X

News, tips, partners, and perspectives for the Oracle Linux operating system and upstream Linux kernel work

Oracle Linux Delivers on Security

Avi Miller
Senior Manager, Oracle Linux and Virtualization Product Management

Did you know that in 2017, U.S. federal agencies reported 35,277 cybersecurity incidents for their IT systems? And that in 2018, malicious cyber activity cost the U.S. economy between $57-109 billion dollars? This new GovLoop market trends report discusses the challenges facing government agencies. Like private enterprises, federal agencies need layers of protection in their data centers and clouds.  

Several things have been happening in the Oracle Linux group to help our customers bolster security and combat cyber threats. Oracle recently announced that Oracle Linux has been certified under Common Criteria (CC) and achieved FIPS 140-2 validation of its cryptographic modules. In fact, Oracle Linux is currently one of only two operating systems – and the only Linux distribution - listed on the National Information Assurance Partnership (NIAP) Product Compliant List, which provides assurance to government and industry purchasers that Oracle Linux complies with technology-specific security requirements.

This is the latest in a series of security-oriented product releases that focus on making Oracle Linux one of the most secure operating systems for your data center and in the cloud.

Oracle Linux is the only Linux distribution that supports live, non-disruptive patching for the kernel, hypervisor, and critical user space packages, with Ksplice. Furthermore, we recently added a new feature to Ksplice that detects attempts to exploit kernel vulnerabilities that have been patched in memory. This feature proactively alerts you if any compromised code tries to get executed on a server.

We also released the first technology preview of Kata Containers, which aim further protect cloud native, container-based microservices, by leveraging the security and isolation provided by virtual machines. In addition, we are working on significantly improving the performance of large seccomp filters, which are used by the kernel to restrict the capabilities of containers, to help ensure isolation.

Our work on virtual machines doesn’t stop with Kata Containers. We have a team of developers at Oracle working on a more secure QEMU based hypervisor to improve the security and isolation of the virtual hardware exposed to virtual instances, particularly in cloud environments, both public and private.

One of the key aspects of security in a cloud environment is to make sure your data is encrypted, not just at rest on disk, but in-flight on your network. Oracle developer Chuck Lever has been collaborating on an internet draft standard to bring transparent, end-to-end encryption for NFS (actually, all RPC-based protocols). This new internet draft proposes NFS-over-TLS, to help ensure encryption of NFS data over the wire.

These are just some of the projects that provide the foundation that powers the “Security First” Generation 2 Cloud announced by Oracle Executive Chairman and CTO, Larry Ellison at Oracle OpenWorld 2018.

Learn more at www.oracle.com/linux/security/.