#include
We're really vulnerable
Rich Nass
12/15/2008 11:52 AM EST
One of the guest speakers at the conference was Adriel Desautels, the CTO of Netragard, a company that specializes in "anti-hacking." This was a really eye-opening talk. He began by telling the folks in the room, most of whom were connected to the wireless network, how many people were connected to the network and what browsers they were running. Not a huge feat on its own, but it certainly got my attention.
Desautels went through a bunch of examples where his company was hired to figure out just how secure his clients' assets really were. And in just about every case, the answer was "not very." Most of the entries that the Netragard team made into the various internal networks were through a different channel. In some cases, it was simply deciphering the passwords of the appropriate people. In others, it was good, down-to-earth hacking that got them in. And in the most intriguing hack, the team became "friends" with the right password holders through various social networking sites to get entry into their system.
Pretty scary stuff, especially when you realize that if these guys can do it, the bad guys probably wouldn't have much more difficulty than that as well.
If you believe the Green Hills guys, the answer to all of your problems, at least where security is concerned, is to employ their Integrity operating system. And they did make a pretty good case for it. In fact, they're received the highest security rating from the National Security Agency (NSA), EAL6+. They claim to be the only OS to achieve this rating. To get this certification, they had to make the OS available to the NSA, who had about five years to poke holes in it. Apparently they couldn't, hence the certification. And the Netragard experts weren't able to hack into Integrity either. That's good enough for me.
Richard Nass is editor in chief of Embedded Systems Design magazine and editorial director of TechInsights. He can be reached at rnass@techinsights.com.
|
|
|
|
|
LArt
12/18/2008 2:55 AM EST
I am really curious how "the highest security rating from the National Security Agency (NSA), EAL6+" can protect against "social" hacking (not mention mere people stupidity and laziness)?
I expect that their OS can do this, if not then what is the point about mentioning such things before Integrity presentation.
Of course I do not think that it can be such simple strategy like FUD here (it is impossible that company with such high level of certification can do this :-/ ). I do not believe that they put some fears about "normal" and well known security concerns and then they presented "solutions" not related to previously mentioned problems e.g. "social" hacking.
Regards,
Sign in to Reply
security_first
12/24/2008 12:55 PM EST
The certified operating system enables protection against many forms of social engineering, but to be clear, the solutions typically involve more than just the secure operating system. For example, we have devised a solution to the insecurity of web transactions caused by social engineering attacks in which users click on malicious web sites (linking to fraudulent servers, causing malware to be downloaded, etc.). This solution involves the INTEGRITY kernel and a small number of secure components that run natively on INTEGRITY, while using virtualization to provide the user's expected user environment (e.g. Windows or Linux). I'm happy to discuss in more detail with folks who are interested in certified high robustness solutions to their enterprise security concerns. I can be contacted at davek@ghs.com or davek@integrityglobalsecurity.com. Hope this helps!
Sign in to Reply