Tuesday, February 26, 2013

"Simplicity is the Ultimate Sophistication" -- Leonardo da Vinci (1452 - 1519)

In the 1990s the federal government pulled a page from da Vinci's book, and got behind a software acquisition strategy called COTS (Commercial Off The Shelf) expecting that it would dramatically reduce software development & deployment costs while improving overall quality. It didn't take long before this approach began to be applied to application specific custom computing solutions used throughout key government agencies. Today many of these customers rely on systems built using a Lego like approach to building systems from COTS parts readily available to the general public.

Many of these systems used by the military and intelligence communities require unique form-factors and may be mounted in hostile computing environments like the bed of a Humvee, on the flight deck of a C130 transport or the Command Control section of a nuclear submarine. There are a number of military specifications designed to address each of these harsh environments. Tracewell Systems produces a variety of systems specifically to meet these needs while housing COTS components to maintain flexibility. One platform utilizes IBM's Bladecenter H blades unmodified in a three or five blade configurations that conform to several Milspecs. Since these utilize off-the-shelf IBM blades they can also have Myricom's IBM Bladecenter H dual port processor based 10GbE mezzanine cards. These blades can then run Myricom'sFastStack Sniffer10G software to produce a very dense ruggedized enclosure supporting 60-100 Gbps of packet capture or injection capacity for network security or cyber warfare.

So what type of extreme performance ruggedized COTS solutions could one build utilizing a Tracewell Systems enclosure, with several IBM Blades each with a dual port Myricom 10GbE adapter, and FastStack Sniffer10? One example is a Highly mobile security appliance for Intrusion Prevention or Intrusion Detection handling up to 50Gbps of inbound Internet traffic. Several open source software packages likeSnortSuricata or Bro-IDS can be used on this platform to filter the incoming Internet traffic before it is passed on to the firewalls. Other tools are available for creating a defense against a DDoS attack

On the offensive side of cyber warfare one could leverage the same hardware platform and the sample tools included with FastStack Sniffer10G to inject up to 100Gbps of traffic directly into the Internet. This can be done using previously recorded traffic or synthetically generated network packets. One or more of these systems could be racked into a single Humvee, driven to an Internet Exchange Point (IXP) anywhere in the world, and rapidly connected directly to the Internet via multiple fiber optic cables.

So the next time you explore military aircraft on display at a local air show, tour an army base or a naval shipyard it's very likely that behind those custom RF shielded covers are COTS systems whose internal hardware is exactly the same as what you're using today to run your business.

No comments:

Post a Comment