Enterprise Linux software maker Red Hat Inc. Thursday launched a new security certification program for IT managers and Linux sysadmins and developers, Red Hat Certified Security Specialist.

It is the first enterprise Linux certification program of its kind, the company said.

Red Hat has long had RHCE (Certified Engineer) and RHCA (Certified Architect) programs in operation. The RHCSS (Certified Security Specialist) designation is the first performance-based certification focused on security competency for enterprise Linux servers, the company said.

Resource Library:

"We insist upon performance-based testing on live systems to certify individuals in the program," Red Hat Vice President of Global Learning Services Peter Childers told Ziff Davis Internet.

"The standard security certification program, the CISSP (Certified Information System Security Professional), is simply a multiple-choice test. It is what it is.

"But we believe that for a company's shareholders, data is where much of their value lies. We are adding another level of assurance that a company's data will be secure when the professionals who administer that data are certified to a higher level. That is why we use performance-based testing on live systems, only, in our programs. It's the only way to really know whether a person is truly qualified."

Click here to read more about the growing popularity of Linux security certifications.

Linux security has not been nearly as problematic as Windows system security over the years, due largely to the proliferation of Microsoft Corp. operating systems in desktops and servers and the security-conscious architecture of Linux itself. Thus, the need for security certification programs like Red Hat's hasn't been as pressing.

But, Childers said, things have changed in the last few years.

"Linux [systems] are now much more pervasive in the network, and there's a lot more data being served by Linux systems," Childers said. "It is incumbent upon companies to make sure that all their data is secured at all times, no matter what system is serving it."

During the past year, Red Hat has expanded its portfolio of security software with the availability of SELinux in Red Hat Enterprise Linux v. 4, Red Hat Directory Server and Red Hat Certificate System. The new RHCSS program provides a curriculum of hands-on training courses to support these new products and services, the company said.

Professionals who take the certification course need to take only one performance-based test, Childers said. The cost for that test is $749, he said.

In contrast, Childers said, "To pass the MCSE [Microsoft Certified Systems Engineer examination], a candidate has to take seven or eight tests [at $125 per test]."

The RHCSS requires exams for participants to demonstrate enterprise security administration skills that include:

• Securing network services
• Setting up directory services and authentication, as well as single sign-on
• SELinux security policy administration
• Specializations in certificate management and in configuring firewall and VPN solutions

"Organizations are under enormous pressure to prove that they are in control of their networks and data. Leaders will look to high-value performance-based tests of competency, such as RHCE and RHCSS, to determine who is qualified for today's information assurance roles," Childers said.