Naw, don't need to replace the hardware, just the OS. Windows is not a very good description for a secure defense agency.
I hear the NSA puts out a locked down version of Linux. And It would be free. We could save money by not having to license winders from redmond.
We do need to replace hardware. Here’s why, and what hardware:
The ASIC’s that run Ethernet interfaces are by and large now made in the PRC.
So let’s say you have an Ethernet chip (either on the mo-bo, or on a NIC card in the PCI). How do you know what logic is in the chip? As long as it performs the Ethernet role properly, how do you know that is ALL that is on that chip?
So here’s how you mount a massive attack that can’t be fixed with software patches:
You create a packet that is forwarded to the NIC/chip that has the correct L2 frame information - let’s say you’ve padded the Ethernet frame with additional information above and beyond the IP payload. The IP stack is going to look at only the IP datagram size, not the whole Ethernet frame. Or let’s say you turn on a particular set of bits in the Ethernet header, which then reads a L2 payload on only specific packets - and this starts the attack sequence.
How much extra stuff could you fit on a chip the size of an Ethernet chip? Oh man... I could have a whole small computer in there. Most of the CPU’s today have much of their die space taken up with FPU’s, cache and memory controllers. If all I wanted was a programmable controller to execute a few instructions to attack the network (or worse, sniff the network and kick interesting packets back out to a capture node), that would not take much logic at all.
How would you know that your Ethernet chipset has this additional logic?
Well, maybe you’d get lucky by fuzzing the Ethernet fields and frames... and maybe you wouldn’t/couldn’t. You could pull the silicon out of the carrier and look at it under a microscope and reverse-engineer it to insure that all that was on the silicon was, in fact, an Ethernet controller.
But the government probably won’t do that. They’ll start pulling equipment off secure networks and insisting on “brand X, revision n.m” specifications for known good Ethernet controllers.
BTW — this idea for an attack has occurred to several of us who are former cisco engineers and employees. We’ve been asking ourselves “why would the Chinese be counterfeiting only interface cards....?” there have been several scandals in DoD purchasing recently where the GSA order has been filled with either counterfeit low-end routers, or a cisco box stuffed with counterfeit line cards.
The solution, ultimately, is to revert to Cold War thinking: for secure comm in the 80’s, I remember that it used to be a requirement for DoD projects that the devices come from certified US companies in US plants, especially CPU’s and any device that created EM emissions. We need a certified secure compute, network and interface hardware platform...
I would recommend eComStation
www.ecomstation.com