The Technology
The Products
Press Room
Events & Awards
Purchase
Support

Home | Contact Us | About Us | Resellers | Downloads

Help

Plug and Protect Your Network

Overview

Arxceo’s PnPro, or Plug and Protect, architecture encompasses a combination of both hardware and software innovation that provides the underpinnings for the most robust implementation of intrusion prevention in the areas of Anomaly Intrusion Detection, Protocol Enforcement, Anti-Reconnaissance, and Address Authentication. Products based on PnPro are quick to deploy, easy to administer, and extremely difficult for attackers to detect, much less compromise.

The PnPro architecture starts with a Layer 2 bridge implementation using dual network interface cards (NICs) that do not use a network stack for receiving or sending network packets. The exact type of NIC card, including performance and features, differs depending on the particular product model type. For instance, Arxceo’s Ally ip100 provides a pair of 100BaseT, or 100Mbit, NICs and the Ally IP1000 provides two pairs of 1000BaseT, or 1Gigabit, NICs. One of these 1000BaseT NICs also has the ability to continue passing traffic if the device fails or loses power – as if the device was never installed in the first place. Arxceo’s feature of passing traffic during a “crashed state” is called NetFailOpen™ and administrators can choose to fail open or closed based on their specific needs or preferences.

Inline Appliances

Arxceo’s PnPro architecture uses an inline design, joining two disparate segments of a network, such as connecting a company LAN to the Internet. The only way for traffic to enter the LAN is by passing across, or through, the inline device. In this position, the device is able to review and act upon traffic in real time, before any potentially harmful traffic passes to the protected segment.

No Network Stack -- It's Tough to Target What is Not Seen

PnPro does not implement a network stack on the NICs used to bridge the protected side of a LAN from a non-protected, or public, WAN (or Internet). Many attacks exploit the design of industry-standard protocols, such as TCP, UDP, and HTTP. By avoiding the use of traditional network stacks, the PnPro architecture is safe from those types of vulnerabilities and is essentially invisible. Attackers cannot target or compromise the device itself. Devices implementing the PnPro architecture do not have IP addresses at all, nor do they recognize or respond to assigned MAC addresses. Additionally, such devices do not decrement TTL or increment Hop Counts – thus running in an invisible fashion that prevents attackers from seeing the devices by tracing traffic patterns or packet-routing.

Additionally, administration tasks such as hardening or patching the operating system (OS) and monitoring for device compromise can be drastically reduced or eliminated. The PnPro architecture removes the need for hardening or patching the underlying OS. Other than minimal use of the OS for booting and writing events or alerts to a log file, the PnPro architecture is a self-contained, hardened environment that eliminates OS and network protocol exploits.

 

 

Latest News!

Attacks using Evasion Technique Highlights Problems with Signature-Based IPS

Arxceo Announces License Program and Ally Binary Engine Development Kit to Enable Anti-reconnaissance Defense for Network and Mobile Devices

Arxceo® Launches Ally™ Channel Program to Provide VARs with Revenue and Business Growth Opportunities in Security Market

Communication News writes about Arxceo's security appliance reducing workload

Arxceo Co-Founder to Bring Expertise in Anti-Reconnaissance Network Security Technologies to SecureWorld Multi-City Regional Expo

Arxceo’s Anti-Reconnaissance Security Appliance Turns the Table on Cyber Specialists at Engineering Conference

 

Copyright 2003 - 2007 Arxceo Corporation. All Rights Reserved.  Trademarks  Privacy Statement   Site Map