Networks dominate today's computing landscape and commercial technical protection is lagging behind attack technology. As a result, protection program success depends more on prudent management decisions than on the selection of technical safeguards. Managing Network Security takes a management view of protection and seeks to reconcile the need for security with the limitations of technology.
Back in the early 1990s, Pete Radati of CyberSoft was selling systems with read- only hard disks that performed all of the functions of modern servers while keeping the content of the system read only. For things like e-commerce, the systems used WORM (Write Once Read Many) drives, and they did a great job of eliminating many of the problems we see with corruptions in systems. Pete wasn't probably the first person to do this. Write-locked disks existed since the beginning of computer disks and just became harder to do in the last 10 years because the IDE manufacturers decided they didn't want to do it. On our old PDP 6 we had read only media, and there were write locks on the 360s back in the 60s. Push the button and the disk writes no more.
Yes, we have made a lot of progress since then, but most of the progress in computer security doesn't seem to me to have been in the right direction. We have gone faster and further, but we have not gone safer and surer.Fortunately, there are still technologies around that can do a fine job of keeping lots of things secure. One of those technologies is write-locked media, and these days that means CDs.
I like CDs. Ever since the day a few years back when I got a CD writer, I started using them for all sorts of useful things. I think the first application was to be able to send people a few hundred megabytes for a few dollars of hardware costs by mail. The problem with sending this before was that I needed to send a tape, which would be incompatible and hard to use, or a disk, which has the same problems. CDs offer a relatively universal media. Almost every modern computer can read a CD, CDs are reasonably reliable, withstand a good temperature range during transport, are thin and light and inexpensive to make.
Shortly after this I started to use CDs for backups. The old tapes just kept changing too often. The manufacturers came out with new tape drives so often that they lifetime of a drive was only a year or so on the market. My drives lasted longer, but once you cannot replace them or buy tapes that work in them, they become pretty useless. IF you should ever have a tape drive failure you are in big trouble because you cannot get another drive that will read your tapes. This drives up costs and inconvenience. The only options left are disk to disk backups and disk to CDs or DVDs.
Disk to disk does great and I do use it - but ultimately, in order to be really effective, backups have to be separate and different. Separate because, as an example, a fire will burn both copies, and different to avoid common mode failures. Disk to DVDs just don't cut it yet. DVDs are not simple or inexpensive to use, they are changing rapidly, the drives cost more, and not all systems have them. CDs are essentially universal.
There is another problem with CDs for backups. They don't last that long. After a year or two they tend to lose data just as tapes and other media do. That means that old backups are not as likely to be available in ten years as newer ones. OF course disk sizes are growing to the point where you don't have to throw all that much stuff out. In the old days every week you had to move files to backup storage just to eke out enough disk to survive, but these days you just go buy another 30 gigabytes for a hundred bucks or so. But on CDs, a gigabyte now costs only about $2 - and that includes the cost of burning it, labeling it, and putting it in a protective envelope. It's still cheaper than hard disks and, perhaps even better, it is small, not as breakable,, and it can be thrown like a Frisbee.
Bootable CD ROMs are now, finally, being used as secure web servers and firewalls, and it's about time. I long toyed with a bootable CD that had my web server's content on it. Every update takes burning a new CD from the master server, but it's not that big a deal. I now have a bootable CD that can support a web server, and it is pretty slick - particularly since I can run the secure get-only web server on it and, with a few extra (and very cheap) CD drives I can run about 2 Gigs of disk space on it. If I buy a tower and put in a spare IDE card I can support about about 6 Gigabytes of web service for under $400. It never has data loss, on a power outage it reboots in about a minute and is back up and serving web pages, it takes very little power to run, and there is no real maintenance cost. CD drives do go bad more often than hard drives, but I still like it... And the best part. If anyone ever should find a way in, it would be pretty hard for them to deface my web site...
Size counts too. Our bootable CD fits on a business card sized CD - which means that we are now starting to carry our standard computing environments in our wallets or shirt pockets. Walk up to a box, boot it from the CD, and off you go. The bootable business cards we now use include linking over the Internet to our servers and running programs and accessing data from there over encrypted IP tunnels. In the last year I have completely stopped carrying computers to conferences where I give talks. I just bring a business card sized CD in my pocket with my presentations - not just for the conference - but scores of them for all sorts of talks I have given in the past. I may even bring a sales pitch in case I run into anyone interested in it.
I am a reliability fanatic, so I have difficulty trusting my presentation to local conditions. That's why I bring two copies of the CD and a bootable CD - all business card sized - all in my shirt pocket. The presentations are stored as web pages - which means that I don't have to worry about the local version of power point or - far better in my view - star office impress (which can read and write power point and runs under Linux and Windows). If I want I can even bring Star Office along on my bootable Linux CD - but that's another issue. That gives me options: run from the CD, load from the Internet copy, run from the backup CD, boot my own CD and run from my own OS. The only problem comes when nobody at the conference brings a computer. Of course these days my palm computer has a VGA interface and, yes, my IPAQ runs Linux. But back to the subject at hand...
The concept is a natural one and one that has not been lost on some in the security industry. On our bootable CD we include a firewall capability - you can choose from any of 5 levels of protection - from everything open to the bad guys can't tell there is a computer there. There is now a commercial firewall product that runs from a CD, no hard disk involved. Configuration is loaded on the floppy disk, which you write lock except when changing it. I think we will offer the same service - it should only take an hour or two to rig it. In the next year I expect that you will see at least 3 CD-based firewall products come out. They work great, they are reliable and inexpensive, they cannot be altered, and they reboot in about a minute.
How good is a CD-based firewall? It's just as good as the one on your hard disk in terms of its functions and security features - except for one thing... it's better because it cannot be modified by the bad guys. That doesn't make it perfect of course. It still has all the flaws and limitations of your other firewalls, except that it is less expensive, boots faster, and it is less susceptible to power failures and other corruptions.
As I look over my current setup, I see lots of high energy usage, UPS backed up, hard disk toting computers, almost none of which change very often. It is my server farm and it serves me well, but ultimately, I would trade it all for smaller, more efficient, more reliable, and easier to protect versions. And I intend to. The next generation in my order book will have lots more CDs and a lot fewer hard disks - or perhaps DVD writers will drop in price. Or there is the new write once media that is supposed to be coming out this summer... 60 Gigs on a CD-sized disk... I can dream can't I?
All of these features of CDs are really slick, and so much the slicker because I got to work with folks who implemented them. Garrett Gee came up with the PLAC disk - Portable Linux Auditing CD and it is a real nifty piece of CD-based technology. And we are working on all sorts of slick extensions. And there is competition in the market for these things. Besides the LinuxCare Free CD, there is also a SuSE Linux CD firewall, and I expect that others will be coming soon.
These CDs are really handy items. They are good for doing forensics, for auditing functions, and for all manner of systems maintenance functions as well. These days I have put the HAshkeeper database online over the Internet so you can do an MD5 checksum of a file and check it against known distributions. In the near future, this will be integrated with bootable CDs so you can use the Internet to store all the databases and use the bootable CD to check your systems for what software is present or absent, to verify configuration information, and so forth.
In fact, we have been using the bootable CDs for some months now to do repeatable networking experiments. We do disk images of hard disks over the Internet and reload the systems to identical initial states using the bootable CDs and 100baseT Ethernets. We are starting to use this to distribute standard configurations and to do server setup backups and restores. One of the most recent innovations, and I think it's a great one, is the ability to boot from the CD and have the CD pop out while the booted operating environment continues to work...
Now if you think about this, it is a really interesting technology innovation. I can boot a system from a CD, the CD pops out in less than a minute, and my operating environment is up and able to copy the entire system contents over the Internet. From an efficiency standpoint this is excellent. I can start my processes and walk to the next system. In an hour I can cover 60 systems... But what if I am not a good guy?
It turns out that this CD technology is a two-edged sword. With very little effort, I can walk through a site and, in about a minute per system, I can arrange for those systems to ship out their most vital contents - selectively - to my remote sites. When they are done, the systems will reboot with the only noticeable side effect being a system reboot. No other records of the process will be left in the systems and, if I am a bit cleaver, I can arrange for the exfiltrated data to go over covert channels - using the same methods as the antivirus industry uses to do their remote updates...
If this seems scary, you need to put it in perspective. Without physical access, I could do almost the same thing with a virus - as others have already done. But it's still worthy of note that the efficiency of such technologies leads to smaller and smaller packages presenting more and more potential dangers. Did I mention the 1 gigabyte mini disk - it fits in a digital camera film mini-PC card slot...
Read only media is an oldie but a goodie. When properly applied it is a very cost effective security solution, and when improperly applied, it represents a serious threat to your security.
In the case of CD ROMs I think they are a net gain for security and I have increased my use of them for a wide range of purposes.
About The Author:
Fred Cohen is thinking inside a bigger box as a Principal Member of Technical Staff at Sandia National Laboratories, helping clients meet their information protection needs at Fred Cohen and Associates, and educating defenders over-the-Internet on all aspects of information protection at the University of New Haven. He can be reached by sending email to fred at all.net or visiting http://all.net/