IBM, Novell raise Linux security

IBM Corp. and Novell Inc. have achieved a higher level of security and operations certification for Novell's SUSE Linux, continuing efforts to make the open source operating system more secure for government agencies.

SUSE LINUX Enterprise Server 8 on IBM eServers has earned Controlled Access Protection Profile compliance under The Common Criteria for Information Security Evaluation, also known as Evaluation Assurance Level 3 (EAL3+), company officials said today. The Common Criteria are internationally recognized standards used by the federal government and others to assess the security of technology products

The latest move takes the level of security up a notch from Common Criteria EAL 2, which the two companies achieved last August, said Brad Westpfahl, director of Government Industry Programs for IBM

"The key element is the addition of security auditing capabilities" and the expansion of certification across the entire IBM eServer product line, he said. Last summer's security certification, the first ever for a Linux operating system, only applied to the eServer xSeries line. EAL3+ covers IBM eServer iSeries, xSeries, pSeries and zSeries systems, as well as Opteron-based systems.

The companies plan to achieve an even higher level of security certification, EAL 4 next year, Westpfahl said.

IBM and Novell officials also announced Common Operating Environment (COE) compliance on IBM xSeries and zSeries platforms with SUSE Linux Enterprise Server 8, with support for pSeries and iSeries available in the first half of 2004. The Common Operating Environment is a Defense Department standard.