United States (change)
Shortcuts: Downloads Fedora Red Hat Network
Red Hat's collaboration with the open source community has propelled it as a leader in operating system security. Through the Fedora Project, Red Hat and the worldwide development community continue to innovate security-enhancing technologies. Fedora Project features are tested fully and then incorporated into future releases of Red Hat Enterprise Linux, giving customers advanced security features in a highly stable and supported environment. Here are a few key features:
Update 3 for Red Hat Enterprise Linux 3 delivers several features designed to help prevent buffer overflow attacks, the most frequent type of exploit across all platforms. Buffer overflows can occur when an attacker is able to send specially crafted data to an application in an unexpected way that could lead to the execution of malicious code.
With this update for Red Hat Enterprise Linux 3, Red Hat now includes support for NX ("No-eXecute") technology. NX is a feature in new chips from AMD and Intel that prevents certain areas of memory from being able to execute code. The operating system separates data from program code, and does not allow code in the data section of memory to execute.
Along with NX support, Red Hat introduced Exec-Shield, which will similarly separate read and execute permissions in memory. Exec-Shield has the added benefit of working with all types of hardware. This means customers can take advantage of this advancement in security technology on their existing systems. Neither NX nor Exec-Shield require any changes to applications to take advantage of the added levels of security.
To make a buffer overflow exploit work, an attacker must know the approximate address in memory that will hold their hostile code. In most operating systems, applications always load into the same places in memory, so the attacker can easier determine the location for their exploit. To solve this problem, Red Hat has developed, and contributed to the GNU Compiler Collection toolchain, a technique known as Position Independent Executables (PIE). Applications compiled as PIE-enabled are loaded into memory at random locations, preventing the predictability that attackers require.
Learn more about the new security features in Red Hat Enterprise Linux 3: Exec-Shield and NX Technology Whitepaper.
The next major release of Red Hat Enterprise Linux will include the first enterprise-ready implementation of Security-Enhanced Linux (SELinux). SELinux inclusion is based on a partnership between Red Hat and the National Security Agency, which has been developing secure operating systems for 10 years, with SELinux representing the best practices of mandatory access control, Type Enforcement®, and role-based access control. SELinux ensures that applications have only the minimum amount of access needed to perform tasks, preventing or containing damage from an attacker or broken application.