Moving Beyond the Internet of Insecurity

BrandPost By Tempered Networks
Nov 08, 2017

istock 629666970
Credit: iStock

There’s a fundamental conflict between providing access to networks and securing sensitive data and systems. And when the network is based on Internet protocols designed to allow any computing device to communicate with any other, it creates an environment ripe for hacking, deception, and data breaches. It also produces a never-ending tug-of-war between IT organizations and the business units and customers that are clamoring for ease of use. 

As Enterprise Strategy Group (ESG) points out in a June 2017 report, “IP addresses essentially changed the world—from communication to commerce—but they were designed only to identify location and enable reliable connectivity. They were not built to establish identity or deliver security.” 

Nobody foresaw the IP security risk

The reality is that the Internet’s potential far exceeds the expectations of its early founders, both in terms of the good and the bad that it can perpetuate. 

“Those who helped design this network over subsequent decades focused on the technical challenges of moving information quickly and reliably,” explains a Washington Post article. “When they thought about security, they foresaw the need to protect the network against potential intruders or military threats, but they didn’t anticipate that the Internet’s own users would someday use the network to attack one another.” 

Not only that, but hackers can create “botnets” using hundreds of thousands of devices to target business networks and websites with debilitating streams of automated requests that can cause servers to crash. And the problem is only going to get worse as the Internet of Things (IoT) evolves. 

“The market has been flooded with inexpensive devices—webcams, baby monitors, thermostats, and yes, even yoga mats and fry pans—that connect to the Internet, each of which has its own IP address,” Bernard Marr explains in a Forbes post. “But these devices have little or no built-in security, and even when they do, users often neglect to even take the basic step of setting a password for them.” 

Hackers have it easier than users

So even as individual users struggle to configure home IP networks, sophisticated hackers are able to take advantage of a fundamental flaw in the TCP/IP protocols on which internet addressing is based. 

“Simply put, the security problem is caused by TCP/IP’s use of a connected device’s address to serve the dual purpose of identifying the device, as well as providing its location on the network,” writes Marc Kaplan, vice president of Security Architecture & Services at Tempered Networks. “This results in a network vulnerability that is very visible to, and easily spoofed by, hackers anywhere in the world.” 

Fortunately, there is a way to resolve this flaw. The answer is to separate the identity from the network address location. In the view of Tempered Networks, that means moving away from Address-Defined Networking based on IP addresses for device identity to Identity-Defined Networking (IDN) where only trusted cryptographic identities bound to hosts or services can connect. 

Building on the open standard Host Identity Protocol (HIP), Tempered Networks’ IDN creates a network fabric overlay to the Internet that provides cloaked and unbreakable network segments. Not only does it eliminate up to 90% of attack vectors, but it dramatically reduces provisioning and ensures that any trusted (or whitelisted) IP device can join the network fabric and be protected and managed by HIP services. 

To learn more about Identify-Defined Networking from Tempered Networks, download the ESG Lab Report.