Unisys unveils invisibility cloak for network traffic

If you are ultra paranoid, what could be better than hiding your network traffic in such a way that no one could possibly intercept it? This is what Unisys is offering with its new Stealth appliance, which could make man-in-the-middle attacks and keylogger exploits obsolete, or at least more difficult to mount.

Stealth has been around since 2005, when it was developed exclusively for the Defense Department, which remains one of its largest customers. Several years ago Unisys took it to commercial enterprises and has paid for various independent tests to try to compromise the system, all of which have failed.

This is because Stealth uses four layers of security: each packet is encrypted with AES256, then split into three separate pieces and dispersed across the network, destined for a particular group of users that have to be running its protocols.

To deploy Stealth, you create virtual "communities of interest" that tie two or more PCs together in such a way that they can only communicate with each other. No one else can join in, and no one else can intercept the traffic.

+ ALSO ON NETWORK WORLD 15 free security tools you should try +

Different PC endpoints can be associated with multiple communities, so your CEO for example can talk to both your finance group and your marketing group, but the members of each group can't see each other's network traffic, server shares, or even ping each other. All of this works on top of whatever directory services you are running, including Active Directory, LDAP or RADIUS.

Stealth uses a special packet driver that sits on top of Layer 2 and is available for a wide collection of both 32 and 64-bit Windows and Linux desktops and servers. Stealth's traffic is still routed by ordinary switches, firewalls and routers without any additional configuration. But the traffic now is hidden from prying eyes, even over the public Internet.

Think of this solution as an overlay to your existing network, essentially hiding your secrets in plain sight.

The XP angle

For those of you concerned about the security of aging Windows XP-only applications, you can hide them with Stealth and only allow access to people who also have the Stealth drivers on their desktops. Everyone else will be locked out, including hackers trying to run XP exploits.

It is an intriguing idea. Unisys markets the product with the tag line, "you can't hack what you can't see," and we have to agree with them. We ran Wireshark's packet analyzer to try to track down the hidden traffic, but were unsuccessful. We did record both source and destination IP addresses on the analyzer, but no other payloads, protocol details or traffic could be decoded. We knew our machines were talking to each other, but not much else about what ports or protocols or applications they were using. It was actually a bit eerie to see the packet traces with such little information.

Stealth ships with a turnkey hardware appliance along with various client licensing options. You also need to set up encryption certificates with Stealth's specialized Windows certificate authority, along with creating the communities of interest.

We tested Stealth using a collection of pre-set virtual Windows 2008 R2 Servers and Windows 7 desktops, along with a sample XP machine. Unisys set all this up for us, but we spent some time looking over the various configurations to make sure they weren't trying to hide anything.

While the product works as advertised, the configuration screens are somewhat obtuse, and you have a two-step process to save and then commit any of your changes to the Stealth server. All the configuration parameters make extensive use of XML schemas, which could be an issue if you need to do extensive debugging. Unisys is working on a better and clearer interface.

We pulled the network connection on the Stealth server and within a few minutes all communications stopped between two PCs that had been talking to each other over the Stealth encrypted channel. This means you want your Stealth server protected from power and network outages, otherwise you will have your users calling you when it is disconnected.

Another downside is if users have administrative rights to their PCs they could easily or inadvertently turn off the Stealth features, if they know where to look. A much better option is to make use of managed PCs or to provide tighter access rights so that users can't change their configurations so readily.

You also want to make sure that you understand what network resources you are hiding and which ones you might need for non-stealthy activities, such as obtaining DNS lookups or authenticating yourself at login time or running other protocols that don't need the extra protection.

Stealth comes in several packaging options, including a more secure VPN tunnel, a matched pair to extend its encryption to a remote site across the Internet, and versions that can secure remote access via USB keys and mobile phones. The entry-level cost is $30,000 although these options can quickly double this price.

Stealth is an interesting product that might just be a great way to hide from hackers.

Strom is the founding editor-in-chief of Network Computing magazine and has written thousands of magazine articles and two books on various IT and networking topics. His blog can be found at strominator.com and you can follow him on Twitter @dstrom. He lives in St. Louis.

Read more about wide area network in Network World's Wide Area Network section.

Join the CSO newsletter!

Error: Please check your email address.

Tags network securitymanagementNetworkingsecurityinfrastructure managementNetwork managementunisys

More about LinuxUnisys Australia

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Strom

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place