ZTNA that is True Zero Trust

Zero Trust begins with being able to trust the identity of the user accessing your data, apps and services. At WhiteStar Communications, we build “trust” from the ground up. First we don’t allow any third parties, regardless of how big they are, to verify the identify of a user. We require the user to respond one time from their e-mail system with a verification to our Master Control Program (MCP). We then use patented advanced cryptographic protocols and NIST standard encryption to create a cryptographically secured identifier for that user which is now known to the HyperSpace™ network. The network administrator can then allow access to resources based on the tags associated with that resource and the identity of the user known. Finally, we use WhiteStar’s first party trust system known as Salutation to both secure information in flight between hosts. If you want to write your own app, WhiteStar allows you to extend the security to apply to the information when at rest after it arrives at a host.

Once a user identify is verified and cryptographically sealed, trust and indeed the entire WhiteStar SNP are formed from the edge of the network, without any centralized services. This is achieved through a flexible, multi-layered strategy utilizing our suite of intelligent agents: the Federation Agent, Proxy Agent, and Service Agent.

As the internet has evolved to have truly mobile users, the matter of identity vs network address is at the root of the identify challenges faced today. When the Internet was first developed, IP addresses were fixed. Address blocks were sub- divided by companies or organizations that needed to attach hosts to the Internet. Organizations would sub-divide, aka. sub-net, their block addresses into smaller blocks and then physically assign those blocks to floors of buildings. Addresses were then wired up to ethernet jacks in cubicles and offices. With this arrangement, one could imply with a great degree of confidence that a host at a given IP address was the given person assigned to office, cubicle, or workspace. Additionally, a given IP address could be inferred to belong to a given organization and even imply its location.

Today, none of that is true. Addresses are dynamically assigned; sub-networks are reused using NAT/PAT and people roam across networks and addresses with mobile devices. All of this has caused significant security and scaling issues that have been band-aided over the years.

In an “Always On” environment, a user’s identity does not need to be reverified every time they look to access the network. The HyperSpace™ network knows the users by their cryptographically secured identity.

However, passwords can be useful layer of security to access applications. However, they have become cumbersome and unreliable. The WhiteStar NOS also features a fully integrated password authentication system that addresses the issues of today’s password insufficiencies.

Traditional password control systems typically rely on patterns (such as requiring some combination of upper- and lower-case letters along with a special character or a number along with a minimal number of total characters.) Additionally, it is normal in enterprise settings to require passwords to be changed on a fixed time schedule. Both approaches have serious drawbacks.

Requiring certain patterns within a password doesn’t necessarily give surety as to the strength of a password. Similarly, changing passwords on a fixed schedule is only a band-aid on the larger problem of not picking strong passwords to start with. This leads to further problems of user dissatisfaction with constantly having to change passwords which leads to, particularly in an enterprise setting, issues that IT must then be engaged in to correct.

To address these sorts of issues, WhiteStar has developed and offers a novel Autonomic Password Management System. Simply enter any password combination of alphanumeric and special characters and WhiteStar’s Autonomic Password Management System shows you how long that password will be safe to use based on the present day commonly available hacking techniques combined with a temporally scaling model of compute power to estimate the time it would take a hacker to gain access to a subscriber’s account based on the actual password chosen by that subscriber. With WhiteStar, Passwords and their enforcement is now a part of the Network itself.

WhiteStar continuously re-evaluates each user’s chosen password and should new techniques, algorithms or unpredicted increases in compute power come along, then WhiteStar will revise the time that remains before the subscriber’s password must change.