BRICKServer® 2

BRICKServer® 2 Secure Web Server Appliance with its Process-Based Security model uses mandatory access controls directly embedded into the operating system. This creates a virtually impenetrable secure web server appliance. It includes WEB, E-MAIL and FTP software. The system has withstood the rigors of penetration testing by Sandia National Laboratories, the U.S. Army, various system integrators, and countless hackers since it's availability in 2000.

Features:

• Pre-configured with Web, e-mail and FTP servers
• Secure Remote Administration
• Process-Based Built-in Security Policy
• Worry-free maintenance
• Hardened Operating System
• Supports SSL, SSI, PHP, PERL , PYTHON, and TCL
• Supports MySQL, PostgreSQL and SQL Libraries
• Multi-domain Hosting, Virtual IP
• Backup

No Patching Required
SAGE emphasizes its commitment to the Internet community by eliminating the headaches of patch management with a built-in security policy approach.

What is Process-Based Security (PBS)?
PBS is a security model that replaces user-based access (Discretionary Access) with process-based access (Mandatory Access Controls), invoking Rules of Least Privilege and Separation of Duties.

Security
Process-Based Security (PBS) prevents unauthorized access to system level function, thereby creating a secure web appliancer.

Simplicity
BRICKServer is easy to install and maintain, therefore reducing IT expenses.

Speed
The rigorous system-level security requires fewer hardware resources allowing the server to run more efficiently

BRICKServer 2 Technical Specifications

Hardware

• 1U rack-mount appliance
• Pentium 4 2.8Ghz Processor
• 512MB DDR II RAM
• 40GB HDD
• Dual 10/100/1000 network cards
• Upgrades Available

Software

• Pre-configured with Web, e-mail and FTP servers
• Secure Remote Administration (MD5 algorithm - authentication, AES- data transfer)
• Hardened OS: with Process-Based Security modifications
• HTTP 1.1 compliant with BRICKServer 2 modifications
• Server Side Includes (SSI) 1.1 standard.
• PERL Version 5.80
• PHP Version 4.2.3
• OPEN SSL Version 0.9.7c
• Python Version 1.5.2

Physical

• Dimensions: 1.75" tall, 19" wide, 19" deep
• Operating temperature: 10 degrees C to 35 degrees C (50 degrees F to 95 degrees F)
• Storage temperature: -40 degrees C to 65 degrees C (-40 degrees F to 149 degrees F)
• Operating relative humidity: 8% to 80% (non-condensing)
• Storage relative humidity: 5% to 95% (non-condensing)
• Operating altitude: -16m to 3,048m (-50 ft to 10,000 ft)

PatriotSCADA

A FIREWALL FOR INDUSTRIAL AUTOMATION EQUIPMENT

PatriotSCADA is a joint venture between SAGE, Inc. and PlantData Technologies, Inc. PatriotSCADA was formed for the purpose of sharing resources, risk, and reward from the development, support, and sales of the PatriotSCADA industrial automation firewall product.

The PatriotSCADA is a new unique security solution specifically designed for SCADA and Industrial Automation networks. A secure SCADA system should prevent attacks from External, Internal Accidental, and Internal Intentional threats. The PatriotSCADA solution is a “bump-in-the-line” security solution that can be easily deployed in ANY SCADA environment using IP protocols without impacting the performance of the system. The PatriotSCADA solution will work regardless of the SCADA software, hardware, SCADA protocol, or network architecture. None of the network IP addresses or system architecture has to change. The PatriotSCADA solution is priced less expensive than any current IT security solution, and provides a low-cost insurance policy for protecting critical infrastructure from cyber attacks. For more information download the PatriotSCADA Overview or PatriotSCADA Technical Sheet.

Features:

• Mac Address Limiting
• Port Management
• Detection and Rejections of DoS Attacks
• Protection from Viruses, Trojans and Common Cyber Attacks
• Secure Your Ethernet Enabled Control System Devices (PLCs, RTUs, IEDs)
• Physically Hardened
• Secure, Cyber-Hardened Operating System
• Protect Your End Devices Against Viruses, Worms, Trojans, Malware and Common Cyber Penetration Attacks
• Transparent In-Line PLC Firewall and Communications Filter

By now, most organizations should have implemented a firewall solution to separate their Corporate or IT Systems from their SCADA, DCS, or Process Control LAN. While this is a very important first step in securing your process control network, this should not be the only layer of protection.

Since the computers that are in the SCADA, DCS, or Process Control LAN are all still susceptible to viruses, worms, Trojans, and malicious code attacks, any Ethernet-based controllers, RTUs, or I/O components in the Process Control LAN should also be protected behind another SCADA firewall. PLCs, RTUs, DCS controllers, and Smart I/O that use Ethernet protocols to communicate back to the SCADA or DCS computers are also vulnerable to DoS attacks and malformed packets. Several of these controllers have been shown to go to their FAULTED state when introduced to ping flood or malformed packet storms.

The PatriotSCADA is designed to sit between the computers in the SCADA, DCS, or Process Control LAN and the control system components that actually control the process. This new industrially hardened product combines firewall, IDS, Port Management, and Packet Inspection technology in one device. It is designed to protect sensitive control systems equipment that communicate over Ethernet protocols from common network attacks. It works by functioning as a transparent communications filter between the SCADA or DCS host systems and the Ethernet PLC or RTU network.

PatriotSCADA uses a customized Linux Operating System that requires Access Control Role-Based security for every request in the kernel. It is designed to withstand wide temperature ranges and harsh environments. It can be Din-Rail mounted directly inside the control cabinet.

Testing

SUCCESSFUL TESTING BY SANDIA NATIONAL LABORATORY

Objective and Purpose

The BRICKServer™ Web Appliance was designed to assist small business in achieving a secure web presence as well as simple email and ftp functions. The user interface is designed to be understood by a basic user and allows remote administration of a web site that can be supported by a contractor. Based on that design purpose, this analysis sought to understand whether a hacker more sophisticated than a script-kiddie could manipulate the system to accomplish the following adversary goals through attacks on the server:

• Deleting or changing a file or its contents
• Change the contents of a website
• Unmount the drive
• Stop the swap process
• Shut down the INIT or Admin program
• Shut down the server

The only metric applied to this analysis is a binary metric of success – if any of the flags could be achieved, then a successful attack was counted. Attacks that did not achieve the flag were counted as unsuccessful attacks.

Critical Success Factors

Like all security systems, there is a dependence on proper implementation of the system. The BRICKServer™ relies on the following to ensure secure operations:

• Each process is constrained with a set of rules that determine what system resources the process is allowed to use. The Process-Based Security ™ system relies on checking the ACL of a process before a program is executed or a file is accessed.
• Strong passwords are used for the Remote Administration Program.
• Administration and Configuration passwords are kept independently unique.
• Local connection to the LAN for Configuration Program Operation.

Results of Analysis

Within the constraints of this analysis we found the BRICKServer™ Web Appliance to be very robust for attacks against the server. In particular, the removal of the shell to prevent execution of unauthorized services will address the threat from the novice hacker who primarily uses existing scripts that require a shell to work. This meant that we were driven to play a more sophisticated hacker and to delve more deeply into the source code.

The services with the most privileges are of the greatest interest to an attacker. In the BRICKServer™, these are the ADMIN and THTTP services. The three services comprising mail (POP3, TURN, and SMTP), and the FTP service, have very little privilege, so that if an attacker manages to take them over, the server will still be protected by the PBS security mechanisms.

Described below are the types of attacks attempted against the server and the associated results. It is important to note that an adversary could obtain legitimate access (social engineering) to update web pages and consequently obtain access to other web pages on the server and that attacks on the client are more likely.

Attack Results

• View Testing Guidelines for BRICKServer 2