Fedora 15 Boosts Linux Security
New release of Red Hat's community Linux distro debuts new dynamic firewall technology that could revolutionize how we all secure our server and desktop infrastructures.
As the starting point for many IT perimeter defense architectures, the firewall is a critical piece of security technology. In the upcoming, Fedora 15 Linux distribution release, a new dynamic firewall technology will help to improve the critical cornerstone technology for server and desktop users.
Fedora is a Linux community project sponsored by Red Hat (NYSE: RHT) and is set to release Fedora 15 on May 24th. Security improvements are a key focus in the Fedora 15 release with a number of innovations.
"We have better support for encrypted home directories that get mounted when you log in and that goes a long way to help people feel that their data is secure," Jared Smith, Fedora Project Leader told InternetNews.com.
In addition to encryption, Fedora 15 debut the new dynamic firewall technology that Smith noted was one of his favorite features in the new Linux release.
"Most Linux systems use IP tables type firewalls and the problem is that if you want to make a change to the firewall, it's hard to modify on the fly without reloading the entire firewall," Smith said. "Fedora 15 is really the first mainstream operating system to have a dynamic firewall where you can add or change rules and keep the firewall up and responding while you're making changing."
Smith added that the dynamic firewall technology will still need development work, but it is available in Fedora 15 for users to start playing with to see how it works with their environments.
The dynamic firewall isn't just for inbound traffic either. It can also dynamically adjust to the needs of outbound traffic originating behind the firewall.
"One of the cool things about the dynamic firewall in Fedora 15 is that it has a dbus interface, so individual applications can communicate with the firewall," Smith said. "The apps can tell the firewall to open up a port for a period of time and then shut it back down."
Smith noted that the dynamic firewall has not been designed to be built once and then deployed, unlike traditional static firewall technologies.
"The dynamic firewall is something that individuals or programs can communicate with to handle dynamic changes to whatever networking conditions require," Smith said. "So an application can sa,y hey I need a port open, please open a pinhole in the firewall."
Fedora 15's new security features follow the introduction of new security features in Fedora 14 which was released in October of 2010. Fedora 14 included OpenSCAP, an open source implementation of the Security Content Automation Protocol (SCAP) framework for creating a standardized approach for maintaining secure systems.