{{Header}} {{Title|title= Enterprise Security }} {{#seo: |description=Definition of "maximum security" in computing. }} {{maintainability_mininav}} {{intro| A discussion of the definition of "enterprise security" in computing. While the idea of achieving enterprise security is appealing, it comes with a lot of unexpected drawbacks. Namely high costs for certifications and little actually tangible security improvements that couldn't or wouldn't be achieved otherwise. }} {{stub}} {| class="wikitable" |+ ''Build Integrity & Transparency Features'' |- ! Feature ! Description ! {{project_name_short}} ! Most This is to avoid saying "all". None where this does not apply was known to the author at time of writing. Enterprise Linux Distributions |- ! Protection from supply chain attacks | Mandates digital signature verification at all stages of development. This includes source code commits, git tags, the build process, and final downloads. Execution or deployment of unsigned code is strictly forbidden. The policy helps prevent supply chain attacks by ensuring the authenticity and integrity of software throughout its development and distribution. | {{Yes}} [[Digital_Signature_Policy|Digital Signature Policy]] | {{No}} Usually does not have a Digital Signature Policy. |- ! Signed (ISO) images downloads | All downloads are cryptographically signed, allowing users to verify the authenticity and integrity of releases. | {{Yes}} | Some provide only sha256 checksum files. No file signed by tools such as gpg, signify and/or codecrypt. |- ! Signed software packages are verified by the package manager | | {{Yes}} | {{Yes}} |- ! Documentation encourages users to perform digital software signature verification | [[Verifying Software Signatures]] is consistently pointed out in documentation. | {{Yes}} [[Digital_Signature_Policy|Digital Signature Policy]] | {{No}} |- ! Certification | Cybersecurity validations and certifications, product compliance | {{No}} [[Dev/certification]] | {{Yes}} * https://access.redhat.com/en/compliance?products=Red+Hat+Enterprise+Linux |- ! Kernel livepatching | [https://en.wikipedia.org/wiki/Kpatch kpatch] | {{No}} https://debconf24.debconf.org/talks/91-linux-live-patching-in-debian/ | {{Yes}} |- ! Community support | | {{Yes}} [[Community Support]] | {{Yes}} https://www.reddit.com/r/redhat |- ! Enterprise support | Onboard new companies, answer questions, resolve issues at scale according to a service agreement. | {{No}} | {{Yes}} * https://www.redhat.com/en/services/support * https://www.reddit.com/r/redhat/comments/1d8b5ww/level_of_support_expected/ |- ! Professional 24/7 support | Access to support engineers 24x7 for high-severity issues according to service agreement. | {{No}} | {{Yes}} |- ! Extended LTS long-term support (5 years) by vendor | | {{No}} | {{Yes}} |- ! Extended LTS long-term support (5 - 19 years) by vendor | | {{No}} | {{Yes}} {{quotation |quote=Maintain system consistency with up to 19 years of support. |context=[https://www.suse.com/products/long-term-service-pack-support/ SUSE Linux Enterprise Long Term Service Pack Support] }} |- |} = See Also = * https://wiki.almalinux.org/Comparison.html = Footnotes = {{Footer}} [[Category:Documentation]] [[Category:Design]]