Data Centers

Lock IT Down: HYDRA Web server claims to be invulnerable

Learn about Bodacions invulnerable Web server


What would you say in response to a company’s claim that it has developed a Web server that is impervious to hacker intrusion attempts? Bodacion Technologies says it's done just that. It designed its HYDRA server around a number of key security measures that it claims can thwart hacker intrusions, viruses, DoS attacks, and other security threats.

If Bodacion’s ultrasecure Web server is all it claims, it could be the Web security solution companies have been searching for. A look at the features and technologies that make HYDRA secure may help you decide whether it could be an effective solution for your network.

What is HYDRA?
HYDRA is a Web server that combines hardware and software to improve reliability and security. Instead of relying on an operating system like Windows, HYDRA is an embedded system that runs on a kernel. Bodacion compares HYDRA to the systems used in pacemakers and flight control systems and says that because the embedded software is far smaller and less complex than the operating systems running PC servers, it is much more reliable and secure. Bodacion says its best fit is in enterprises that require a high level of reliability, availability, and security.

But HYDRA isn't a server appliance that performs a specialized task. It can serve a number of functions, and it comes with Java and Genesis (a small object-oriented programming language) so users can program it to run the applications they need.

Given the current reliance on systems running operating systems such as Windows, Linux, and UNIX—all of which have their own issues and vulnerabilities—HYDRA represents an alternative to the current way of thinking and may give net admins a way to neatly avoid having to deal with OS vulnerabilities.

Security measures
Two components account for HYDRA’s security: a complex encryption algorithm and an embedded system approach. Bodacion offered $100,000 to anyone who could crack the algorithm. During the 60-day period the contest was held, hundreds of thousands of participants attempted to break the code, but no one was able to decipher any of the sequences generated by HYDRA’s algorithm.

The mathematics behind the system enables HYDRA to generate unique passwords and session IDs that are difficult, if not impossible, to guess. According to Bodacion, the characters generated by the system repeat only once in about every 100 years.

The other part of the system that helps security is the lack of an OS. Because of the complexity of existing operating systems, ferreting out all of the vulnerabilities and bugs that open the systems to attack presents a huge—almost insurmountable—obstacle. Does anybody really believe that Microsoft will eliminate all of the bugs in Windows that make it a prime target for hackers?

It sounds like a Dilbertesque approach to securing a Web server, but Bodacion’s idea is simple: by removing the OS, you remove the vulnerabilities. HYDRA's embedded system is smaller and less complex and inherently easier to secure. Embedded systems are used in many common electronics, from microwave ovens to cell phones, and are considered difficult to hack. Without an OS to take control of or exploit, hackers can’t break into the system.

Bodacion says that because HYDRA doesn’t have an OS, there's no need for antivirus software and firewalls. Not only that, the company claims that HYDRA is more secure than firewalls anyway. Hackers can launch attacks by taking advantage of the traffic allowed through a firewall, whereas HYDRA offers nothing for the hacker to break into—eliminating the threat of intrusion.

Eliminating the OS is a novel concept, and many may be slow to warm to it. After all, we’ve come to rely on operating systems like Windows because of their ease of use. But although Windows' user-friendly default settings simplify setup, they also leave many openings hackers can use to their advantage.

Other features and advantages
Bodacion claims that in addition to being invulnerable, HYDRA offers high reliability, again due mainly to the embedded system. Think about the problems that typically cause a Web server to fail. Applications fail, operating systems fail, and server hardware fails. Bodacion says that HYDRA is far more reliable than the typical server because it doesn’t run any applications or a traditional OS. The elimination of the most typical points of failure could result in big improvements.

The performance issue is also key. Embedded systems typically perform better than systems running operating systems, which consume lots of hardware resources. Bodacion says that HYDRA’s multithreaded architecture is designed for efficient performance and can process multiple requests at once. The company claims that HYDRA’s performance with a single processor rivals that of multiple dual-processor servers running complex operating systems.

If Bodacion is right about what HYDRA can do, all this translates into improved availability and customer satisfaction, which speaks directly to company success. Marketing boasts aside, HYDRA is HTTP 1.1 compliant and can be used as a Web server out of the box because the necessary software is embedded into the system. Users upload content to HYDRA via FTP and configure the system via a Web browser interface. The administrator can also use the Web interface to set access permissions to secure HYDRA’s configuration.

Money matters
So now the big question is, how much does the HYDRA cost? The price for a single HYDRA is $120,000, which includes installation. Bodacion says that HYDRA is targeted to mid- to large-enterprises. The company is particularly targeting financial institutions as enterprises that can immensely benefit from HYDRA because of their need for supreme security and high reliability.

The price tag may be a bit high, but you also have to consider the costs HYDRA could potentially eliminate. If Bodacion’s claims about the product's security are true, HYDRA could reduce some of the costs associated with antivirus software, firewalls, and other appliances that companies install to secure their Web servers. Costs associated with downtime and administrative tasks could also be reduced, so HYDRA’s ROI may take some of the edge off the high price tag. It all comes down to how much companies are willing and able to pay for security and reliability.

If you’re in the market for a secure Web server and high price tags don’t scare you, you should see what HYDRA has to offer. At the very least, it introduces a new way of thinking about Web servers and how to secure them.

Editor's Picks