Hop Sphere Radius Security Stops Hackers – Not Even A Login Prompt.

“Half the recent outbreak of security breaches could be stopped by implementing Hop Sphere Radius Security”.

Choose Each Device’s Hop Sphere Limit – Even If Firewall Fails – Device Stays Within Limits – Lowering Risk

Web Servers

  • Internet
  • Internal Users
  • VPN Users
  • Datacenter Devices

Databases

  • Internet
  • Internal Users
  • VPN Users
  • Datacenter Devices

File Servers

  • Internet
  • Internal Users
  • VPN Users
  • Datacenter Devices

Users

  • Internet
  • Internal Users
  • VPN Users
  • Datacenter Devices

Bill Alderson, gained notoriety for helping the Pentagon recover communications immediately following 911 with his five person team, produced a 100 page report outlining how to solve communication issues and how to further secure the Pentagon. Bill was asked to assist because of his commercial experience with 75 of the Fortune 100, stock market, insurance and financial organizations. He has since been to Iraq and Afghanistan six times to assist the DoD with computer network and bio-metric identification systems that track down insurgents around the world. Bill developed curriculum, trained and certified over 3,000 NetAnalyst Forensic Analysts.  Teaching detailed TCP/IP Internet theory to challenging highly critical thinkers produced a unique working knowledge helping the development of this solution.  Bill’s passion for networking started at Lockheed, Sunnyvale California allowing him to analyze network packets since 1980. Later in the 1980’s Bill joined Network General Corporation as Manager of Secure Systems & Volume Accounts. Network General produced the first application layer network analyzer. Bill worked for two innovative Phd’s, Dr. Harry Saal and Dr. Len Shustek.  Harry, Summa Cum Laude, Columbia University, High Energy Physics and Len, a Computer Science professor at Stanford.  Len’s success allowed the endowment of the Computer History Museum in the shadow of Google headquarters in Mountain View California. Bill was previously a Technology Officer at NetQoS / CA Technologies.

Recently speaking at a U.S. Military Cyberspace Symposium, Bill was reminded how successful hackers have been in both commercial and military networks. For the next two months Bill put his mind to effective ways network theory and practical experience of 36 years solving complex security problems could help stop this problem, thus, Hop Sphere Radius Security was born.

Hop Sphere Radius Settings Example

Hop Sphere Radius Security requires selection of a maximum communications radius for each managed device. The sphere chosen depends upon how far and wide the device should communicate before its packets expire and are discarded by Internet routers. The solution does not depend upon a firewall or other devices, only the device itself determines how far it will communicate.  Once the radius is reached the packets are discarded preventing communications.

Back-end Databases should only be able to communicate with Web Servers other Data Center devices, but certainly not the Internet and often limit access from Internal Users and VPN’s to avoid Internal compromise. File Server should be available to Internal Users/VPN but certainly never the Internet.

Web Servers have multiple Interfaces or VLAN’s.  It should be limited to Data Center radius inside the Data Center and on the Outside Internet Facing Interface it should be limited to the Internet Radius Sphere it serves.  If serving a Region such as New York City, it should be limited to that radius.  If a national Web Server then National, if International it should be determined if far away remote countries are to be served.  For instance, why would a U.S. Military Server want to allow deep China or India to connect? Limiting a Web Server that is primarily servicing the United States, it makes sense to keep it with a low Hop Sphere Radius to protect it from far away remote countries that might wish to hack U.S. Military Servers.

Network devices may not wish those same far away countries to be able to connect to them either, so limiting Routers to access from “within the Rule of Law” where the FBI can visit a hacker directly might be something to consider.

The Proxy Server on the Internal side should limit to the Radius of the Internal Network, and on the Outside, there may be multiple Internet interfaces for High, Medium and Low security outgoing visitors by virtue of the Internal User’s security needs. When a Proxy is used, the Proxy takes care of the Hop Sphere limits for the Users.

When Internal Desktops or Laptops directly connect to the Internet through a firewall, the End User’s Hop Sphere Radius should be set for a much safer radius than the entire global Internet.

Printers should never connect to the Internet despite vendor’s allowing them to update through the Internet.  They should be limited to the Hop Sphere of the Internal Network.

Hop Sphere Radius Security is a system that determines the correct radius through advanced analysis, appropriate settings and diligent monitoring.

The system prevents communications by denying consummation of Internet Protocol’s Transmission Control Protocol (TCP) three way handshake termed Syn-Syn-Ack.

For most Hop Sphere Radius Security will work immediately and very well providing many security benefits, less risk and fewer nuisance attack attempts because the attackers are beyond the Hop Sphere Radius.

Share This