Re: [ISN] New Defence Computer Keeps Hackers Out and Secret (fwd)

[Jeremy Epstein <jepstein () tis com>]

At 08:12 AM 10/19/98 -0500, ark () eltex ru wrote:
> what the hell is that thing if _not_ firewall??
> Does anybody know?

It's an interesting device...it's basically an A/B switch for the keyboard
& mosue, combined with a one-way transfer device.

In the simplest case, you use two computers (one for low, one for high).
You run your X server on the high computer, and connect the monitor to that
machine.  You connect the outputs of the A/B switch to both the low & high
machines (there are two different outputs).  On the low side, you run a
proxy X server which captures all of the requests and sends them through a
one-way devices to a proxy X client on the high side.  The proxy X client
then forwards the invocations to the ordinary X server on the high side.
The result is that you can have both low and high windows on the same
screen at the same time, but there's no way for low side clients to capture
anything from the high side.  And unlike traditional MLS solutions (such as
the CMW+ mentioned in another message in the same digest), you don't have
to rely on a lot of complex and therefore risky software.  The only things
that have to operate correctly for this to be secure are the A/B switch (a
simple mechanical device) and the one-way transfer (which is a fiber optic
cable with the high-to-low transmitter cut, if I recall).

It's clever in that clients and servers are unmodified, but you get a VERY
high degree of security, without giving up functionality.

They also have a version that uses a central server to support the low side
clients, so you don't need two computers on every desk.

> - - -- Begin forwarded message ---
>
> Forwarded From: Nicholas Charles Brawn <ncb05 () uow edu au>
>
>
> FED: NEW DEFENCE COMPUTER KEEPS HACKERS OUT AND SECRET
> 15-10-1998 06:24 
> By Max Blenkin, Defence Correspondent
>
>   CANBERRA, Oct 15 AAP - A world first computer security system aimed at
> keeping the hackers out and the secrets in while allowing Defence Force
> employees to surf the Net was today unveiled in Canberra. 
>   Called an "interactive link" the system designed by defence electronics
> firm Vision Abell allows defence personnel working on secure computer
> systems to send e-mail or even surf the highly insecure Internet, all from
> the same terminal. 
>   It was developed at the instigation of the Australian Defence Force
> based on technology developed by the Defence Science and Technology
> Organisation through its Starlight information security technology
> project. 
>   The first systems, comprising software and hardware in a modest-sized
> grey box, will be delivered to defence early next year. 
>   Vision Abell says there is no comparable system available anywhere in
> the world and it has vast commercial potential, with an expected price tag
> of several thousand dollars. 
>   Neville Middleton, Vision Abell's Canberra manager, said this was the
> first of a range of information security products stemming from the
> Starlight research. 
>   "It is a very powerful demonstration of Australia's world class
> research and the ability of Australian industry to produce world class
> products from that research," he said today. 
>   At the heart of the system is what Vision Abell calls a "data diode" 
> which allows information to travel one way but not the other. That
> effectively shuts hackers out, even though the secure system remains
> connected to the Internet. 
>   Under development is another system now at concept demonstrator stage
> which allows information to be moved from a secure computer system onto
> the Internet or into another unsecure computer system. 
>   It creates an audit record, showing what information was exported and
> who did it, should any defence employee be tempted to leak information to
> the other side. 
>   DSTO research leader Brian Billard said research on information
> security started 10 years ago with a focus on defence computer security
> needs which could not be met from commercial sources. 
>   He said a consortium led by Vision Abell was chosen in 1996 to develop
> the system for military use and eventually for commercial sale. 
>   "There are a range of commercial products such as firewalls. But in a
> military environment where you are protecting secret and top secret data,
> you need something stronger," he said. 
>   "We were not seeking to re-invent operating systems but rather to
> develop limited function high security devices which can be applied to
> commercial work station or various parts of a network." 
>
> - - -o-
> Subscribe: mail majordomo () repsec com with "subscribe isn".
> Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
>
> - - -- End forwarded message ---
---------------------------------+-------------------------------------
| Jeremy Epstein                 |  E-mail: jepstein () tis com          |
| TIS Labs at Network Associates |  Voice:  +1 (703) 356-4938         |
| Northern Virginia Office       |  Fax:    +1 (703) 821-8426         |
---------------------------------+-------------------------------------