by Indrajit Majumdar
Firstly, there is nothing called "Hacker Free Computer Environment" in the context of any Operating System (OS) in use today. This however, does not imply that it is totally inconceivable to make our defence servers and other services hacker free. With the growing number of such incidences of Cyberwarfare / Cyberterrorism and the increasing challenges posed by innovations in convergence, keeping the network alive can be possible only with very stringent security measures designed, implemented and deployed. Any specific requirement for limiting access to services should be deliverable as part of a security policy and should address till-date and forecasted attacks
We will discuss three methods of making a client computer or server hack free which also includes the currently work-in-progress C-DAC/DRDO anti-hacking program, the remaining two are purely concepts of the authors.
The C-DAC/DRDO Anti-Hacking Program:
C-DAC an affiliated lab of DRDO has initiated a plan to develop a fully indigenous Indian OS in mid 2010 involving government institutes, agencies and the academia. The construct was to develop a new operating system (both client and server variants) from scratch which would remain immune and free from malicious activities. The highly active international hacker community have been penetrating and infesting India’s state owned servers and other quasi-government systems rather frequently in the the past few years. The estimation was to keep the API, compilers, intranet protocols, algorithims and standards of the OS secret in the notion that the hackers will not be able to penetrate the OS and run encrypted viruses, polymorphic or metamorphic code or other Trojans/Worms since the environment will be on a proprietary domain. This would keep the government systems insusceptible to malicious attacks unlike in other popular operating systems like Windows, iOS/Mac OS, UNIX, Linux or other such OS variants.
The new environment will also ward off typical approaches in attacks on connected system visible outside the intranet using network enumeration (discovering information about the intended target), vulnerability analysis (identifying potential ways of attack) and exploitation (attempting to compromise the system by employing the vulnerabilities found through vulnerability analysis). The new environment will be resistant to virus, exposure scanning, brute force attacks, password cracking, packet analysis, spoofing, root-kit infiltration, Trojans & worms and keystroke logging.
Development, testing and implementation is planned to be completed within the next two years. Testing phase will involve implementation of new network technologies and protocols. C-DAC drawing from its large pool of resources and skill sets has developed a full-duplex grid computing high speed, high bandwidth low latency network for the PARAM series of super computers called PARAMnet. The technology involves non-blocking crossbar based architecture at 2.5 Gbps full duplex bandwidth per port and distributed schedulers, the added advantage of this system enables to configure the existing protocol for any network topology. However, this exclusive technology can be scaled and modified to meet the specific security requirements.
The First Concept:
This author’s first concept involves the development of an independent Internet Protocol architecture. Let’s call it the X-Net to avoid any confusion with the current INTERNET conformation which the world is currently using of now.
The X-Net system should be a hierarchical network divided into three basic layers - Core (Level 1), Distribution (Level 2), and Target (End-User Level). Depending on the type of connectivity required by the users, geographical presence and location, connectivity should be provided across the country. It should use a consortium of bandwidth providers since no single vendor has the geographical spread necessary for creating a pan India network and connecting under served areas, the interface and feature set should be in conformance with the new design.
The design proposal is as follows:
- Develop a System Area Network that provides high bandwidth, low latency communication. This design is normally used to interconnect nodes within a distributed computer system, such as a cluster. These systems are members of a common administrative domain and are usually within close physical proximity. Development should also include seamless inter-connectivity and data transmission with connecting protocols and algorithms, drivers, applications, industry grade & open source components, high-performance interface cards and high-speed scalable hubs, switches and application services for clients.
- It should have very low error rates and it must scale under load.
- Compatible and maturational browsers and server software that recognizes the protocols and standards.
- Hardware which can implement these protocols and standards.
- Wireless connectivity technology on the X-Net system will need the allocation of separate bandwidth frequencies, accompanied with new wireless hardware and software standards.
- Incorporate encryption technology with new military strength algorithms with future proofing.
- Keep the technology away from prying eyes by making the configuration intentionally incompatible and not connectible to the Internet.
- Segregating the domain into a dual model which enables private or privilege access of sensitive and public domain access for the general public who can access data which is not sensitive in nature.
The Second Concept:
This is the most simple, most cost-effective, most easy and most secure idea of anti-hacking process which can be implemented. The solution: Abstain from connecting any storage of sensitive data on the public domain or any network. Store sensitive data in offline storage systems. The work computers used for the purpose of research and development purposes should be offline.
(Indrajit Majumdar is an avid Defence and Space enthusiast and this piece was written by him exclusively for Defence Guru India)