You Want That Box 100 Percent Secure? Take It Off the Network

It's advice about as old as the practice of computer security.

Its advice about as old as the practice of computer security. Though typically offered as a sarcastic comment on the impossibility of "100 percent security," it does represent a recognition of the primary source of security problems: the network connection.

I know—its counterintuitive. Almost all of the hype and technological development of the past few years have focused on ways to increase network interactivity. And common business wisdom is that Internet accessibility is a "must-have" element in any and all new functionality. However, it is possible to physically isolate a trusted network from untrusted networks, like the Internet, without completely cutting off the trusted network. The trick is to interpose an agent between the two that can filter out unnecessary, sensitive or potentially dangerous data, and shuttle the remainder across the "air gap."

From a technical perspective, the simplest way to implement that strategy is to force human users to serve in that intermediary role. The basic approach is to construct a single internal network with access to the public Internet and one or more internal networks that have no physical connection, either to the first network or the outside world. Human users are given a separate machine for each network to which they have legitimate access. Resources on both networks are thus available to the user, but sensitive data cannot be transferred between them without direct and extensive local human intervention.

Awkward as it may sound, government agencies have used that method widely for years to protect classified systems. And while attacks on public government Web sites are a regular occurrence, successful breaches of classified government networks are most decidedly not. Although not yet popular in the private sector, that approach no longer requires the resources of the federal treasury; falling hardware prices have brought it well within reach of most businesses.

Indeed, until recently, hardware vendor Voltaire offered a PCI card specifically designed to help implement that kind of air gap by eliminating the need for multiple machines. The card effectively split a single box into two separate virtual systems, each with its own disk partition and network interface. Unfortunately, the hardware required a full reboot to switch between virtual systems. On Jan. 31, 2000, software vendor VMWare announced a partnership with the National Security Agency to develop a similar technique, relying entirely on software emulation to create the virtual systems.

That approach is not for everyone. It requires a savvy user base, and it is incompatible with many ASP and other Web-based software solutions. It forecloses the possibility of legitimate remote access to secured resources via dial-up or VPN. And it provides little or no protection for sensitive transactions on the Internet. For the seriously security minded, though, it does deserve serious consideration.