Archive Index (1999-2012) | 2013-current at | About  

Linux thin-client server OS undergoes EAL4 evaluation, pilot testing

Nov 2, 2005 — by LinuxDevices Staff — from the LinuxDevices Archive

A government contractor is pilot-testing Linux server technology that, when combined with thin clients, can provide government workers with secure access to multiple networks, servers, and security levels, it says. Trusted Computer Solutions's (TCS's) NetTop2 aims to allow intelligence workers to replace multiple PCs with a single thin-client device.

NetTop2 incorporates patented NetTop technology licensed from the NSA (National Security Agency), which worked with TCS under a CRADA (cooperative research and development agreement) to create NetTop2, TCS says.

TCS says NetTop2 puts authentication and security protection measures “at the edge” of the network, rather than on individual desktops, reducing infrastructure complexity. Workers needing access to computing resources at varying security classifications will be able to replace multiple desktop computers with a single thin client, according to the company.

Vendor neutrality

Interestingly, NetTop2 technology is vendor-neutral at the hardware level. It is currently being evaluated under Common Criteria EAL4 requirements on IBM xSeries, pSeries, and ZSeries servers, but could run on any appropriate platform supporting Linux, and with any qualified thin clients.

Currently, NetTop2 is being tested with Wyse's V50 (pictured at right), which runs Wyse's Linux 2.6-based V6 OS on a 1GHz Via Eden processor. TCS may have chosen the V50 in part due to advanced security capabilities embedded in the Eden CPU.

Even more interesting, the TCS solution is vendor-neutral at the OS level. While NetTop technology is patented, the underlying OS is not.

NetTop2 is currently based on the NSA's (National Security Agency's) SELinux, which TCS says incorporates three “protection profiles” recognized by the Common Criteria and mandated by DCID 6/3 (director of Central Intelligence directive 6/3) for TSABI (top secret and below interoperability). These include labeled security (LSPP), controlled access (CAPP), and role-based access control (RBAC).

NetTop2/SELinux is the only available Linux distribution with an LSPP, TCS claims.

In the future, NetTop2 is expected to support underlying Linux OSes from a variety of vendors. For example, TCS says it is working with Red Hat and IBM to “upstream” required security features into the 5.0 release of Red Hat Enterprise Linux (RHEL 5.0), expected next fall.

NSA's chief of information assurance research, Susan Alexander, said, “For years our customers have been clamoring for the look, feel, flexibility, and functionality of today's commercial software. With NetTop they can get just such an environment … without compromising on security.”

TCS COO Edward Hammersla said, “NetTop2 is the only multilevel application solution that does not require proprietary hardware or a proprietary operating system.”

Wyse VP of business development, Ali Fenn, said, “The inherent security associated with thin client devices, combined with the NetTop2 software solution, is an extremely powerful solution.”


NetTop2 Thin Client is available immediately for pilot testing, with general availability expected at EOY (end of year).

This article was originally published on and has been donated to the open source community by QuinStreet Inc. Please visit for up-to-date news and articles about Linux and open source.

Comments are closed.