How to Hide Your Address from Clever Hackers

Locked in a pitched battle with cyber-attackers, organizations are nonetheless forging ahead with aggressive cloud and “Internet of Things” initiatives that drastically increase their threat exposure. Holding back progress is not a viable option, so it’s time to come up with an effective defense strategy that effectively cloaks network assets from the bad guys. That’s what Tempered Networks is offering with its Identity-Defined Networking (IDN) architecture, based on the Host Identity Protocol (HIP). 

Essentially, IDN provides a network fabric overlay to the Internet, overcoming the inherent weakness in TCP/IP that uses IP numbers for both identification and location. That flaw makes it simple for hackers to probe and discover IP addresses, while also making it extremely complex to manage devices that move from one server to another. 

CryptoIDs

IDN instead creates a cryptographic identity for each authorized device. By de-coupling the identifier and locator functions of an IP address, the address instead functions only as a resource locator for devices equipped with unique CryptoIDs. With IDN products, Tempered Networks says it can hide (or cloak) mobile endpoints, IoT devices, and cloud computing assets by removing the IP footprint of any device from the underlying network. 

The company’s HIP-based appliances cloak critical network resources from would-be attackers by ensuring that only devices on a trusted white list can view, query, or detect them. Those appliances are available in physical and virtual form factors suitable for any environment, including branch offices, kiosks, drilling rigs, production facilities, and other remote sites that communicate over public or private shared networks. 

“The Tempered Networks solution uses cryptographic host identities to improve security beyond the traditional IP network,” says the Enterprise Strategy Group in its test report. “ESG Lab validated the ability to quickly and easily create secure, encrypted communications channels that are isolated from other network traffic. ESG Labs also enabled secure communications between non-routable devices and secure peering across different cloud regions and providers. These tasks were simple to execute, took only minutes, and did not require changes to the existing infrastructure.” 

Mitigating threat exposure

Technology research firm IDC says that cloaking the IP footprint of endpoints can mitigate the threat exposure of servers, hosts, and services, thereby reducing the overall number of attack vectors. 

“This reduction translates directly into a simplification of the network security architecture—reducing the number of firewall rules, simplifying the firewall rules that are still required, simplifying and streamlining network routes, reducing the range of traffic requiring inspection, and mitigating the impact of malware through proactive and remedial micro-segmentation,” IDC states in a Technology Spotlight. 

“The outcome of deploying an IDN overlay is the ability to connect, protect, move, failover, and disconnect any resource globally, instantly,” Tempered Networks explains in a white paper detailing its architecture. “While enabling instant provisioning and revocation for any connected system within the overlay fabric, up to 90% of an organization’s attack surface can be reduced, significantly lowering business risk.” 

For more information on IDN, go to Tempered Networks’ overview.