Thursday, 23 February 2012

Tolerant to Intrusion vs Security

Sometimes, these two terms can mix and become confusing. Giving an analogy, a system is secured when there is something protecting it against attacks. A system is intrusion tolerant, if despite the system being attacked, the tentative of disruption will just cause insignificant damage and the system will never halt and can recover quickly to these attempts.

It exists several techniques to protect a system tolerant intrusions. The most used is replicating the system through different networks. When the same system is spread through different networks, and, specially, running in a diverse environment (like the system running in different operating systems), a hacker, or a group of hackers, must attack successfully all the replicas e force the machine to stay offline til the end of the attack.

With a set a replicas it is easy to have a backup architecture, where all replicas runs as secondary nodes that helps the primary one. If the primary one is being attacked, or can not respond quickly to the requests, all the traffic will be deviated to the secondary replicas. A backup architecture implemented using Hardware or Software.

Another way to turn a system tolerant to intrusions, is constantly forcing the machine to reboot, or change the IP. Every time the machine restarts, she will be considered as a new node in the web. This architecture will reproduce a time machine look-a-like that, when combining with the replicas, at each specific instance, a replica restarts, or changes the IP, and it becomes the primary node.