Two-headed hard drive aims for 'perfect' Web security

A Japanese start-up has mutated the traditional hard disk drive in the pursuit of a more secure Web site. The device could be useful for certain types of services, according to experts

A Japanese start-up has come up with a mutant piece of hardware that it says may deliver "perfect security" for Web servers: a two-headed hard disk drive.

Tokyo-based Scarabs has developed a prototype of the hard drive, which has a read-only head and a read-write head. The Web server can only read from the drive, theoretically making it impossible for attackers to deface the site or otherwise modify data.

For updating the site, an internal PC can be connected to the drive via the read-write head. "Each head works independently, so no synchronous control between two heads is needed," the company stated on its Web site.

Scarabs hopes to have a version of the device on the market this year.

The drive is an unusual response to the growing problem of online security, particularly with large businesses, whose Web servers are subject to a constant bombardment of attacks, according to security experts. UK systems integrator Mi2g recently said it had monitored more than 9,000 successful attacks on Microsoft Internet Information Server-based systems alone for the first half of this year.

Companies that rely on the integrity of their Web offerings, such as media companies, might find the hard drive particularly attractive. USA Today, for example, recently called in the police after discovering that vandals had posted several fake news stories on its Web front page.

Scarabs argues that its technology could help stem the problem, comparing the hard drive to one-way diodes in an electronic circuit. "The Internet should have one-way component like diodes, and the two-heads hard disk drive can be (that) one-way component," the company said.

The drive would be particularly suitable for public key servers and government information distribution sites, Scarabs says. A system with two of the drives could act as a super-secure proxy server, the company suggested.

The idea has been suggested before, as a way of speeding data retrieval, since the write-only head would not have to wait for the read-write head to finish its tasks, but has never been made a practical reality. Naoto Takano, chief executive of Scarabs, has said that he first came up with the idea of applying the concept to security three or four years ago.

At the end of last year, Scarabs built a prototype running with an NT server and has been using it to serve Webcam images since then. The drive currently costs more than £550 to manufacture, but Scarabs is working on a lower-cost implementation that would use a single head and two SCSI interfaces. Scarabs says it has approached several vendors and hopes to begin shipping the lower-cost drives this year.

Industry experts say the technology looks interesting, but also has serious shortcomings.

"From a purely theoretical perspective, it's a good way to keep hackers from changing something on the site," said Alain Dang Van Mien, a research director with Gartner. "It could also protect from certain types of attack, but it would not keep hackers from getting information. From an integrity perspective it works, but from a confidentiality perspective, it's not enough."

The hard-drive solution would not protect against denial-of-service attacks, which simply aim to take a Web server offline, and do not require access to the hard drive.

In addition, Gartner's research has found that attacks on big businesses are increasingly coming from insiders, rather than random attackers on the Internet.

"They are coming from employees, contractors, people who know about the company," Dang Van Mien said. "These are not just teenagers who can get through your firewall."

For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Viruses and Hacking News Section.

Have your say instantly, and see what others have said. Go to the Security forum.

Let the editors know what you think in the Mailroom.