Controlling the 'doors' to information

Dec 1, 1997 12:00 PM, GEORGE PARTINGTON

A device developed for the government applies physical access control to network connections.

"Illegal information gathering from government and private industry computer systems is at an all-time high."

So says Stephen Bouthillier, assistant special security officer for sensitive compartmented information, automated data processing and physical security at the Naval Air Warfare Center, Weapons Division (NAWCWPNS) at the China Lake base in Ridgecrest, Calif. Everything from personal and financial information to commercial proprietary trade secrets and government information is at risk, says Bouthillier.

But technicians at the Weapons Division say they have the security answer. Bouthillier and China Lake intrusion detection technicians Ross Seybold and Syd Blowers have devised an application that keeps intruders from accessing information from a remote computer and keeps unauthorized users from turning the machine on. At work on the project for the past three years, the technicians, with the help of Radionics, Salinas, Calif., and Market Central Inc., Houston, Pa., have seen their concept become reality.

At Radionics, vice president of government operations Brian Dodge has been instrumental in the development of the new product, which relies on an adaptation of Radionics' Readykey access control system. Readykey allows a security manager or administrator to set the time, entrance to be used and other privilege parameters for buildings and other controlled areas, and it can identify individual users.

Now the same control capabilities will work for computer systems and networks. Instead of controlling access through doors, the new system controls access to information system platforms and network connections. The system focuses on control of two points of ever-evolving information system technology that will never change - the computer's power source and its external connections to networks.

The connections are routed through switches manufactured by Market Central, a manufacturer of integration products for a variety of industries. "We worked with Steve's [Bouthillier] first design of the secure network switch, which is manufactured by us and is currently carried in Blackbox Corp.'s product line," says Market Central president Vic Sulkowski. Market Central has interfaced the secure switch's deadbolt network protection capabilities with two additional switches, an on/off switch and a network switch.

"China Lake constructed the first prototype power switch and network data relay switch to prove viability of the concept," notes Sulkowski. "Market Central added co-design features and production packaging development to make the switches a universal product that fits all computer platforms. As an added benefit, the power switch design alone will save daily wear and tear on computer hardware, because it will ultimately replace the physical on/off switch on the computer."

How it works Radionics has adapted Readykey to interface with the three computer platform switches. The Readykey system provides full supervision of all switches, including the power, network connection and all tampered devices. According to Dodge, Readykey looks at each information system platform as a building that houses information and each network as another building. The controller can be programmed to determine when and where a user may enter these "buildings" or systems.

When a user presents his credential to a proximity reader located on the computer, the computer power is turned on - if the user is authorized. If the user desires to make a connection to an outside network, he again presents his credential to a proximity reader located on the network switch. If approved, he physically turns the switch to the outside position. Once in this position, the internal LAN is protected from an outside intruder by a physical gap, a deadbolt created by the network switch.

The gap between the internal network and the outside network means the user is electronically and physically disconnected from the inner network. "The inner network is shielded, so there can be no cross-talk between the two systems," says Dodge.

Each time a credential is read, the system identifies who the user is via an 8-digit, alpha-numeric password, randomly generated at the time of enrollment. The time, date, computer and name of user attempting entry are recorded, and all user information can be archived and retrieved by the administrator.

"Were you not authorized to go to the outside network, it would create an alarm condition and give the date, time and specific computer that you were at and your name," says Dodge.

Compatibility With the Readykey system, the basic computer security features - password protection, authentication, discretionary access control, audit trail and network configuration management - no longer reside on each individual computer platform; the functions reside on a system administrator's computer. Because the Readykey system is independent of the computer, it will work on any computer system or platform. "It doesn't require a software upgrade every time you change your computer to a higher platform," says Dodge.

Up to 18,000 users can be put on one system, and since there are no computer security software programs on each computer, there are no conflicts that can slow performance. "Security programs that are on a host end up creating conflicts with other programs, which can slow the drive down and lock up the computer," explains Dodge.

Dodge expects Radionics to have a commercial version of the information security product ready to market by January 1998.

Want to use this article? Click here for options!
© 2008 Penton Media Inc.

This month in Access Control

• Opening Up About Door Closers
• An Enterprise Approach
• The Framework For Open Systems
• On A Higher Plane
• More from April's issue