Design Insights

Threat Immunity through Comprehensive Security

Because the effectiveness of any privacy solution pivots on its weakest link, achieving an effective messaging privacy model requires that the entire range of threats cannot be allowed to operate to compromises any aspect of messaging privacy.  Only by understanding the attack surface and threat methods, and integrating complete threat immunity into the architecture of the privacy model, can true end-to-end privacy and security be achieved.  (see the TrustWrx White Paper – Threat Vector Analysis.)

The need for the defensive legacy security stack is not displaced by TrustWrx.  Perimeter defense will always be needed, protecting the enterprise behind the firewall while TrustWrx enables full security for IoT out on the open Internet.

TrustWrx Design and Performance Criteria

  • TrustWrx is a proactive and strategically designed privacy ecosystem for universal messaging within which almost all threats, malware and cybercrime cannot operate. Unlike the defensive posture of layered security solutions, TrustWrx is proactively focused on a deterministic architecture of safe messaging technologies and practices.
  • TrustWrx does not utilize the public DNS and its related publicly exposed routing. TrustWrx replaces the publicly exposed DNS with more robust private DNS-like database services that extend encrypted name resolution to fully encrypted addressing and policy management of all components of a TrustWrx enabled network.
  • Every part of TrustWrx packet traffic is encrypted (all metadata, content, attachments, domain names, message addresses, headers, routing, handshaking, etc.) – everything except the IP address pair – which is always endpoint disassociated. This means that all standard threats that rely on hijacking publicly visible metadata, addressing and routing cannot operate within TrustWrx enabled networks.
  • The IP address is the lowest common denominator for routing IP traffic over the public Internet and cannot be encrypted. However, TrustWrx disassociates all IP address message pairs through central gateway services to protect anonymity and privacy. TrustWrx further employs sophisticated server-relay measures to protect ports, operating systems and applications from unwanted and potentially harmful packets.
  • TrustWrx ports and applications do not operate on industry standard port numbers. They utilize policy-driven techniques and complex port and IP address hopping methods, encrypted port knocking and device fingerprints – validated through central policy services – to further protect the privacy of applications and messaging operations. However, TrustWrx packets pass seamlessly through perimeter firewalls with no changes to existing settings.
  • Having developed the capability to encrypt packet headers, TrustWrx is uniquely positioned to totally control – in complete privacy – the packet conversation between an endpoint device and gateway services, and on to another endpoint device or server. Insofar as the packet header is no longer subject to prying eyes on the open Internet – and can be seen only by the TrustWrx code at either end – TrustWrx is uniquely positioned to lock down the entire packet conversation.
  • TrustWrx utilizes only industry standard encryption that has been published, vetted and proven durable over time. TrustWrx’s triple layer encryption was designed to accommodate many different encryption algorithms and key lengths.
  • The company has White Papers and other documents that provide additional details – available on request to qualified individuals.
Why is your anti-virus no longer good enough?

The primary short-coming of desktop anti-virus and malware software is that the invader is already on the computer before the protective software intervenes.

Many modern exploits get to work before the defensive mechanisms come into play.  The only way to overcome this problem is to deal with it upstream, remotely at central servers before it gets anywhere near your network.

This is how major corporate networks protect their users at levels that the home or business network has been denied, until now.

The other major problem is the increasing onslaught of direct attacks that don’t arrive cloaked in an email or web session.

These attacks come at the computer directly, attempting to find open ports where they can invade with the least resistance. They are the most difficult to detect and are best shut down by denying them access to ports so they cannot even get in.

TrustWrx accomplishes this through its patented communications technology that allows only TrustWrx conditioned packets to access ports, and turning a blind eye to all packets that are from unknown sources.

Ready to learn more about TrustWrx security for IoT. . .?