Good thing this guy's on our side now

For the past decade, most efforts to secure network communications have leveraged techniques straight out of the Middle Ages.

Cryptography and firewalls have been seized upon as a means to conceal messages from prying eyes and to create a virtual moat around the castle enterprise LAN.

It can be argued that security specialists have conceded the public network infrastructure to the bad guys: the hackers, script kiddies, computer criminals and anyone else with a Pentium PC and an ax to grind. The alternative ? securing the public network itself ? has seemed a virtually impossible task.

Securing the network, however, is what Victor Sheymov, a former KGB major and cryptography expert who defected to the United States in 1980, has sought to do since forming Invicta Networks in Herndon, Va., in 1999.

His product, InvisiLAN, leverages truly original thinking on network security through a patent pending technology called Variable Cyber Coordinates (VCC). Sheymov contends that the best way to secure a network pipe is to make it invisible to would-be eavesdroppers by rapidly changing the logical network addresses of the communicating end stations. That is exactly what VCC does.

VCC technology is "purely software" in Sheymov's description: an algorithm used at each of the communicating endpoints that changes addressing information at the rate of one time per second. However, its implementation is in the form of a proprietary system that includes a secure network card that must be installed in each communicating system, a secure gateway that must be installed in each LAN, and a security control unit that is used to implement and manage the algorithm-based protection itself.

Sheymov said the cards contain no special software and can be installed in any PC or server, regardless of operating system, in about three minutes. Once installed, the secure network card operates with the network interface card already installed to establish a connection via the secure gateway with the security control unit.

The control unit automatically sets up the card for use, downloading the appropriate VCC software components. Communications between any end stations secured by the technology, whether in the same LAN or across a wide area network, are invisible to outsiders.

The approach sidesteps notions such as secure operating systems, firewalls and payload encryption ? techniques that have seen billions of dollars in research and development investment but produced little meaningful return in light of increasing incidents of computer crime, Sheymov said.

This observation has garnered Sheymov few friends in the security industry but substantial interest from consumers in the public and private sectors. Sheymov's ideas were originally treated with skepticism by industry analysts and practitioners, representing, as they did, a radical departure with conventional security approaches.

However, Jason Wright, industry analyst and program leader in Frost & Sullivan's security technologies practice, said he is warming up to the idea, especially its simplicity.

"It eliminates many of the hassles involved in encryption key management and firewall customization," he said. "I like the idea and the concept, and I am optimistic about Invicta's future in the market."

InvisLAN has moved out of beta test and is being seriously evaluated by potential customers, according to Invicta Network spokespersons.

Early interest has been expressed by the Federal Aviation Administration, Department of Veterans Affairs and the National Security Agency, as well as integrators such as Computer Sciences Corp. and American Management Systems Inc.

Moving network security from the Medieval World to cyberspace, Invicta is worth a look.

Jon William Toigo is an independent consultant and author of more than 1,000 articles and 12 books. If there is an emerging technology you would like Jon to look at, contact him through www.toigoproductions.com or via e-mail at jtoigo@intnet.net.