Software emulation firm VMware announced it has teamed up with researchers at the National Security Agency to create a nearly crack-proof computer that can place sensitive data in virtual vaults inside the
PC.
The concept, assuming it works, would streamline the methods intelligence
agencies use to manage data. At present, the NSA--the military surveillance
arm of the United States intelligence community--physically separates
networks carrying data of a particular classification. For example, top-secret data might be kept on a different computer than data classified merely as sensitive material. Sometimes, for workers to have access to the information
they need, up to six different computers can be on a single desk.
That type of security is called--in typical intelligence community
jargon--an "air gap." It works, but its days could be numbered, said Ed
Bugnion, founder and manager of research and development for Palo Alto,
Calif.-based VMware.
"I believe we have a solution out there that provides security comparable to
having multiple computers," he said.
Called "NetTop," VMware's answer would turn each computer into a number of virtual PCs running on a Linux computer that would sit on each worker's desk. The security system would erect supposedly impenetrable, but virtual, walls between public data and more sensitive information on the same computer.
If successful, the project could mean huge cost savings and convenience for
the NSA and other security-conscious government agencies by eliminating one
or more computers--and a variety of network components--cluttering desktops
at the agency.
Paul Pittelli, director of information assurance research at the NSA, said
the move is part of the agency's new emphasis on saving money through the
use of commercial software.
"Users in the national security community have an increasing need for
commercial off-the-shelf software," he said in a statement. "We currently
require them to use different computers for different applications." That,
Pittelli said, will stop if efforts like NetTop succeed.
VMware's plan is to use an offshoot of the company's current virtual machine
technology that allows Linux users to install and run Windows or any other
PC-based operating system on top of Linux.
The reason the company believes it can succeed is because it doesn't emulate
the software but the hardware underneath.
"Java needs a proprietary environment to run," said VMware's Bugnion. "We
can run arbitrary operating systems within the PC." Last year, the company
also released a version of its software that runs on Windows NT and 2000,
enabling users to run Linux (or any other operating system) in a virtual
machine on top of Windows.
NetTop will run on top of a more secure distribution of Linux that the NSA
has developed and an initial version of which it released in December 2000.
While nothing is certain in security, Fred Cohen, the University of New
Haven's professor of digital forensics investigation, said VMware's idea
seems to be a good one.
"It makes sense," he said, adding that "the current VMware technology is not
up to a level of assurance necessary for this."
To make Linux secure, Cohen said, better handling of various access levels--essentially,
the ability to classify data for various secrecy ratings--needs to be added.
But Cohen agreed the decision to run the VMware technology on top of Linux,
not Windows, is key to a government agency like the NSA.
In a nod to the open-source community, he said that--for the NSA's
purposes--seeing the source code and testing its security is extremely
important.
"You wouldn't want to do it on Windows NT, because you know nothing about
what is going on inside NT," he said.
Interesting article discussing how to best security the desktop with the NetTop software. Is there a need for security on the VMware ESX servers and is there a NetTop for the VMware servers?
There is a tremendous amount of activity with companies moving to VMware ESX, but when consolidating their servers they do not move their security to the internal network running inside the Vmware ESX. In the old days protecting the network with a firewall was the rage and security inside the network was not mentioned. Today driving security deeper into the network is all you hear about. Should we be driving the security into the virtual world as well. Just protecting the VMware server externally would be like just putting a firwall on the perimeter? How do I best protect a VMware ESX server?
Web giant is spending $120 million to beef up its Mountain View, Calif., headquarters, according to filings with the city reviewed by the San Jose Mercury News.
The Samsung Galaxy Mini 2 S6500 could make its debut at the Mobile World Congress in Barcelona later this month, according to a leaked promotional image.
MIT creates a simulation to celebrate the 50th anniversary of Spacewar. A relic of the early days of minicomputers, it was one of the first computer video games and set the stage for many others, including Asteroids.
on top of a more secure distribution of Linux that the NSA
has developed and an initial version of which it released in December 2000.
There is a tremendous amount of activity with companies moving to VMware ESX, but when consolidating their servers they do not move their security to the internal network running inside the Vmware ESX. In the old days protecting the network with a firewall was the rage and security inside the network was not mentioned. Today driving security deeper into the network is all you hear about. Should we be driving the security into the virtual world as well. Just protecting the VMware server externally would be like just putting a firwall on the perimeter? How do I best protect a VMware ESX server?