Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

9/30/2015
04:30 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

DHS Funds Project For Open Source 'Invisible Clouds'

Cloud Security Alliance and Waverley Labs to build software-defined perimeter (SDP) to protect cloud and critical infrastructure from DDoS attacks.

The Department of Homeland Security is teaming up with risk management firm Waverley Labs and the Cloud Security Alliance to start working on an open source Software Defined Perimeter (SDP) that they hope can help federal agencies and the IT industry at large better protect cloud and critical infrastructure from distributed denial of service (DDoS) attacks.

The idea behind SDP is to only allow TCP connections from pe-authorized users and devices, with the ultimate goal of creating 'invisible clouds" by eliminating DNS information or IP addresses from application infrastructure.

"The multiple layers include completely hiding your critical servers behind what we're calling a dynamic firewall where you completely remove all the rules, have a deny-all at the firewall level and then punch holes through the firewall when the user needs access to the application that is  sitting on a server," says Juanita Koilpillai, founder & CEO of Waverley Labs. "This architecture is designed for you to secure all layers, not just layers one through four--which is what most products do--or to secure the user access, which is a different layer but is not tightly integrated with the communications layer so you can access the application securely."

Currently commercial SDPs are already gaining traction at enterprises such as Coca-Cola, says Jim Reavis, CEO of the CSA. DHS is pouring approximately $630,000 into this project in order to open-source components that make up the model.

"We are already seeing success with commercial SDP deployments by Global 100 corporations and we are pleased to see Waverley Labs advancing open source development of SDP for the Federal Market," Reavis says. "We believe that federal agencies will find many applications for this DHS-funded SDP project in protecting both legacy IT assets and cloud services of all classification levels."

As Waverley makes progress on the project, Koilpillai says that she hopes to start first with the initiative to help user hide servers from attackers by offering up SDP gateway technology as the first open-source technological component.

"There's no need for your servers to be listening for connection--maybe listening for legitimate traffic, that's it," she says. "The controller and gateway combination is the first thing we're putting out open source and we're working with DHS to figure out what else we need to make open source to help the community adopt SDP faster."

 

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
bpaddock
50%
50%
bpaddock,
User Rank: Strategist
10/5/2015 | 10:44:32 AM
Tax dollars to reinvent Port Knocking?
DHS is reinventing very old tech called Port Knokcing?  Can I get the funding for telling them that? :-)

en.wikipedia.org/wiki/Port_knocking

lebelt.info/old/?item=webknocking_en

 

 
Ecoloman
50%
50%
Ecoloman,
User Rank: Apprentice
10/1/2015 | 12:39:37 PM
The future is found in open source software
Very good article. The future is found in open source software.
We must continue in this direction.
Aviation Faces Increasing Cybersecurity Scrutiny
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/22/2019
Microsoft Tops Phishers' Favorite Brands as Facebook Spikes
Kelly Sheridan, Staff Editor, Dark Reading,  8/22/2019
MoviePass Leaves Credit Card Numbers, Personal Data Exposed Online
Kelly Sheridan, Staff Editor, Dark Reading,  8/21/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2016-6154
PUBLISHED: 2019-08-23
The authentication applet in Watchguard Fireware 11.11 Operating System has reflected XSS (this can also cause an open redirect).
CVE-2019-5594
PUBLISHED: 2019-08-23
An Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI.
CVE-2019-6695
PUBLISHED: 2019-08-23
Lack of root file system integrity checking in Fortinet FortiManager VM application images of all versions below 6.2.1 may allow an attacker to implant third-party programs by recreating the image through specific methods.
CVE-2019-12400
PUBLISHED: 2019-08-23
In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this im...
CVE-2019-15092
PUBLISHED: 2019-08-23
The webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress allows CSV injection in the user_url, display_name, first_name, and last_name columns in an exported CSV file created by the WF_CustomerImpExpCsv_Exporter class.