operational reliability); securing the virtual network layer including inserting security monitoring and intrusion detection into guest-to-guest communications on a single system; protecting administrative privileges to the key virtualization layer; and leveraging virtualization to improve disaster recovery and response.
Expand
From the cloud to private networks, it is critical to secure the underlying infrastructure of a business and to ensure that business applications leverage that security.
Tresys' secure systems management services help customers in high risk environments to integrate business applications across diverse networks, while ensuring that critical assets remain isolated and protected. Areas of focus include: review of overall network topology and design (including virtual private networking (VPN), wireless networks, and firewall - network access control - intrusion detection placement); development of integrated systems management and identity access solutions (including Red Hat Satellite, Red Hat IPA, Red Hat Certificate Server, and Red Hat Directory Server); performing baseline penetration and vulnerability assessment; review of security requirements for platform and application requirements focusing on middleware solutions (including JBoss infrastructure and IBM WebSphere); and overall compliance and centralized management architecture.
Expand