In response to a previous article on Bodacion Technologies' HYDRA Web server, which the company touts as invulnerable to attack, TechRepublic members expressed doubts that it's as secure as Bodacion claims. They also brought up concerns about its compatibility and viability as a practical solution.
Members pointed out that a secure Web server isn’t the final solution to network security. They argued that the Web server, regardless of how secure, is only one piece of the puzzle and doesn’t resolve all the issues. Couple that with the HYDRA’s big price tag, and the secure server is being met by a chilly reception from many administrators.
We contacted Bodacion cofounder Erik Uner and asked him to respond to concerns about possible vulnerabilities in HYDRA. In the process, he clarified the purpose that HYDRA actually serves and explained in greater detail the nature of its embedded system. He also briefly addressed the compatibility of the system.
Uner said we shouldn't think of HYDRA as simply an Internet appliance because it actually functions differently—largely because of the embedded OS—and because it includes security features that account for many of the concerns readers expressed.
How vulnerable is invulnerable?
In spite of Bodacion claims about HYDRA’s inherent security, many members said that the manner in which HYDRA is administered represents potential vulnerabilities.
Member Vermont Geek wrote, “Why use an insecure protocol like FTP that sends passwords in the clear to update a secure Web server?”
Other members agreed with this assessment that FTP represented a possible vulnerability.
“I can’t imagine that this box would be much more secure than, say, a well-configured OpenBSD server,” another member said.
Bodacion claims the FTP component is secure because it employs a one-time password mechanism and because of the rigorous algorithm used to generate passwords, it is highly unlikely than any passwords would ever be duplicated and thus introduce a possible exploit.
Another issue to consider, members pointed out, is that faulty programming can also introduce vulnerabilities. Since HYDRA ships with Java and Genesis to enable users to program applications to run on the server, it opens the door for the development of errors that could result in security issues. If organizations must rely on their own development teams to program applications for HYDRA, vulnerabilities could be introduced through the applications themselves.
“You can bet your bippy that a password can be cracked and the server compromised when there is the inability of Web programmers to program encryption from the Web server to the databases,” The Admiral said.
Member n-crypt agreed that programming was a possible weak spot in HYDRA, saying, “It is a well-known fact that most programmers strive for functionality and on-time delivery, not security.” N-crypt said that errors in programming could be exploited, adding that although HYDRA represents a step in the right direction, it’s not the end-all solution that Bodacion seems to be touting.
And even if HYDRA itself is secure, another member pointed out, one has to take other pieces of the network to which it connects into consideration.
“No Web server is an island. What about the DNS box that points to it? What about the content container that uploads to it?”
It’s clear from these responses that members have more than a few questions about how HYDRA implements a practical security solution.
HYDRA is a different animal
Bodacion's Uner said that some of the skepticism about HYDRA results from a misunderstanding about what it really is—and isn't. It is not, he said, what we typically think of as an Internet appliance, a server with a traditional OS that simply lacks a keyboard and monitor. Instead, HYDRA is a true embedded system that is free of the vulnerabilities of typical Internet appliances. HYDRA runs a nanokernel that integrates the OS, drivers, and applications.
“In fact,” he said, “HYDRA has more in common with a 747 than it does with an Internet appliance.”
As members pointed out, however, the embedded system itself doesn’t necessarily make HYDRA invulnerable. Although Uner agreed that this is true, he added that HYDRA takes extra steps to improve security.
“HYDRA takes full advantage of its embedded architecture by implementing internal checksumming of cached content, ciphering of RAM content, digital signatures on the software image, and many more features that are difficult or impossible to implement with a traditional OS.”
According to Uner, all of this makes HYDRA much more secure than a server running a traditional OS or even an embedded version of most operating systems. He said that this also addresses many of the concerns about application layer security issues, but he also acknowledged that a thorough review process was necessary to remove application flaws.
Even if programming does introduce vulnerabilities, HYDRA can account for such issues to some degree because it has built-in protection to prevent flaws from being exploited.
“For example, if a developer wrote an application that accidentally attempted to write to a sensitive area of memory (for example, due to a buffer overrun), the checksums and boundary protection mechanisms would detect unauthorized access to that sensitive data.”
These features, Uner said, protect developers from their own mistakes as well as shield the system from hacker attacks.
Uner also addressed concerns about indirect attacks on HYDRA via external applications and its links to other devices on the network. He said that HYDRA incorporates safety mechanisms to handle many possible exploits along these lines.
For instance, in response to the concern about attacks on the DNS server, Uner said, “HYDRA's PKI implementation prevents a DNS spoofing attack that would make another machine able to pretend it's the HYDRA.”
He pointed out that other features also serve to secure external applications.
“FTP over SSL and separate physical interfaces for administration, HTTP(S), FTP(S), and other services also allow for a very secure configuration that prevents network snooping.”
Even though, as one member noted, the Web server is not isolated, Uner said that its various security features take this into account to help guard against other network attacks.
Security wasn’t the only issue about which members had questions. Many also wondered about the compatibility of the system and whether it could interact with databases.
Member George Fernandez questioned the value of an essentially proprietary system running a proprietary programming language. He compared HYDRA to the closed systems of the past.
Uner said that although compatibility would have to be assessed on a case-by-case basis, HYDRA is compatible with a vast array of programs and hardware. He added that HYDRA is “capable of serving dynamic content from commercial databases (primarily via JDBC) and delivering JSP pages or servlets (via Tomcat) as well as any static content.”
According to Uner, although compatibility is a possible concern, Bodacion has covered enough of the bases to make HYDRA work with many database systems currently in use.
Perhaps HYDRA isn’t necessarily a cure-all for network security, but it represents an important step and a possible new spin on the current approach that many organizations are taking.
As member Jose Mir pointed out, we should embrace new ways of thinking that reduce the risks of communicating and doing business over the Internet. Mir believes that HYDRA offers a number of advantages over traditional systems that are at least worth considering.
The one issue Uner did not address but that weighs heavily as a crucial consideration is the price tag. Unless organizations see a quantifiable return on the investment in HYDRA, only larger organizations will likely be willing and able to take the financial risk of purchasing the system. This could be the biggest hurdle HYDRA must clear in being accepted as a viable solution.
As a footnote to his arguments about HYDRA’s security, Uner said that many of Bodacion’s boastful claims are being verified.
“We have recently completed a demonstration orchestrated by the Department of Defense where several agencies took a HYDRA and validated our more audacious claims (for example, virus proof, self healing, safe from hackers). We also have obtained multiple FIPS certificates and are undergoing Common Criteria evaluation.”
Regardless of the skepticism about HYDRA’s invulnerability, Bodacion Technologies is willing to stand behind its claims and put HYDRA to the test. So the question that remains is whether organizations are willing to pay the price to test it on their own networks.