Pages

Monday, October 9, 2017

Launching a Secure Environment: Applying IBM’s LinuxONE Encryption

By Bill Moran and Rich Ptak

Courtesy of IBM


The other day we attended an excellent presentation by Dr. Rheinhardt Buengden of IBM Germany on applying the encryption in LinuxONE[1]. He provided extensive technical detail on installing and implementing a secure IBM LinuxONE Emperor II system (or one of the other IBM Linux mainframe system). It was a highly informative session.

First, nothing that we learned contradicts our earlier blog[2] on IBM’s announcement. We continue to believe that LinuxONE combined with its associated hardware represents the best commercial alternative for security on the Linux market. But, we did get some greater insight into implementing a high-security system.

 We now have a much better appreciation of the level of effort necessary to achieve a secure operating environment. As one might expect, much of the work revolves around having to choose among the many options in Linux. But, it also requires effort fit the new system into the way business is currently organized and done. To accomplish this requires significant skills in Linux and security methods as well as a detailed knowledge of the company’s current processes.

 We provide some specifics here. There are certain to be others. First, consider the interactions between the security key management and the existing disaster recovery mechanism. Some types of keys are system specific and will not work on another system. Careful planning is necessary to identify and handle inconsistencies and conflicts[3]. The LinuxONE system can automatically recover from an abnormal situation but only if the preparation work has been done.  Similarly, backup and archive policies will need a review for similar inconsistencies. The whole issue of key management will need careful study and decisions made in choosing among the various types of keys that can be implemented. Several types of keys are available; each type has its own different properties, advantages, etc.

There are choices to be made over how to handle the encryption applied to files, file systems and disks. Understanding the relative advantages and choosing the best one requires knowledge of the Linux facilities and their interactions with the security facilities. Failure here could result in an intruder being able to access the most sensitive information in the clear; fatally compromising all system security.

The last topic concerns the Linux kernel. Typically, the Linux kernel included security APIs that invoke certain software functions. LinuxONE hardware will speed up these functions. For this to work, the Linux kernel must be updated with code that supports the LinuxONE hardware. IBM has submitted a fix for inclusion in a future Linux kernel release.

This points to a bigger, more significant problem. LinuxONE relies on some Open source modules such as Open SSL, all such dependencies need to be monitored and updated or modified as necessary if security is to be maintained. We mention this point because the Equifax security breach has been tied to a lack of maintenance to open source module. The lesson is that maintenance for all modules in the system must be carefully monitored and applied. Open source code updates cannot and should not be ignored.

In sum, we think that anyone planning an installation of a LinuxONE system should understand the magnitude of the task they are undertaking and plan accordingly.

For a security project of this scope, seriously consider establishing a security subcommittee of the Board of Directors. This group needs to learn enough to ask the hard questions and supervise security audits of the organization’s activities.

A review of the presentation would benefit any group interested in security. And, be most helpful for groups considering purchase of the new LinuxONE system.  However, nothing will substitute for a knowledgeable and active staff handling the installation and operation of a LinuxONE system. Senior management support is critical. We hope our notes here make that clear.



[1] Here is the URL for the presentation: http://www.vm.ibm.com/education/lvc/LVC0927.mp4
[3] Details on this topic are beyond our current scope. See Dr. Buengden’s discussion on the topic 

No comments:

Post a Comment