Two-headed hard drive aims for security

[Guest B1900 Mech]

http://news.com.com/2100-1001-946083.html?tag=fd_top

[Guest mikehaska]

"[The hard drive] has a read-only head and a read-write head. The Web server can only read from the drive, theoretically making it impossible for attackers to deface the site or otherwise modify data."That's a really good idea! Software firewalls and security measures can always be broken, but if it's hardware based, hacking becomes a lot more difficult.

[Guest]

almost never saw such a silly thing in my life! Is this April's fools day? The only web servers worth breaking into are those that NEED write access to perform transactions like, to stay with the spirit of the forums, an airline booking.Vince

[Guest mikehaska]

erm... what is your point?Hypothetical situation: Hackers break into UAL.com, and change the hard drive entries to read "SFO-ORD: $0.25". Now, United is selling tickets for 25 cents.Imagine if they had this hard drive. Only the webmasters and sysadmins would have access to the "write" arm of the drive. They can put or erase whatever they want from the hard drive. These computers are (presumably) not connected to the internet, so they physically cannot be hacked.The servers everyone connects to to look up flights are using the "Read" arm only. They physically cannot make the drive delete or change information. Even if a hacker tried to change the flight prices, he wouldn't be able to.Do you understand how the system works now? It is really ingenious :-)

[alastairmonk 0]

Vince,I think you miss the point about what seems to attract these hackers. The "point" to their enterprise is to cause as much havoc as possible, and is rarely based on what is "worth breaking into".

[Guest]

okay - so you've lured me into responding..... as an IT specialist I don't think I'm "missing the point" nor do I need to be told how this silly device will work.Hacking happens for many reasons, but the most damaging hacks ARE to critical systems and those DO need write access for their functioning. Understand that even hacking for the purpose of "causing havoc" is aimed at the bigger sites - no use in putting your name on, or crashing, a site that no-one ever sees.The solution to EVERY security issue is a balance between letting normal operations continue with the least amount of hassle and keeping the bad guys out. A perfectly secure system is also unworkable, and a workable system by definition insecure (that is, less than 100% secure). This disk obviously aims at breaking this balance - but it can't. There are many reasons why this drive does not increase security - but the one thing I choose to mention in a whim in my first post is that business critical webservers NEED write access, and not only in a stand-alone situation - they also NEED to communicate with other systems. So even if you would be able to protect your static web information by putting it on a read-only drive, your dynamic data (credit card information! privacy sensitive data!) would still be at risk.I can't make it any more clear than this - please don't try to convince me otherwise however well meant..... it's not worth the (dynamic!) bits on the AVSIM servers.... ;-)Vince

[gosta 0]

Hi Vince,I see your point, but wouldn't such a device be beneficial especially to big companies who rely on access to their website? If a hacker successfully manages a denial of service attack, wouldn't it be preferable to just have a bare-bones site up and running (from the 'silly' device), rather than an error message, which could drive potential customers away?Cheers,Gosta.

[Guest]

gosta, a denial of service (DoS) attack simply means flooding the connection of the server. So it doesn't matter what kind of hard disk you have, there won't be any website to show. That's explained in the news item linked above. And a DoS attack isn't even hacking since there's no actual breaking into. It's rather lame and useless really.mikehaska, you say only the webmasters would have access to the read-write head, therefore it's secure. Well, may I remind you than only webmasters are supposed to have access to websites. But that doesn't prevent hackers from gaining access. Just like this device wouldn't prevent a hacker from fooling the drive into giving him/her control of the read-write head. Point being, if a webmaster as a way of identifying himself/herself to the drive, a hacker will eventually find out how to do it as well.And like Vince said, it cannot be used on a website which requires or can get input/feedback from users. The site needs to store data somewhere. That severely limits its use to shopping sites, which are exactly the kind of sites we'd all like to see 100 % secure (who would want his/her credit card # floating around the net ?).EDIT: Just thought of a more obvious example. This AVSIM board et website. It needs to write on the server's disks constantly (what with uploads and messages). So this device would be useless, or more to the point, wouldn't change the way things are at the moment one bit.__________________________________________________________EricList of all airlines, aircraft manufacturers and aircraft types recognised by ATC:http://www.geocities.com/eric_2203/orhttp://ftp.avsim.com/library/esearch.php?D...atID=fs2002misc

[gosta 0]

Hi Eric,'a denial of service (DoS) attack simply means flooding the connection of the server. So it doesn't matter what kind of hard disk you have, there won't be any website to show. That's explained in the news item linked above. And a DoS attack isn't even hacking since there's no actual breaking into. It's rather lame and useless really.'Thanks for clearing that up - a wrong choice of words on my part... I meant an attack that actually hacks into a site.Purely from a consumer standpoint, if I go to a website and get the 'Page not Found' message, I'll probably check back a couple of times and then go elsewhere, so that company would have lost a potential customer. If, however, there was a basic site saying 'We're experiencing technical difficulties with our booking system', I'm more likely to wait until they fixed it, rather than going somewhere else straight away. I think if that can be achieved with that drive, it would be quite an attractive product for lots of businesses.Cheers,Gosta.