Red Hat Certified: A New Hat for Linux Professionals
Red Hat has long attracted industry notice through its use of live system, performance-based testing in its Red Hat Certified Technician (RHCT) and Red Hat Certified Engineer (RHCE) certification programs. Now, Red Hat is adding a first-of-its-kind performance-based security certification to its fold: the Red Hat Certified Security Specialist (RHCSS).
Networked systems provide a gateway to useful information and applications, but also invite an unfriendly world through that gateway. For this reason, security capabilities have always been integral to Red Hat’s operating system products and thus to Red Hat’s curriculum and certification exams. RHCT tests just the core system administrative skills, although security-related skills such as setting passwords and attaching to an external directory for authentication are also required. RHCE requires candidates to implement multiple security requirements on their systems. A candidate who cannot implement these requirements will not earn RHCE. Security is not optional in the real world, and should not be optional in a system administration certification exam with a networking services focus.
Endorsement exams enable RHCEs to acquire performance-based credentials in focused areas at a level beyond RHCE. Adding endorsements to an RHCE enables Red Hat to supplement the core certification with additional specializations.
Last year, Red Hat introduced a new training and certification program: Red Hat Certified Architect (RHCA). RHCAs are the “masters of many”—deploying and managing the many systems, many users and many differing requirements found in enterprise environments. Of the five RHCA-track courses, two test security-related skills: EX333 Red Hat Enterprise Security: Networking Services, and EX423 Red Hat Enterprise Directory Services and Authentication. Those who earn RHCA demonstrate command of a deeper and broader set of tools for implementing security requirements than RHCE, even though RHCA is not positioned as a security certification.
When it comes to demonstrated security capability, RHCEs, RHCEs with one or more security-related endorsements and RHCAs have demonstrated tangible skills in addressing real-world security needs. Many organizations will find their security requirements amply met by staffing their IT group with some mix of these qualifications.
Deeper and Broader Security Certification
Unfortunately, the unfriendly world is getting unfriendlier, and the stakes are getting higher. Government agencies, particularly those involved in defense, must contend with the threat of cyber-terrorism, sabotage and espionage. Businesses must be on guard for professional intruders who are interested in stealing company-confidential information.
More troubling still, the computers, networks and Internet access that have made workers more productive have also given the disgruntled or wayward employee new ways to seek revenge and new temptations for misbehavior. Putting up firewalls to guard against outsiders while leaving internal networks and systems wide open is simply naïve.
Organizations look increasingly to security certification of their IT personnel to determine who is qualified for the tasks of protecting networks and systems. General certifications partially meet the need for such credentials. However, there is a need for security certifications that focus on technical implementation, rather than policy or theory. “IT security is an arena where individual and organizational livelihoods are at stake. Security requirements are expanding for every entity doing credit card transactions or handling personal data. Sarbanes-Oxley, HIPAA and a raft of other compliance requirements are being forced upon public- and private-sector organizations,” said Peter Childers, vice president of Global Learning Services at Red Hat. “Faced with these requirements, such organizations will demand the higher level of information assurance and protection provided by a technically focused performance-based security certification.”
Red Hat Certified Security Specialist
To address these needs, Red Hat has introduced a new family of security-related credentials that demonstrate advanced skills in using Red Hat Enterprise Linux, Red Hat Directory Server and Red Hat Certificate Management System to meet the security requirements of today’s enterprise environment. At the center of these is the Red Hat Certified Security Specialist (RHCSS).
As with RHCA, one must first earn RHCE in order to take the endorsement exams required for RHCSS. One must then take and pass:
- EX333 Enterprise Network Services Security
- X423 Enterprise Directory Services and Authentication
- EX429 SELinux Policy Administration
RHCSS builds on the solid foundation of RHCE, and shares common ground with RHCA. Both credentials require the Enterprise Network Services Security (EX333) and the Enterprise Directory Services and Authentication (EX423) endorsements. RHCSS additionally requires the SELinux Policy Administration endorsement (EX429).
An RHCE can elect to earn only one or two of these endorsements, and each is meaningful on its own. Candidates who earn all three endorsements earn the privilege of calling themselves Red Hat Certified Security Specialists and have conclusively demonstrated a deep, comprehensive set of security skills.
The SELinux Endorsement Exam
SELinux—or Security Enhanced Linux—provides mandatory access control at the level of the operating system kernel. Think of SELinux as a security layer that would permit a Web server to read content from particular directories only, for example, but not from others—even if the file system permissions on those directories allowed it. If an intruder were to hijack a running Web server process on a system with SELinux enforcement, the intruder would likely find that the process was useless as a springboard for additional mischief. Under SELinux, networking services run under a complex set of policies that limit their capability to do anything other than provide the service they were meant to provide. An RHCE endorsed with EX429 can go beyond the standard policy protections shipped with Red Hat Enterprise Linux and can create new, custom policies to meet an organization’s specific requirements.
The endorsements comprising RHCSS demonstrate a critical set of security skills: authentication management through tools such as Kerberos, Red Hat Directory Server and PAM; host-based security mechanisms for restricting network services; service-to-service authentication; cryptographic technologies, including GPG and OpenSSL; and SELinux policies underlying these and other higher-level services.
Beyond RHCSS: Identity Management
Simultaneous with RHCSS, Red Hat is providing an additional endorsement in identity management. Identity management is authentication taken to the next level. One might need to authenticate to an e-mail server, but also might need to authenticate to the door of a facility or a server room. If authentication is about proving “I am who (or what) I say I am,” identity management is about how an organization consolidates a mechanism for people and things to prove they are who and what they say they are. RHCEs can take the EX435 exam that tests their skills and knowledge in using Red Hat Certificate Management System to address identity management needs.
In the future, Red Hat may introduce or extend other security-related tools, and support these with additional higher-level endorsements.
Everywhere there are daily reminders that a networked world brings us into contact with the best and the worst that the world has to offer. Today’s organizations must counter the ingenuity and determination of criminals and pranksters with equ