Networking systems and individual applications have traditionally been defended using signature-based
tools that protect the perimeter, many times to the detriment of service, performance, and information
flow. These tools require knowledge of both the system on which they run and the attack they are
preventing. As such, by their very definition, they only account for what is known to be malicious and
ignore the unknown. The unknown, or zero day threat, can occur when defenses have yet to be
immunized via a signature or other identifier of the threat. In environments where execution of the
mission is paramount, the networks and applications must perform their function of information
delivery without endangering the enterprise or losing the salient information, even when facing zero
day threats. In this paper we, describe a new defensive strategy that provides a means to more
deliberately balance the oft mutually exclusive aspects of protection and availability. We call this new
strategy Protection without Detection, since it focuses on network protection without sacrificing
information availability. The current instantiation analyzes the data stream in real time as it passes
through an in-line device. Critical files are recognized, and mission-specific trusted templates are
applied as they are forwarded to their destination. The end result is a system which eliminates the
opportunity for propagation of malicious or unnecessary payloads via the various containers that are
inherent in the definition of standard file types. In some cases, this method sacrifices features or
functionality that is typically inherent in these files. However, with the flexibility of the template
approach, inclusion or exclusion of these features becomes a deliberate choice of the mission owners,
based on their needs and amount of acceptable risk. The paper concludes with a discussion of future
extensions and applications.
Today's networks must maintain functionality in an ever increasing threat environment. To date, many of the PDR (Protection, Detection, Reaction) mechanisms have focused on technologies to defend systems while maintaining consistent network presence. In this paper we discuss a dynamic network schema wherein system protection is accomplished through a unique implementation of IP roaming. This method is shown to mask a system on a network undergoing various types of attacks while maintaining connectivity with trusted clients. Additionally, this method
allows for new clients to associate without heavy authentication or knowledge of the remote systems IP Roaming status. This paper will show the advantages of implementing this unique method of IP roaming with the goal of minimizing system overhead and maximizing sustained connectivity.
In technology the notion of beyond state-of-the-art often begins when a paradigm is shifted. In this paper the
authors present their work which has fundamentally enabled an enterprise to insure operational viability
under the very real cyber facts: "we are under constant attack, it is a hostile space and we can control the
point of contact." That point of contact is the optical bit stream which is currently beyond the scope of the
standard cyber toolset. EverisTM, in working with our customers, has developed the tools to capture, view,
analyze, and control the correlative (interdependent network, metadata, data and users) information as it
traverses the core, regional, and global fiber optic networks. This capability to visualize below the
operational picture afforded by current network intrusion detection systems can be combined with real-time
intervention at the network core yielding prioritization, identification, and authentication of authentication.
This directly translates into sophisticated end user interaction across the interdependencies often viewed as
the "cloud". Everis has demonstrated unique applications based on this capability that includes mitigation of
DDOS (Distributed Denial of Service), identification of "forged" IP (Internet Protocol) addresses, malicious
executable destruction, WAN (Wide Area Network) IPS (Intrusion Prevention System) and connectionless
routing vs. connection based switching.
The development and widespread use of IR systems which utilize the recently developed thermal stabilized or uncooled Silicon microbolometer focal planes can be enhanced if attention is paid early on to developing specifications of performance which will allow for commonality between systems. An assertion is made that for a vast majority of systems, a common set of building block components can be created and, through economies of scale, enhance the early development and fielding of new systems without having to wait for an individual system's volume to become great enough to bring system costs down. This building block approach will be discussed along with some potential interface characteristics.