Two-headed hard drive aims for security
A Japanese start-up has come up with a mutant piece of hardware that it says may deliver "perfect security" for Web servers: a two-headed hard drive.
Tokyo-based Scarabs has developed a prototype of the hard drive, which has a read-only head and a read-write head. The Web server can only read from the drive, theoretically making it impossible for attackers to deface the site or otherwise modify data.
For updating the site, an internal PC can be connected to the drive via the read-write head. "Each head works independently, so no synchronous control between two heads is needed," the company says on its Web site.
Scarabs hopes to have a version of the device on the market this year.
The drive is an unusual response to the growing problem of online security, particularly with large businesses, whose Web servers are subject to a constant bombardment of attacks, according to security experts.
Companies that rely on the integrity of their Web sites, such as media companies, might find the hard drive particularly attractive. USA Today, for example, recently discovered that vandals had posted several fake news stories to its Web site's front page.
Scarabs says that its technology could help stem the problem, comparing the hard drive to one-way diodes in an electronic circuit. "The Internet should have one-way component-like diodes, and the two-heads hard disk drive can be (that) one-way component," the company said.
The idea has been suggested before, as a way of speeding data retrieval, since the write-only head would not have to wait for the read-write head to finish its tasks, but has never been made a practical reality. Naoto Takano, chief executive of Scarabs, has said that he first came up with the idea of applying the concept to security three or four years ago.
Scarabs built a prototype last year that runs with an NT server and has been using it to serve Webcam images since then. The drive currently costs more than $875 to manufacture, but Scarabs is working on a lower-cost implementation that would use a single head and two SCSI interfaces. Scarabs says it has approached several companies and hopes to begin shipping the lower-cost drives this year.
Industry analysts say the technology looks interesting, but also has serious shortcomings.
"From a purely theoretical perspective, it's a good way to keep hackers from changing something on the site," said Alain Dang Van Mien, a research director with Gartner. "It could also protect from certain types of attack, but it would not keep hackers from getting information. From an integrity perspective it works, but from a confidentiality perspective, it's not enough."
The hard-drive solution would not protect against denial-of-service attacks, which simply aim to take a Web server offline, and do not require access to the hard drive. In addition, Gartner's research has found that attacks on big businesses are increasingly coming from insiders, rather than random attackers on the Internet.
"They are coming from employees, contractors, people who know about the company," Dang Van Mien said. "These are not just teenagers who can get through your firewall."
ZDNet U.K.'s Matthew Broersma reported from London.