2015-11-15 - supercomputing 2015 - applied cross domain
TRANSCRIPT
![Page 1: 2015-11-15 - Supercomputing 2015 - Applied Cross Domain](https://reader034.vdocuments.site/reader034/viewer/2022042906/58ac3cac1a28ab145e8b6605/html5/thumbnails/1.jpg)
AppliedCrossDomain:RedHatFoundations
ShawnWellsOfficeoftheChief Technologist, RedHatPublic Sector
[email protected] ||443-534-0130
![Page 2: 2015-11-15 - Supercomputing 2015 - Applied Cross Domain](https://reader034.vdocuments.site/reader034/viewer/2022042906/58ac3cac1a28ab145e8b6605/html5/thumbnails/2.jpg)
CSCF participates in community-powered upstream projects, such asSELinux, OpenSCAP and theSCAP Security Guide
CSCF collaborates with Red Hatto integrate upstream projects intoEnterprise Linux, fosteringopen community platforms.
We commercialize these platforms together with a rich ecosystem of servicesand certifications, such as ICD 503 and CNSSI 12-53 accreditations.
PARTICIPATE
INTEGRATE
STABILIZE
100,000+PROJECTS
![Page 3: 2015-11-15 - Supercomputing 2015 - Applied Cross Domain](https://reader034.vdocuments.site/reader034/viewer/2022042906/58ac3cac1a28ab145e8b6605/html5/thumbnails/3.jpg)
![Page 4: 2015-11-15 - Supercomputing 2015 - Applied Cross Domain](https://reader034.vdocuments.site/reader034/viewer/2022042906/58ac3cac1a28ab145e8b6605/html5/thumbnails/4.jpg)
● Type Separation: How users, processes, and data are isolated● Role Based Access Control (RBAC)● MLS Policy
SELinux
![Page 5: 2015-11-15 - Supercomputing 2015 - Applied Cross Domain](https://reader034.vdocuments.site/reader034/viewer/2022042906/58ac3cac1a28ab145e8b6605/html5/thumbnails/5.jpg)
● Type Separation: How users, processes, and data are isolated● Role Based Access Control (RBAC)● MLS Policy
SELinux
Security Automation● Configuration Monitoring● Compliance Reports● Secure Provisioning● Remediation
![Page 6: 2015-11-15 - Supercomputing 2015 - Applied Cross Domain](https://reader034.vdocuments.site/reader034/viewer/2022042906/58ac3cac1a28ab145e8b6605/html5/thumbnails/6.jpg)
● Type Separation: How users, processes, and data are isolated● Role Based Access Control (RBAC)● MLS Policy
SELinux Refresher
● Common Criteria & NIAP● Intelligence Community Directive 503 (ICD 503)● US Government Configuration Baseline (USGCB)
Certifications & Standards Security Automation● Configuration Monitoring● Compliance Reports● Secure Provisioning● Remediation
![Page 7: 2015-11-15 - Supercomputing 2015 - Applied Cross Domain](https://reader034.vdocuments.site/reader034/viewer/2022042906/58ac3cac1a28ab145e8b6605/html5/thumbnails/7.jpg)
SELinux Refresher
![Page 8: 2015-11-15 - Supercomputing 2015 - Applied Cross Domain](https://reader034.vdocuments.site/reader034/viewer/2022042906/58ac3cac1a28ab145e8b6605/html5/thumbnails/8.jpg)
Multi-LevelSecurity(MLS)Policy•Focusesonconfidentiality(i.e.separationofmultipleclassificationsofdata)
![Page 9: 2015-11-15 - Supercomputing 2015 - Applied Cross Domain](https://reader034.vdocuments.site/reader034/viewer/2022042906/58ac3cac1a28ab145e8b6605/html5/thumbnails/9.jpg)
Multi-LevelSecurity(MLS)Policy•Focusesonconfidentiality(i.e.separationofmultipleclassificationsofdata)
•Abilitytomanage{processes,users}withvaryinglevelsofaccess.(i.e.“theneedtoknow”)
![Page 10: 2015-11-15 - Supercomputing 2015 - Applied Cross Domain](https://reader034.vdocuments.site/reader034/viewer/2022042906/58ac3cac1a28ab145e8b6605/html5/thumbnails/10.jpg)
Multi-LevelSecurity(MLS)Policy•Focusesonconfidentiality(i.e.separationofmultipleclassificationsofdata)
•Abilitytomanage{processes,users}withvaryinglevelsofaccess.(i.e.“theneedtoknow”)
•Usescategory&sensitivitylevels
![Page 11: 2015-11-15 - Supercomputing 2015 - Applied Cross Domain](https://reader034.vdocuments.site/reader034/viewer/2022042906/58ac3cac1a28ab145e8b6605/html5/thumbnails/11.jpg)
SensitivityLabels
![Page 12: 2015-11-15 - Supercomputing 2015 - Applied Cross Domain](https://reader034.vdocuments.site/reader034/viewer/2022042906/58ac3cac1a28ab145e8b6605/html5/thumbnails/12.jpg)
CategoryLabels
![Page 13: 2015-11-15 - Supercomputing 2015 - Applied Cross Domain](https://reader034.vdocuments.site/reader034/viewer/2022042906/58ac3cac1a28ab145e8b6605/html5/thumbnails/13.jpg)
Polyinstantiation#id –Zstaff_u:WebServer_Admin_r:WebServer_Admin_t:s0:c0#ls -l/datasecret-file-1secret-file2
#id –Zstaff_u:WebServer_Admin_r:WebServer_Admin_t:s1:c0#ls -l/datasecret-file-1secret-file2top-secret-file-1
![Page 14: 2015-11-15 - Supercomputing 2015 - Applied Cross Domain](https://reader034.vdocuments.site/reader034/viewer/2022042906/58ac3cac1a28ab145e8b6605/html5/thumbnails/14.jpg)
Certifications&Standards
![Page 15: 2015-11-15 - Supercomputing 2015 - Applied Cross Domain](https://reader034.vdocuments.site/reader034/viewer/2022042906/58ac3cac1a28ab145e8b6605/html5/thumbnails/15.jpg)
NSAC63(akaNIAP)&RedHat:Wherewe’vebeen…andnextstop
RHEL 3 CAPP / EAL3+
RHEL 4 CAPP / EAL3+
RHEL 5 LSPP / EAL4+
RHEL 6 OSPP / EAL4+
RHEL 7 OSPP v3.9 / EAL4+
![Page 16: 2015-11-15 - Supercomputing 2015 - Applied Cross Domain](https://reader034.vdocuments.site/reader034/viewer/2022042906/58ac3cac1a28ab145e8b6605/html5/thumbnails/16.jpg)
![Page 17: 2015-11-15 - Supercomputing 2015 - Applied Cross Domain](https://reader034.vdocuments.site/reader034/viewer/2022042906/58ac3cac1a28ab145e8b6605/html5/thumbnails/17.jpg)
FIPS 140-2 Certs
![Page 18: 2015-11-15 - Supercomputing 2015 - Applied Cross Domain](https://reader034.vdocuments.site/reader034/viewer/2022042906/58ac3cac1a28ab145e8b6605/html5/thumbnails/18.jpg)
docs.redhat.com- Security Guide- Admin. Guide- Priv User Guide
![Page 19: 2015-11-15 - Supercomputing 2015 - Applied Cross Domain](https://reader034.vdocuments.site/reader034/viewer/2022042906/58ac3cac1a28ab145e8b6605/html5/thumbnails/19.jpg)
Red Hat corporatedevelopment &responsibilities
![Page 20: 2015-11-15 - Supercomputing 2015 - Applied Cross Domain](https://reader034.vdocuments.site/reader034/viewer/2022042906/58ac3cac1a28ab145e8b6605/html5/thumbnails/20.jpg)
We use Atsechttp://red.ht/1kWN8ZZ
![Page 21: 2015-11-15 - Supercomputing 2015 - Applied Cross Domain](https://reader034.vdocuments.site/reader034/viewer/2022042906/58ac3cac1a28ab145e8b6605/html5/thumbnails/21.jpg)
CommonCriteria!=
CompliancePolicy
![Page 22: 2015-11-15 - Supercomputing 2015 - Applied Cross Domain](https://reader034.vdocuments.site/reader034/viewer/2022042906/58ac3cac1a28ab145e8b6605/html5/thumbnails/22.jpg)
ICD503,STIG,FISMA==
CompliancePolicy
![Page 23: 2015-11-15 - Supercomputing 2015 - Applied Cross Domain](https://reader034.vdocuments.site/reader034/viewer/2022042906/58ac3cac1a28ab145e8b6605/html5/thumbnails/23.jpg)
![Page 24: 2015-11-15 - Supercomputing 2015 - Applied Cross Domain](https://reader034.vdocuments.site/reader034/viewer/2022042906/58ac3cac1a28ab145e8b6605/html5/thumbnails/24.jpg)
SCAPSecurityGuidehttp://open-scap.org,
http://github.com/OpenSCAP
![Page 25: 2015-11-15 - Supercomputing 2015 - Applied Cross Domain](https://reader034.vdocuments.site/reader034/viewer/2022042906/58ac3cac1a28ab145e8b6605/html5/thumbnails/25.jpg)
![Page 26: 2015-11-15 - Supercomputing 2015 - Applied Cross Domain](https://reader034.vdocuments.site/reader034/viewer/2022042906/58ac3cac1a28ab145e8b6605/html5/thumbnails/26.jpg)
![Page 27: 2015-11-15 - Supercomputing 2015 - Applied Cross Domain](https://reader034.vdocuments.site/reader034/viewer/2022042906/58ac3cac1a28ab145e8b6605/html5/thumbnails/27.jpg)
![Page 28: 2015-11-15 - Supercomputing 2015 - Applied Cross Domain](https://reader034.vdocuments.site/reader034/viewer/2022042906/58ac3cac1a28ab145e8b6605/html5/thumbnails/28.jpg)
![Page 29: 2015-11-15 - Supercomputing 2015 - Applied Cross Domain](https://reader034.vdocuments.site/reader034/viewer/2022042906/58ac3cac1a28ab145e8b6605/html5/thumbnails/29.jpg)
![Page 30: 2015-11-15 - Supercomputing 2015 - Applied Cross Domain](https://reader034.vdocuments.site/reader034/viewer/2022042906/58ac3cac1a28ab145e8b6605/html5/thumbnails/30.jpg)
![Page 31: 2015-11-15 - Supercomputing 2015 - Applied Cross Domain](https://reader034.vdocuments.site/reader034/viewer/2022042906/58ac3cac1a28ab145e8b6605/html5/thumbnails/31.jpg)
ShawnWellsDirector,Innovation ProgramsOfficeoftheChief Technologist, RedHatPublic [email protected] ||443-534-0130