For Sales Information
call 1.866.230.1307
or email

For Technical Support call 1.866.230.1317
or email

Why Security Blanket?

Operating system (OS) security is a priority for system administrators, but most agree that it is not an easy process. It can be time consuming and difficult, and the process can vary from OS to OS. Security Blanket from Raytheon Trusted Computer Solutions (RTCS) is an easy-to-use, flexible tool that helps you configure your Red Hat Enterprise Linux (RHEL) version 4 or 5 operating system to make it more secure—a process known as system lock down or system hardening. Additionally, Security Blanket supports CentOS 4, 5 and Oracle Enterprise Linux.

Security Blanket can be used to configure a new system to a preconfigured or customized set of security standards and can be run periodically to measure compliance. System administrators who are not Linux experts can feel confident that they can meet their organization’s security requirements by using Security Blanket.

Security Blanket scan confirms the security posture of the system.

Baseline Comparison Report functionality provides the ability to compare current system states to past states to identify changes in hardware, networks, files and software.

The Importance of System Lock Down

Operating systems are not shipped with secure default configurations because it would make them difficult to set up. Therefore, it is important to safeguard your OS from vulnerabilities. According to a recent study by *Forrester Research,* the biggest concern of system administrators today is system security, yet only 45% secure all of their systems, and 26% don’t secure all of their Internet-facing servers. If you are one of the 65% who don’t secure all your systems, it’s probably due to limited time and the necessity to have deep expertise in a variety of OSs. Forrester Research, “State Of Server Operating System Security 2007: Admins Patch An Average Of Eight Days Late,” June 2007

The System Lock Down Dilemma

There are a variety of ways to accomplish lock down of a Linux server. System administrators can download lock down scripts and run those scripts against their systems, but there is substantial risk involved in that they have no visibility into the specific lock down activities being performed and no way to undo activities that have compromised functionality. They can read books on hardening Linux systems, but this takes a lot of time and they can only hope that human error doesn’t enter the picture. According to the Forrester study, 50% of system administrators practice manual lock down. To date, the system lock down tools that exist are labor-intensive, still require OS expertise, and do not address management needs for compliance and reporting. The Forrester study states that only 14% of system administrators today use third-party vendor-supplied hardening tools. A lot of system administrators do nothing and leave their systems open to vulnerabilities.

Why Security Blanket?

• It provides the most complete set of preconfigured (no programming required) security lock downs in any product today.
• It allows users to report against and comply with standardized security recommendations from trusted security experts.
• It is extremely easy to use with step-by-step guidance, built-in documentation, and extensive undo capabilities.
• It allows users to easily customize the security configuration guidelines for lock down and reporting to meet organizational standards.
• It provides easy-to-understand reports of system configuration and changes that have been made over time.

System Assessment

Security Blanket supports both preconfigured security lock down profiles based on well-known industry standards, as well as the ability to establish customized lock downs. This allows users to establish guidelines that are applicable to their organization. Security Blanket supports a compliancy model that includes both assessment and remediation. The product was designed to meet the challenge of providing system administrator's with an automated tool that would provide compliancy to the lock down guidelines defined by the Center for Internet Security (CIS), the Defense Information Systems Agency (DISA) UNIX Security Technical Implementation Guides (STIGs), and the SANS Institute's Top 20 guidelines for ensuring certain configurations such as Linux, Apache, MySQL, and PHP (LAMP) for Red Hat Linux distributions. Additionally, Security Blanket aids in providing required security controls to support FISMA guidelines. Once a preconfigured profile is selected or a customized profile created, the user runs a system scan, or assessment, to determine the system’s level of conformance. When the scan is complete, the user is presented with a list of all security guidelines and notification as to whether the system passed or failed each.

System Lock Down

A clear navigation path takes the user through security profile choices, system assessment, and lock down choices. Each lock down action has on-screen documentation that includes a description of the action and tips. The description points out details regarding the lock down actions and the results to the system if the action is applied. Tips provide guidance on potential drawbacks of applying each lock down. After lock down is complete, the pass/fail status of each security module in the selected profile is presented. Most lock down actions are 100% reversible allowing users to undo actions that compromise system functionality. A warning is provided if the action is not reversible.

Reporting and Logging

Security Blanket provides a set of reports that can be viewed online or saved to be printed at a later time. The reports are designed to provide management with an audit of system security actions, logs of user activity, and a documented status of system security conformance whenever necessary.

Security Assessment report creates an audit record of the system over time.

Installation

Security Blanket is easily self-installed with an application installer and the application itself. The application has five core components: user interface, license manager, module manager, security action modules, and a configuration manager; however, the Security Blanket user will see only a single entry for the application on the desktop. Security Blanket supports both 32 bit and 64 bit architecture for RHEL5 and RHEL4.

Click here to download a pdf file of this product information

Content Update 9/7/11