Hardened OSes Boost E-commerce Security

With businesses, organizations, and government agencies exploiting

interactive Web-based technology to deliver online services to

employees, customers, and suppliers, Web servers have become the pivot

point that connects authorized users to databases and internal network

applications. Unfortunately, Web server architectures are exceedingly

susceptible to security attacks, especially those Web server

architectures that are built on universal OSes.

Intrusion detection systems and firewalls do not adequately reduce the

security hazards presented by applications that implement dynamic

content or transaction services. Firewalls impart basic protection for

services such as FTP and SMTP, but they were not designed to protect

hosted applications. In addition, firewalls offer little security

against manipulations of HTTP traffic.

Nor were intrusion detection tools designed to address Web server

security issues. Although most security measures are based on a

reactive model to electronic hostilities, companies can take proactive

measures to secure their applications against attacks.

Trusted operating systems

Enter the resurrection of the TOS (trusted operating system), a relic

from the early '80s developed for military and government security.

Considered by many to be too expensive and complicated to implement and

maintain, TOSes failed to catch on when introduced to the commercial

sector and instead were pigeonholed into the financial industry. With

today's corporate Web servers serving as the gateway to mission-

critical e-business applications and information, however, IT

departments should take a hard look at the new generation of TOSes.

View illustration, "Compartmentalization is the key."

A TOS is simply a security-hardened version of a standard OS. TOSes

come in a variety of flavors, including Sun Solaris, Hewlett-Packard's

HP-UX, IBM AIX, Linux, and Microsoft Windows NT. Trusted versions of

these operating systems isolate key OS functions into separate

compartments, limiting the ability of intruders to access and control

critical parts of a computer system, as well as preventing

administrators from making inadvertent, harmful changes.

Naturally, TOSes cost more than their standard OS counterparts, and

they are more difficult to administer. But because they provide a level

of protection beyond firewalls and intrusion detection systems, they

are suitable for e-commerce systems that are key to your business and

its relationships with customers and business partners.

Then and now

Early TOSes were marketed entirely in the government arena. Designed to

solve military problems associated with information auditing, these

systems were rigid and nearly impossible to integrate with commercial

applications. However, the need for secure e-commerce has ushered in a

new generation of TOS products, such as Argus Systems' PitBull and

Hewlett-Packard's WebEnforcer, which are more intuitive and easier to

integrate into commercial applications that were not designed for use

in an extended security environment.

Another stumbling block for first-generation TOSes was the cost

associated with having one. Only large financial institutions that

required rock-solid security had the resources to buy and support

trusted systems.

But modern TOSes won't necessarily break your budget. Argus Systems'

PitBull, a security add-on available for Solaris, AIX, and Linux

systems, starts at $5,000 for a single-processor system; $50,000 buys

an enterprise edition. Hewlett-Packard's VirtualVault, a trusted Web

server platform built on a hardened version of HP-UX, starts at

$15,000; but HP's WebEnforcer software, which monitors Windows NT

servers and plugs security holes, runs $3,000 per server. The most

economical of all the TOS products on the market is WatchGuard

Technologies' WatchGuard ServerLock, which hardens Windows NT and

Windows 2000 servers and costs just $1,295 per server.

TOS vendors are continually improving their products' ease of use via

wizards, knowledge base updates, and professional services to help

speed adoption of the technology. Security measures will continue to

evolve, but compartmentalization will always be the core feature of a

TOS.

Nuts and bolts

TOSes are based around the idea of compartmentalizing information. This

functionality also applies to subsystems. For example, because most

ASPs (application service providers) service multiple clients on a

single back-end network, entry can be gained to all clients via the

application level. With a TOS, ASPs can isolate individual clients,

guaranteeing that if security was breached through one customer, no

others would be affected.

Off-the-shelf operating systems typically provide a single

administrator or superuser account with complete access to the entire

system. A TOS takes stock of all the OS services that users may need to

access and isolates them into individual compartments, providing

separate administrative accounts for each. For example, an

administrator may have the access necessary to perform backups but not

be able to add or delete other users or alter applications. Other

administrators -- or at least separate administrator log-ins and

passwords -- would be required for these functions.

The concept of compartmentalization also pertains to networks. With a

TOS, a user who enters a private network via the Internet could be

placed in a compartment that would never allow access to any

administrative commands. If the same user entered via a VPN or an

internal network, then the user may be allowed to access administrative

functions, depending on the criteria set for access. Authorization for

administrative access or for system changes to be implemented can be

based on conditions other than traditional user authentication. Today's

generation of TOSes also applies the theory that, when a system is

operational, absolutely no changes can be made that could undermine the

stability of services.

Because TOSes impose security restrictions at the operating-system

level -- where access to applications, files, network interfaces, and

other system resources is granted -- they guard against attacks that

firewalls and intrusion detection systems can't prevent. If your

business depends on secure Web applications, a TOS could help

management and IT staff rest a little easier.

What’s wrong? The new clean desk test
Join the discussion
Be the first to comment on this article. Our Commenting Policies