The recent Hannaford data breach sent a shockwave through the IT community because Hannaford was PCI Compliance Certified. Anybody involved in data security should be constantly reviewing the strength of their efforts. This is especially true with communications and data transport.
So, no doubt the Mlink faithful have asked themselves, "Is my data safe?" The answer to that question is, as you might have guessed, "Yes and no." There are two primary areas where security might be compromised - data format and access control. Lets deal with the data first.
Mlink transmits data via the Mlink Protocol, which is unique and proprietary. The protocol uses a number of methods to cram as much information into as small a space as possible, to expedite and streamline protocol chatter and to compress the processed packets. Mlink Compression is also proprietary and unlike anything else in use today. By combining the Mlink Protocol with Mlink Compression, a relatively high degree of data "encryption" is achieved. I am unaware of any method for interpreting and reconstructing data that has been processed by Mlink other than another copy of MLink. In fact, in the late 90's one highly vaunted US military penetration testing team gave Mlink an encryption waiver as long as the compression feature was also used. I will also point out that encryption algorithms, even really good ones, have been broken before. Eternal vigilance is the name of this game.
How about access control? There are two weak points in an Mlink/ACM data transport system, and they are both insider attack weaknesses. The first is storage of login IDs and passwords in a clear text format in a file and the second is transmission of ID and password in clear text. This might not seem like much until you realize that possession of the ID and password can provide a hacker with complete access to remote Windows systems because of the interface provided by the remote Mlink.
My shameless plug is this: we've developed an encryption system that eliminates both the clear text storage and transmission problems. It's an easy plug-in and is invisible to the end user after installation. And it should be no surprize to anyone, you use Mlink and ACM to transfer and install the system.
So, yes, MLink and ACM are relatively secure but could be more secure. My advise is to always watch your six!
Subscribe to:
Post Comments (Atom)
2 comments:
Why there isn't a ACM Linux version?
There are many users interested to have ACM for Linux. There is only the mlink Linux version but not ACM.
I think a porting to Linux would be easy.
Also Linux is the major Unix for PC currently. I'm sure there is more Linux servers on the world then SCO, HP, Solaris (together).
Please, release a ACM for Linux.
We are a potencial client, but I think would be many others.
I wrote to the g-and-z people. They said that they will do the porting, but I don't sure.
Regards.
Anibal Avelar
You may be correct regarding the distribution of Linux today. I'm checking with CA, the owner of Mlink and ACM, regarding porting the software.
Nobody can port the software without a source code agreement with CA.
Post a Comment