I recently attended a technology conference put together by the Green Hills Software folks. If you've followed their news recently, they are banging the security drum as hard as possible. I'll explain why in a minute.
One of the guest speakers at the conference was Adriel Desautels, the CTO of Netragard, a company that specializes in “anti-hacking.” This was a really eye-opening talk. He began by telling the folks in the room, most of whom were connected to the wireless network, how many people were connected to the network and what browsers they were running. Not a huge feat on its own, but it certainly got my attention.
Desautels went through a bunch of examples where his company was hired to figure out just how secure his clients' assets really were. And in just about every case, the answer was “not very.” Most of the entries that the Netragard team made into the various internal networks were through a different channel. In some cases, it was simply deciphering the passwords of the appropriate people. In others, it was good, down-to-earth hacking that got them in. And in the most intriguing hack, the team became “friends” with the right password holders through various social networking sites to get entry into their system.
Pretty scary stuff, especially when you realize that if these guys can do it, the bad guys probably wouldn't have much more difficulty than that as well.
If you believe the Green Hills guys, the answer to all of your problems, at least where security is concerned, is to employ their Integrity operating system. And they did make a pretty good case for it. In fact, they're received the highest security rating from the National Security Agency (NSA), EAL6+. They claim to be the only OS to achieve this rating. To get this certification, they had to make the OS available to the NSA, who had about five years to poke holes in it. Apparently they couldn't, hence the certification. And the Netragard experts weren't able to hack into Integrity either. That's good enough for me.
Richard Nass is editor in chief of Embedded Systems Design magazine and editorial director of TechInsights. He can be reached at .