Author: Carl Nerup

You lock your front door, right?   Do you also lock the back door?   What about your windows?   Well – duh – of course you do, common sense requires you at least do the basics to protect your home and family.

So, back to Katy.   Did you know the phrase “Katy, Bar the Door’ goes back to 1437 with the Scottish King James I?   Turns out the King was in Perth and a few of his more discontented subjects wanted to have a word.  Tragically, the room that King James was in had a door that was missing a locking bar.  The story goes that Catherine Barlass tried to save him by barring the door with her arm. Her arm was broken, and the mob murdered the King. Hence, the term the ‘lass that barred the door‘ was born and commemorated in Dante Gabriel Rossetti’s poem The King’s Tragedy in 1881.

In this case, we treat VPNs as the lock for the front door of our connected devices.  But, what about the back door, or your windows?  Remember there is always an angry mob coming for your device.

So, “Katy bar the front door, the back door, and the windows!”   This is an overly simple analogy for leveraging defense in depth – just in case someone tries to breach one of your many entry points.  You sure do not want your laptop to suffer the same fate as the Scottish King.

Use your VPN, but then add a Protocol Break, and a Firewall.  Now we have protected three potential threat vectors to your connected device.   Is this enough?  No, but what do you think your insurance agent might say if you failed to only lock your front door?  Heck, what would Katy say?

Aegis Secure is now making a world class Enhanced Retransmission device (ERD) to give you a way to lock the back door and windows as part of your Defense in Depth protection for your connected devices (a VPN is the front door).   In collaboration with Cog Systems, Aegis Secure is now offering a commercial ERD that gives you a Firewall & Protocol Break through a simple 2” square device you tether to your connected devices to bring these added security features to your end user device.

Aegis Secure helps you bar the doors and windows, in partnership with your VPN.

In honor of Katy, let Aegis Secure help you bar the doors and windows.  Ping www.aegis51.com to help you realize Defense in Depth for yourself and everyone in your company.

Defense in Depth is as synonymous to cybersecurity as frosting is to cake.

So, indulge me. It is your birthday, good on you for making it another year around the sun and to celebrate most folks would normally hope for a cake. If it is my house, you even get to pick what type of cake you want to help celebrate your special day. Now, it is the big day with your family and friends and out comes your celebratory dessert – a sheet cake. Be honest, you are still glad to get a cake (better than a bag of Twizzlers) but a sheet cake?

Yes, you are disappointed because if you are truly honest you were hoping for a layer cake. A robust three-layer cake with candles on top burning bright. Why the three-layer cake? The extra frosting protecting the three layers of stupendously tasty cake in between make all the difference. This is the difference between simply meeting the requirement and exceeding it.

So, if we stretch this overly simplistic analogy to your organization’s cybersecurity approach for your connected devices – a VPN is the sheet cake. A sheet cake should not be the extent of the cybersecurity approach for your employee’s connected devices (Mobile, Tablet, Laptop).

Defense in Depth is a layer cake. You deserve a layer cake. The world demands it for the protection of your privacy and critical data.

Let’s add some layers to your Defense in Depth approach for your connected devices. The VPN is the bottom layer, a Firewall is the middle layer, and a Protocol Break is the top layer. Now wrap it in an easy to configure admin/ user interface for frosting and you have delivered on the promise. You deserve it.

Aegis Secure

To meet this need, Aegis Secure is now making a world class Enhanced Retransmission device (ERD) to give you the top two layers to your Defense in Depth protection for your connected devices. In collaboration with Cog Systems, Aegis Secure is now offering a commercial ERD that gives you those added layers (Firewall & Protocol Break) with a simple device you tether to your connected devices to bring these added security features local to the end user.

You deserve it, you need it, and if you are honest with yourself – you want it.  You want the Enhanced Retransmission Device for your connected devices. Just like you want a layer cake for your big day.

Happy Birthday.

Ping Aegis Secure to get your Layer Cake and realize Defense in Depth for yourself and everyone in your company.

 
The saying, “Your Money or Your Life,” comes from the dreaded Highwaymen who were “as common as crows” between 1650 to 1800 in rural England. Travel was already hazardous due to the absence of decent roads and a lack of general rule of law. No one rode alone without fear of being robbed. In fact, travelers often wrote their wills before hitting the road.

Your phone is your life.

Not only when you consider all the time you spend on your phone (about 4.5 hours a day), but all the things that you keep in it. Think about it – 1) how would you call anyone since you have not memorized a number in a decade? 2) add all your banking, health, work, and social information; and then 3) it is now your electronic ID/ primary authenticator among everything else. What would you do if your phone disappeared? Is it the end of your life as you know it?

The 21st Century Highwayman.

Bring up ransomware and everyone knows what you are talking about thanks to the 21st Century Highwaymen who are shutting down hospitals, factories, power plants, and banks. Only your imagination limits what they attack next – and your phone is on that list.

It Happened, Now What?.

The dreaded ‘YMCA’ Ransomware attack has hit your mobile phone. It locks the phone, and it plays an un-ending loop of ‘YMCA’ by the Village People. Sure, ‘YMCA’ is fine in small doses – but not endlessly. You can make it stop – just pay the Highwayman!! Your ransom? Send $1,500 in Bitcoin to some random account. After all, it’s “your money or your life.”

Hold on, you say. This is not my fault! It is the hardware, an app, or the carrier allowing the bad bits get to me! The Highwaymen are not stupid, and the Highwaymen undertake rolling attacks of the ‘YMCA’ ransomware – hitting random manufacturers in dispersed geographic regions to keep the problem on the user. None of the hardware, app or carrier players are going to pay your ransom, but they will pay dearly in brand damage for failing to even attempt to prevent attacks with tools adoptable today from the folks at Cog Systems. Not to be cynical, but why would you even ask for help from the hardware, app and carrier providers?

No insurance exists for the attack of the ‘YMCA’ ransomware – it is on you. But at least you have a choice: 1) Pay the ransom ($1,500); or 2) Buy a new phone ($1,200) and then reinstall and configure your apps.

“The more things change, the more they stay the same.” Who would have thought that an aphorism by Jean-Baptiste Alphonse Karr from 1850 would still carry so much relevance today? The dreaded Highwayman to the ‘YMCA’ Ransomware attack separated by just 200 years.

The ‘YMCA’ Ransomware attack is coming.

Did you write your will?

Protocol is the standard set of rules that allow all of us to communicate with each other using the proper procedure for conduct. Not that protocols do not change over time, or that they may be different by culture, but they do establish the norms for a safe and secure method for all of us to get along.

However, if you will allow, let me propose the counter-intuitive argument. Breaking protocol can lead to better living in one area – Ultra-Secure Mobility™.

As we look to how data is transmitted over a network, of course, it is governed by Protocol. This Protocol is a set of communication agreements, which ensure that as long as both sides of a communication channel adhere to it, the data gets delivered correctly. This protocol does two primary things: 1) that the data gets routed in the right direction; and 2) that it is chopped into parts where needed and reassembled again where possible. These protocols can also govern some other very complicated things like compression, tunneling, load balancing, authentication, caching, spooling, and all kinds of things to make the communication go smoothly.

However, these Protocols only work under the condition that both sides are cooperative. Security attackers leverage this ‘trust’ by not being cooperative for the express purpose of working to find an attack vector.

There is an answer. Introduce a Protocol Break.

A protocol break consists of two components that sit between the sender (upstream) and the receiver(downstream) of a message. The first component is a “catcher”, which, while adhering to the protocol, strips all traffic control data from the data it receives, and keeps only the payload data. The second component is a “thrower”. The thrower does the opposite: it takes bare payload data and sends the payload to another system by means of a chosen new protocol. To do this successfully, the thrower does all the complicated things that are necessary to adhere to this new Protocol specification.

For example, in a “protecting secrets” scenario it can generally be assumed that the attacker has access to the upstream network. From the upstream network, the attacker could attack the downstream network by abusing a design flaw in one of the systems on the downstream network. Though the attack may still cause harm in terms of availability on the downstream network, the Protocol Break effectively cuts out those attack vectors which live in the traffic control data from getting downstream.

In our view, Better Living through a Protocol Break can be achieved for the broader market – especially for IoT or Connected Devices.

At Cog Systems, we build solution that rely on a defense-in-depth resilience that includes an architecture that is layered, isolated, and modular, with commercial off-the-shelf hardware and software.

The Ultra-Secure Mobility™ product has been a market need forever in demand by discerning customers that require a scalable, user friendly, and affordable product. At Cog Systems, the standard by which we measure success in this category of Ultra-Secure Mobility™ rests on three planks that fulfill a combination of the following: 1) high assurance, certified security; 2) end-user defined privacy; and 3) a top-notch user experience. Bonus points if it can be delivered on a commercial device that allows for both the obfuscation of the capabilities embedded and at a reasonable price point.

Some past and present build attempts to address this need for an Ultra-Secure Mobility™ product resulted in bespoke devices that rely on security through obscurity, using proprietary hardware and software components from the handset manufacturer. These attempts often lead to transparency issues related to chain of trust, dubious privacy, and almost certainly a clunky user experience. Even in the mass market, where mainstream device manufactures deliver on the user experience by leveraging the Android ecosystem, they often do not support the latest versions of Android or security patches and certainly do not even acknowledge privacy as a basic tenant of their delivery. Whether through bespoke or mainstream devices, the market is left wanting for a true Ultra-Secure Mobility™ solution.

It is our view at Cog Systems, that customers should not have to rely on point solutions that deliver security through obscurity or privacy through open inspection, however, but rather on a defense-in-depth resilience that includes an architecture that is layered, isolated, and modular, with hardened commercial off-the-shelf hardware and software.

Cog Systems is developing a commercial, Ultra-Secure Mobility™ product by building on a foundational approach that leverages type-1 virtualization using formal methods resulting in never-before-seen security, privacy, and a superb user experience – all maintained with three years of guaranteed security patches and android updates.

At Cog, we do not, and will not, compromise in our effort to deliver on the full premise of the ultra-secure mobility promise. It is our view that our approach is the most robust and cost-effective method of delivering the long-awaited solution to the Ultra-Secure Mobility™ segment.