Tresys Technology | Platform Security Services

Meeting the certification and accreditation (C&A) requirements for government agencies can be a challenging prospect, but it is vital to providing the foundation for strong security.

At the core of today's desktop and data center initiatives around green IT, consolidation, and cost savings, virtualization offers many benefits, but it is not in itself a security tool.

Secure solutions begin with the creation of secure Linux system configurations that serve as a secure, regulatory compliant platform for application hosting.

With adoption of SELinux on the rise, it is increasingly important that customers maintain a level of internal expertise around this technology.

The default SELinux policy included with Red Hat Enterprise Linux is widely acknowledged as effective at hardening the system and containing many zero-day exploits. However, where custom applications prevail or where specific system-level security requirements must be integrated, that policy requires additional customization. Tresys is the recognized leader in developing SELinux policies for applications or complete systems that ensure security, compliance, and compatibility.

Areas of focus include:

Analyze security risk factors and regulatory compliance needs.
Define mapping to organization's security requirements or standards and define strategy to meet requirements through localized policy.
Assess the security configuration of existing and planned Linux systems, including the base operating system, security critical tools, and hosted applications.
Review and optimize base SELinux policy.
Review of related security infrastructure, including network controls, identity management, administrative privilege controls, change management systems, and security event auditing.
Examine security procedures and policies with an emphasis on change management around security controls, system updating and patching, security monitoring, and security incident response.
Develop SELinux policies unique to application, network, and regulatory requirements.
Integrate and test the resulting application environment.
Develop auditing and administrative guidelines and recommendations.

Services may include the following:

SELinux Assessment & Roadmap
SELinux Policy Engineering & Development
Policy Deployments & Implementations
See SELinux Training for more details

Tresys provides training for analyzing, testing, configuring, and developing policies for SELinux. Several different levels of training are available from basic SELinux architecture or policy primers, to advanced application policy development leveraging the latest SELinux management techniques. Each course is highly interactive and knowledgeable instructors can tailor the course to the class's interest. Tresys recommends that students be familiar with Linux and have a basic understanding of computer, network, or cyber security. Training scope includes the following:

The overall goals of the basic one-day course include understanding:

The differences between Linux and SELinux and
Type enforcement concepts.

The advanced policy development training, an intensive three-day course, extends the goals listed above to include:

Understand and identify SELinux policy language,
Build and install SELinux security policies,
Analyze type enforcement security policies,
Understand the multi-level security supported by SELinux, and
Modify, test, and debug SELinux policies.

Related Technologies:

Related Solutions:

The benefits of open source are well understood and are driving both server and desktop migrations to Linux platforms, including migrations from proprietary environments.

Tresys Linux platform and deployment services help to deploy the latest Linux servers and desktops across the enterprise-quickly and cost-effectively. With Tresys migration and deployment services, customers benefit from our years of experience, integration expertise, and our "zero touch" tools and methodologies. This combination of expertise minimizes business disruption and reduces desktop total cost of ownership (TCO) by creating a simpler, more manageable/standardized Linux environment. Our intimate knowledge of the open source marketplace, Linux, and our unique relationships with major distributions enables Tresys to help organizations adopt Linux in a pragmatic manner - all while improving the overall operational reliability and security posture of the client.

Areas of focus include:

Define mapping to organization's security requirements or standards and define strategy to meet requirements.
Review of Linux migration path, including but not limited to servers, endpoints (e.g., desktops, mobile services, etc.), network services, storage, applications, database infrastructure, network topology, virtual private networks, secure channels, cloud computing, and additional services
Design server or desktop architectures capable of meeting the organization's functional requirements.
Develop of security policies and/or recommendations unique to application, network, and regulatory requirements.
For migration efforts:
- Port existing applications or functional requirements from legacy trusted environment - both network and platform.
- Deploy new server or desktop environment
  - Trusted Solaris or Solaris X to Red Hat Enterprise Linux migrations
  - Novell SUSE to Red Hat Enterprise Linux migrations
  - Microsoft Windows to Red Hat Enterprise Linux or Ubuntu desktop
  - Novell SUSE, Red Hat Enterprise Linux, and / or Ubuntu deployments
- For Sun Trusted Solaris (TSOL) to Red Hat Enterprise Linux (RHEL) migrations, migrate existing policies to full-system, strict SELinux policies
Create and execute operational, functional and security testing.
Deploy and integrate developed applications per client needs.
Develop auditing and administrative guidelines and recommendations

Services may include the following:

Linux Platform Assessment & Roadmap
Linux Server & Desktop Migrations
Migration Training & Support

Related Technologies:

Brickwall

Benefits

Customer Profile