NEXOR ACHIEVES COMMON CRITERIA CERTIFICATION WITH RED HAT ENTERPRISE LINUX – A CASE STUDY

July 2013

Nexor connects, transforms, and protects sensitive information in cyberspace for the Defence and Intelligence, Government, and Critical National Infrastructure markets. Recognising the limitations of developing products on an aging, proprietary operating platform, Nexor joined the Red Hat independent software vendor (ISV) partner community and migrated to Red Hat® Enterprise Linux®.

Not only did the company benefit from an enterprise-ready, secure solution, its customers also gained efficiency thanks to increased interoperability and a reduction in the amount of training needed to work with NEXOR products. The SELinux features in Red Hat Enterprise Linux ensured the company did not sacrifice security.

A mainstream, open source system for customer integration

Spanning 25 years, Nexor has a rich heritage developing messaging and guard solutions for the Defence and Intelligence market. Its customers are both UK and global, and also include Government Departments, Transport Organisations, the Energy Sector, and Police Forces.

One of its key products, Nexor Sentinel, is a highly available and secure email gateway appliance that protects user organisations by validating inbound and outbound electronic messages to conform to the security policies of the protected domain. The original Sentinel 2.0 email product was Common Criteria-certified, an international standard for computer security that ensures customers’ security assurance needs are met.

In order to meet the stringent interoperability and security requirements of its customers, Nexor Sentinel has to continually evolve. This need led Nexor to review its aging hardware and proprietary operating system, which functioned as the underlying platform for its products. The specialised platform, consisting of the BAE STOP 6 operating system on BAE XTS-400 hardware, involved complex maintenance and had high associated overhead, such as the cost of training customers.

Meeting customer demands with Common Criteria certification

In looking at an alternative solution, Nexor evaluated 3 options, including Red Hat® Enterprise Linux®. It was essential for the new solution to support Nexor’s bid to regain Common Criteria certification, as demanded by its customers. Red Hat was quickly identified as the open source market leader. In addition, the SELinux components of Red Hat Enterprise Linux provide the security levels needed to achieve Common Criteria certification.

After internal testing and evaluation, a proof of concept was run to test the application with the latest version of Sentinel. Nexor found that Red Hat Enterprise Linux gave Sentinel the ability to lock down and control information flow, thus delivering a successful and secure solution that would operate with zero downtime.

The new Sentinel 3E product, running on Red Hat Enterprise Linux, achieved Common Criteria EAL4 certification. As an industry standard, the product is now fully assured and delivers the level of control Nexor customers need. Nexor expects this certification will help it further penetrate the market, as the project has demonstrated that the company can adapt to maintain continuous supply and relevance within the market. This degree of secured longevity with the Sentinel product could not have been achieved without migrating to Red Hat Enterprise Linux and SELinux.

Red Hat Enterprise Linux helps Sentinel run faster, a benefit for both customers and internal Nexor users. The build time for applications has been radically decreased; where it previously took up to 3 days for each application to be built, it now takes a matter of a few hours.

“The main benefit for us is that we have been able to move from a specialised, proprietary platform,” said Colin Robbins, Technical Director, Nexor. “We have been able to derive efficiencies in our production environment and have also built customer loyalty. We can now fully integrate with their existing systems, thus improving our competitiveness in the market.”

Red Hat Satellite, a multi-client systems management solution, lets Nexor automate system updates across its network. Security updates can now be passed directly from Nexor’s Sentinel product to the customers, an improvement over the common model, where customers must wait to receive a patch from the vendor. This results in a simple, smooth, and convenient model for product update delivery.

Comprehensive Red Hat training

Red Hat provided a comprehensive training program for Nexor staff, including the Red Hat Certified Engineer (RHCE®) training course with exam. This certification course teaches the in-depth knowledge, skills, and abilities required to administer Red Hat Enterprise Linux systems, giving Nexor developers a detailed understanding of how the operating system works and how to get the best out of it when developing solutions.

“The training was extremely thorough and our engineers were up to speed with the solution very quickly,” said Robbins.

Fully integrating Linux into product range

This project modernizes Sentinel, providing a highly secure, future-proof appliance for their military, intelligence, and government customers. Red Hat Enterprise Linux is now Nexor’s platform of choice and its other products are being developed on the Red Hat platform by default. This includes Nexor Guardian and Nexor Data Diode proxies.