Well, it's for VPN's then you would be limited to a cyberpool of addresses to
cybermodulate
within and that would probably be of limited value assuming you are still
cyberencrypting your data.
Wonder if this is aimed at trying to make it harder for people to decipher your
traffic without
having to change the underlying encryption algorithm which would then require approval
by
govt for export, etc.
----- Original Message -----
From: "John Hopkins" <[EMAIL PROTECTED]>
To: "Carl E. Mankinen" <[EMAIL PROTECTED]>
Cc: "Eric Johnson" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Wednesday, June 13, 2001 11:06 AM
Subject: Re: Has anyone heard of this?
> It looked like it was a VPN type of solution to me. With no trusted
> external (internet) access. I may of course be wrong.
>
> J
>
> On Wed, 13 Jun 2001, Carl E. Mankinen wrote:
>
> > This Sheymov guy is an ex-KGB security and comms officer that started working for
> > the NSA and the CIA during the coldwar and he has ex CIA guys working with him...
> >
> > Sounds like they want to switch to some sort of trusted security model with the
>servers
> > talking to an access control device that works like a loadbalancer/firewall/dns
>proxy that is
> > capable of stitching all the sessions together with the hosts that are modulating
>their IP's.
> >
> > Okay, so what if this device presents your services to the world on a fixed set of
> > addresses and manages the sessions and DNS itself (like a ServerIron). A hacker
> > can still attack these servers using the external addresses presented by the load
> > balancer. If the attack is being made thru a buffer overflow on port 80, that
>overflow
> > traffic is still going to reach your internal webserver even if it is modulating
>it's addressing.
> >
> > Trusted security models have been around for a while now. It will be interesting
>to see
> > if he has really come up with a better way to do it, or if this is just vaporware
>that does
> > not work well in a real world network.
> >
> > ----- Original Message -----
> > From: "Eric Johnson" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Wednesday, June 13, 2001 6:43 AM
> > Subject: Has anyone heard of this?
> >
> >
> > > >From <http://news.zdnet.co.uk/story/0,,s2087257,00.html>:
> > >
> > > The new system can change the cyber-addresses
> > > on a network faster than once a second, cloaking
> > > them from all but authorized parties, said Victor
> > > Sheymov -- founder, president, and chief executive
> > > of Invicta Networks.
> > >
> > > ...
> > >
> > > Standard approaches to computer security rely on
> > > encryption, or data scrambling, plus devices such
> > > as firewalls aimed at screening out abnormal traffic
> > > patterns that look threatening.
> > >
> > > But any network protected this way is a sitting duck
> > > for a determined hacker, Invicta said. Instead, it
> > > puts the network in cybermotion through a
> > > continuous change of "Internet Protocol" addresses --
> > > the chain of digits underlying the Web to route traffic
> > > to its destination.
> > >
> > > The Invicta system uses special cards to link
> > > protected computers to a central control unit. It lets
> > > clients decide how often they wish to vary IP addresses
> > > and specify which applications may be accessed on
> > > their network. The number of IP addresses drawn on may
> > > be in the billions thanks to an artificial increase in
> > > cyberspace, Sheymov said.
> > >
> > > I've been pretty busy lately so this could have been discussed on
> > > this mailing list and I could easily have missed it.
> > >
> > > Anyway, changing ip addresses once a second would seem to
> > > make it pretty tough for DNS servers to keep up. And even tougher
> > > on maintaining a connection to the host.
> > >
> > > Eric Johnson
> > > -
> > > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > > "unsubscribe firewalls" in the body of the message.]
> > >
> >
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
> >
>
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
