NetTop technology keeps users in mind
- By Wilson P. Dizard III
- Aug 10, 2007
The National Security Agency's eight-year project to bring NetTop into wide use developed as a result of rapid commercial technology advances in the frenzied closing days of the dot-com boom and their progressive eclipse of federally developed systems.
The agency's goal was 'to solve the challenge of creating trusted products using commercial technologies,' said Grant Wagner, technical director of the National Security Agency's National Information Assurance Laboratory.
'The challenge was to come up with a commercially based solution,' Wagner said.
A key basis of the NetTop architecture is the use of virtual machines as hermetically sealed units inside the system that exchange information only according to strictly defined policies.
NSA relied on technology from VMWare to achieve the virtual machine function using an Intel processor. 'VMWare was at the time [the early 1990s] the only solution that was doing virtualization using Intel architecture,' Wagner said.
NetTop enthusiasts note that the system's ability to rely on Linux is not apparent to its users. But using Linux does allow NetTop owners to change hardware without adjusting the software ' for example, in the event of a newly discovered, hardware-based security flaw ' without changing the system's software.
NetTop's advocates also point to the fact that incorporating Linux into the NetTop architecture will make it easier for users to migrate applications to the systems until all the apps have been ported.
The Hewlett-Packard and Trusted Computer Solutions systems that use NetTop technology have been cleared for membership in the elite 'baseline' group of cross-domain interface entities chosen by the Cross Domain Solutions Office (CDMO) in Adelphi, Md.
That office is a joint project of the Office of the Director of National Intelligence's chief information officer organization and its Pentagon counterpart. The CDMO so far has added about 14 systems to its baseline collection of cross-domain entities. The baseline pantheon includes about five access solutions and nine data-transfer solutions or guards, sources said. In addition, there are a handful of exceptions to that baseline list.
NSA decided to market NetTop via integrators as part of a candid self-assessment of its own ability to keep pace with users' needs.
This approach allows NSA to benefit from those companies' various skills in commercializing research discoveries while promoting the spread of secure systems, officials said.
The codewriting and codebreaking agency's marketing skills don't rival those of the Madison Avenue companies that built multibillion-dollar campaigns around slogans such as 'Winston Tastes Good Like a Cigarette Should' and, more recently, created the global 'American Idol' marketing phenomenon. But NSA technologists have posted online a summary of NetTop's benefits that likely has a catchy ring to its target users, as follows:
'The benefit of the NetTop architecture is that it removes security functionality from the control of the end-user [operating system] and applications,' according to the federal marketing blurb.
'Important security functions such as communications encryption can be placed in a separate protected environment that cannot be influenced by user software,' the agency description says.
'Similarly, an isolated filtering router function is used to provide protection from rudimentary network attacks,' NSA said. 'The modularity of the NetTop architecture and the use of standard TCP/IP networking to connect virtual machines facilitate simple replacement or upgrade of individual components.'
The first rule of advertising: Know your audience.