Integrated Secure Communications System

ISCS is a new approach to managing network security. By providing a simple, scalable and affordable method to create compartmentalized, multi-layered, security-in-depth, it addresses the disappearing network perimeter and prevents escalation of privileges in the event of a security compromise. It produces a measured reduction in network security configuration time of over 90% with a corresponding reduction in exposure to human error.

The proliferation of mobile and remote computing, collaborative computing and new modes of cyber attack have turned traditional security models inside out. . . One must assume the attacker will be on the inside and build a security model which can respond to this eventuality.
From FlexNetFeasibility Study for Enhanced Access Control within a Pervasive Computing (PvC) Environment - used with permission from FlexNet Technologies

As an end user, will a 90% reduction in network security management overhead with fewer mistakes help you handle new security issues due to

legislation
new forms of attack (e.g., phishing, spam, malware)
new modes of access (handhelds, wireless)
mergers, acquisitions and partnerships
and within your existing human and financial resource constraints?

As a security products or services vendor, will a 90% reduction in the time to configure and manage your systems give you a competitive advantage?

If so, keep reading!

The flexibility and efficiency with reduced response time, cost and human error associated with ISCS may be important to you if you are:

An organization with communications between multiple sites or mobile/remote workers.
A telecommunications vendor offering a managed communications service.
A vendor of network security hardware or software.
A Managed Service or Application Service provider.

Just what do you mean . . . Network Security?

[Previously], the network media and the computing devices existed within a physically secure environment with few and well protected interfaces to the world at large. [Now, with mobile computing,] neither the wireless network media nor the computing devices are in a physically secure environment. Interfaces to the world at large are . . . in the tens of thousands.
ibid

ISCS uses the term network security to refer to user authentication, access control, data encryption and authentication, routing, layer 2 device management and simple PKI management all managed as a single, automated, fully integrated, secure communications system. Additional planned subsystems include application proxies, IDS/IPS, Anti-Virus and Content Management.

ISCS administrators do not configure the security subsystems separately. They never write a single order dependent rule or complex security association. They describe the security environment in functional, practical, process oriented terms such as, "Sales needs access to Sales Data", "Marketing, Financial, Engineering and the outside Advertising Agency need access to the New Product Line data", "the 192.168.1.0/24 network should participate in the VPN", "the new acquisition's 10.1.1.0/24 network needs to NAT globally to 172.16.8.0/24 to avoid conflict with the existing 10.1.1.0/24 network" or "the credit card database servers should not be allowed to send packets any further than the e-commerce web server in the DMZ to prevent data theft over the Internet."

The problem with network security is not the lack of good security tools; it is the management of those tools and the exposure to human error.
From 2004 interview with John Sullivan CTO - Nexus Management

ISCS then resolves any conflicts between the subsystems and automatically creates and distributes all the rules and configurations for everything from proxy ARP to firewall to VPN to routing to NAT to certificate management. Fast, efficient and no human error.

ISCS is available free of charge under the GPL license or for a fee under commercial licensing where the GPL license is an obstacle. End users may find it more advantageous to purchase ISCS enabled equipment from commercial vendors.

What ISCS can do for you:

ISCS is not the solution to every network security problem.

ISCS does provide an affordable, flexible and safe solution to the following problems and issues:

Controlling network level access based upon a variety of user authentication methods -- currently X.509 certificate and IP address; Active Directory, e-Directory, LDAP, RADIUS and SecureID are planned -- see Projects Awaiting a Sponsor or Volunteer
Restrict trusted user access to only the access needed by their role in order to minimize damage from identity theft, i.e., if an attacker succeeds in obtaining a trusted user's identity through theft, trojan, man-in-the-middle or other means, they can only do what the user can do; they do not have unrestricted access to the network even if they have obtained a trusted, internal attack position
Sandbox mobile users, e.g., data enabled mobile phones, PDAs or wireless connections, to minimize security exposure in the event of theft or compromise
Transitioning from one security vendor to another -- ISCS can manage devices from multiple vendors (see Projects Awaiting a Sponsor or Volunteer) in a manner transparent to the administrator. This is critical for end users attempting to preserve their investment in or bring new functionality to existing equipment and for hardware vendors who are displacing an incumbent vendor.
ISCS enable wireless access points to impose strict user authentication with granular network access controls for network access beyond the access point
Quick response to network security changes, e.g., mergers and acquisitions, new business needs, collaboration with outside partners or security breaches
Affordably and flexibly apply access control, encryption and even NAT to private WANs, LANS as well as Internet/VPN connections.
Enforce extended user authentication for remote access users throughout the entire WAN from a single gateway
Minimize the danger of connecting small, branch offices with minimal physical security to the corporate WAN

If you face any of these issues, ISCS, in either its free or commercial build your own versions or as supplied in an ISCS enabled device from a commercial vendor, may be your ideal solution.

What you can do for ISCS:

ISCS is an enormous project. The many thousands of hours of labor have produced a product with efficiency and security exceeding proprietary products costing six figures yet it is free for all who may benefit from it.

Nonetheless, the developers, testers and documenters need to eat! And they are more efficient if their work is not an interrupted hobby but a full time, concentrated compensated endeavor.

Thus ISCS needs your direct support. ISCS is not a simple utility. It is not designed for small sites with a single firewall. The proprietary alternatives are VERY expensive. You can spend five and six figures on a proprietary network security management framework or you can support ISCS with 10% of the running cost overhead and far lower capital investment. We hope you will choose to use and support ISCS.

Volunteers

The importance of volunteer effort to the ISCS project, from developers to testers, to documenters, cannot be overestimated. The value of volunteer effort on ISCS is rapidly approaching a half million US dollars.

We can use volunteers with the following skills:

C/C++ and Qt
SQL programming
GUI design and development
Embedded systems
Open source and proprietary firewall systems
Open source and proprietary VPN systems
Open source and proprietary routing systems
Open source and proprietary IDS/IPS
Open source and proprietary content filtering
Open source and proprietary Virus Scanning
Layer 1 and layer 2 configuration for open source and proprietary
systems
Wireless technology
PKI
SSH
SSL
Technical authoring and documentation
Testing and QA
Project Management and Estimation

We provide free training on ISCS to regular volunteers as there is a significant learning curve. It is important that the needed investment in training makes sense to both the ISCS team and the potential volunteer. We thus request that regular volunteers commit to a minimum average of eight hours per week. Of course, the team is always open to reviewing and accepting bug fixes and enhancements submitted by anyone as long as they certify the code as original and agree to the OSDC licensing terms.

All contributors retain the intellectual property rights to their contributions. However, to facilitate income generation in order to employ as many contributors as possible, alternate licensing is sometimes required. Therefore all contributors agree to grant OSDC an unlimited and unrestricted license to the use of their contribution.

Because of the size and scope of ISCS, it is a tightly managed project with emphasis on documentation, proper process, communication, quality, fit and finish, security and peer review. SourceForge is used to coordinate all GPL development.

If you have the time, the skills and a practical need for ISCS technology or just an academic interest in ISCS or one of its open projects, please consider becoming a regular volunteer to the team by contacting the Open Source Development Corporation.