Categories
Cloud Computing

The Internet of Spatial Defined Systems with SynchroKnot

What is the Internet of Spatial Defined Systems? and Where does fit in with IoT?

We have heard of Cloud Computing, Data Centers, Edge computing and their numerous expansions and variations. However for the most part the architectures used underneath these Infrastructures and the technologies governing them remain centralized in terms of location and disparate in terms of hardware + software used at that central location.

For example, you may have your cloud computing infrastructure located at a centralized data center. This cloud computing infrastructure is made of up disparate hardware, namely servers, redundant switches & routers, storage [SAN/NAS] and load balancers etc., and run the standard virtualization software like OpenStack, VMware, Hyper-V and so on.

So, in a sense, this standard and expensive business model has locked itself into a myriad of traps. Some of the most important traps are scalability, complexity, security, manageability, maintenance, vendor lock-ins, maintaining of multi-tiered separate teams, time-consuming fixes to problems, and much more.

One method out of this architectural quicksand is to look at the novel approach of the wonderful research done within the IoT industry and adapt it to the systems architecture in a way such that you should be able to use all kinds of systems from embedded devices to desktops, workstations and servers across both wired and wireless networks transparently.

In other words, building a decentralized, automatic cloud and data center which can be rapidly scaled globally within the budget and performance requirements of the end users. Plus, it must have the ability to be kept at locations other than just a data center. Some of the examples of locations are offices, cubicles, basements, apartments, closets, fiber optic hubs, 5G base stations, shops and much more.

This is where SynchroKnot software does it all and takes care of everything. SynchroKnot has made it easy with its software. It installs in minutes and does much more than what the centralized cloud computing technologies and data center put together can do today and what they aspire to be able to do in the future. You can transform any server, workstation, desktop or embedded device into a decentralized cloud or data center [We call it a data decenter].

Apart from just merely de-centralizing, with SynchroKnot, anyone can sell their full or under-utilized hardware resources using Bitcoin, and without involving centralized financial institutions/payment processors.

To alleviate the concerns and criticisms directed towards IoT, SynchroKnot has multifarious real-world security measures built into the software, which are aimed at substantially improving the overall security of decentralized systems.

For SynchroKnot end users, its unique Satellite Tree Protocol allows the inter-connectivity of heterogeneous devices over wired and wireless networks, all automated and fault-tolerant without the need to manage any aspect. This unique network component eliminates the need for physical switches and routers.

There are a multitude of components that you can choose from to build and enhance your Internet of Spatial Defined Systems!

For more information, please visit synchroknot.com

Categories
Cloud Computing

Distributed Fault-Tolerant Authentication Management & Identification Control System

At the rate at which technology today is moving forward with the Internet speeds increasing manifold, with IoT gaining prominence and organizations more distributed across the globe than before, the authentication software, systems and architectures remain fairly primitive.

Among the many reasons attributing to this is corporates that build these authenticating systems and software hold on to these products as their main source of income. The insight and research in these areas has also been fairly mundane. Though there’s been enough research funding, what’s missing has been the intellect and knowledge required to build large-scale distributed and decentralized authentication systems and architectures.

Large-scale authentication systems and architectures used in building them must allow both manned [computers, tablets, phones, virtual machines etc] and unmanned [IoT devices etc] to authenticate and authorize themselves without a centralized bottleneck, as seen in authentication systems like LDAP, Active Directory and others.

As experienced on a daily basis, these centralized authentication systems are not scalable or fault-tolerant without a sane fail-over MTBF [Mean Time Between Failure] causing business disruptions on a regular and long-lasting basis.

■ What can be done about this?

Let us acquaint ourselves with AuthControl. SynchroKnot designed and developed AuthControl as a result of realizing inadequacies in the centralized authentication systems [LDAP & Active Directory].

AuthControl was designed with the following flexibility in mind:

  • Ability for authentication to be either centralized, distributed, decentralized or a combination of these.
  • Ability to be seamlessly and transparently scaled on-demand across the globe with no downtime.
  • Ability to be used by standard operating systems within their security framework without custom or proprietary software, enhancements, modifications or hacks.
  • Ability to be used across all devices that can make a simple https call. and much more.

■ What is AuthControl?

AuthControl is SynchroKnot’s unique Distributed Fault-Tolerant Authentication Management & Identification Control System that serves as a scalable, secure and simple alternative to LDAP, Active Directory and other authentication systems.

In AuthControl, the user[s] can be delegated and made responsible for managing their password. Furthermore, the user’s password SHA512/GOST checksum is kept encrypted.

■ Password + Pin

The user[s] can log in to their virtual machines or physical hardware [eg. computers, tablets, mobile phones etc] with their standard username and password + 5 digit unique pin.

This 5 digit pin is not set by the user, but is rather auto or manually generated per the preference of the organization. Without having to manage separate pins for each user, and the ability to change them on a regular basis, makes logging into systems and authentication for various purposes more secure without adding the burden of lengthy procedures/steps.

Depending on the nature of the circumstance, user access can be restricted/limited by simply changing the PIN.

■ Algorithmically-ascertained decentralized numeric User and Group ID

Authcontrol also has the unique capability of creating operating system specific user and group identities that are unique. For example, AuthControl can create a Linux User ID and Group ID that are unique and always return the same numeric value for the ID.

This unique numeric user and group ID is algorithmically created in a decentralized manner without having to generate, store and poll centralized or distributed databases.

Due to the uniqueness of the user and group IDs, they can be instantly checked for changes/manipulations and reinstated automatically if changed without having to poll, check and compare with central or distributed databases. It can also report/alert in the similar manner.

AuthControl’s strong security is strengthened with the use of inter-leaved mapping of Usernames to their Blockchain IDs and further using blockchain cryptography [not the blockchain network] to ascertain authenticity. This is another unique feature you will not find anywhere else but with SynchroKnot.

■ Fault Tolerant

AuthControl algorithmically checks for failures across multiple geographically-dispersed locations [configurable up to 10] before returning unreachable.

■ Load Balanced

Each user or groups of users can be assigned different geographically-dispersed locations for load balancing [with additional option of fault-tolerance].

■ Scalable

Enable AuthControl in virtual or physical machines, point more users to them, and scale seamlessly and transparently across the globe.

■ Simple

Very easy to set up and manage. Works transparently with Linux PAM without modifying standard PAM modules, and is end-to-end encrypted [uses standard HTTPS for communication].

Since this is just an article for getting acquainted with AuthControl, we refrain from getting into technicalities which might be better reflected in a whitepaper.

■ Below are examples of different methods that users can log in or access resources transparently with their standard Username and Password + 5 Digit PIN:

├─> Graphical Login
├─> Graphical Screen Saver Login [eg. screen lock]
├─> Non-Graphical Login
├─> SUDO – Execute a command as another user
├─> SU – Super User
├─> SSH – Secure Shell
├─> SCP – Secure Copy
├─> SFTP – Secure File Transfer Protocol
├─> SSHFS – Secure Shell File System
├─> FTP – File Transfer Protocol
├─> VNC – Virtual Network Computing
├─> RDP – Remote Desktop Protocol
├─> CUPs – standards based open source printing system
├─> CRON – Execution of scheduled commands
├─> SAMBA – Windows AD and SMB/CIFS fileserver for UNIX
├─> File Manager – Create Network Place with SFTP, SAMBA and FTP
├─> All password requirements via Control Center
├─> Practically anything that uses Standard PAM for authentication!

Below is a direct link to the demonstration video:

AuthControl Demo

Description of the demonstration:

This is a very basic impromptu demonstration of AuthControl. Here both of the virtual machines are enabled with AuthControl and show the following:

■ Login via Graphical Interface

■ Login via Non-Graphical Interface

■ Run a command with SU as another user

■ Run a command with SUDO as another user

■ Login to a remote system via SSH

■ Mount a remote filesystem via SSHFS

■ Use File Manager to create a Network Place using SFTP

All these different types of logins use AuthControl with standard Linux users and password + 5 digit pin. The basic HTTPS traffic is captured using TCPDUMP to show realtime interaction with the SynchroKnot AuthControl when the password is entered in the virtual machines for the purposes of authentication.

Note: This demo was recorded on a severely resource-constrained system. It is up to you to determine the performance.

More information and technical insights can be found @ synchroknot.com

Categories
Cloud Computing

Decentralized Network Security with Interstellars

We have heard about multifarious approaches to network security in the insecure times today with quite a few of them adding additional complexity and manageability to the already complex centralized cloud computing and data center setups.

Interstellars are a part of SynchroKnot Spatial Defined Networking and allow the creation of networks separated and secured directly at Ethernet layer 2. In Cloud Computing terminology, with Interstellars, the tenants have the ability to bifurcate and secure their network of virtual machines across decentralized hardware by simply assigning the virtual machines’ network interface card with a 28-bit Interstellar Identification.

By bifurcating and securing the decentralized network at layer 2, only the virtual machines that have the same Interstellar Identification can communicate with eachother, irrespective of their local or global location.

As an additional benefit, you can save a lot of time and energy by not having to carve separate layer 3 networks and setting up different gateways for them. Further, you may not have to configure the virtual machines to point the gateways you set up to have them communicate!

In this way you can substantially reduce the complexity, manageability and maintainence of networks and also further reduce the risks of misconfigurations which usually lead to security breaches.

Interstellars come built-in with the SynchroKnot software. The SynchroKnot software transforms any server, workstation, desktop or embedded device into a decentralized cloud or data center [data decenter].

You can use any commodity X86_64 Desktop/Workstation/Server/Embedded device and connect them to eachother in minutes.

Here are some of the highlights of how SynchroKnot Interstellar approaches network security by getting directly to the heart of layer 2 Ethernet:

■ Fully Flattens, Bifurcates and Secures the network at Layer 2. Works transparently, irrespective of stacked / unstacked vlans, and without deviating from standard Ethernet semantics.

■ Based on the design and architecture of Interstellar Identification, Interstellar Resonance Identification and Interstellar OUI [Organizationally Unique Identifier].

■ Each vNIC of the virtual machine MAC address has a 28-bit Interstellar Identification. Assign your own choice of Interstellar IDs.

■ Each virtual machine with the same Interstellar ID can communicate with eachother irrespective of their location. All other traffic from the virtual machine is not allowed to touch the network.

■ In the case where a virtual machine needs to resonate [ communicate ] across different Interstellars at the same time, additional Interstellar IDs can be accommodated in the form of Interstellar Resonance IDs. Both Interstellar and Interstellar Resonance IDs remain intact even when the virtual machines relocate to any other decentralized location.

■ Interstellar OUI allows direct interaction of the virtual machines with the existing physical data center infrastructure [ routers, switches, gateways, appliances & devices ]. Simply add the needed OUI(s) [ organizationally unique identifier – a 24-bit number that uniquely identifies a vendor or manufacturer ] and gain transparent access.

■ Interstellars [ in collaboration with other SynchroKnot features ] allow for flexible carving of the IP network(s) of the virtual machines by allowing the creation of large networks [ eg: /7, /8, /16 etc ] without having to set up routing and gateways to move across subnets or worry about broadcasts. The same flexibility is transparently possible with IPv6 and anything usually above layer 2.

More information is available at:
■ synchroknot.com

Categories
Cloud Computing

Strong Network Security with ARPless – Hapless without ARPless?

In the realm of network security we tend to hear a lot of terms like “denial of service”, “man-in-the-middle”, or “session hijacking” and so on. For those deep into the networking and network security field, dealing with these terms is a real-life situation everyday.

Also, keeping up to date with the latest trends, software and solutions is a major part of the knowledge gathering practices.

Although it is near-impossible to have a 100% final solution to the serious issues of denial of service, man-in-the-middle, or session hijacking and similar others, SynchroKnot has approached the underlying cause to help substantially reduce and, in some cases, fully alleviate these issues.

For those unfamiliar, SynchroKnot software transforms any server, workstation, desktop or embedded device into a decentralized cloud or data center [data decenter] in minutes. You can use any commodity X86_64 Desktop/Workstation/Server/Embedded device and connect them to eachother. There is no need to purchase virtualization software [VMware, OpenStack, Hyper-V etc], switches & routers or storage [SAN/NAS].

ARPless is a part of SynchroKnot Spatial Defined Networking and works with the virtual machines of the tenants. It builds a secure vacuum of multi-dimensional layers of security starting with not allowing the virtual machine’s MAC address to be spoofed. Then, it only allows the communication between groups of virtual machines with their matching 28-bit Interstellar Identification assigned to their MAC addresses, and as a last step, securely and intelligently auto-responds to the virtual machines when they make an ARP request so that they always know who is who and where to go. This practically makes ARP spoofing, ARP cache poisoning, or ARP poison routing very difficult-to-impossible.

[It is advised to read the post earlier about Interstellars]

As an additional option, ARPless can be invoked with blockchain cryptography, which ensures that security policies, accountability and awareness are at the same level across the team(s), department(s) and organization(s).

Above is just a brief description. Below are some of the highlights:

■ ARPless creates a secure vacuum for trusted communication between virtual machines, and also with the existing physical infrastructure.

■ ARPless does not allow forced traffic diversion from poisoned ARP caches of virtual machines to reach undesired destination(s).

■ ARPless ignores requests from virtual machines that impersonate the original to force divert traffic or gain access.

■ ARPless securely and intelligently auto-responds to the virtual machines when they make an ARP request [ no agent / software needs to be installed inside the virtual machine(s) ]. It does not allow ARP requests from the virtual machines to get onto the network.

■ ARPless can further limit ARP traffic within the secure vacuum.

■ ARPless practically makes ARP spoofing, ARP cache poisoning, or ARP poison routing very difficult-to-impossible, which in turn substantially reduces the possibilities of other attacks stemming from it, such as denial of service, man-in-the-middle, or session hijacking.

■ ARPless intelligently handles and manages the following opcodes : 1 Request, 2 Reply, 3 Request_Reverse, 4 Reply_Reverse, 5 DRARP_Request, 6 DRARP_Reply, 7 DRARP_Error, 8 InARP_Request and 9 ARP_NAK

We have an excellent video to sharpen your skills at the link below.

■ Network Security with Arpless Interstellar

More information is available at:
■ synchroknot.com