The federal government is testing a new secure embedded Web server after a major general working as an assistant to the Joint Chiefs of Staff discovered the device.
The Hydra made by Bodacion Technologies of Barrington, Ill., is an unassuming black box that uses embedded technology to serve Web pages. Embedded technology means that Web server software comes installed on the device making it ready to use right out of the shipping crate. After initial configuration the Web server provides Web site visitors the content their browsers' request.
The Hydra Web server was designed with security in mind, that's why it lacks a standard operating system. Instead of the typical Linux, Unix, or Windows operating system, Bodacion's Web server uses a diminutive proprietary operating system to boost security. Millions of lines of code and millions of intimately familiar users make conventional operating systems vulnerable to sabotage and viruses. This is why the Bodacion engineers gave the Hydra a proprietary operating system.
The company is so confident that the Hydra is hack proof it is offering a $100,000 prize to anyone who can crack the Web server's security. So far more than 100,000 people have tried.
Jon Olstik, a former senior analyst with Forester Research, who now runs his own IT consulting firm out of Acton, Mass., said the lack of a well-known operating system is a good way to keep hackers out. Apache, Unix, Linux and Windows NT all have vulnerabilities, so hackers have a better chance of finding these and exploiting them, Olstik said.
"On this device you'd have no idea where to start, I think it would cause a hacker a lot of problems," added Olstik.
According to Olstik embedded devices have their advantages and disadvantages.
"The advantage is that this device can satisfy a niche application better than a general purpose server. The disadvantage is that this is a specialized device, that means you have to learn and manage a new device, it takes you out of your routine," said Olstik
Major General Michael Davidson, who recently retired from the U.S. Army, said he discovered the Hydra shortly after working as an assistant to the Joint Chiefs of Staff at the Pentagon. Davidson, who is now a Washington consultant, says that several federal agencies are performing technical tests on the Hydra.
"So far three of the participating (federal) agencies have completed the evaluation, and as I understand it, we passed," said Davidson.
Bodacion is still in the process of clearing the many checkpoints that are associated with doing business with the federal government. This includes undergoing checks for security clearances, said Davidson.
Chaos theory mathematics are the key to the Hydra's ability to generate complex random number strings that it uses for session identifications, order numbers, and customer identifications. Most standard Web servers use commercial algorithms that can be analyzed and deciphered by hackers.
According to Olstik, the mathematical technique used by the Hydra is similar to one developed at M.I.T. called Kerberos, but more complicated.
"It's kind of like Kerberos on steroids," said Olstik.
Davidson said that the one caveat to the way the Hydra generates session information is that even though it is effective against denial of service attacks, it cannot thwart bandwidth attacks.
This level of security comes at a price. The Hydra does not support Web applications written in ASP, Perl, or ColdFusion. However Bodacion does include a proprietary object oriented programming language with the Hydra.
Bodacion is hoping that its Hydra with a price of $89,950 will find a niche with government agencies, financial institutions, and e-commerce companies seeking high security for sensitive data. According to Rick Beattie Vice President of Business Development for Bodacion, customers for the unit include Internet Financial Services, Ltd, a financial services company based in the Cayman Islands, information technology-consulting firm Gilbert Information Systems of Bloomingdale, Ill. and the information technology-consulting firm Lante corp. of Chicago, Ill.
Davidson said he is working on eight to ten federal applications for the Hydra in the near future.
"From a federal standpoint being able to have secure communications network is very, very important," said Davidson.
Olstik said there might be many uses for a device like the Hydra.
"A perfect application for this would be online voting, or for corporations that want to have web based exposure but really want to protect and limit who has access to the server," said Olstik.
Dig deeper on Network Access Control