More on the Declan's earlier note regarding a new 'unbreakable' security
system.
I wonder if they've considered the fact DoS attacks often target the router
or whatever edge device attaches their system to the internet? Or the
upstream provider(s)? Otherwise, it's an interesting approach that solves
some problems and introduces new ones. For example, the idea of rapidly
switching IP addresses sounds nice for your personal homepage but very bad
for transaction-oriented systems, etc. Plus having some experience with
auto-switching IP addresses (for auto-responding IDS and hosting purposes),
I know one can achieve sub-second IP address changes in software if that's
an approach one really wants to take.
phillip
-----
news article clipped from:
http://news.cnet.com/news/0-1003-200-5996375.html?tag=lh
Invicta makes Web sites moving targets
By Reuters
May 21, 2001, 5:30 p.m. PT
WASHINGTON--The one-time head of KGB overseas code scrambling and an
ex-director of the CIA released Monday what they called a revolutionary way
of hiding Internet communications from prying eyes and would-be intruders.
The new system can change the IP addresses on a network faster than once a
second, cloaking them from all but authorized parties, said Victor Sheymov,
chief executive of Invicta Networks.
"We believe that our new technology will serve an important role as a
facilitator of Internet security and will start a new chapter in Internet
history," he told reporters at the National Press Club.
Endorsing Invicta's so-called Variable Cyber Coordinates system was American
International Group, the world's biggest insurance company by market cap,
with more than $250 billion in assets.
Ty Sagalow, chief operating officer of the insurer's electronic business
risks arm, announced that AIG would give a 10 percent discount to companies
using the Invicta product "because we believe it reduces our risk of loss"
due to cyberattack.
R. James Woolsey, former President Bill Clinton's CIA director from 1993 to
1995 and an Invicta board member, described the tool as an "absolutely
remarkable intellectual achievement."
"It just approaches this from a completely different direction than anybody
else," he told reporters. "Everybody else has been building fences around
announced locations."
Standard approaches to computer security rely on encryption, or data
scrambling, plus devices such as firewalls aimed at screening out abnormal
traffic patterns that look threatening.
But any network protected this way is a sitting duck for a determined
hacker, Invicta representatives said. Instead, the company puts the network
in cybermotion through a continuous change of IP addresses--the chain of
digits underlying the Web to route traffic to its destination.
The Invicta system uses special cards to link protected computers to a
central control unit. It lets clients decide how often they wish to vary IP
addresses and specify which applications may be accessed on their network.
The number of IP addresses drawn on may be in the billions--thanks to an
artificial increase in cyberspace, Sheymov said.
Invicta, headquartered in Herndon, Va., plans to begin shipping a beta, or
early release, of its system to paying customers by the end of this month,
said Sheymov, who defected to the United States in 1980 for what he called
ideological reasons.
Sheymov is a veteran of the KGB's 8th Chief Directorate, the Soviet
counterpart to the Pentagon's code-cracking and eaves-dropping National
Security Agency. By the time of his defection, he was responsible for
coordinating all KGB encrypted communications overseas. After defecting, he
worked as a consultant and contractor to the NSA for several years,
according to a company handout.
The CIA officer who smuggled him out of the former Soviet Union and who
later served as Moscow chief of station under Woolsey, David Rolph, is
Invicta's vice president for international sales.
Sheymov told reporters that Invicta's address-hopping technology went well
beyond network protection. Another version would be made available within
months for defending Internet-based electronic commerce, he said. Future
applications included protecting national infrastructure, databases and
dial-up communications, he added.
He declined to spell out the cost of the system but said it would be on the
"high end" of traditional computer-security packages. Invicta, a 1999
start-up, may go public in a year or two after it establishes a track record
of earnings and sales growth, Sheymov said.
Dennis Steinauer, a computer-security specialist at the Commerce
Department's National Institute of Standards and Technology, in
Gaithersburg, Md., said he would be skeptical of any tool that purported to
make other layers of security unnecessary.
"It sounds like it might provide some additional protection," he said. "But,
in general, you never want to go with just one layer of security, certainly
not with yet-unproven technology," he said.
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Declan McCullagh
> Sent: Monday, May 21, 2001 9:56 AM
> To: [EMAIL PROTECTED]
> Subject: unbreakable codes!
>
>
>
> today...
>
> TECHNOLOGY Invicta Networks News conference to announce its new
> integrated
> cyber security system which assures unbreakable protection from both
> external and internal hacking and neutralizes malicious codes, protects
> against denial of service attacks and provides real time
> intrusion attempt
> detection. Participants: Victor Sheymov, founder/president,
> Invicta; James
> Woolsey, Invicta board member and former CIA director; and Ty Sagalow,
> executive vice president, AIG e-Business Solutions Location:
> National Press
> Club, 14th and F St., NW. 10 a.m. Contact: 703-788-8200
