malware to vdi

The Problem with Old Encryption Methods

Encryption is Vital

Mission success depends on organizational data and communications staying protected. It behooves organizations, therefore, to shroud their comms and data with encryption. So why don’t they? Why don’t organizations and agencies rush out and implement at least some form of encryption? Why don’t they make encryption a top priority? Well, it’s not as easy as just pressing a button, but perhaps not for the reasons you think. Let’s examine encryption, some of the things that prevent organizations from adopting it, and some of the disasters that can occur without it.

 

Encryption is Nothing New

As soon as the first person had a secret they wanted to tell another, without the whole world knowing, encryption was born. (We’ve covered some of this before in our blog about Dual Encryption. Take a read for some extra background into the history of encryption.) Encryption of one form or another has been used to protect trade secrets, important communications, and military intelligence.

All encryption is based on ciphers — rules of reorganizing the information so its actual meaning is hidden from anyone who doesn’t know the rules. In a simplistic model, the ciphers work with special keys to lock up the data, and the same key (symmetric encryption) or a different key (asymmetric encryption) unlocks the data and allows it to be deciphered.

Since encryption was first born, however, others have been working hard at breaking encryption. And so, encryption methods have grown more and more complex. The current accepted standard of encryption is AES-256 encryption which creates digital keys 256 characters long. Brute force (i.e., guessing all random combinations) a number that size would take a billion times longer than the age of the universe.

So, encryption has been around a long time, which brings the question again: Why aren’t organizations adopting encryption for all their data and communications?

Encryption Costs Time

Encryption doesn’t just happen. A method must be chosen, procedures must be implemented, users must be trained, and then everyone actually needs to use the encryption. All this disruption to the current way of doing things takes time. Lots and lots of time, especially the “everyone actually using it” part.

Encryption adds extra steps to workflow and users are notorious for going around company policy if it slows down their work. A new report from Symphony Communication Services shows 24% report they are “aware of IT security guidelines yet are not following them;” “27% knowingly connect to an unsecure network;” and “25% share confidential information through [unsecure] collaboration platforms.”

This is very troublesome when incorporating encryption into your organization. For encryption to protect properly, everyone needs to be using it instead of finding ways around it. A report by the Government Business Council showed that of those Defense employees who admit to using their personal devices to conduct agency work, 94% say their devices have not been approved by the agency. Once again, more evidence that users are choosing convenience over security—choosing to save time over protecting the organization. Time, then, is the true cost (and problem) with old encryption methods.

Automated Encryption is the Future

In the future, encryption will be easier for organizations to adopt because it will all be handled behind the scenes. You’ll simply log in to a program (which will handle all the key exchanges and encryption/decryption) and let it run in the background. You will then be able to send encrypted messages as easy as sending a regular chat message—no extra steps needed. You’ll be able to encrypt files that only the specific users you selected will be able to open (even if the user is just yourself). And this encryption will be available on desktop and mobile devices, all working together to ensure your organization’s encryption.

Think that sounds like a pipe dream? Too good to be true? Too far out in the future? What if we told you the future was in the final stage of development and testing, and will be ready for release very soon? It has a name: Conclave. It has a purpose: to make sure you use encryption and protect your organization without all the extra steps. To learn how our automated encryption solutions can help secure your data, users, and organization, please contact us today!

Spawner Storm

Spawner Storm: An Introduction

Always Innovating

One key goal of innovation is not always to do something new, but to do something better. The process in which Fognigma communicates with various cloud service providers, leasing and building virtual machines, and uniting those machines to function as one invisible and secure network is new (which is why it’s patented). But we’re not content with just creating an amazing product and then resting on our laurels—we want to continue to make the product evolve into an even better version of itself. We are constantly checking our software and stretching our brains to figure out ways to make it more secure, more undetectable, and more valuable to the customers who use it.

Which is why we created Spawner Storm, a revolutionary and patent-pending method for anonymizing Fognigma Network builds and communications even more. But we’re getting ahead of ourselves. Let’s first describe the issue and then we can showcase Spawner Storm’s technology and how it takes Fognigma Networks to the next level.

Even a Little is Still Too Much Association

When the Fognigma engine builds a network, it sends messages to the cloud service providers communicating the plans to build each virtual machine. Then, the engine continues to talk to the cloud and all the virtual machines. What we realized is because the engine has a set IP address, if anyone could discover some of the virtual machines and see the IP address that was communicating with it, they’d be able to associate all the machines. That is, they could tell the virtual machines were working together and then trace them back to the engine using the discovered IP address of the engine. This sort of association could possibly lead a nefarious third-party right to your Fognigma’s engine’s front door and, from there, learn where your organization is located, your IP address, etc. Even the remote possibility of this happening is not acceptable to us. We had to find a solution.

Suddenly, the sky darkens and thickens with a mass of water-laden clouds. Lighting and thunder tear the sky open and the rain begins to deluge down. The Storm is here.

dissociates communication

Unleash the Spawner Storm

Spawner Storm dissociates the Fognigma engine from its components and build requests like never before. It does so by leveraging our patented Portal Proxy solution. Portal Proxies are unique, on-demand URLs from which users access web services (including internal Fognigma components). Portal Proxies add a singular dissociative layer between the user and the web service (i.e., between the two communicating parties).

What Spawner Storm does is create a mass of Portal Proxies and then passes all the virtual machine build requests and further communications to Fognigma components through those proxies. In one test we performed, we created a Spawner Storm with 200 Portal Proxies through which to pass communications. At the end of the test, the virtual machine we were pinging noted contact with over 60 different IP addresses spread throughout clouds in various locations across the globe.

Spawner Storm ensures that communications between an organization’s Fognigma engine, cloud service providers, and all virtual machines are as scattered as possible to prevent any chance of association.

Working together yet seeming apart is one of the main benefits Fognigma can offer organizations, and Spawner Storm is the newest innovation to make that separation even more separate. For more information on Spawner Storm or Fognigma or to schedule a demo, please contact us here.

malware from vpn

The Perils and Pitfalls of Free VPNs

VPNs Can Help Your Organization’s Cybersecurity

Virtual Private Networks (VPNs) create private and secure tunnels through public Internet space in which we nest our networks. They give us anonymity, protect our resources, and often allow us to get around geo-specific barriers to software and services. But you know all that. There are paid VPN services and free VPN services, but you know that, too. Often, in this world of getting the most with spending the least, our wallets (or, rather, those of our bosses) predicate examining VPNs that cost nothing. But be warned: just because you’re not paying for something doesn’t mean you won’t pay for it.

 

Everything Has a Cost

Nothing online is really free—everything comes at a cost. You might not realize what the cost is, but it’s always there. So, what are the hidden costs of a free VPN service?

Malware

In an independent study by CSIRO, 283 VPN-based Android apps were analyzed. One of the key findings was over 38% of the apps had some sort of malware presence. Though this study was done on Android apps, you can easily extrapolate that these statistics are likely very similar to apps and services on other platforms.

malware from vpn

Third-Party Tracking

In the same study, it was found that 75% of apps used third-party tracking libraries. The top two trackers were Google Ads and Google Analytics, but the paper also pointed out that some of the least common tracking libraries used in all apps were the most prevalent in VPN apps. Some of this makes sense: instead of charging you for the app, the developer is relying on ad revenue. But the pervasiveness and quantity of these trackers is still worrying.

Third-Party Access to Private Information

82% of the apps analyzed in this study requested permissions to access more private information. Some wanted access to SMS messages, while others wanted to view other apps’ activities or read system logs. This last permission is categorized by Android as “highly sensitive,” as it can “expose personal information (including passwords).” Again, some of these permissions can be explained as being normal for the services offered, but the depths at which these free VPN apps are gaining access to your resources and protected information is troublesome.

sensitive and private information

Internet Throttling

Another way free VPNs can make money is by enticing you to opt for paid versions of their free services. The easiest way to do this is through tiers of service. You want free? Okay, that’s fine—but you’ll have to put up with low speeds and a very limited amount of data that can be transferred per day. Want the service you thought you were getting? Well, just take out your credit card and upgrade to the premium package.

Sale of Private Data

This is a little different than allowing third-party apps to access your data; this is the explicit selling of the data you provided when you created an account, as well as your usage statistics, to third parties. Luckily, due to GDPR and other privacy laws, this exploitation of private data does need to be spelled out for potential customers (it just might mean you have to read lots of fine print before you sign up).

Sale of Bandwidth

This one isn’t common, but it has happened. Hola’s free services allow users to get around geo-specific barriers to watch videos and TV shows. However, they also run another paid proxy site called Luminati. What do these two sites have in common? Basically, Hola has been selling unused bandwidth from its free Hola users to its paid Luminati users. And what has this bandwidth been used for? In one example, it was used as a botnet to run multiple DoS attacks against an online forum. What else is the bandwidth of free users being used for (other than making money for the company providing the free service)? No one knows.

botnet attack from vpn

Is A Free VPN Worth It?

In short, yes and no. You must do your research and read any and all fine print before agreeing to grant access or move traffic. And remember, some free VPN apps are better (read: safer) than others. However, always keep in mind these words from Ryan O’Leary, president of the Threat Research Center at WhiteHat Security, “The lower the cost of the [VPN] app, the greater the chance they have security problems. . . . At best, they are using ads to earn income. At worst, they are selling your private information. . . . When done correctly, VPNs are a good option [for extra security]. But never forget that, in the end, you get what you pay for. “

benefits of a VDI

Benefits of Virtual Desktop Infrastructure

Hardware: The Old-Fashioned Approach

In the past, adding computers to your organization was easy. It normally involved spec’ing out new hardware, purchasing it, installing it into your network, and then getting belittled by users who were unhappy with the machine’s capabilities. Like any decision, adding new computers is always a compromise: budget vs. tech vs. amount of time till obsolescence. It’s a balance that’s never perfect, especially when scaled up to an organizational level.

Once you have your computers though, you’re chained to them for quite some time. Often, they determine where your organization can operate (i.e., desktop computers predicate staying in office, while laptops allow for more freedom to travel) which, in some respects, dictates how your organization can operate. If your organization, however, needs to function all over the world, if it needs the flexibility to adapt dynamically to mission specifications, then you need to explore the benefits of Virtual Desktop Infrastructure (VDI).

Virtual Desktop Infrastructure Benefits

First, we must note: VDIs don’t replace all hardware as they need hardware on which to function. But they can provide a myriad of benefits to organizations who use them to their fullest. The easiest benefit to highlight is the cost savings. As mentioned in a ComputerWeekly.com article, VDIs use an estimated “60-70% less power than existing physical environments.” On top of that, VDIs offer cost (and time) savings when updates are required. No longer do you have to go to each physical machine and run updates. VDIs update through their software, meaning they all update at once. Some call this “future proof”.

Another key VDI benefit is its sandboxed nature. Open a browser in a VDI, for example, and if some malicious code gets through, it’s trapped inside the framework of the VDI. This protects the host computer from a wide variety of attacks, but it’s not perfect. If you save files on a VDI, they go to the host computer. This can store files in unintended (or unwanted) places or expose the host computer (and, by extension, your entire network) to malware, viruses, and other nefarious bits of programming.

malware to vdi

There is a VDI solution out there that goes above and beyond—one that takes everything good about standard VDIs and adds some hearty doses of superpowers. If you need a VDI solution created with total mission success in mind, then you need a VDI powered by Fognigma.

Fognigma’s Virtual Desktop Infrastructure Added Benefits

Fognigma VDIs have all the features of a standard VDI (sandboxed, cost savings, etc.), but add capabilities not found anywhere else. Let’s explore some of the most important capabilities and prove why VDIs powered by Fognigma is the best choice for your organization.

Unlike standard VDIs, Fognigma VDIs have the ability to save and move files without involving the host computer. Files can transfer to and from USB drives and the VDI and the host computer will never retain a record of anything. VDI audio is filtered to ensure no IP leaks occur. In short (and to paraphrase a slogan), what exists in a Fognigma VDI stays in a Fognigma VDI.

secure usb to host vdi

 

 

There are even more special ways Fognigma VDIs can interact with files. Using our Nomadic Profile ability, files will follow authenticated users from VDI instance to VDI instance. Launch and log into a VDI and save files to the VDI’s desktop. The next time you launch a VDI and log in, your files will be on that desktop, too! As a complement to this Nomadic ability, Fognigma VDIs can use a shared server folder which adds drag-and-drop file sharing between multiple concurrent VDI instances. Take your files with you and share with your team all from the safety of a VDI.

Fognigma VDIs can also be tailored to the organization and individual user. Install custom apps if needed or limit the access of apps or features users can employ. Perhaps your organization has a squad that just needs to collect information—let them access a VDI with just a file share attached. Basically, VDIs allow for de facto Identity and Access Management by allowing admins to select the exact type of VDI (and, therefore, accessible apps) each user is able to launch.

The biggest unique feature of a Fognigma VDI, however, is the ability of anonymous world travel and web browsing. This is actually a fun way to describe a bunch of related features. Fognigma VDIs allow you to explore the Internet fully anonymous and appear to be in almost any location on the planet. So, if you need to look like a user in Germany, you can launch a VDI with an exit point (i.e., where the IP address appears to be) in Germany. But Fognigma VDI exit points are dynamically switchable, so in a few mice clicks that same VDI can now appear to exist in, for example, Japan. Plus, you can launch VDIs from almost any device anywhere in the world. These features all work together to allow your users to become part of any web-landscape in any geographic region, without raising suspicion.

As you can see, Fognigma VDIs strive to be the pinnacle of virtual desktop technology and they are always evolving (one of the latest updates sped our VDIs to almost 50% faster than standard VDIs). To learn more about our amazing VDI solutions or to schedule a demonstration, please contact us today.

DoDIIS 2022 conference header graphic

The Benefits of a Hybrid Cloud Implementation

A Hurried Migration to the Cloud

As knights of old stood near the deep moats of the castles they were tasked to protect, they never realized how much the defense of the future would rely in the clouds above their heads. <insert uplifting lute music here.> Okay, so not really those clouds, but we just wanted to paint a dramatic picture of some folks in armor. Today, organizations are moving quickly into the cloud, often for its versatility of access (i.e., users can reach organizational resources from anywhere in the world). This is great for usability but can spell ruin for those without a proper cyberdefense plan in place. A hybrid cloud implementation may seem out of reach for organizations.

According to FireMon’s 2019 State of Hybrid Cloud Security Survey (via BusinessWire), “60% say cloud business initiatives are accelerating faster than security teams’ ability to secure them.” Organizations are rushing to adopt a technology without being properly prepared. The “why?” is anyone’s guess, but the reality is they are exposing their users, data, customers, missions, resources, and very existence to a swirling mass of calculated chaos bent on exploiting the hard work of others for their own financial gain.

 “The enterprise that the perimeter is intended to protect now extends well beyond ‘the four walls’ to the cloud.” – Accenture

 

A Hybrid Cloud Implementation Appears

For many organizations though, putting everything online isn’t the best use of their cloud resources. Sometimes it’s because their network uses legacy technology that isn’t adapted to the fast-paced world of the cloud. Other times, it’s due to laws or procedures which mandate they retain physical control over their resources. There are also organizations who wish to stay off the cloud so they can continue to protect the perimeter they know versus the unknown perimeter expanded by the cloud (as illustrated in the above quote).

communication cloud setup

Even these organizations realize that being connected to the cloud isn’t inherently a bad thing but being fully on the cloud is not a solution they are ready for. This is what is so great about a Hybrid Cloud – it works with already existent resources and can adapt to fit the online needs of any organization. “But writer-person, what benefits can a Hybrid Cloud give me now?” you demand. We point to the next headline and urge you to keep reading.

 

Hybrid Cloud Benefits

The benefits of a Hybrid Cloud implementation are multi-fold and specific to the organization’s needs.

Here are five of the main benefits:

  1. Maintaining physical control over resources. With a Hybrid Cloud, the cloud part is in addition to whatever physical servers the organization uses. Resources can remain on the physically controlled private servers while the network has access to the cloud.

physical cloud servers

  1. Flexibility to move resources on- or offline. With a Hybrid Cloud, organizations have the ability to move their resources to where they are most needed, whether that be online or offline. And this isn’t just a one-time movement—it is dynamic, with organizations having the power to move resources from their physical storage to the cloud and back at any time.

 

  1. Global access to specific organizational resources. As mentioned before, global access is one of the reasons organizations have pushed all their resources into the cloud. We can’t argue that being able to access your files from anywhere in the world is an amazing feature but doing so without thought to or planning for the dangers is a disaster waiting to happen. When properly configured and protected, a Hybrid Cloud gives you the benefit of global access.

cloud networks around the globe

  1. Quick scalability of online presence. Since only part of the organization exists online when using a Hybrid Cloud, their online presence doesn’t have to be bloated with every asset and resource of the organization. This gives great flexibility for the size of the organization’s online presence. When the organization needs more online resources, the Hybrid Cloud can expand to meet those needs (and vice versa when less online resources are required).

 

  1. Protect legacy infrastructure with leading-edge cloud technology. Hybrid Clouds can be the buffer between out-of-date networks and the Internet. They allow an organization to safely leverage online assets while still using their legacy systems. A Hybrid Cloud can also give a legacy system the means to upgrade itself bit by bit in a protected environment.

 

Fognigma Offers Unique Hybrid Cloud Solutions

Fognigma, the premier solution for invisible and secure cloud-based networks, gives organizations the Hybrid Cloud setup they desire with some added superpowers. One of the most important benefits of a Fognigma Network deployed as a Hybrid Cloud is the encrypted and invisible protection Fognigma offers an organization. [For a summary of Fognigma, click here.] This indispensable security will protect assets in your cloud and your physical servers.

Fognigma is a true enterprise solution—once an organization purchases it, the Fognigma Network is run and owned exclusively by the organization without any third-party oversight. Not all enterprise products work this way. One very recent example was an issue with the online storage service, Box. As reported by The Register, “Various Box Enterprise customers have inadvertently shared, and probably still are sharing, sensitive corporate data on the public internet. And that included Box itself.” Cybersecurity firm, Adversis, discovered that Box Enterprise customers got their own sub-domains and URLs, which followed a very specific pattern. Replicate that pattern with different business names and it was possible to brute-force your way into an organization’s files (terabytes of data have been exposed). Unfortunately, this is a chilling example of the danger of using online solutions with third-party oversight.

The list of Hybrid Cloud benefits Fognigma can provide to an organization are too many to go into detail here. The best way to learn about them is to contact us today, request more information, and schedule a demonstration.

Mission Partner Network-01

IoT Encryption

IoT is Everywhere

Look around you. The normal household or office has at least one smart device (collectively called the Internet of Things, or IoT for short) nearby. Some have more. Some have many. They are useful, save time, and (let’s face it) fun. But just as the stick you played with as a child could have turned around at any moment and poked your eye out, so can the IoT devices of today puncture your Internet security without proper IoT Encryption.

Are we saying you should round up all your IoT devices and throw them into a burning cauldron? Of course not. Though they are all potential vulnerabilities, that doesn’t mean they can’t be protected.

IoT Encryption is Needed

By 2020, Cisco estimates the number of IoT devices will be around 50 billion. One year later, as Cybersecurity Ventures points out, the estimate increases so that there will be roughly three times as many IoT devices as there are people on the planet. Let that sink in for a second: three IoT devices for each human on Earth — all in just two years’ time. Three Internet vulnerabilities for each person on the planet. It’s time for action.

“But why are IoT devices so vulnerable and how did we get into this mess?” you ask aloud to Alexa and Siri. Siri isn’t listening, but Alexa offers to order you an economy pack of paper towels to clean up the “mess.” The short answer to your two-part question is money.

IoT Devices on desk

People like devices they can talk to, devices that let them do things from afar, and devices that let them take control over their world (even if just in such a small way as customizing the color of a light bulb). Companies saw this like of such devices and began pumping them out at insane speeds. Other companies ripped off (or reverse engineered or both) the tech from these first companies and started selling budget IoT devices. This is how we got to the size of the mess. But what about the actual mess?

The mess part involves the software on the devices themselves and the way this software interacts with the Internet. Quite often, especially for the budget IoT devices, the software is composed of copy/pasted, Frankenstein-ed code that accesses the device in your home or office and passes through an Internet portal. This is how you can click an app at work and turn on a light at home. These are the holes in your security we were talking about earlier.

Now, big companies are always testing, improving, and updating their code to improve their customers’ experience and, more importantly, to make their devices more secure. But sometimes they don’t. Often (for both big companies and budget IoT device companies), there is little care about the security of the product, as the company makes its money on the sale and (quite often) the service the product offers. Once the company has your money, their goal has been achieved. But this lack of updates leaves devices vulnerable. And thus, the hole in your cybersecurity becomes a tear.

IoT security

A solution is needed to protect your organization from these tears. Of course, you could just get rid of all your IoT devices, but that’s not going to happen because they are just too much fun (okay, and some are very useful). IoT devices are not just gimmicks or novelties—many have an actual use in your organization. The only solution is to protect them since they won’t protect themselves. We do this by surrounding them with the encrypted protection of Fognigma.

IoT Encryption is Here

Fognigma is a patented enterprise software solution that allows organizations to build invisible, encrypted, and secure networks. [For more information, please visit the About page at http://staging.fognigma.com/why-fognigma/.] Users connect to their organization’s Fognigma network(s) using software (desktop client or mobile app) or hardware options (a Gateway to protect an entire facility or a Wicket to protect a computer, phone, or office).

Let’s zoom in on the Wicket, since it protects devices and not facilities. A Wicket is a small, portable piece of hardware that can be installed between your router and the public Internet to protect multiple devices. Once configured, the Wicket routes all your Internet traffic through a Fognigma network, protecting it with FIPS 140-2 Validated, cascading AES-256 encryption. To protect a single device, a Wicket is configured between the device and your router to attach to a Fognigma network. This small, portable device will help plug all your IoT cybersecurity holes and tears.

An example: You plug a color-change IoT lightbulb into your desk at work so you can have a disco party each Friday. The bulb reaches out through your organization’s Internet connection to a portal run by the manufacturer and then back to the app on your phone. A third-party evildoer can see that there is a connection from your phone to the portal and from the portal to a device inside your organization’s cybersecurity shield.

IoT lightbulb

This gives the evildoer two things: the proof needed to associate you with your organization and a path to follow to breach your organization’s defenses. It’s obvious how bad the second part is, but the first is equally disastrous. [To learn more about why association can be devastating to your organization, read our blog entry on the importance of dissociation.] When connected to a Wicket, however, what a third-party evildoer can learn is decidedly different as the device is enveloped in an invisible shell of, in this case, IoT encryption.

Your app’s connection to the portal will still be visible, as will the portal passing on information to somewhere. BUT the somewhere will not be associated at all with your organization. You see, Wickets allow traffic into Fognigma, but when traffic leaves it goes through an exit point created by your organization to exist almost anywhere in the world. And once that signal passes into your Fognigma network and back to the IoT device, it is invisible to external observation.

This is how Fognigma assists with IoT encryption. This is how Fognigma can plug the holes insecure IoT devices can rip in your cybersecurity. This is why you should contact Dexter Edward today for more information or to schedule a demonstration.

Dual Encryption Methods

Dual Encryption Matters

Why Encryption?

Encryption is, quite simply, a means of ensuring your information remains your (and only your) information. It disrupts the “mind your own business” adage by attempting to make it impossible for others to mind your business. Tracing the trail of encryption (or cryptography, as they were almost synonyms until more recently as encryption has become digital) back through time, some of the very earliest encryption was used to protect military orders. This isn’t surprising, as an effective military must keep its movements secret from the enemy. The Arabs, Greeks, Romans—almost all the cultures of the ancient world, in fact—used encryption in some form, though the Arabs are thought to be the first to document the subject. Military secrets needed to remain secret.

In his history of cryptography and encryption, The Codebreakers, David Kahn describes a 3″ x 2″ tablet from around 1500 B.C. This Mesopotamian tablet described the earliest known formula for making pottery glazes, protected with a cipher to safeguard trade secrets. Information was protected with encryption.

Fast-forward through time. More people in the world meant more secrets. Religions split and collided. Sciences grew, hid, grew more, and blossomed. And during all these changes and growth spurts, information about many topics had to be kept hidden from some group or another.

Today, information is just as valuable as ever and, since there is more of it and it is more accessible, protecting information has become a job in itself. Therefore, we encrypt to protect our organizations, our intellectual property, our families, our country, and, most importantly, our security.

 

But Really, Why Encryption?

We know there is information we need to protect, but is that the only reason we encrypt things? Nope! The tree of encryption bears three other fruits: authentication, integrity, and nonrepudiation.

Authentication refers to proving the sender is who they say they are. This is simple to picture. If you receive an encrypted message from someone and it’s using the encryption you both previously decided on, then you know the person sending you the message is the person you think it is. By using encryption, the sender has provided some proof of their identity or, at least, their authority to send an encrypted message.

Dual Encryption Methods

Integrity provides assurance that the information hasn’t been altered. Again, this is simple to picture: if you take a piece of data, encrypt it, and then decrypt it, you will have the same piece of data. If anything happens to that data, it won’t decrypt properly, and you’ll have a mess of random characters. If you have a mess, you know the integrity of the information has been compromised.

Nonrepudiation is a fun word that means the sender can’t say they didn’t send the information. If only two people have the encryption keys and information is encrypted using those keys (and assuming the receiver didn’t send it to themselves), then the sender is the sender. If the sender says they didn’t send it, the fact that the encryption was used proves they did. That is, the sender is unable to repudiate (or disavow) they sent the information.

 

Dual Encryption Matters

So, your information is protected with encryption, which is great. But what if someone breaks that encryption? One virtual lock picked, and your information is now in peril. Perhaps the easiest way to visualize this is a door with both a door lock and deadbolt. Any attempted intrusion has to bypass both locks before the door can be opened. By using two levels of encryption, information is safeguarded against a single point of failure.

encryption methods to protect devices

Encryption should ensure the amount of time required to defeat the encryption is longer than the amount of time the data is of value and required to be secure. With AES-256 encryption, the current accepted standard, block lengths support 256 bits from which to create a key. Imagine guessing an ATM pin that was 256 characters long and the variations that it could contain. That’s a lot of really long numbers.

To put this in another context, breaking a symmetric 256-bit key by brute force would theoretically take longer than our universe has existed—multiplied by a billion. Now imagine two layers of AES-256 encryption and you can see why dual encryption matters: having to brute force through two layers of such a tough encryption standard borders on statistically impossible.

 

Two Heads are Better than One

Most cryptographic solutions make use of a single software library to provide encryption and decryption of data. A single software library does give you encryption, true, but also comes with the risk that in the event of a zero-day compromise of the library, the entire encryption fails.

To combat this single point of compromise, Fognigma (our enterprise software solution which gives organizations the power to build encrypted, invisible, and anonymized cloud-based networks, thus securing your communications and online activities) offers the ability to add in a completely separate secondary software library to dual layers of encryption. In the event of a zero-day exploit or other compromise of one library, the second library remains uncompromised and your data remains safe.

In addition to the standard versions of these libraries (OpenSSL and wolfSSL), Fognigma also offer a FIPS 140-2 validated version of each library (OpenSSL – Certificate #3284; wolfSSL’s wolfCrypt – Certificate #2425).  By using one or both of these FIPS-certified cryptographic libraries, Fognigma can comply with the most rigorous regulatory requirements.

Dual layers of encryption. Dual software libraries. Fognigma is ready to give you the power to protect everything your organization holds dear. Contact us today to learn more or to schedule a demo.

File Share Solutions-01

Info Sharing & Safeguarding

“It’s not reality unless it’s shared.” – Pete Blaber, The Mission, the Men, and Me

 

Information Sharing is Key

Information that just exists has almost no value. Only when information is analyzed and acted upon does it become meaningful and valuable. Information has built the world around us, and many of our most important advancements have been due to the sharing of information. In today’s hyper-connected world, where information is a valuable commodity, sharing the wrong information with the wrong people is disastrous, especially when that information is important for national security. Information sharing is inevetable, but ensuring the right security is behind it is where the focus should be.

private information key

This is why, in six of the seven objectives of the 2019 National Intelligence Strategy, controlling the sharing of information is mentioned in one form or another. Sometimes the sharing is within the Intelligence Community (IC), but quite often it is sharing with external partners. In its simplest form, external partners fall into two categories: trusted and untrusted. Trusted partners include other agencies, institutions, or organizations within our borders or those of our allies. Untrusted partners would be those same groups but in countries who are not yet our allies, or not as close as other allies, plus individual sources and informants. To make matters even more complicated, sometimes our trusted partners are in untrusted environments or the partnership is only for a single mission. So, sharing information isn’t as easy or safe as it sounds, but it can be . . . with Fognigma.

“[C]ritical decision making data will be made available through modem cloud networking, access control, and cross domain solutions to those who require access.” – Department of Defense Cloud Strategy

 

Fognigma Protects Sharing within Agencies

When Agency A collaborates with Agency B, data needs to flow back and forth in a safe and secure manner. But (and this is a really big but), it has to be tightly controlled so as to share only the information intended. That is, it can’t be everything Agency A and B know, but just those bits of information applicable to the mission at hand. This is the exact reason we call Fognigma’s traceless and encrypted networks Mission Partner Networks (MPNs).

But first, a little background. Fognigma’s patented enterprise software creates networks using strategically leased virtual machines (VMs) spread out over one or more cloud service providers. These VMs work together, forming one network that is wrapped in FIPS 140-2 validated, cascading AES-256 encryption. MPNs are as persistent or temporary as needed, created manually or on a schedule for optimum cybersecurity and conservation of resources.

mission partner networks

Now back to the MPN name, itself. When multiple agencies need to work together, they create an MPN and tailor it to their needs. Inside the MPN, they’ll have access to communication tools (such as traceless phones, secure chat messaging, and encrypted video conferencing) and protected file share.

The key here is that MPNs are brand new networks that are created when agencies need to work together. Resources and components inside the MPN can be shared between agencies and agents on a granularly controlled “as needed” basis. And then, when the mission has concluded, the MPNs are destroyed leaving no trace the networks (and, equally important, the collaboration between agencies) ever existed. This temporary nature of the MPN makes it supremely difficult to discover, which makes its protected data even more secure.

“6,515 breaches were reported [in 2018,] exposing approximately 5 billion records.” – 2018 Data Breach QuickView Report

Fognigma Protects Sharing in Untrusted Locales and with Untrusted Locals

Often on missions agents must venture into untrusted or unsecured territories—places where communicating over the public infrastructure is almost synonymous with handing third parties access to your communications (i.e., interception is a given). When using Fognigma in these scenarios, agents use any device to connect to their agency’s MPN. Once connected and inside their MPN, any data shared is encrypted and invisible to outside eyes and ears.

Information sharing with untrusted assets, such as informants or other sources, is also safer using a variety of Fognigma tools. If such an informant wants to deliver documents and photos, for example, a special link is created that allows the informant to transfer the information without being able to access anything else on the network. It’s like inviting someone into a bare room with no windows where they can store things, but there isn’t anything for them to look at or take and the only door is the one through which they entered. Containerized, for your protection.

encrypted file sharing

Fognigma’s telephony solutions provide two methods of safeguarding information over the phone: encrypted VoIP over cellular infrastructure and misattributed calling. Both methods assist communications to and from untrusted locations and assets. Organizations can create entire VoIP phone networks (complete with extensions and customized inbound and outbound numbers) for end-to-end protected calls. Misattributed calling is accomplished by creating a call chain where phone calls pass through two intermediary numbers which completely dissociates the end users and makes calls appear to be coming or going from local numbers, instead of to or from the agency itself.

“To improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats, and for other purposes.” – Senate Bill S.754

 

Fognigma Protects Sharing with Global Allies

In a world where information is constantly flowing and each day brings new stories of massive data breaches, it’s more important than ever to protect data. When data is traveling between agencies or beyond our country’s borders, safeguarding it becomes crucial (often quite literally a “life or death” undertaking). Whether it’s being shared with the Five Eyes alliance (Australia, Britain, Canada, New Zealand, and the US) or any other countries we’re partnering with, international info sharing must be protected. And not just protected, but also dissociated, as global diplomacy is a precarious (at best) balancing act of working together and putting one’s own best interests first.

As illustrated in the previous sections, Fognigma is ready, willing, and able to assist international information sharing with leading-edge and patented technology, while insuring that information remains secure. Fognigma is also constantly evolving—adding more features and technologies to provide agencies the most secure communications and collaboration tools possible.

For more information on how Fognigma can assist your agency with info sharing and safeguarding, contact Dexter Edward today.

Isometric businessmen with gadgets, work on virtual screens, on-line management of electronic devices, virtual glasses, virtual reality.

Fognigma Bolsters Strategic Intelligence

Strategic Intelligence and the 2019 National Intelligence Strategy

Recently, the Office of the Director of National Intelligence released their 2019 National Intelligence Strategy. The Director of National Intelligence, Daniel R. Coats, stated in his introduction, the purpose of this strategy boils down to a singular goal: “to ultimately keep our Nation safe.” The Intelligence Community (IC) is therefore charged with venturing out into the known and unknown, the safe and dangerous, to collect and analyze the “capabilities, activities, and intentions of states and non-state entities” with the ultimate goal of protecting U.S. national security. This information is used to identify trends and developments to better plan for issues that may arise in the future (Anticipatory Intelligence).

Without the information gathered IC, the safety of our country would quickly erode, falter, and crumble. It behooves the IC, then, to use whatever tools and solutions they can find to give them a competitive advantage in the global arena of information. Fognigma is such an advantage.

Where Does the IC Look?

Since all communication and online activity produces information, the IC has a vast landscape of information to scrutinize. One of the easiest ways to gather data about a group of people is to monitor and study social media. Ah, social media – those freeform beds of communication where people express their thoughts, wants, and observations, quite often with photos and video. Social media has created a culture wherein people feel the need to share everything. For the IC, this is a veritable feast of information.

intelligence community monitoring data

But it’s not that easy. For one thing, many regions and countries have their own social media platforms — often so government agencies can monitor their populace. An outside observer probably won’t be able (or want) to create an account or access another country’s social media — the data collection would be too overt and state-based social media platforms often block outside IP addresses. It would look bad (read: suspect), for example, for an account on a Russian social media site to have a U.S.-based IP address. Fognigma gives the IC many advantages to circumnavigate these issues. How? Well…

Fognigma Gives the IC an Advantage

There are quite a number of ways Fognigma supports the IC’s mission as spelled out in the 2019 National Intelligence Strategy. But first, a quick Fognigma primer. Fognigma is patented enterprise software that gives agencies the ability to create invisible and encrypted cloud-based networks built from strategically leased virtual machines. These networks are dynamically scalable and globally accessible from any desktop or mobile device, over any available public Internet connection. Once users connect to their Fognigma network, they have access to all sorts of communication and collaboration components, such as file share, telephony, video conferencing, chat messaging, and Virtual Desktops (VDI). [We’ll delve into these components more in just a bit.]

network with capabilities

Inside the Fognigma network, users exist in a safe space wrapped in cascading AES-256 encryption. They have access (based on their admin-defined permissions, of course) to the communication tools mentioned above. Fognigma networks and components are activated and destroyed with just a few mouse clicks. They are as persistent or temporary as needed or desired. And when a user leaves their Fognigma network and reaches out to the regular Internet, their IP address will match the specially created exit point from which they egress. That is, a user could join their network in Germany, leave through an exit point in the Middle East and appear (to anyone looking) to be a computer in the Middle East. Then, in an instant, switch exit points and suddenly appear to be a computer in Japan or anywhere else the Agency has set up an exit point.

Fognigma Gives the IC Another Advantage

VDI. The ability to launch a self-contained virtual computer from any standard computer is powerful in itself, but Fognigma VDIs have even more superpowers. Just like Fognigma exit points, VDIs are built on any cloud service provider (CSP) Fognigma is integrated with (as of this writing, 8 of the major CSPs world-wide). Also, just like a user can dynamically switch exit points, so can the end points of a VDI be switched without interrupting operations.

Fognigma Networks span the globe

VDIs are important to the IC’s Strategic Intelligence mission because they are self-contained entities which exist in the cloud yet manifest themselves on any regular computer. They make OSINT activities easier — agents can research any global Internet location (those aforementioned state-specific social media sites, blogs, forums, etc.) without the risk of compromising anything else about their mission or agency.

Fognigma VDIs take the self-contained nature of VDIs to the next level. Imagine if you collected some photographs and had them on a thumb drive. You want to transfer one of them to your VDI and use it in  your operations. With a Fognigma VDI, you can just drag it from the thumb drive to the VDI, without the host computer knowing the file moved across its circuits. So, if you had to make this transfer at, say, an Internet Café, you could do so without the Café’s computer ever having a record of the file transfer. No record equals no association which, of course, is key to covert IC operations.

To go back to the 2019 National Intelligence Strategy, more information allows the IC to better analyze the capabilities and activities of states and non-state entities to learn or extrapolate their intentions. But collecting information is just part of the Strategy; agents also need to safely disseminate said information. Fognigma is ready for that, too.

Fognigma Give the IC Even More Advantages

Briefly mentioned earlier, Fognigma hides various communication and collaboration components inside its encrypted web of invisibility. Agents have access to telephony, chat, and video conferencing tools. They can safely communicate with anyone they need to inside their organization and, using some additional Fognigma solutions, external to their organization — all without exposing their local network. Fognigma keeps intra- and inter-agency communications secure by utilizing containerized communication environments.

Also, to be effective, agents must work together while appearing to be physically separated. This is the other side of the communications coin — Fognigma’s tools allow agents to work together without actually knowing where each other is located. In fact, the whole construction of Fognigma ensures that a failure at one point of contact cannot compromise the entire system. As history shows, association amongst agents can lead to disaster. When an agency uses Fognigma to its full potential, this sort of disaster can be prevented.

Conclusions

In order to advance the directives of the 2019 National Intelligence Strategy, the IC needs to be free to gather information without exposing its true location and intent. It also must be able to communicate in a protected environment to analyze and evaluate said information. Fognigma provides a full toolbox of solutions to assist the IC in its mission to protect U.S. national security.

 

To learn more about how Fognigma can assist your agency or to schedule a demo and see for yourself, contact Dexter Edward today.

bigstock-Isometric-Developing-Programmi-239531632-Converted-01

Ghost (Account) Busters

Be Afraid of These Ghosts

A whisper in an empty office; files moving without anyone there; the eyes of a portrait following you as you pass. Your office has ghosts. Not spectral hauntings that spew ectoplasm, but ghost accounts which haunt your organization’s cybersecurity. Ghost accounts are accounts which have credentials even though there are no longer any active users associated with them. To those attempting to exploit, ghost accounts are like extra doors on the outside of a building: each one is potential way into your network. Once inside, there’s no telling what things heinous exploiters will exfiltrate. Bad is a ghost account only giving an evil third-party entry into your organization; catastrophic is a ghost account which still has access to various file shares, data, and other protected parts of your network.

data leak with ghost accounts

‘But where do these ghost accounts come from?’ you wonder. Well, large organizations have a large number of users. That seems silly to mention, but it is important to spell out. By having a large number of users, quite often adding and removing user credentials take time. Well, to be honest, an organization needs to get the new user up and running as fast as possible, so those credentials and the access they entail are normally set up quite quickly. But when a user leaves an organization (either honorably or dishonorably), often the removal of those credentials is pushed to some later date or merely forgotten. And then your organization becomes a haunted house.

Ghost (Account) Busters

We’ve already written a bunch about Identity & Access Management (IAM) — the process of defining an employee’s role in the company as detailed as possible and then giving them exactly the access they need to do their job (no more, no less). IAM is extremely important for an organization’s internal security when new users are added, but it is equally as important when they leave. IAM strategies need to include the deletion of users and not just the creation. It’s second nature to make sure a departing employee gives back the keys to the office, so should it be to terminate their keys to connecting to your organization’s network.

employee cyber access

But as said before, there always seems time to help a new employee settle in, but never any time once they leave, normally because you’re preoccupied with on-boarding their replacement. And this problem compounds itself if more than one worker is leaving at the same time. All is not lost, however. Fognigma is here to not only protect your network, not only bolster your cybersecurity with leading-edge technology, but also to let you automate a little more than you thought you could.

Fognigma & Active Directory Make It Easy

Many companies use Active Directory to manage all their employees. Fognigma integrates with Active Directory to make IAM even easier. Just as Fognigma’s invisible and encrypted networks and communications help protect an organization, so can teaming it up with Active Directory.  Since Active Directory administrators already have their employees entered in, it would be silly to have them redo all that work when they add the leading-edge tech of Fognigma to their cybersecurity arsenal. That’s why Fognigma can import Active Directory users right into its console!

Active Directory is engaged to activate and deactivate the user. Fognigma, on the other hand, is where admins put users into all the groups they need to do their job. (A Fognigma network has its construction and components microsegmented, with access to each part given only to a specified group. Being in a group, then determines the amount of access a user has to Fognigma capabilities, such as file share, telephony, VDI, etc.) This means the setup of a user when on-boarding is just as easy as it always has been: create user and add permissions.

The brilliance comes when it’s time to say goodbye to a user. When that day arrives, all an admin has to do is deactivate the user in Active Directory. Active Directory then tells Fognigma about the deactivation, Fognigma deactivates the user in every group they were a part of, and the user instantly has all their access revoked at once. Fognigma and Active Directory easily eliminate the risk of ghost accounts haunting your network.

To learn more about how Fognigma, contact us today.