tug
Volume 3, Number 21 -- June 8, 2006

IBM, Argus Systems Get EAL4+ Certification on AIX-PitBull Combo

Published: June 8, 2006

by Timothy Prickett Morgan

Server maker IBM and Unix security software provider Argus Systems have worked together to get the combination of IBM's AIX 5.2 Unix variant and the PitBull Foundation 5.0 security software certified under the Common Criteria security specification.

The PitBull Foundation software provides a layer of multi-level security for AIX operating systems, something that is lacking in AIX and, indeed, other Unix and Unix-like operating systems. PitBull eliminates vulnerabilities associated with the root or superuser account; the software also protects applications and operating systems from attacks from within a company or outside a firewall. Argus originally developed the product for Solaris, but in November 2004, the program was ported to AIX. Argus also sells a program called PitBull LX, which is a security layer that wraps around Linux or Unix applications and prevents hackers from exploiting known bugs in the application software to gain access to the systems. PitBull LX also protects sensitive information and does not allow hackers to deface Web sites. Both PitBull Foundation and PitBull LX essentially provide a finer granularity to root access than Unix and Linux themselves. PitBull LX was available for Solaris 8 and commercial Linuxes based on the 2.4 and 2.6 kernels, and now it is also available on AIX 5L 5.2.

According to Jay Kruemcke, AIX product manager at IBM, the AIX-PitBull combination has been certified at the EAL4+ level using the Labeled Security Protection profile (LSPP) of the Common Criteria. The Common Criteria certification is the result of the merging a few years ago of security standards from North American and European governments, and it is used to separate products that have demonstrated their security, as audited by expert third parties, from those products that cannot or have not attained the certification.

Incidentally, IBM tested AIX 5.2 for the Common Criteria test because when it began the certification process at the end of 2004--which was when PitBull first became available on AIX--AIX 5.3 was just starting to ship and IBM knew it was going to add a lot of functionality with AIX 5.3 in 2005. Now that the rigorous and expensive Common Criteria process is done for AIX 5.2, IBM has already begun the process of getting AIX 5.3 and PitBull certified together. IBM is not too worried about the impact being one release behind might have on sales. "Unix customers tend to be conservative, and they do not always adopt new technology too quickly," explains Kruemcke. "Moreover, many customers are willing to buy new products based on your submission for the Common Criteria certificate. They know that, given the cost and complexity of the tests, you are not going to submit to the process unless you are pretty sure you will get the security rating."

Sponsored By
CANVAS SYSTEMS

Get p5 technology in a p4 machine!

Save 85-90% off list price on Regatta pSeries 690 machines from Canvas Systems.
Choose from Buy, Lease, Rent and DR options.
Call 1-877-799-8226.

Buy: Check out the savings and performance with high end p4 technology.
Lease: A great way to get the technology you need without committing to a sale.
Rent: Already decided to move to p5? Test your migration strategy with a rental!
Disaster Recovery: Build a hot or warm failover solution for the same price you pay for a subscribed hot-site solution.

www.canvassystems.com
Editor: Timothy Prickett Morgan
Contributing Editors: Dan Burger, Joe Hertvik,
Shannon O'Donnell, Timothy Prickett Morgan
Publisher and Advertising Director: Jenny Thomas
Advertising Sales Representative: Kim Reed
Contact the Editors: To contact anyone on the IT Jungle Team
Go to our contacts page and send us a message.

Sponsored Links

Egenera:  Get your FREE Blade Server Buying Guide
FreeBSD:  Advanced OS for X86 and X64, Alpha/AXP, IA-64, PC-98, and Sparc architectures
COMMON:  Join us at the Fall 2006 conference, September 17-21, in Miami Beach, Florida

 
THIS ISSUE SPONSORED BY:

Arkeia
MKS
OpenSolaris
World Data Products
Canvas Systems



TABLE OF CONTENTS
Sun Lays Off Up to 5,000 Employees, Banks on Revenue Rise

HP Scales Down NonStop Servers to Chase New Customers

VMware Offers New Packaging and Pricing with ESX Server 3

The Cult of Numerology

But Wait, There's More:

Survey Says Java Developers Like Open Source Databases . . . Cray Warns Q2 Down Significantly, Affirms Guidance for Year . . . IBM, Argus Systems Get EAL4+ Certification on AIX-PitBull Combo . . . Sun Labs Will Step Up Innovation for Commercialization . . . Dell Launches Generation 9 of PowerEdge Servers . . . IDC Projects Disk Array Capacity to Keep Exploding Through 2010 . . .

The Unix Guardian

BACK ISSUES

The Four Hundred
Infor Acquisition of SSA Global Sparks a Lawsuit

Trucking Along with the OS/400 Platform

Merrill Lynch Cases IT Spending, Server Buying Patterns

The Cult of Numerology

The Linux Beacon
Red Hat Launches Projects for Collaboration, Code Testing

Red Hat Nixes Database Acquisition Strategy

Ubuntu to Support Linux on Sparc T1 Chips

VMware Offers New Packaging and Pricing with ESX Server 3

Big Iron
Server Sales Decline for the Second Straight Quarter

Top Mainframe Stories and Vendor Announcements

Chats, Webinars, Seminars, Shows, and Other Happenings

The Windows Observer
Microsoft Introduces New BI Product Dubbed 'PerformancePoint'

Microsoft to Support AS2, EDI, and RFID with BizTalk Server

Mainsoft Brings .NET Applications into J2EE Portals

Server Sales Decline for the Second Straight Quarter


 
Subscription Information:
You can unsubscribe, change your email address, or sign up for any of IT Jungle's free e-newsletters through our Web site at http://www.itjungle.com/sub/subscribe.html.

Copyright © 1996-2008 Guild Companies, Inc. All Rights Reserved.
Guild Companies, Inc., 50 Park Terrace East, Suite 8F, New York, NY 10034

Privacy Statement