Thoughts about OS Security

I came across an interesting read on Operating System security today which reminded me of a conversation that I had last week with some folks who make a product called Trustifier. It’s a cool product, and I got permission from the gentleman I spoke with to mention it in this forum for folks that haven’t seen it.

Basically, it’s an enhanced-security Linux distribution much like SE Linux, but with the added benefit of being maintainable. If you’ve ever tried to use SE Linux, you probably know what I mean by that comment – if not, imagine a “Trusted Computing Module” similar to those provided by Trusted HP-UX or the services provided by the TCB – but on steroids. Anyway, anyone who’s ever “bricked” a server by having the root password timeout on one of these systems knows what I’m talking about when I say that these types of systems are difficult to maintain… Googgun (the folks that make Trustifier) are right on the money in their contention that the TCB, SE Linux, etc. are too difficult to maintain to be commercially viable in the long term. Their goal is to take the same services and make it easy. Good goal. I haven’t used the product so I don’t know if they pull it off or not. Sounds good though.

My advice is for folks to keep an eye on this product. From my vantage point, this is something useful provided these folks can pull off their claims.