The concepts behind the Airwall were first proposed by Robert Moskovitz in 1999 as an individual IETF submission when the Host Identity Protocol (HIP) was conceived as a solution to overcome the fatal flaw in TCP/IP networking - which has made networking and security the complex Rubik it is today. An Airwall is comprised of one or more overlays, with each overlay made up of virtual trust segments, with each Airwall Edge Service possessing its own unique 2048-bit Cryptographic ID (CID) following the HIP RFCs. The result is a solution with military-grade encryption that can span nearly any device, network, or environment. An Airwall is set up using an intuitive, visual, and point-and-click management and orchestration engine, called Airwall Conductor. Unlike traditional IP networking and SDN approaches, an Airwall requires little to no modification of the underlying network or security infrastructure. It provides a simple policy-based configuration of devices or groups of devices that are explicitly trusted within the Airwall based on whitelisting. This trust, based on unique CIDs, determines what systems or machines can initiate and establish communication before any data is exchanged. A device or group of devices can belong to multiple Airwalls and an Airwall can span multiple existing VLANs, subnets, and easily span networking boundaries – across data centers, public clouds, campus networks, and remote locations, and even unmanaged networks. This enables devices to be connected or disconnected in seconds without disturbing the existing networking and security infrastructure.
Technical White Paper - https://www.temperednetworks.com/sites/default/files/tn-document/Tempered-Airwall-Next-Gen-Internal-Firewall.pdf
No comments:
Post a Comment