Threat Immunity through Comprehensive Security
Because the effectiveness of any privacy solution pivots on its weakest link, achieving an effective messaging privacy model requires that the entire range of threats cannot be allowed to operate to compromises any aspect of messaging privacy. Only by understanding the attack surface and threat methods, and integrating complete threat immunity into the architecture of the privacy model, can true end-to-end privacy and security be achieved. (see the TrustWrx White Paper – Threat Vector Analysis.)
The need for the defensive legacy security stack is not displaced by TrustWrx. Perimeter defense will always be needed, protecting the enterprise behind the firewall while TrustWrx enables full security for IoT out on the open Internet.
TrustWrx Design and Performance Criteria
- TrustWrx is a proactive and strategically designed privacy ecosystem for universal messaging within which almost all threats, malware and cybercrime cannot operate. Unlike the defensive posture of layered security solutions, TrustWrx is proactively focused on a deterministic architecture of safe messaging technologies and practices.
- TrustWrx does not utilize the public DNS and its related publicly exposed routing. TrustWrx replaces the publicly exposed DNS with more robust private DNS-like database services that extend encrypted name resolution to fully encrypted addressing and policy management of all components of a TrustWrx enabled network.
- Every part of TrustWrx packet traffic is encrypted (all metadata, content, attachments, domain names, message addresses, headers, routing, handshaking, etc.) – everything except the IP address pair – which is always endpoint disassociated. This means that all standard threats that rely on hijacking publicly visible metadata, addressing and routing cannot operate within TrustWrx enabled networks.
- The IP address is the lowest common denominator for routing IP traffic over the public Internet and cannot be encrypted. However, TrustWrx disassociates all IP address message pairs through central gateway services to protect anonymity and privacy. TrustWrx further employs sophisticated server-relay measures to protect ports, operating systems and applications from unwanted and potentially harmful packets.
- TrustWrx ports and applications do not operate on industry standard port numbers. They utilize policy-driven techniques and complex port and IP address hopping methods, encrypted port knocking and device fingerprints – validated through central policy services – to further protect the privacy of applications and messaging operations. However, TrustWrx packets pass seamlessly through perimeter firewalls with no changes to existing settings.
- Having developed the capability to encrypt packet headers, TrustWrx is uniquely positioned to totally control – in complete privacy – the packet conversation between an endpoint device and gateway services, and on to another endpoint device or server. Insofar as the packet header is no longer subject to prying eyes on the open Internet – and can be seen only by the TrustWrx code at either end – TrustWrx is uniquely positioned to lock down the entire packet conversation.
- TrustWrx utilizes only industry standard encryption that has been published, vetted and proven durable over time. TrustWrx’s triple layer encryption was designed to accommodate many different encryption algorithms and key lengths.
- The company has White Papers and other documents that provide additional details – available on request to qualified individuals.