Validated Product - Red Hat Enterprise Linux Version 4 Update 2 AS & Red Hat Enterprise Linux Version 4 Update 2 WS

PRODUCT DESCRIPTION

The target of evaluation (TOE) is the operating system Red Hat Enterprise Linux 4 Update 2 AS and Red Hat Enterprise Linux 4 Update 2 WS product (also referred to in this document as “Red Hat Enterprise Linux”).

Red Hat Enterprise Linux is a general purpose, multi-user, multi-tasking Linux based operating system. It provides a platform for a variety of applications in the governmental and commercial environment. Red Hat Enterprise Linux is available on a broad range of computer systems, ranging from departmental servers to multi-processor enterprise servers.

The Red Hat Enterprise Linux evaluation covers a potentially distributed, but closed network of HP Integrity (Itanium2) and ProLiant (Pentium, Xeon, and Opteron) servers and workstations running the evaluated version of Red Hat Enterprise Linux. The hardware platforms selected for the evaluation consist of machines which are available when the evaluation has completed and to remain available for a substantial period of time afterwards.

The TOE Security Functions (TSF) consist of functions of Red Hat Enterprise Linux that run in kernel mode plus some trusted processes. These are the functions that enforce the security policy as defined in this Security Target. Tools and commands executed in user mode that are used by an administrative user need also to be trusted to manage the system in a secure way. But as with other operating system evaluations they are not considered to be part of this TSF.

The TOE includes installation from CDROM/DVDROM and from a local hard disk partition.

The TOE includes standard networking applications, such as ftp, ssl and ssh. xinetd is used to protect network applications which might otherwise have security exposures.

System administration tools include the standard commands. A graphical user interface for system administration or any other operation is not included in the evaluated configuration.

SECURITY EVALUATION SUMMARY

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the RHEL4 TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.2 and National and International Interpretations effective on 2005-12-15. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 2.2.

The CCTL (atsec) determined that the evaluation assurance level (EAL) for the product is EAL 3, augmented with the CC ACL_FLR.3 Flaw Remediation assurance requirements. The product, when configured as specified in the Evaluated Configuration Guide satisfies all of the security functional requirements stated in the Security Target Red Hat Enterprise Linux 4 Update 2 Security Target for CAPP Compliance v 2.4 and is conformant to the CAPP v1.d. The evaluation was completed in February 2006. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report, (report number CCEVS-VR-06-0020, dated 31 May 2006) prepared by CCEVS.

ENVIRONMENTAL STRENGTHS

The functionality of Red Hat Enterprise Linux is consistent with the requirements set forth by Controlled Access Protection Profile. Here are some examples of the security features available:

Security Audit: An administrator configurable audit subsystem is able to record system events and user actions. It stores the audit records on disk and appropriate access control configurations are in place to protect them from unauthorized access.

User Data Protection: The Discretionary Access Control Policy is enforced on processes running on behalf of users as subjects and file system objects as well as IPC objects. This mechanism allows only administrators and object owners to modify the access control attributes of named objects. Access Control Lists (ACLs) can be used for a more fine grained control for file system objects.

Identification and Authentication: The I&A mechanism identifies and authenticates users and assigns the configured group definition.

Security Management: The security management mechanism provides a set of administrative management tools to create, delete and modify users, groups and their authentication data. In addition, management tools for the audit subsystem are provided.

Protection of TOE Security Functions: The protection mechanisms ensures that the execution between domains of trusted components and untrusted processes is separated to protect against interference. The separation mechanism allows communication between processes through well-defined interfaces only.