Securing Linux Based Products With CSDL
The theme for this year’s SecCon was “Building on a Foundation of Security.” The breadth of topics discussed that are relevant to being a trusted vendor and producing trustworthy products is quite significant. Naturally many of the discussions revolved around the Cisco Secure Development Lifecycle (CSDL), Cisco’s approach to building secure products and solutions. As Graham Holmes mentioned in a recent blog post, CSDL takes a layered approach, with one of the key components being the security of the underlying operating system. As a standard part of the development process, Cisco’s product teams implement a comprehensive set of CSDL requirements to harden the base OS. These requirements were created not only by leveraging Cisco’s significant in-house security expertise, but also drawing from best practices available in the industry.
In keeping with the theme of SecCon 2012, we have decided to publish these foundational OS security requirements to enhance the knowledge of our partner ecosystem, and advance the industry as a whole. As of today, Cisco is releasing two documents that have been an integral part of CSDL: “Linux Hardening Recommendations For Cisco Products” and “Product Security Baseline Linux Distribution Requirements.”
The Product Security Baseline for Linux document outlines a broad set of security requirements applicable for embedded Linux OS distributions. Product teams can use the requirements to validate or improve the security stance of the base OS, thus providing a more secure foundation to layer on application-specific features. The Linux Hardening guide builds on the availability of that foundation, and describes in detail a set of embedded Linux OS hardening techniques. It includes topics such as disabling unused resources; permissions and access control; system integrity; runtime defense techniques; and other advanced security features. Most techniques come with detailed implementation examples.
For all things Security don’t forget to visit our Cisco Security Intelligence Operations (SIO) Portal—the primary outlet for Cisco’s security intelligence and the public home to all of our security-related content. And, we’re easy to remember! Just go to cisco.com/security!
We hope you will find these resources useful, and we certainly welcome any feedback!