UPDATED: White hats don Red Hat

U.S. Marshals’ move to Linux OS saves money, adds security

Editor’s Note: This article was corrected at 5 p.m. June 12 to state that the U.S. Marshals Service used SCO Unix before migrating to Red Hat and correct the EAL ratings of Red Hat Enterprise Linux.

The U.S. Marshals Service is switching the databases at all 94 of its district offices in the United States and its territories to Red Hat Linux.

The Marshals expect to have as much as 80 percent of their production databases and all of their data running on Red Hat Enterprise Linux by the end of June, said John Campbell, an information technology specialist for the Marshals’ Justice Detainee Information System. The move will include all databases for prisoner information, some financial databases and decision-support systems.

Red Hat Enterprise Server is cheaper and has better features than the SCO Unix the Marshals have used for years, Campbell said. “It was a natural for us to consider Red Hat as an [operating system] to run on,” he said.

The federal government is following the lead of financial and other private-sector enterprises by simplifying its infrastructure, said Paul Smith, Red Hat’s vice president of government sales operations.

Since starting the Red Hat government sales division in February 2005, the company has reported sales increases of 40 percent overall and 80 percent in the government sector. The company is doing a significant amount of business with the Justice Department’s Criminal Division, the Drug Enforcement Administration and the FBI.

“The whole IT community is really behind Red Hat,” Campbell said. Application and database vendors are making more products to run on it, he said.

Because Red Hat provides open-source software, it’s easy to download a free evaluation copy, which lowers the total cost of ownership, Campbell said.

“Agencies don’t have a ton of money to spend,” Campbell said. The Marshals expect to save $50,000 to $100,000 a year by using Red Hat.

Another benefit is that Red Hat Network allows the Marshals to patch and monitor servers remotely, Campbell said. That’s important because the agency doesn’t have IT staff in every office to update software manually, he said. “This makes our life so much easier,” he added.

The Marshals are using Red Hat Enterprise Server Version 3.0 for most applications and are introducing Version 4.0 on some machines, Campbell said. When Red Hat releases Version 5.0, due in December, the Marshals will consider it, too.

Red Hat supports other software the Marshals use and provides better technical support than other vendors, Campbell said, adding that Red Hat supports Enterprise Server 3.0 for eight years.

Upgrading operating systems allows federal law enforcement agencies to migrate from the proprietary applications and hardware they have, said Helmut Kurth, chief scientist and lab director at atsec, an IT consulting firm that evaluates products for Common Criteria certification.

The Marshals chose SCO Unix years ago because it was one of the first operating systems that ran on the Intel Pentium processors the agency has, Campbell said. Other operating systems now run on Intel machines, but the Marshals prefer Red Hat, he said.

Federal agencies want uniform software platforms to run on varied hardware, Kurth said. “Linux is one of the few [operating systems] that can achieve that and provide the security they need,” he said.

Red Hat Linux keeps sensitive info under its hat

The U.S. Marshals Service and other law enforcement agencies use Red Hat Linux because it handles sensitive information securely, said Paul Smith, Red Hat’s vice president of government sales operations. Red Hat Enterprise Linux Version 3.0 is at Common Criteria Evaluation Assurance Level (EAL) 3 out of a possible 7 and is certified under Controlled Access Protection Profile (CAPP) at EAL 3+.

Red Hat Enterprise Linux is embracing security profiles that other commercial operating systems have not yet adopted, said Salvatore La Pietra, president and co-founder of atsec, an information technology consulting firm. These include CAPP, the Labeled Security Protection Profile (LSPP) and the Role-Based Access Control (RBAC).

LSPP and CAPP are important for the federal government because they specify software controls for the flow of information into different classification levels and who can access that information, said Helmut Kurth, chief scientist and lab director at atsec. RBAC assigns access based on users’ responsibilities and strengthens the weak points of the other two, he said.

Red Hat Enterprise Linux 4.0 is at EAL 4+ for CAPP, Smith said. Version 5.0, due in December, will have a higher EAL rating and will include the other two profiles, he said.

2014 Rising Star Awards

Help us find the next generation of leaders in federal IT.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above