Data Breach Obviation – Hop Sphere Radius Security
A puppy runs toward the path of a truck – as disaster looms, a choker chain limits travel, saving the pup. Similarly, Hop Sphere Radius Security limits data exposure outside the data center. It’s like a “choker chain” on server packets, limiting communications – obviating data compromise.
It’s like a “choker chain” on server packets, limiting communications – obviating data compromise.
What does “obviation” mean? It just doesn’t happen, hackers “can’t even get a login prompt”. Security Obviation can be categorized as a capability that stops the hack before it happens.
Hop Sphere Radius Security Stops Continual Far Away Hack Attempts From The Deep Web
Unsophisticated hackers (script kiddies or terrorists) intent on harm download hacking scripts from smarter hacker-coders who provide automated scripts for “kiddies” less capable to use, thus termed “script kiddies”. Or worse, our own National Security Agency (NSA) developed hacking tools, themselves compromised, now provide hackers automated methods to seriously compromise systems. The preponderance (80%) of the sources of those hacks are from far-away remote countries termed the “deep web”. Thousands of these scripts run 24/7 aimed at high value targets from deep web hackers. Many are lulled into false security thinking firewalls will defend – every hacked organization has employed firewalls, and all Cisco firewalls can be compromised by recently compromised NSA tools if not updated recently. Expensive security products engage the hack attempt, identify it, log and report it, then mitigate the attack.
Or worse, our own National Security Agency (NSA) developed hacking tools, themselves compromised, now provide hackers automated methods to seriously compromise systems.
Sophisticated security products are massively complex and expensive:
- Product cost & high resource consumption
- Time to implement – many months
- Operations cost – recurring
- Constantly need updates
- Are grossly overloaded processing and logging real and nuisance script kiddie attempts from far away devices in the “deep web” (Bulgaria, India, China, Russia), beyond the rule of law, the origin of 80% of attacks outside the United States.
Sophisticated security products are needed but are so expensive they are not widely implemented. Hop Sphere Radius Security makes sophisticated security products more affordable by lowering the cost of product sizing and platform costs.
Sophisticated security products are grossly overloaded processing and logging real and nuisance script kiddie attempts from far away devices in the “deep web” (Bulgaria, India, China, Russia), beyond the rule of law, the origin of 80% of attacks outside the United States.
Hop Sphere Radius Security can reduce up to 80% of the workload on sophisticated security products by eliminating continuous nuisance script kiddie attacks from far away Internet locations. Using Hop Sphere Radius Security, 80% or more of frivolous attacks are reduced, allowing sophisticated security products to perform higher granularity analysis with improved fidelity. Hop Sphere Radius Security methods forces hackers into the open, to operate closer-in where greater accountability and enforcement is possible.
Hop Sphere Radius Security powerfully helps prevent database compromise. Preventing hackers from “even getting a login prompt” keeps the database safe inside the datacenter – and costs little more than the one time to set TTL lower. No capital spending, no vendor pressures, no negotiations, no product installation, no product training, no maintenance contracts, no updates, no patches and no massive product operations expenditures and years to implement. Inexpensive, a best practice, ready to implement, and highly effective. The solution compares to products with associated operation costs exceeding $1 million and when used in conjunction with sophisticated security products it can save millions obviating far away nuisance attacks that consume firewall processing and manned operations research. Hop Sphere Radius Security TTL settings make databases appear stealth outside the limited Hop Sphere.
Hop Sphere Radius Security compares to products with associated operation costs exceeding $1 million and when used in conjunction with sophisticated security products it can save millions obviating far away nuisance attacks that consume firewall processing and manned operations research.
Bill Alderson the founder of Golden Goose Security, formerly Technology Officer at NetQoS/CA Technologies trained over 50k technologists in 27 countries in network deep packet security theory, certifying over 3000 NetAnalysts, Bill was called upon to assist the Pentagon (recommended by both Meta and Gartner) immediately following the 911 disaster, deployed with US Central Command 6 times to Iraq and Afghanistan to help with large scale network problems with DoD Biometric systems solved using deep packet network analysis, assisting Army programmers through network analysis and simulation at Ft. Huachuca. Government and 75 of the Fortune 100 organizations have benefited from Bill’s services. Bill’s Bio
Book a meeting to discuss applying Hop Sphere Radius Security
Caution: Content below is very technical.
Learn Hop Sphere Radius Security Essentials. Click to watch animation
A server’s Time-to-live (TTL) value sets the limited number of router hops a server’s packets can travel before being discarded. Time-to-live, TTL is the choker chain for high value server data. Limiting server packets safe inside the data center.
Time-to-live TTL=default, starts as high as 255 router hops allowing dangerous unlimited worldwide communications. With TTL starting lower, it’s like running out of fare on the tollway, routers discard packets when Time-to-live TTL=0. Imagine a “router” as a “toll taker” decrementing fare or -1 HOP through each router until after reaching zero (0) the packet is discarded. For instance, if TTL=4 packets can only traverse 3 routers before packets expire and are discarded.
Here are some example TTL values to achieve limits. (Actual TTL needs to be analyzed from location)
- TTL=1 No routing
- TTL=4 No communications outside the data center.
- TTL=8 No communications outside an internal network
- TTL=12 No communications outside a regional area
- TTL=15 No communications outside a state
- TTL=18 No communications outside the nation
- TTL=22 No communications outside developed countries
TTL=default values of 64, 128, 255 allow dangerous unlimited worldwide communications enabling hackers around the world to hack systems 24/7.
Default TTL values of 64, 128, 255 allow dangerous unlimited worldwide communications enabling hackers around the world to hack systems 24/7.
Once routers decrement the TTL to zero, they discard the packet, stopping it from continuing. Each packet starts out with a TTL/HOP value, up to 255 router hops. As a packets traverse routers, TTL value is decremented by one (-1). Microsoft uses TTL=128 as default value, but each device can be configured between 0-255. Its original purpose was to prevent packets from spinning in a loop indefinitely consuming bandwidth and resources. By using this feature to starve the TTL, setting it lower than its default, it limits the radius of communications. If TTL=4 a server’s packets can traverse only 3 routers and be discarded.
Greater Technical Explanation Animation of SQL Injection Solution Using Hop Sphere Radius Limits Video
Hop Sphere Radius Security uses the knowledge and power of network theory existing in every network device and router. Prevention is accomplished by setting the Time-to-live TTL=x where x=max number of router hops inside datacenter.
After applying, hackers cannot directly connect to the database outside of the datacenter. Inside users nor outside Internet users can communicate with the database because packets from the database expire at the border of the datacenter. Even if firewalls were to allow communications, Hop Sphere Radius Security settings prevents packets from leaving the data center.
Example. If the datacenter has a maximum of 3 router hops from end to end, the TTL set on the database is set to TTL=4 meaning packets sent from the database would start with TTL=4. The first router would decrement by one down to TTL=3, the second router would decrement TTL2, the third router would decrement TTL=1 and the fourth router would stop the packet, discard the packet from further communications as the TTL=0 preventing any further communications.
With the database set TTL=4 no devices further than 3 router hops can communicate with the database. With or without a firewall, the database can only send through three routers and its packets expire and are discarded.
The TTL=4 setting can be set from its default value which is typically 64, 128 or 255 depending on the database platform used. Microsoft uses 128 and Unix variants are 64 or higher. The setting requires root or administrator credentials to change the setting and sometimes requires a restart to enable the setting. Once set, the device because of the way routers operate will not allow packets to travel through more than 3 routers.
DHCP Options Can Speed & Simplify Implementation
TTL settings can be accomplished using DHCP even easier without changing the device settings directly. Dynamic Host Configuration Protocol (DHCP) set TTL by using Option 23 to TTL=x. The device can be set by DHCP Reservation so it receives the same IP address and options each time.
Databases typically only transact with middleware, web or application servers which are inside the datacenter. Databases also need access to LDAP, AD and NTP for security and time settings which are also inside the datacenter.
Hop Sphere Radius Security protects databases from transacting with devices outside the Hop Sphere setting, while enabling communications with appropriate devices inside the Hop Sphere.
Hackers cannot get so much as a login prompt to use lost or stolen credentials or use credential cracking methods.
This security layer is highly effective stopping internal users or Internet users from identifying the device as port scanning does not respond to scans preventing the hacker from even knowing the device exists with an ICMP Ping or Application Port because the response packet expires and is discarded by routers. Hackers cannot get so much as a login prompt to use lost or stolen credentials or use credential cracking methods.
Bill Alderson can be reached at GoldenGooseSecurity.com
Consider these other benefits of Hop Sphere Radius Security:
- This solution: Stop database compromise
- Stop hacker inside pivot point acquisition
- Stop IoT use as pawns in Denial of Service attacks – i.e., camera’s
- Stops access to medical or biomedical equipment
- Stop access to systems using lost or stolen credentials
- Stop hacking of web servers from far away hackers in foreign countries
- Stop email spam from far away hackers in foreign countries
- Stop browser users from web malware far away hackers in foreign countries
- Stop Trojan software from connecting / dropping data to far away hackers in foreign countries
- Stop internet facing routers/switches/balancers from attempted login by far away hackers in foreign countries
- Stop un-patchable legacy devices from attack inside network, internet or far away hackers in foreign countries
- Stop frivolous script kiddies from overwhelming firewalls, load balancers and sophisticated security products, enabling security devices to apply greater granularity and fidelity to real attempts
- Hide devices from being attacked or even being identified by hacker’s scans from “beyond the rule of law”
- Forces hackers to expose their attacks to “within the rule of law” where ISP’s and law enforcement can trace and stop sources of attack more effectively.
- Moves focus to obviation security (not allowing attempts) instead of identifying, preventing and reporting on attempts. Casual hackers move on when they can’t validate device existence, and are forced to move closer where the rule of law can enforce.
- Detection and protection are good, but obviation is best. Hop Sphere Radius Security applies the best practice of security obviation – stopping the opportunity.