Stop Hackers at your door. Trust Net-2-Core®

This approach has one major flaw: the domain is usually attached to the Internet and the Internet is the medium through which the threat is exercised. The approach does nothing to reduce the hazard of having the Internet attached.

Net-2-Core technology is different: it protects from the inside. The security is embedded within a Client/Server application and bans the Internet from access to the critical part of any Application; the database.

The method relies upon separating a Client/Server application into two parts:

• The ‘Net’ part is a front end program where all the Client/Server (User) interaction occurs
• The ‘Core’ part is a back end program where all the Database action occurs.

Net-2-Core technology joins the two parts so that -

• The ‘Net’ never has direct access to the ‘Core’
• The ‘Core’ never needs access to the Internet; that is done by the “Net”
• The ‘Core’ is the only program where definition of the Database location is required
• The ‘Core’ is the only program where definition of the Database password is required.

How does that work?

Net-2-Core uses ‘Transactions’, a Communication Database and (preferably) a LAN to link the ‘Net’ and the ‘Core’ systems.

The ‘Net’ records a Transaction on the Communication Database (1) and the ‘Core’ reads the Transaction (3), executes the requirement, and places the result back on the Communication Database (4). The ‘Net’ accesses the result (6), and the Client/Server application continues.

Which leaves a few problems to be addressed:

• How does the ‘Core’ find the Transaction?
• How is the ‘Core’ triggered to want the Transaction?
• How does the ‘Net’ know that a result is available to answer its request?

The ‘Core’ is a stand-alone program which is not memory resident. It is loaded upon ‘Demand’ by the ‘Net’ (2). Multiple ‘Core’ programs exist simultaneously: one for every ‘Demand’ that is in progress at a point in time. The ‘Core’ is compiled VB6 code and loads for less than 2 seconds for each ‘Demand’.

Part of the ‘Demand’ provides the Key to read the Transaction on the Communication Database (3). This Key is also used to identify the result (4) and the ‘Core’ notifies the ‘Net’ (5) when it terminates and unloads. The ‘Net’ can then access the result (6).

The Key is only used by the “Core’ program to process the request for which the ‘Core’ was loaded and the ‘Net’ knows the Key it used in the ‘Demand’ and can therefore access the result. Each active request requires a different Key.

This Net-2-Core, two factor approach strengthens the isolation of the ‘Core’ from the Internet. It is a variation on two factor authentication.

Incorporating Net-2-Core into an existing Client/Server application is not overly complex.

At the most basic level, the Transactions can be fully formed, database access statements. In this approach the Results would be whatever the Application currently receives as a result of the statement. This can be applied in one common interface which replaces the call to the current database ‘provider’ software.

The ‘Core’ program would be constructed to apply the statements to the Application database and return whatever the result would normally be.

The common interface would then return the results to the initiator of the ‘Demand’.

This basic approach can be enhanced by -

• encrypting the ‘Demand’ statements for decrypting by the ‘Core’
• applying a password to the Communication database
• ensuring that the data storage for the Communication and Application databases are held on/in devices not used for any applications that access the Internet
• deleting the Transactions and the Results from the Communication database as soon as they have been accessed
• installing a firewall around the ‘Core’
• upgrading the Client/Server application using the Enigma Integrated Development Environment

The Enigma IDE adds many advantages around the Net-2-Core technology. It -

• creates the ‘Net’ from the analysis and design that describes an application, and,
• creates the ‘Core’ from the Transaction content and the Database schemas.

Creation of each of the parts ensures that the ‘Core’ will only process Transactions from which it has been created and the ‘Net’ will only process Results that it expects.

Additionally the IDE -

• uses transaction content that has no apparent correlation to the database structure
• requires that all of the editing and content validation be done within the ‘Net’ where any corrections can be easily made
• removes the reference data (e.g. code translations) from the application database to lessen the load on the ‘Core’ program
• applies standardised ‘Net’ structures to minimise duplication of Information
• requires a simple, 3rd Normal Form structure to be applied in the database schemas
• automatically maintains the integrity of the Application database
• maintains current documentation for the Client/Server application

Net-2-Core is an enhancement to current Cyber-Security strategies. It is not a replacement.

But when the current strategies fail, as history shows they inevitably will, wouldn’t it be reassuring to know that your database is still protected.

Chris Hillman

Chris is CEO and Lead Developer of Parametric Systems.

• The Net-2-Core technology (as described) is a patented technology. It can be licenced from Parametric Systems.
• The Enigma IDE is a software package that can be purchased with a perpetual single installation licence.