Home | Advertise | Submit | Press | Top | Contact | Help | Bookmark |
Search downloads:
Home Latest press releases AIRlok™ Invulnerable to Flaw that Could Crash the Internet

AIRlok™ Invulnerable to Flaw that Could Crash the Internet

In response to recent announcements by the US and UK governments that a flaw affecting the Internet’s “Transmission Control Protocol” (TCP) could be exploited by hackers to bring down the Internet, Lok Technology announces that its AIRlok(TM) Network Infrastructure Appliance is invulnerable to these threats. The AIRlok Appliance may be the solution for vulnerable networks that use popular routers and firewalls provided a number of networking equipment manufacturers including Cisco and Juniper Networks. The AIRlok, used to manage and secure wireless networks, including the increasingly popular Wi-Fi, has numerous built-in software and hardware-based defenses against TCP connection spoofing and hijacking.

Miami, FL May 10, 2004 -- In response to recent announcements by the US and UK governments that a flaw affecting the Internet’s “Transmission Control Protocol” (TCP) could be exploited by hackers to bring down the Internet, Lok Technology announces that its AIRlok(TM) Network Infrastructure Appliance is invulnerable to these threats. The AIRlok Appliance may be the solution for vulnerable networks that use popular routers and firewalls provided a number of networking equipment manufacturers including Cisco and Juniper Networks. The AIRlok, used to manage and secure wireless networks, including the increasingly popular Wi-Fi, has numerous built-in software and hardware-based defenses against TCP connection spoofing and hijacking.

On Tuesday, April 20, The US Department of Homeland Security’s U.S. Computer Emergency Response Team (US-CERT) along with England's National Infrastructure Security Coordination Centre (NISCC) announced that a computer researcher from Milwaukee had identified a method whereby hackers can trick personal computers and routers into shutting down by resetting the machines remotely in just matter of minutes. Previously researchers believed that such a feat would require calculations spanning 4 to 142 years. Cisco has issued advisories to warn that its IOS operating system used in many models of its popular router is vulnerable to this flaw. Juniper Networks has posted a security alert on its web site indicating that certain series of its routers as well as all NetScreen firewalls running ScreenOS earlier than release 5.0R6 are affected by this development.

Large-scale disruptions of the Internet could leave enterprises and government organizations without critical communication tools such as email and instant messaging.

Lok Technology launched its Internet infrastructure appliance, AIRlok, last autumn to meet the increasing demand from enterprises, telecom carriers and Internet Service Providers (ISPs) for more secure wireless (including Wi-Fi) and wireline networking. The AIRlok employs both software and hardware configurations that make the AIRlok one of the few network management solutions that can foil efforts by hackers to disrupt enterprise communications, e-commerce and government services that increasingly rely on the Internet. At the core the AIRlok’s defenses is the use of the OpenBSD operating system.

OpenBSD (www.openbsd.org) is an open source project that emphasizes correctness, security, standardization, and portability. OpenBSD’s focused security approach makes it the most secure operating system in the world. Simon Lok, Chief Scientist and Founder of Lok Technology states, “We run OpenBSD for this very reason. The developers of OpenBSD have a methodology that results in proactively secure systems.” The recently announced TCP vulnerability is only the latest in a series of examples of how the proactive approach of the OpenBSD team thwarts attack and exploitation methods years in advance of their coming.

A TCP sequence number exploit requires that the attacker correctly guess the initial sequence number (ISN) and/or subsequent sequence numbers. In technical terms, many vendors have chosen to employ predictable ISN generators despite the fact that numerous Requests for Comment (RFCs) regarding TCP clearly state the importance of randomized values for the ISN. These shortcuts change the nature of TCP sequence number exploits against their products from the range of the possible to the practical. In OpenBSD, the ISN is chosen using a cryptographically strong pseudo random number generator (PRNG) seeded from the kernel entropy pool, thereby thwarting predictability.

In addition, successful execution of a TCP sequence number attack requires that the attacker correctly provide the TCP 4-tuple (source address, destination address, source port, destination port). The UK NISCC release states “As the source port varies, additional work is generally called for on the part of the attacker.” Once again, many vendors have chosen to use very simple source port number generators. In OpenBSD, the source port is also chosen using a cryptographically strong PRNG.

Lok Technology takes an additional step by shipping a FIPS-140-1 certified hardware random number generator (HW-RNG) with every appliance. A driver developed by the OpenBSD team (in conjunction with Lok Technology support) feeds the kernel entropy pool with true entropy. This makes attacks against OpenBSD subsystems that depend on entropy (e.g. TCP sequence number exploits) even more impractical.

Both the NISCC and US-CERT advisories suggest that employing ingress and egress filtering as an important step towards mitigating the damage that can be caused by the TCP exploit. In conjunction with its 12 dynamic functions that manage and secure networks that support a few dozen to several thousand users, the AIRlok implements an intrusion protection system (IPS) and stateful firewall. By default, an AIRlok provides address spoofing prevention as well as automatic “blackholing” of devices that attempt to perform flooding attacks.

The AIRlok is currently distributed in the US and UK for use by telecommunications carriers, Internet Service Providers (ISPs), Wireless ISPs, and enterprises.


Company: LokTek
Related downloads
VNC Flaw Test 2.0
Test your VNC Server for security flaws 		345
Crash 1.2
 1773
SAT GRE Crash Course 1.0
Improve your SAT vocabulary the fun way. 		142
Boulder Crash 1.0
Remake ofgames Boulder Dash and Digger 		298
Crash Course Delphi 4
Delphi tutorial, HTML plus source code files 		231
Crash Ball 1.0
Smash through this unique brick breaker! 		282
SOS Crash Recovery 4.4.6
"The Windows Safety Belt" 		155
3D Crash Icons Screensaver 1.1
Crash Icons is 3D desktop sreensaver 		251
Crazy Crash Racing 2.4
Crazy Crash Racing - nice car racing game! 		427
Spaceship Crash Frenzy 1.2
Crashing spaceships. 		153

Related press releases
AIRlok™ Invulnerable to Flaw that Could Crash the Internet [2004-05-10 00:00:00]
In response to recent announcements by the US and UK governments that a flaw affecting the Internet’s “Transmission Control Protocol” (TCP) could be exploited by hackers to bring down the Internet, Lo...
Comodo SSL Certificates Not Affected By MD5 Flaw [2009-01-08 05:28:16]
Jersey City, NJ, January 8, 2009 - Comodo CA Limited, the second-largest issuer of high-assurance digital certificates, today announced that none of its certificates is created using the MD5 hash func...
Comodo Offers Free Replacement Certificate to any Individuals Affected by Debian... [2008-05-21 11:06:23]
Comodo issues security advisory on Debian vulnerability flaw, confirming that while Comodo Certificates are unaffected, some certificates created using Debian Distribution are vulnerable which is why ...
IE7Pro : An ultimate Add-On for IE7 [2007-04-27 03:17:59]
I've been using IE7Pro for a few weeks I really really like it. Some would say it brings some of the Firefox goodness to IE7. IE7Pro's Features Enhance Internet Explorer's Tabbed Browsing Capabil...
Crazy Crash Racing presents a car racing game! [2006-02-06 00:00:00]
FunGamesGalaxy.com Crazy Crash Racing presents a car racing game! February 6, 2006 For Immediate Release http://www.fungamesgalaxy.com The game Crazy Crash Racing is right what you need if you are so ...
Airbag black box crash data recovery information for GM and Saturn vehicles. [2004-09-04 00:00:00]
Vetronix crash data retrieval tool (CDR) collects GM vehicle crash data via the airbag system SDM. Nashville, Tennessee, June 15, 2004 -- For many years, airplane crash investigators have had the b...
AdvertMarket Poses a Threat to the Future of Online Marketing [2004-09-11 00:00:00]
The future of online marketing has been in the midst of change ever since the crash a few years ago. AdvertMarket is threatening the way advertising is currently being sold by leading the internet int...
InspIRCd - 1.1.17 released [2008-02-17 08:17:54]
Another release today, 1.1.17 - comprised of stability fixes for the 1.1 line, and some performance enhancements backported from 1.2. This is a recommended upgrade. The key changes are that users w...
AQUATRA Releases Backup Expert 2.2 - Backup Important Data Before a Computer Cra... [2009-09-17 08:30:22]
Computer crashes and hard disk failures are an unfortunate matter of "when", and not "if". Prepare yourself for upcoming system crash, minimize your losses and save time on restoring your PC back to f...
CD-Door Guard 3.0: Protect Your Computer's DVD from Crash. [2008-10-02 15:01:20]
October 03, 2008. Mental Works Computing Software announces the release of CD-Door Guard 3.0, a new version of award-winning utility designed to protect computer optical drives from crash. The progra...

GetGo Download Manager
GetGo Download Manager 32x32 pixels iconFree Download Manager, Downloader and Accelerator. An Essential Internet Tool for Increasing Speed, Resuming, Scheduling, and Organizing. Integration with Browsers allows quick download of recognized file types according to their extensions.

Internet Disk Cleaner
Internet Disk Cleaner 32x32 pixels iconWith a simple click, Internet Disk Cleaner safely clean up all Internet tracks, past computer activities and improved pc performance.It also supports test mode, cookies manager, scheduled cleanups, secure deletion and boss key.

CyberSieve
CyberSieve 32x32 pixels iconProtect your kids from harmful information on the Internet and monitor them irrespective of where you are.

Dutch Duck IE History Viewer
Dutch Duck IE History Viewer 32x32 pixels iconHistory, Favorites, Cache and Cookies Manager for Microsoft Internet Explorer, with options to sort, group, search, print and export. It allows to selectively erase items from your history--no need to erase your entire history.

SafeSquid Personal
SafeSquid Personal 32x32 pixels iconInternet Proxy Server with antivirus and Web Filter for Internet security, Cache, IP based Access Control, Authentication, Block - website access with URL blacklist and keywords; Block music, videos, flash, java applets, messengers, cookies, activex

FritzTv
FritzTv 32x32 pixels iconFritzTv is a free internet television for pc. Watch movies, sport events, peoples tv blogs, there are hundreds of channels from around the world. Watch all your favourite tv stations, read the news and check out the most seen movies of the week.

Cool Radio Recorder
Cool Radio Recorder 32x32 pixels iconCool Radio Recorder - Internet Radio to MP3 in 100% quality - Easy, Solid and Simply Cool. Record rare music and talks from underground stations or just tune into your favorite internet radio and listen. 3000+ stations included.


Archive: All downloads - Links - Links2

Copyright (c)2005-2009 Download3K.com - All rights reserved - Terms of use - Privacy Policy