![Page 1: SUSE Linux Enterprise 12 Security Certifications · 2014-12-12 · ‒ Does not require changes on SUSE Linux Enterprise Server itself ‒ Builds upon parameters and capabilities](https://reader034.vdocuments.site/reader034/viewer/2022042211/5eb2cde5bbf5ae121f76b233/html5/thumbnails/1.jpg)
SUSE® Linux Enterprise 12 Security CertificationsCommon Criteria, EAL, FIPS, PCI DSS, ... What's All This About?
Matthias G. EckermannSenior Product Manager
SUSE Linux Enterprise
![Page 2: SUSE Linux Enterprise 12 Security Certifications · 2014-12-12 · ‒ Does not require changes on SUSE Linux Enterprise Server itself ‒ Builds upon parameters and capabilities](https://reader034.vdocuments.site/reader034/viewer/2022042211/5eb2cde5bbf5ae121f76b233/html5/thumbnails/2.jpg)
2
Agenda
• Evaluation – Validation – Certification
• Details on Certifications and Validations‒ Common Criteria Certification‒ FIPS 140-2‒ NIST SP 800-131A‒ DISA STIG‒ BSI IT Grundschutz‒ Other Certifications and Validations
• SUSE Linux Enterprise 12
![Page 3: SUSE Linux Enterprise 12 Security Certifications · 2014-12-12 · ‒ Does not require changes on SUSE Linux Enterprise Server itself ‒ Builds upon parameters and capabilities](https://reader034.vdocuments.site/reader034/viewer/2022042211/5eb2cde5bbf5ae121f76b233/html5/thumbnails/3.jpg)
Evaluation – Validation – Certification
![Page 4: SUSE Linux Enterprise 12 Security Certifications · 2014-12-12 · ‒ Does not require changes on SUSE Linux Enterprise Server itself ‒ Builds upon parameters and capabilities](https://reader034.vdocuments.site/reader034/viewer/2022042211/5eb2cde5bbf5ae121f76b233/html5/thumbnails/4.jpg)
4
Evaluation – Validation – Certification
Certification
Evaluation
Examine claims made about a target. “Claims” do not need to be based on standards.
Compare behavior of the software / module against an existing standard or expected behaviour.
Validation
![Page 5: SUSE Linux Enterprise 12 Security Certifications · 2014-12-12 · ‒ Does not require changes on SUSE Linux Enterprise Server itself ‒ Builds upon parameters and capabilities](https://reader034.vdocuments.site/reader034/viewer/2022042211/5eb2cde5bbf5ae121f76b233/html5/thumbnails/5.jpg)
Details on Certifications and Validations
![Page 6: SUSE Linux Enterprise 12 Security Certifications · 2014-12-12 · ‒ Does not require changes on SUSE Linux Enterprise Server itself ‒ Builds upon parameters and capabilities](https://reader034.vdocuments.site/reader034/viewer/2022042211/5eb2cde5bbf5ae121f76b233/html5/thumbnails/6.jpg)
6
Common Criteria
“How can I be sure to get the security I need?”
• “Common”‒ Accepted by 26 countries all over the world‒ The certification is following a worldwide standard, thus e.g.
certifications of certification body B (e.g. BSI) are accepted by certification body N (NIAP/NIST)→ Common Criteria Recognition Arrangement (CCRA)
• Evaluation Assurance Level 4+‒ Standardized set of test cases‒ Tested at level 4, '+' is an augmentation
(e.g. FLR = Flaw Remediation)‒ The highest level for a “commercial” O/S
![Page 7: SUSE Linux Enterprise 12 Security Certifications · 2014-12-12 · ‒ Does not require changes on SUSE Linux Enterprise Server itself ‒ Builds upon parameters and capabilities](https://reader034.vdocuments.site/reader034/viewer/2022042211/5eb2cde5bbf5ae121f76b233/html5/thumbnails/7.jpg)
7
Common Criteria (2)
• Important abbreviations in this context‒ Security Functional Requirement (SFR)‒ Security Assurance Requirement (SAR)‒ Protection Profile (PP)‒ Security Target (ST)‒ Target of Evaluation (TOE)
• More informationhttps://www.niap-ccevs.org/Documents_and_Guidance/cc_docs.cfm
![Page 8: SUSE Linux Enterprise 12 Security Certifications · 2014-12-12 · ‒ Does not require changes on SUSE Linux Enterprise Server itself ‒ Builds upon parameters and capabilities](https://reader034.vdocuments.site/reader034/viewer/2022042211/5eb2cde5bbf5ae121f76b233/html5/thumbnails/8.jpg)
8
FIPS 140-2
• (US) Federal Information Processing Standard‒ Usage: US FedGov, FISMA, Financial Industry‒ Certificate is issued by NIST and CSEC
• FIPS 140-2 ensures that‒ Crypto algorithms/modes follow the corresponding standard‒ No obvious crypto weakness exists‒ No out dated algorithms are used‒ Key length is sufficient
• Vital‒ Definition of “cryptographic module” (CM),
the functional description of the validation target‒ Self test with each invocation of CM‒ Integrity check‒ Checks performed even if module is not in FIPS-140-2 mode!
• Successor FIPS 140-4 in preparation
![Page 9: SUSE Linux Enterprise 12 Security Certifications · 2014-12-12 · ‒ Does not require changes on SUSE Linux Enterprise Server itself ‒ Builds upon parameters and capabilities](https://reader034.vdocuments.site/reader034/viewer/2022042211/5eb2cde5bbf5ae121f76b233/html5/thumbnails/9.jpg)
9
NIST SP 800-131A
Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths
• Hashing‒ No MD5, no SHA-1 hashing algorithms anymore‒ Use SHA-224, SHA-256, SHA-384, SHA-512‒ See also: FIPS 180-4 Secure Hash Standard (SHS)
• Other cryptography‒ HMAC: key length >= 112bits‒ Signing: DSA or RSA, key length >= 2048bits‒ Symmetric encryption: 3DES, AES‒ Public key encryption: RSA, key length >= 2048 bits‒ See also: FIPS 186-4 Digital Signature Standard (DSS)
![Page 10: SUSE Linux Enterprise 12 Security Certifications · 2014-12-12 · ‒ Does not require changes on SUSE Linux Enterprise Server itself ‒ Builds upon parameters and capabilities](https://reader034.vdocuments.site/reader034/viewer/2022042211/5eb2cde5bbf5ae121f76b233/html5/thumbnails/10.jpg)
10
DISA STIG
Defense Information Systems Agency (DISA)definesSecurity Technical Implementation Guide (STIG)
Configuration standard → “Hardening” or “Lockdown”
• Purpose‒ Secure Installation‒ Secure Maintenance
• Builds upon other certifications and documentation(e.g. Hardening Guide)
![Page 11: SUSE Linux Enterprise 12 Security Certifications · 2014-12-12 · ‒ Does not require changes on SUSE Linux Enterprise Server itself ‒ Builds upon parameters and capabilities](https://reader034.vdocuments.site/reader034/viewer/2022042211/5eb2cde5bbf5ae121f76b233/html5/thumbnails/11.jpg)
11
BSI IT Grundschutz (ITGS, Germany)
• Certification of customers' environment and processes
• Covers more than the Operating System→ an Operating System cannot be ITGS “certified”
• PreconditionCommon Criteria (CC) Certification andCC documentation
• SUSE Linux Enterprise Security and Hardening Guide• More information
https://www.bsi.bund.de/DE/Themen/ITGrundschutz/itgrundschutz_node.html
https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/BSIStandards/standard_100-2_e_pdf.html
https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/BSIStandards/standard_100-3_e_pdf.html
![Page 12: SUSE Linux Enterprise 12 Security Certifications · 2014-12-12 · ‒ Does not require changes on SUSE Linux Enterprise Server itself ‒ Builds upon parameters and capabilities](https://reader034.vdocuments.site/reader034/viewer/2022042211/5eb2cde5bbf5ae121f76b233/html5/thumbnails/12.jpg)
12
PCI DSS (Payment Card Industry)
• Conformance Certification for a customers environment
• Covers more than the Operating System→ an Operating System cannot be PCI DSS “certified”
• SUSE Status:‒ Does not require changes on SUSE Linux Enterprise Server
itself‒ Builds upon parameters and capabilities of SUSE Linux
Enterprise‒ Main source for the certification of customers' and partners'
environments according to PCI DSS:SUSE Linux Enterprise Security and Hardening Guide
![Page 13: SUSE Linux Enterprise 12 Security Certifications · 2014-12-12 · ‒ Does not require changes on SUSE Linux Enterprise Server itself ‒ Builds upon parameters and capabilities](https://reader034.vdocuments.site/reader034/viewer/2022042211/5eb2cde5bbf5ae121f76b233/html5/thumbnails/13.jpg)
13
FSTEC (Russia)
• Achieved for SUSE Linux Enterprise Server 10, SUSE Linux Enterprise Server 10 SP3, SUSE Linux Enterprise Server 11 SP1
• Might need refresh according to market needs• More information:
http://www.globalsecurity.org/military/world/russia/fstec.htmhttp://www.fstec.ru/
• List of certified systems:http://www.fstec.ru/_doc/reestr_sszi/_reestr_sszi.xls
![Page 14: SUSE Linux Enterprise 12 Security Certifications · 2014-12-12 · ‒ Does not require changes on SUSE Linux Enterprise Server itself ‒ Builds upon parameters and capabilities](https://reader034.vdocuments.site/reader034/viewer/2022042211/5eb2cde5bbf5ae121f76b233/html5/thumbnails/14.jpg)
14
Dependencies of Certifications
Common Criteria
(Security)
FIPS 140-2
(Crypto)
ARCH¹RNG²
FSTEC
RUS-Gov
STIG DISA
US-Mil
PCI DSS
Finance
BSI ITGrundschutz
DE-Gov
¹ ARCH = Security Architecture Document² RNG = Random Number Generator
![Page 15: SUSE Linux Enterprise 12 Security Certifications · 2014-12-12 · ‒ Does not require changes on SUSE Linux Enterprise Server itself ‒ Builds upon parameters and capabilities](https://reader034.vdocuments.site/reader034/viewer/2022042211/5eb2cde5bbf5ae121f76b233/html5/thumbnails/15.jpg)
SUSE Linux Enterprise 12
![Page 16: SUSE Linux Enterprise 12 Security Certifications · 2014-12-12 · ‒ Does not require changes on SUSE Linux Enterprise Server itself ‒ Builds upon parameters and capabilities](https://reader034.vdocuments.site/reader034/viewer/2022042211/5eb2cde5bbf5ae121f76b233/html5/thumbnails/16.jpg)
16
Common Criteria Certification
Formal Details
• Certification Body: BSI• Evaluation Lab: atsec information security• Product (TOE, Target of Evaluation)
SUSE Linux Enterprise Server 12• Protection Profile: OSPP-BSI at EAL4 with
augmentation (Flaw Remediation). • Sponsor: SUSE LLC
• Project Lead: Thomas Biege, CSSLP,Team Leader MaintenanceSecurity at SUSE
![Page 17: SUSE Linux Enterprise 12 Security Certifications · 2014-12-12 · ‒ Does not require changes on SUSE Linux Enterprise Server itself ‒ Builds upon parameters and capabilities](https://reader034.vdocuments.site/reader034/viewer/2022042211/5eb2cde5bbf5ae121f76b233/html5/thumbnails/17.jpg)
17
Common Criteria Certification (2)
TOE Configuration
• Architectures‒ x86-64‒ s390x‒ other architectures might follow
• Virtualization (x86-64)‒ KVM and Xen guest ‒ KVM host configuration
• Installation via AutoYaST
![Page 18: SUSE Linux Enterprise 12 Security Certifications · 2014-12-12 · ‒ Does not require changes on SUSE Linux Enterprise Server itself ‒ Builds upon parameters and capabilities](https://reader034.vdocuments.site/reader034/viewer/2022042211/5eb2cde5bbf5ae121f76b233/html5/thumbnails/18.jpg)
18
FIPS 140-2
Architectures‒ x86-64‒ other architectures might follow
Modules1. Kernel2. libgcrypt3. Disk encryption4. OpenSSL5. OpenSSH Client6. OpenSSH Server7. NSS8. StrongSWAN (IPSec)
![Page 19: SUSE Linux Enterprise 12 Security Certifications · 2014-12-12 · ‒ Does not require changes on SUSE Linux Enterprise Server itself ‒ Builds upon parameters and capabilities](https://reader034.vdocuments.site/reader034/viewer/2022042211/5eb2cde5bbf5ae121f76b233/html5/thumbnails/19.jpg)
19
Dependencies of FIPS CSMs
openssllibgcrypt NSS
CC EAL4+
A depends on B
kernelCrypto
API
FIPS 140-2 Level 2 requires an OS with CC EAL2, at least
opensshserver
opensshclient
strongswan
IKE v1/v2
EDC
dm_cryptcryptsetup
PBKDF
PBKDFcryptoalgos
initializeIPSec
initialize block ciphers
in SUSE Linux Enterprise 12
![Page 20: SUSE Linux Enterprise 12 Security Certifications · 2014-12-12 · ‒ Does not require changes on SUSE Linux Enterprise Server itself ‒ Builds upon parameters and capabilities](https://reader034.vdocuments.site/reader034/viewer/2022042211/5eb2cde5bbf5ae121f76b233/html5/thumbnails/20.jpg)
Thank you.
20
Your Questions!?
![Page 21: SUSE Linux Enterprise 12 Security Certifications · 2014-12-12 · ‒ Does not require changes on SUSE Linux Enterprise Server itself ‒ Builds upon parameters and capabilities](https://reader034.vdocuments.site/reader034/viewer/2022042211/5eb2cde5bbf5ae121f76b233/html5/thumbnails/21.jpg)
Corporate HeadquartersMaxfeldstrasse 590409 NurembergGermany
+49 911 740 53 0 (Worldwide)www.suse.com
Join us on:www.opensuse.org
21
![Page 22: SUSE Linux Enterprise 12 Security Certifications · 2014-12-12 · ‒ Does not require changes on SUSE Linux Enterprise Server itself ‒ Builds upon parameters and capabilities](https://reader034.vdocuments.site/reader034/viewer/2022042211/5eb2cde5bbf5ae121f76b233/html5/thumbnails/22.jpg)
Unpublished Work of SUSE LLC. All Rights Reserved.This work is an unpublished work and contains confidential, proprietary and trade secret information of SUSE LLC. Access to this work is restricted to SUSE employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of SUSE. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.
General DisclaimerThis document is not to be construed as a promise by any participating company to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. SUSE makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for SUSE products remains at the sole discretion of SUSE. Further, SUSE reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All SUSE marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.