Red Hat Enterprise Linux 7.4 Beta Debuts with Enhanced Security

The upcoming Red Hat Enterprise Linux 7.4 release is set to provide organizations with a series of new features and enhancements that will improve security and performance. Red Hat released a beta version of Red Hat Enterprise Linux (RHEL) 7.4 on May 23, providing organizations with an opportunity to preview the new features.

One of the new capabilities in RHEL 7.4 is support for Network Bound Disk Encryption, which is a feature that enables organizations to encrypt the root volume of hard drives, without requiring users to re-enter the password after a system is rebooted.

“Essentially, it allows for the automatic decryption of secrets when a client has access to a particular server on a secure network,” Steve Almy, principal product manager, Red Hat Enterprise Linux, told eWEEK.  “The key word here is automatic, reducing hassle when using encryption at scale.”

For Network Bound Disk Encryption to work properly, Almy explained that the encryption needs to be initiated at installation time and it is not currently possible to encrypt an unencrypted drive with Linux Unified Key Setup-on-disk-format (LUKS). 

Another new security capability coming to RHEL 7.4 is support for the USBGuard software framework. USBGuard is an open-source project that aims to help protect systems against rogue USB devices, by implementing basic whitelisting and blacklisting capabilities, based on device attributes. In RHEL 7.4   USBGuard can be configured locally with the /etc/usbguard/rules.conf file and will be configurable at scale via Ansible roles, Almy said

Secure Socket Layer/Transport Layer Security (SSL/TLS) gets a boost in RHEL 7.4 with the updated OpenSSL 1.0.2k package.

“This update provides a number of enhancements, new features, and bug fixes, including support for Application-Layer Protocol Negotiation (ALPN) and the datagram TLS (DTLS) protocol version 1.2,” Almy said.

ALPN is an extension to the Transport Layer Security (TLS) Protocol, Version 1.2…

Read the full article at the Original Source..

Back to Top