These articles all are very vague and do not provide nearly enough information to allow anyone to form a reasonable opinion. First, EAL2 is no where near the highest level of evaluation. More importantly, even if it was evaluated to EAL7, we have no idea what that means without looking at the protection profile (PP). The PP defines the features that are looked at for the evaluation. Without knowing the PP, they could be evaluationing Linux or any OS only for it's ability to control access with a username and password. So in theory, that could mean that once a username and password are provided, the user has unlimited access to all files on the system. As long as that feature is documented, mathematically modeled, and tested correctly it could get a high EAL rating.
The biggest thing to remember about the CC is that the level rating is relatively meaningless without considering the protection profile. The problem is vendors don't readily tell you the protection profile they use.
At the Linux Showcase in November I attended HP's presentation on Secure Linux and if you sweet talked the HP guys they would unlock the secret cabinet and give you a copy of Secure Linux. I also did a term paper on SE Linux last semester.
The two OSs are fairly similar in what they hope to accomplish -- isolate the risky software and users from the rest of the system so if something bad happens it doesn't take everything down. From the sound of the HP presentation, this is all HP Secure Linux does. You create compartments and then specify what the compartment can do. You can do the same thing with the NSA's SE Linux and much much more. I was really impressed with the flexibility offered by SE Linux. You can setup your system with about any security policy you like. The biggest problem is the great complexity. You need to do a good deal of research before even thinking about modifying the sample security rules that come with SE Linux. There are thousands of rules in the included security policy. This is where HP Secure Linux probably has an advantage--it's a bit simpler to user. Though I haven't had a chance to try it out yet.
You don't really need to pay $3000 for it either. The kernel patches are GPLed and part of the kernel security interface used by SE Linux also (NSA and HP have cooperated here). You are really paying for the tools, but those are just programs that make certain sys calls. It shouldn't be a problem to write your own open source versions. Though there might be a nice gui that would take more work to create.
If you are interested in secure linuxes also take a look at Immunix and EnGarde. Both also have kernel level security controls, but not to the level of NSA Linux. Immunix has a comparment system like HP Secure Linux called SubDomain. EnGarde uses the Linux Intrusion Detection Project.
A paper doing a detailed comparison of the four would be welcome!
802.11a is not as great as it seems. The range at which you can get 54Mpbs is only 10-15 meters. It's only great if you use it within those distances. 802.11a only offers 11Mbps in the 30-40m range which is half the range of 802.11b @ 11Mbps.
Many people will want to stick with 802.11b because it will still cost less even if the 802.11a nics are no more expensive. 802.11a means many more access points for the same amount of coverage as a 802.11b network.
Have you considered using multilink ppp over modem connections? Assuming you can get a 56k modem connection in your area, buy 4 modems and get an account with an ISP that supports multilink and always on connections. Cost shouldn't be too bad: 4 lines * $20 + $50 ISP account(???) = $130 a month for approx 200kbps. Cheaper than a T1 and works anywhere with decent analog phone service. Add more modems if you need more bandwidth.
Slashdot Mirror
The biggest thing to remember about the CC is that the level rating is relatively meaningless without considering the protection profile. The problem is vendors don't readily tell you the protection profile they use.
You can find free introductory physics books at www.lightandmatter.com They are downloadable as pdfs.
The two OSs are fairly similar in what they hope to accomplish -- isolate the risky software and users from the rest of the system so if something bad happens it doesn't take everything down. From the sound of the HP presentation, this is all HP Secure Linux does. You create compartments and then specify what the compartment can do. You can do the same thing with the NSA's SE Linux and much much more. I was really impressed with the flexibility offered by SE Linux. You can setup your system with about any security policy you like. The biggest problem is the great complexity. You need to do a good deal of research before even thinking about modifying the sample security rules that come with SE Linux. There are thousands of rules in the included security policy. This is where HP Secure Linux probably has an advantage--it's a bit simpler to user. Though I haven't had a chance to try it out yet.
You don't really need to pay $3000 for it either. The kernel patches are GPLed and part of the kernel security interface used by SE Linux also (NSA and HP have cooperated here). You are really paying for the tools, but those are just programs that make certain sys calls. It shouldn't be a problem to write your own open source versions. Though there might be a nice gui that would take more work to create.
If you are interested in secure linuxes also take a look at Immunix and EnGarde. Both also have kernel level security controls, but not to the level of NSA Linux. Immunix has a comparment system like HP Secure Linux called SubDomain. EnGarde uses the Linux Intrusion Detection Project.
A paper doing a detailed comparison of the four would be welcome!
802.11a is not as great as it seems. The range at which you can get 54Mpbs is only 10-15 meters. It's only great if you use it within those distances. 802.11a only offers 11Mbps in the 30-40m range which is half the range of 802.11b @ 11Mbps.
Many people will want to stick with 802.11b because it will still cost less even if the 802.11a nics are no more expensive. 802.11a means many more access points for the same amount of coverage as a 802.11b network.
Beware the marketing hype!
Have you considered using multilink ppp over modem connections? Assuming you can get a 56k modem connection in your area, buy 4 modems and get an account with an ISP that supports multilink and always on connections. Cost shouldn't be too bad: 4 lines * $20 + $50 ISP account(???) = $130 a month for approx 200kbps. Cheaper than a T1 and works anywhere with decent analog phone service. Add more modems if you need more bandwidth.