Integrated Secure Communications System

Developer and User Information

What ISCS can do for you

What you can do for ISCS

Resources:

ISCS:
Do I need it?

What does it do?

ISCS Introduction

ISCS White Paper

ISCS Usage Slide Show

Screen Shots

User Documentation

DOWNLOAD ISCS



If you have ever thought about replacing your leased-line WAN with a VPN, read this first:

Brief How & Why



If you are not sure why you need to implement security between your offices, read this:

Why Inter-Office Security



Training docs:
DHCP-over-IPSec

*SWAN

iptables

iproute2



Want to help develop ISCS?

SourceForge project page

Contact the Project Manager











 

ISCS is a new approach to managing network security. By providing a simple, scalable and affordable method to create compartmentalized, multi-layered, security-in-depth, it addresses the disappearing network perimeter and prevents escalation of privileges in the event of a security compromise. It produces a measured reduction in network security configuration time of over 90% with a corresponding reduction in exposure to human error.

The proliferation of mobile and remote computing, collaborative computing and new modes of cyber attack have turned traditional security models inside out. . . One must assume the attacker will be on the inside and build a security model which can respond to this eventuality.
From FlexNetFeasibility Study for Enhanced Access Control within a Pervasive Computing (PvC) Environment - used with permission from FlexNet Technologies

As an end user, will a 90% reduction in network security management overhead with fewer mistakes help you handle new security issues due to

  • legislation

  • new forms of attack (e.g., phishing, spam, malware)

  • new modes of access (handhelds, wireless)

  • mergers, acquisitions and partnerships

  • and within your existing human and financial resource constraints?

As a security products or services vendor, will a 90% reduction in the time to configure and manage your systems give you a competitive advantage?

If so, keep reading!

The flexibility and efficiency with reduced response time, cost and human error associated with ISCS may be important to you if you are:

  • An organization with communications between multiple sites or mobile/remote workers.

  • A telecommunications vendor offering a managed communications service.

  • A vendor of network security hardware or software.

  • A Managed Service or Application Service provider.

Just what do you mean . . . Network Security?

[Previously], the network media and the computing devices existed within a physically secure environment with few and well protected interfaces to the world at large. [Now, with mobile computing,] neither the wireless network media nor the computing devices are in a physically secure environment. Interfaces to the world at large are . . . in the tens of thousands.
ibid

ISCS uses the term network security to refer to user authentication, access control, data encryption and authentication, routing, layer 2 device management and simple PKI management all managed as a single, automated, fully integrated, secure communications system. Additional planned subsystems include application proxies, IDS/IPS, Anti-Virus and Content Management.

ISCS administrators do not configure the security subsystems separately. They never write a single order dependent rule or complex security association. They describe the security environment in functional, practical, process oriented terms such as, "Sales needs access to Sales Data", "Marketing, Financial, Engineering and the outside Advertising Agency need access to the New Product Line data", "the 192.168.1.0/24 network should participate in the VPN", "the new acquisition's 10.1.1.0/24 network needs to NAT globally to 172.16.8.0/24 to avoid conflict with the existing 10.1.1.0/24 network" or "the credit card database servers should not be allowed to send packets any further than the e-commerce web server in the DMZ to prevent data theft over the Internet."

The problem with network security is not the lack of good security tools; it is the management of those tools and the exposure to human error.
From 2004 interview with John Sullivan CTO - Nexus Management

ISCS then resolves any conflicts between the subsystems and automatically creates and distributes all the rules and configurations for everything from proxy ARP to firewall to VPN to routing to NAT to certificate management. Fast, efficient and no human error.

ISCS is available free of charge under the GPL license or for a fee under commercial licensing where the GPL license is an obstacle. End users may find it more advantageous to purchase ISCS enabled equipment from commercial vendors.

What ISCS can do for you:

ISCS is not the solution to every network security problem.

ISCS does provide an affordable, flexible and safe solution to the following problems and issues:

  • Controlling network level access based upon a variety of user authentication methods -- currently X.509 certificate and IP address; Active Directory, e-Directory, LDAP, RADIUS and SecureID are planned -- see Projects Awaiting a Sponsor or Volunteer

  • Restrict trusted user access to only the access needed by their role in order to minimize damage from identity theft, i.e., if an attacker succeeds in obtaining a trusted user's identity through theft, trojan, man-in-the-middle or other means, they can only do what the user can do; they do not have unrestricted access to the network even if they have obtained a trusted, internal attack position

  • Sandbox mobile users, e.g., data enabled mobile phones, PDAs or wireless connections, to minimize security exposure in the event of theft or compromise

  • Transitioning from one security vendor to another -- ISCS can manage devices from multiple vendors (see Projects Awaiting a Sponsor or Volunteer) in a manner transparent to the administrator. This is critical for end users attempting to preserve their investment in or bring new functionality to existing equipment and for hardware vendors who are displacing an incumbent vendor.

  • ISCS enable wireless access points to impose strict user authentication with granular network access controls for network access beyond the access point

  • Quick response to network security changes, e.g., mergers and acquisitions, new business needs, collaboration with outside partners or security breaches

  • Affordably and flexibly apply access control, encryption and even NAT to private WANs, LANS as well as Internet/VPN connections.

  • Enforce extended user authentication for remote access users throughout the entire WAN from a single gateway

  • Minimize the danger of connecting small, branch offices with minimal physical security to the corporate WAN

If you face any of these issues, ISCS, in either its free or commercial build your own versions or as supplied in an ISCS enabled device from a commercial vendor, may be your ideal solution.

What you can do for ISCS:

ISCS is an enormous project. The many thousands of hours of labor have produced a product with efficiency and security exceeding proprietary products costing six figures yet it is free for all who may benefit from it.

Nonetheless, the developers, testers and documenters need to eat! And they are more efficient if their work is not an interrupted hobby but a full time, concentrated compensated endeavor.

Thus ISCS needs your direct support. ISCS is not a simple utility. It is not designed for small sites with a single firewall. The proprietary alternatives are VERY expensive. You can spend five and six figures on a proprietary network security management framework or you can support ISCS with 10% of the running cost overhead and far lower capital investment. We hope you will choose to use and support ISCS.

Sponsors

ISCS developers, testers and documenters depend upon others -- corporations, governments, hardware and software vendors, service providers, telecommunications carriers and any other organization that can profit from ISCS technology -- to support the development effort with human and financial resources. Both are valuable.

All financial and human resource contributions are managed through the Open Source Development Corporation in a manner which reduces conflict among potential competitors, deftly handles intellectual property rights and certifies the originality of all code. The details are explained in the OSDC web site.

If you believe ISCS technology can be of value to you as an end user or security vendor or of value to one of your business associates, vendors or clients, please contact the OSDC sponsorship department. The speed and breadth of ISCS development depends directly on the labor, equipment and particularly monetary contributions of those who use ISCS to generate value for their organizations.

Volunteers

The importance of volunteer effort to the ISCS project, from developers to testers, to documenters, cannot be overestimated. The value of volunteer effort on ISCS is rapidly approaching a half million US dollars.

We can use volunteers with the following skills:

  • C/C++ and Qt

  • SQL programming

  • GUI design and development

  • Embedded systems

  • Open source and proprietary firewall systems

  • Open source and proprietary VPN systems

  • Open source and proprietary routing systems

  • Open source and proprietary IDS/IPS

  • Open source and proprietary content filtering

  • Open source and proprietary Virus Scanning

  • Layer 1 and layer 2 configuration for open source and proprietary
    systems

  • Wireless technology

  • PKI

  • SSH

  • SSL

  • Technical authoring and documentation

  • Testing and QA

  • Project Management and Estimation

We provide free training on ISCS to regular volunteers as there is a significant learning curve. It is important that the needed investment in training makes sense to both the ISCS team and the potential volunteer. We thus request that regular volunteers commit to a minimum average of eight hours per week. Of course, the team is always open to reviewing and accepting bug fixes and enhancements submitted by anyone as long as they certify the code as original and agree to the OSDC licensing terms.

All contributors retain the intellectual property rights to their contributions. However, to facilitate income generation in order to employ as many contributors as possible, alternate licensing is sometimes required. Therefore all contributors agree to grant OSDC an unlimited and unrestricted license to the use of their contribution.

Because of the size and scope of ISCS, it is a tightly managed project with emphasis on documentation, proper process, communication, quality, fit and finish, security and peer review. SourceForge is used to coordinate all GPL development.

If you have the time, the skills and a practical need for ISCS technology or just an academic interest in ISCS or one of its open projects, please consider becoming a regular volunteer to the team by contacting the Open Source Development Corporation.

Illustrations and Examples

Photo Credits:

All photos from stock.xchng

Photographers:

gt1633@nate.com www.imaginative.de jimdel@pleiadesgroup.com www.dwyer.de nick@colombweb.net

hostmaster@777westel.hu marcia.rodrigues@netmadeira.com sunstreamgrafix@yahoo.com

 

Sponsorship Information

Contact Sponsorship Department

Current Sponsors:

Open Source Development Corp.

SSI Services





Projects awaiting a sponsor

Sponsorship Options



Support This Project

Individual Donations



I would like a live demonstration of ISCS



We are deeply grateful to SourceForge for their support!

SourceForge.net Logo