"Unhackable" hard drives?

[cutty]

Unhackable is a strong word to use. But indeed, it is a very good idea. According to the article, I believe it will cause your system to be a lot harder to hack and in this day and age that's all you can hope for.

Guidance...

[ezek]

I'm Not To Sure About RAID but doesn't RAID level 5 do the same thing? I know RAID uses two DDHs though.

[Terr]

If they make THIS, why can't they make my toggle-read-only drive that I've been asking for!?! EVIL COMPANIES! Eeeeviiiilll!

Here's my brainfart/brainchild... have a hard drive with a front faceplace with a toggle switch. It toggles between normal and read only. It would be physically impossible to write to the drive when the switch is in the read-only position. Special drivers would help the OS determine which mode the drive was in. A secondary smaller faster drive would be used for swap space. Anyone with a fairly static website would be able to simply flip the switch to the 'read only' position in-between updates.

And for the home user? Well, you can try that suspicious whack-a-mole program without fear! If you notice something strange, simply reboot, and there's nothing evil running or in memory, and it couldn't fit itself on the disk...

*I* would buy it. Great for experimenting with I-don't-know-what-this-really-does-is-it-a-virus.exe.

[cross]

avdven: from my past experiances, it is not very hard to convince a computer that you are a part of a lan (local area network) or wan, when you are actually outside of it. It is not easy by any means, but not impossable. I have gotten access to the accounting servers that only allow access from inside the LAN at my work, just takes time, and lots of research

[avdven]

Cross, you have a very good point. I have had such experiences myself, though for me, it was never really difficult (for some reason, ever since I was a child, I've seemed to have a innate knowledge of all sorts of electronic hardware and software). If I had web server running a drive such as this, however, I wouldn't place the computer on a computer which was otherwise accessible the the Internet (basically place it on a closed-circuit network). If set up properly, I realize it won't be unhackable (nothing ever is...) but it would be pretty close to it. If someone really had the time and energy to figure out a way in, it could be done, but it'd definately deter anyone except someone who really had a need to access the drive.

AJ

[slarty]

Some potentially interesting uses. True, a read-only hard drive cannot have its contents modified, however, it cannot be patched easily either.

An attacker who gains a high level of access does not need to modify files - they simply make any server programs (notably web servers) behave *as if* the files had been modified without actually modifying them.

Some worms already do this, for instance code red and its "hacked by chinese" messages - it never actually writes them to the disc just makes the web server serve the message instead of genuine files.

If the server is used to store software or configuration for other machines or business data, these can be compromised without modifying the files themselves in the above way, then used to propogate mal-ware to other machines in the organisation which aren't similarly protected.

[cwk9]

Isn’t there a Linux disto that’s made to run web servers off a cd-r?

[m0use]

I think anything that deters the senseless defacements is a step in the right direction. No box is unhackable. you'd just have to target the administartors box. Since most admins want remote access. Get the admins box and write access is allowed to the server. Or that would be my theory.