New PC serves dual security needs
- By Margret Johnston
- Aug 08, 1999
Two companies that specialize in providing high-level security devices to federal agencies have teamed up in the release of a new version of a multilevel security desktop system for agencies that deal with both classified and unclassified information.
Electronic Engineering Systems Inc. (EES) and Cryptek Secure Communications LLC have combined forces to create the new SuperNet 2000, a multilevel security solution that allows classified and unclassified data to be separately stored in a single PC and separately transmitted across local- and wide-area networks.
The SuperNet 2000 solution includes a built-from-scratch workstation that, in addition to various security features, comes with a system architecture designed to eliminate the need to set up two networks to ensure that classified and unclassified information never mix.
Agencies can save thousands of dollars per user in hardware and software licensing and maintenance costs by taking advantage of the dual system, officials of the two companies said.
EES developed the product to meet the Navy's specifications and since 1996 has sold more than $800,000 worth of SuperNet 2000 systems to the Navy under a blanket purchase agreement that recently expired, said Peter Shiakallis, president and director of operations for the Chesapeake, Va.-based company.
The system has two independent hard drives, but they share the processor, memory and video card. When a user has to change from the classified (also referred to as secret) system to the unclassified system, he flicks a switch that resets the PC and brings up the other system. Both systems cannot be on at the same time, Shiakallis said.
The latest version of SuperNet 2000 has been refreshed to include new technologies, including Cryptek Secure Communications' network interface card, which offers level B2 National Security Agency certification, which NSA confirmed is the highest given to any network product.
The system also incorporates a peripheral log-in device called a Smarty Smart Card, which looks like a floppy disk drive. Users must insert this card into the computer to log in to the system. The device, made by Fischer International Systems Corp., is designed to prevent unauthorized users within an organization from getting access to someone else's PC.
"We incorporated features on the secure side, where it protects the information from attacks inside the organization and from attacks on the outside for data traveling through networks," Shiakallis said.
The new products create what Shiakallis calls a hardware firewall, which shifts the security burden from software firewalls typically used by government agencies that are included in Microsoft Corp. Windows NT and Unix operating systems.
Shiakallis said the hardware firewall is so good his company guarantees that SuperNet 2000 cannot be hacked. To back up that claim, EES soon will offer a $500,000 prize to anyone who can, Shiakallis said.John Garber, vice president of marketing for Cryptek Secure Communications, said his company's original network interface card, VSLAN, also received the B2 level certification from NSA.
The lengthy and expensive certification process includes a detailed examination by NSA of the way the product was designed, the way it was implemented and the specific security features it contains, Garber said. "The only reason anyone goes through that from a vendor point of view is because you end up with a product that has very, very high assurance," he said.
Garber also noted that the latest product uses a higher level of encryption and Internet Protocol Security, an open standard devised by the Internet Engineering Task Force for secure tunneling over the Internet between protected LANs.
The new Cryptek Secure Communications product encrypts part of the data headers to block hackers who hijack sessions by manipulating those headers, Garber said. Session hijacking is extremely dangerous because it gives hackers access to a user's live session, the server and all the privileges the user has.
Concern over security breaches that originate inside an organization also is prevalent, Garber said. He cited a study released this year by the International Computer Security Association showing that more than 80 percent of security breaches occur inside an organization.
"There is a tendency to think that all the problems are out there on the Internet, but that's not true," Garber said.
SuperNet 2000 is available on Science Applications International Corp.'s General Services Administration schedule. American Systems Engineering Corp. LLC, a subsidiary of SAIC, is responsible for marketing the system to government agencies. The price of a workstation equipped with an Intel Corp. Pentium III 450MHz processor is $4,100 without Cryptek Secure Communications or $6,000 with the Cryptek network interface card.
Shiakallis said Electronic Engineering Systems has been asked to develop a third system that can host three "virtual computers" on the same PC for high-level Pentagon officers who have to keep unclassified, secret and top-secret data separate. Gene Francis, SuperNet 2000 program manager at American Systems Engineering, said that so far none of the new systems has been sold to a federal customer, but the Immigration and Naturalization Service, the State Department, the Energy Department, the Defense Information Agency and the Navy's Space and Naval Warfare Systems Command are among the agencies that have expressed interest.