Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
SUSE® Linux Enterprise 12 Security CertificationsCommon Criteria, EAL, FIPS, PCI DSS, ... What's All This About?
Matthias G. EckermannSenior Product Manager
SUSE Linux Enterprise
2
Agenda
• Evaluation – Validation – Certification
• Details on Certifications and Validations‒ Common Criteria Certification‒ FIPS 140-2‒ NIST SP 800-131A‒ DISA STIG‒ BSI IT Grundschutz‒ Other Certifications and Validations
• SUSE Linux Enterprise 12
Evaluation – Validation – Certification
4
Evaluation – Validation – Certification
Certification
Evaluation
Examine claims made about a target. “Claims” do not need to be based on standards.
Compare behavior of the software / module against an existing standard or expected behaviour.
Validation
Details on Certifications and Validations
6
Common Criteria
“How can I be sure to get the security I need?”
• “Common”‒ Accepted by 26 countries all over the world‒ The certification is following a worldwide standard, thus e.g.
certifications of certification body B (e.g. BSI) are accepted by certification body N (NIAP/NIST)→ Common Criteria Recognition Arrangement (CCRA)
• Evaluation Assurance Level 4+‒ Standardized set of test cases‒ Tested at level 4, '+' is an augmentation
(e.g. FLR = Flaw Remediation)‒ The highest level for a “commercial” O/S
7
Common Criteria (2)
• Important abbreviations in this context‒ Security Functional Requirement (SFR)‒ Security Assurance Requirement (SAR)‒ Protection Profile (PP)‒ Security Target (ST)‒ Target of Evaluation (TOE)
• More informationhttps://www.niap-ccevs.org/Documents_and_Guidance/cc_docs.cfm
8
FIPS 140-2
• (US) Federal Information Processing Standard‒ Usage: US FedGov, FISMA, Financial Industry‒ Certificate is issued by NIST and CSEC
• FIPS 140-2 ensures that‒ Crypto algorithms/modes follow the corresponding standard‒ No obvious crypto weakness exists‒ No out dated algorithms are used‒ Key length is sufficient
• Vital‒ Definition of “cryptographic module” (CM),
the functional description of the validation target‒ Self test with each invocation of CM‒ Integrity check‒ Checks performed even if module is not in FIPS-140-2 mode!
• Successor FIPS 140-4 in preparation
9
NIST SP 800-131A
Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths
• Hashing‒ No MD5, no SHA-1 hashing algorithms anymore‒ Use SHA-224, SHA-256, SHA-384, SHA-512‒ See also: FIPS 180-4 Secure Hash Standard (SHS)
• Other cryptography‒ HMAC: key length >= 112bits‒ Signing: DSA or RSA, key length >= 2048bits‒ Symmetric encryption: 3DES, AES‒ Public key encryption: RSA, key length >= 2048 bits‒ See also: FIPS 186-4 Digital Signature Standard (DSS)
10
DISA STIG
Defense Information Systems Agency (DISA)definesSecurity Technical Implementation Guide (STIG)
Configuration standard → “Hardening” or “Lockdown”
• Purpose‒ Secure Installation‒ Secure Maintenance
• Builds upon other certifications and documentation(e.g. Hardening Guide)
11
BSI IT Grundschutz (ITGS, Germany)
• Certification of customers' environment and processes
• Covers more than the Operating System→ an Operating System cannot be ITGS “certified”
• PreconditionCommon Criteria (CC) Certification andCC documentation
• SUSE Linux Enterprise Security and Hardening Guide• More information
https://www.bsi.bund.de/DE/Themen/ITGrundschutz/itgrundschutz_node.html
https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/BSIStandards/standard_100-2_e_pdf.html
https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/BSIStandards/standard_100-3_e_pdf.html
12
PCI DSS (Payment Card Industry)
• Conformance Certification for a customers environment
• Covers more than the Operating System→ an Operating System cannot be PCI DSS “certified”
• SUSE Status:‒ Does not require changes on SUSE Linux Enterprise Server
itself‒ Builds upon parameters and capabilities of SUSE Linux
Enterprise‒ Main source for the certification of customers' and partners'
environments according to PCI DSS:SUSE Linux Enterprise Security and Hardening Guide
13
FSTEC (Russia)
• Achieved for SUSE Linux Enterprise Server 10, SUSE Linux Enterprise Server 10 SP3, SUSE Linux Enterprise Server 11 SP1
• Might need refresh according to market needs• More information:
http://www.globalsecurity.org/military/world/russia/fstec.htmhttp://www.fstec.ru/
• List of certified systems:http://www.fstec.ru/_doc/reestr_sszi/_reestr_sszi.xls
14
Dependencies of Certifications
Common Criteria
(Security)
FIPS 140-2
(Crypto)
ARCH¹RNG²
FSTEC
RUS-Gov
STIG DISA
US-Mil
PCI DSS
Finance
BSI ITGrundschutz
DE-Gov
¹ ARCH = Security Architecture Document² RNG = Random Number Generator
SUSE Linux Enterprise 12
16
Common Criteria Certification
Formal Details
• Certification Body: BSI• Evaluation Lab: atsec information security• Product (TOE, Target of Evaluation)
SUSE Linux Enterprise Server 12• Protection Profile: OSPP-BSI at EAL4 with
augmentation (Flaw Remediation). • Sponsor: SUSE LLC
• Project Lead: Thomas Biege, CSSLP,Team Leader MaintenanceSecurity at SUSE
17
Common Criteria Certification (2)
TOE Configuration
• Architectures‒ x86-64‒ s390x‒ other architectures might follow
• Virtualization (x86-64)‒ KVM and Xen guest ‒ KVM host configuration
• Installation via AutoYaST
18
FIPS 140-2
Architectures‒ x86-64‒ other architectures might follow
Modules1. Kernel2. libgcrypt3. Disk encryption4. OpenSSL5. OpenSSH Client6. OpenSSH Server7. NSS8. StrongSWAN (IPSec)
19
Dependencies of FIPS CSMs
openssllibgcrypt NSS
CC EAL4+
A depends on B
kernelCrypto
API
FIPS 140-2 Level 2 requires an OS with CC EAL2, at least
opensshserver
opensshclient
strongswan
IKE v1/v2
EDC
dm_cryptcryptsetup
PBKDF
PBKDFcryptoalgos
initializeIPSec
initialize block ciphers
in SUSE Linux Enterprise 12
Thank you.
20
Your Questions!?
Corporate HeadquartersMaxfeldstrasse 590409 NurembergGermany
+49 911 740 53 0 (Worldwide)www.suse.com
Join us on:www.opensuse.org
21
Unpublished Work of SUSE LLC. All Rights Reserved.This work is an unpublished work and contains confidential, proprietary and trade secret information of SUSE LLC. Access to this work is restricted to SUSE employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of SUSE. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.
General DisclaimerThis document is not to be construed as a promise by any participating company to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. SUSE makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for SUSE products remains at the sole discretion of SUSE. Further, SUSE reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All SUSE marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.