Security servers consideration
(text not been reviewed) One of the first considerations in a security system is the human fator, as, unfortunately, many people are corrupted by a certain price. There is no point having the safest Safe if a group of people have its key.
In our technology society, the safe’s contents are data, in a set of computers the security is not based on bunkers, steel doors or impenetrable buildings with armed guards… This is part of Hollywood movies like ‘Mission Impossible’ or James Bond movies.
A Security System has to cover at least one of the set policies:
- The Operating System
- The Encryption System
- The apps used to handle data
- The database
- The programming language
- The user interface
- The automatic backup system and disaster recovery
Analyzing these basic directives:
1. The Operating System:
An operating system must be safe, and between the a range of existing operating system:
Proprietary Software: VMS, OSVS, MVS, used by banks, that uses Mainframes, as data depository.
These operating systems, must of if from the 70th and 90th (20 to 30 years ago), are extremely safe for a simple reason of being system Isolated and accessible to an extremely small number of people that can be audited and controlled. This is a small number of people, none of them have knowledge or access to the entire system.
AIX, Solaris, BSD, Linux, also used in large corporations like Banks, Insurance Companies… as main data depository as for its reliability or for its difficulty to improper access due to the number of people with knowledge about these system, reducing dramatically the chances of invasion of fraud.
Desktop systems: Windows, Linux, used by the end customer and as Front-End of access to central computers that run on UNIX or Proprietary systems.
Each operating system has a specific property and should be used according to the parameters which were designed, ie you must not use a mainframe to access the YouTube, as well as must not use an operating system designed for personal use to save valuable data.
Remember that the chances of a system be attacked is exponentially proportional to the number of people that access and has knowledge about it.
For a company to “sell” its product to a State, it has to have the State approval since the freedom in the 21st century is just a concept.
So it cannot be guarantee 100% that a freely sold operating system does not have a 'master key' or Backdoor that can be used by the State or by any person that has it access. This alone disqualifies any commercial off-the-shelf software.
The world is full of hacked systems, causing immeasurable losses, and in most cases we cannot identify as it was attacked… as the recent events when the US Government computers and the Bitcoin databases were attacked, they put their data on Windows based computers.
If you read the Windows license term (or any software’s license term), you will see that the manufacturer disclaims any responsibility and that you give up of your right to sue them in court.
One of the only operating system that can be used as life support are AIX and SOLARIS... and even then under certain conditions.
When it comes to preserving values, mainly third-party, a security breach for just few minutes may cost very much, both values and credibility.
This said, our position is that the operating system designed for personal computers are not suitable to preserving values, which implies that we do not recommend, for example, operating systems like Windows, since this company does not accept responsibility for losses resulted by using their products, and we still have doubts if there is not a master key (Backdoor) in any of their systems. The same can be said of Apple and Google itself.
The Proprietary Software operating system, on the other hand, offer reliability and security, but they are difficult to implement, and with a high investment only being advantageous in huge banks.
There still are UNIX operating system.
Which basically exist three namely: AIX, BSD and SOLARIS
AIX is owned and sold by IBM, which runs on a proprietary platform with security inherent to Mainframes, easy installation, low cost (compared to Mainframes), portability and security.
SOLARIS owned and sold by ORACLE, runs on a large number of platforms, famous for its virtual solutions and its ORACLE database, and its Java language, which came with the SUN purchase. These are relatively expensive products, but cheaper than an AIX+DB2. Although it has high reliability, it depends on where the platform is installed.
There are several BSD:
OPENBSD, FreeBSD, NETBSD just to name the top 3.
These are operating system ‘Open Source’, with high reliability and security.
>OPENBSD the safest of them, that reported a single possibility of attack in 30 years.
>FreeBSD, the fastest and more flexible one, which using a GBDE is the only with a NSA (American National Security Agency) certification proof. It uses ZFS as the file system which is fully portable between several architectures such as: INTEL, SPARC, ARM, PowerPC; it can be designed and audited to produce an impregnable computational structure, since it can generate unknown VPN.. and yet transfer data on the internet.
>NETBSD, the most portable one, it can run on almost any platform, but does not have the security level of the other two.
For the above reasons, our company recommends FreeBSD, running on a Telme Solutions platform with Supermicro Opteron or ARM Hardware.
Servers with high reliability and very high computing power (the above model consists of 4 processors of 16 colors each, totaling 64 colors and 1TB physical memory ECC... capacity ‘On Board’ of 6 discs 8TB totaling 24TB of memory (the disks are mirrored) and 4 network cards of 10GBits.
None of the termininal has Operating System, only a minimal system to acess the information in the central computer. Which is directly connected on the internet and provides a virtual machine (also running UNIX) to each user… not being possible to mount any device, nor upload or download any information contained in it on the internet or LAN. All communication with the system is done using IP protocol, but inside a VPN with an encrypted 4096 bits… the machines has no password and it uses the digital signature method… because it is assumed that a password is always compromised, even for just a few minutes.
The server is located in a place known by few people and is prohibited the presence of anyone in the server room, requiring two password to open the rooms door to get in the room. The server is a small table, 30cm from the floor, providing a total view of the table, the room is monitored 24 hours, and it has no furniture, chairs, or any other kind of furniture. The acess to the server is allowed only when (and IF) you need an emergency stop or maintenance stops, which is not that often. The discs are Hot Swap and it can only be removed with the machine standstill, and any attempt to start the machine without the signed discs or with signature that doesn’t match, results in a security mode boot, which only will return to ‘operation’ after confirming the new signatures. This step done by the internet from a unknown place, with a dynamic IP, through one of five authenticated computers.
The backup system and disaster recovery is implemented in another similar computer, not with much computing power, but able to maintain at least three copies of the whole system. Located in another building or room with similar levels of security, the information stored in a COLD STORAGE are not decrypted, mantaining the original security. If the central computer is eventually removed, confiscated, COLD STORAGE can be removed in minutes and be stored in a safe place for as long as necessary to implementation of another main computer. Which after restored the COLD STORAGE it can be activated via internet in minutes from anywhere by trained person. You will just need a fast internet connection and power supply. See that COLD STORAGE doesn’t have access to the internet, unless at the time of recovery, the access this can be done by an ADSL simple because the COLD STORAGE initiates a secure VPN to an address coded on it. Even if this address is “hacked” you can only activate COLD STORAGE using one of five authenticated computers. Even if one of the authenticated computer is damaged, lost or stolen, his activation password written in a paper and it is more than 20 random words that generates GPG KEY…
Copies are made using “time travel” technology that “freezes” in time the status of the entire machine and transfers this “past image” (which may be from 10 seconds ago) for COLD STORAGE. Note that, in this process, everything that is running on the machine at that time will be not affected, i.e. it will keep running normally. This procedure of “freezing time” takes less than 20 seconds for a machine with 24TB disk.
If you eventually need to travel back in time to a point saved in the past, it takes about 20 seconds. It is also done without interruption of the whole system.
The power system can either be done with a 5Kva Nobreak with external battery that, for security reasons, it isn’t stay in the room; or a 5Kva 24Volts battery and inverter pack continuously plugged on, with a spare inversor, with the same characteristics, in a compartment inside the server room.
The Operating System are totally power outage proof. In case of the batteries run out of energy, when the power comes back, the entire system returns in less than 5 minutes, ensuring the integrity of the entire data system. The system first returns to the ‘maintenance’ mode, passing to the ‘operating’ mode only after achieving all the safety requirements as described above.
2. Cryptography System
Characteristic in the UNIX operating system, with a SHA key of 512 bits followed by several protection barriers.
It works as follows:
The boot system requires a 512 bits SHA key that should be provided by the internet through a secure connection, or by an external device (Flash Drive or CD). This CD that contains the key is encrypted with one or more password, this way it is not allowed to a single person turns on the server using a single password that is not from the internet through an authenticated computer.
.Comes into a barrier system to be known
1. The place where it is located the Keys to the other sectors. This sector was allocated randomly on a disc and contains 2048 bits key that opens a parameters set that defines the disk geometry.
2. The máster key barrier decryption (1). With this key, once decrypted (which can take a long time), it allows to access the encryption key of disk blocks.
3. For each disk sector is created a MD5, whose value is combined with the key sector plus the key mentioned above (1). This MD5 is used to encode the key, along with the sector address, produces the encryption key of that sector.
4. With the encryption key (3) it is encrypted the content that will drive the disk sector in AES 128 bits format.
3. As prior explained (2), this means that there is a different encryption key for each disk sector. What, in a 24TB disk, may contain 48,000,000,000,000,000 sectors, each encrypted with a different key. What makes the system to brute-force encode proof. Suppose it takes 10 minutes, using a Super-computer, to break any key to decode the server, it would take about 2.4T minutes, i.e. thousands of years.
4. In case of any attempt to break one of main Keys, the system will not boot without the two Keys and, once started, it needs the internet and one authenticated computer. This would take many hour, enough time to warn the responsibles for the authentication computers. Revoking the main keys, destroying all the information contained in the server.
5. The system can then, in a few hours, be restored from the COLD STORAGE, anywhere on the internet. As the COLD STORAGE can be configured for mirroring in just few minutes, the maximum time that will be lost is: few minutes. Are you going to lose any information? Yes, you are. Are you going to have any loss? Yes, you are. But it would be something less than 1%. As a transaction takes at least 10 minutes, and it takes at least 3 servers to be authenticated, the chances are that the loss of information is zero.
The operating system contains a complete internet rol, offering hundreds of features for users, to name a few:
1. The email system using IMAP in an encryption system of SSL 2048 bits, to ensure the privacy of its users. This standard system of public-key cryptography, in an open source systems, is used in application from the MOZILLA Foundation (Firefox and Thunderbird), and how it encrypts into the users machine, it is also used 2048 bits GPG, which ensures that, in addition to the transmission of information encrypted, the emails and its datas will be stored in encrypted form, also using a key created by the user and not built-in on the operating system. This ensures interoperability with other operating systems (Microsoft, Apple) and still maintaining a sufficient degree of privacy.
2. Telephone system for all the users for up to thousands of users. Using as a terminal a simple smartphone which unlike the commercial solutions such as: WhatsApp and Telegram, does not expose the phone number as the basis for identification. Because, even WhatsApp, despite P2P encryption, the metadata (who called to whom, when, where) they are not encrypted and is available for consultation. To each group is given an identification associated with up to 1000 extensions. This means that a group of users can communicate between them by dialing only four digits, and communicate with another group of users by dialing 8 digits.
3. The system has a ‘chat’ like MSN, which each user has an account on the system. This account is only a number, which can communicate with another user in the same way that used to communicate with the old MSN, with text and file transfer. The difference is that any communication using this protocol, does not go to the internet, it stays exclusively in the server.
4. The system has protocol HTTP and HTTPS servers and even multiple versions of the Java application server, Tomcat 6 and Tomcat 7. With a Java machine created in the system itself, to prevent the java machine experience a black door that compromises the app.
5.User interface. Using a UNIX standard interface mate: http://www.matedesktop.org. In this interface, fully graphical and intuitive, the users enjoys the highest possible level of protection, it just have to have access to any computer that is connected on the internet and use the VNC protocol http://tightvnc.org
6. User interface: you can use any OS available: Windows, Mac, Linux by VNC protocol. So that the user’s computer is just a dumb terminal system, it is not possible to insert any data that does not pass the UNIX security screen. This implies that you can not copy anything from the server to a Flash Drive or CD, telephone and not even install anything on the server that has not been properly authorized, as in a Mainframe.
PostgreSQL is the world’s most advanced open source database. This is the project slogan and not a “false suggestion”. PostgreSQL can actually be called so because it is the databease considere an example to ANSI-SQL specification, to be extremely adhering to this standard, including beating the owners competitors.
PostgreSQL is not a new big boy in the neighborhood: the current project started in 1995 and it was driven from another project that started in about 1976. The Ingres database, which gave rise to the PostgreSQL, also derived Sybase and Microsoft SQL.
PostgreSQL is 100% community. It doesn’t mean that companies are far from PostgreSQL, quite the contrary. Large companies such as EnterpriseDB, Fujitsu, Apple, Red Hat and VMware and, until few years ago, the Sun, actively participate in the project with contributions, but none of them is the “owner” of PostgreSQL. They have contributed in the developer community format, for example, employing programmers that works for the community.
In the corporate world, where PostgreSQL has Always been appropriate, its use has been growing over proprietary alternatives like Oracle Database, DB2 and Microsoft SQL Server. These alternatives, in addition of being more expensive, are losing quality in the skilled support.
It is a simple equation: while in a proprietary solution the support is totally dependent on its company (vendor lock-in), with PostgreSQL there is complete freedom to you to choose a support, as well as the modification to the code made by a company can bring benefits to everyone. This way is possible to push some pressure in a company that supports PostgreSQL more easily than Oracle, for example, as their support is exclusively theirs.
To press Oracle, customers will need literally to exit the Oracle DAtabase and this can be much more expensive than the investment made in the time of the purchase of the solution.
4. Programming Language
The operating system basically supports all languages available on the internet, both to programming complex graphical interfaces, such as interfaces to the user, using standard protocols http, https, json. Some languages support more than 350, following some of them:
3. objective c
6. java 7
7. java 8
To support HTTP and HTTPS protocol we have already the enshrined Apache server, with multitask capability and thousands of concurrent users. To complement Apache we have PHP, Pytnon, Java and any language that follow the CGI protocol or FAST CGI.
As application server we have Ruby and TomCat6 and TomCat7 servers which can run any application that have been developed with total security because the system puts Java in a “sandbox”. In such a way that even if the Java machine is damaged, it will be impossible to ascend to some higher level in the system.
6.Support to Virtualization
Is is already used the enshrined VirtualBox software version 3:38 which, like everything in the operating system, is compiled from Oracle’s source, which guarantees unmatched performance because de compiter used (clang) produces optimized code for architecture, AMD OPTERON 64
In the configuration shown the operating system can run hundreds of virtual machines sheltering various systems such as Windows (all versions), Linux, Apple (some versions). Linux, and several UNICES: OpenBSD, FreeBSD, NetBSD. Since each virtual machine has its own IP address, and all of them protected by Firewall of the host operating system. Thus, it can generate a virtual machine that contains an exact copy of yours Windows server, which can be used both as source of data and consultation, as to run applications that only run on Windows.
Look that any use can have his/her favorite Windows machine and run it when needed, with the advantage of “suspend” the machine and “Wake it up” later (hours, days, months later), as if it had never been stopped. The interaction with the virtual machine is completely transparent to the user which, for example, is able to run a Windows program and that only runs on Windows (Santander and Caixa homebanking), by simply referring the program and the virtual machine to which it is installed. The system also ensures the synchronicity of data between real and virtual environments, so that you can create a UNIX file and have it available in a Windows application, vice-versa, in a fully transparent way, as the system generates a network “drive” for each user, this way the user João has a network drive ‘F’, that points to his UNIX desktop, which is different than Maria’s network drive ’F’, which points to her desktops. Below you can see an image of a Windows XP running in VirtualBox interface of a notebook, with 4GB memory and Dual Core processor, playing cards, but could be accessing Santander’s website.
7. ZFS Filesystem:
This is just a short explanation, because it is practically impossible to explain an operating system with over of 40 years old (and thousands of application) in just few pages. I hope this short explanation will shed light about Internet, security, operating systems, apps etc.