portal0

IP Domain Security Layer

Introduction

This invention IP Domain Security Layer (IDSL) complements existing security measures for IP Address based services (e.g. online services over the Internet). Checking IP Addresses is a very important layer within any “defence in depth” strategy. It complements other security layers like:

  1. Passwords – which could be overcome with programs like keyboard loggers
  2. Certificates – which could be attacked through bugs like heartbleed
  3. Devices – which could be hacked, lost or stolen

Traditional IP address based security faces significant problems:

  1. Dynamic IP Addresses being used on mobile devices and broadband routers. Blocking based on static IP address is no longer effective.
  2. Geographical Location of IP Addresses are not reliable. Country based blocking (even when it works in rare cases) opens up or closes down too many IP addresses at once.
  3. Maintaining any IP Address list is extremely difficult (whether they are whitelists or blacklists).

Most IP Address based checking are done at the country level. IDSL will work where country based IP Address check fails:

  1. no need to worry aboutDo they  out of date IP Address lists
  2. some IP Addresses are not country based
  3. can block IP Addresses even WITHIN the same country
  4. can handles mobile and dynamic IP links
  5. automatically trains itself on new IP addresses
  6. automatically alerts the user

It consists of 5 main modules:

  1. Domain Mapping – reverse domain, whois email domain, whois hash, whois sentence
  2. Automatic Training – first access, past history
  3. Visual Management – expiry date, trigger threshold
  4. Out of Band Challenge – email, sms, phone
  5. Caching Interface – IP address based

Domain Mapping Module

The Domain Mapping Module takes an IP address and extract its related DNS domain information. For example: It is based on creating a domain for the incoming login ip address:

  1. reverse domain of the ip address
  2. email domain in whois record of the ip address
  3. name in whois record of ip address

For whois email domain

  1. throw away NIC domains
  2. pick the most frequent one
  3. if same frequency pick longest
  4. if no domain found then pick class C if ip address (x.y.z.0) and return first word of that line

All domains of successful login IPs will be stored in a IP Address Domain table: www.net2max.com/centralsecurity/ipalert/ip_alert.php

Currently if Domain of user ip address does NOT belong to a domain in the passed 6 months then he will be asked to perform Random Number verification.

If the domain DOES belong to past 6 months then that domain will be added into the IP Address Domain table.

Once the Domain is in the table user does NOT have to perform Random Number Verification anymore to login.

Domain expires 365 days by default, but the user can change the expiry day or delete the domain from the table.

Domain Mapping Module

2. Automatic Traning 3. Management VoIP Protection

VoIP Protection

Checking IP Addresses is a very important layer within any “defence in depth” strategy. It complements other security layers like:

  1. Call Destination – based on call price
  2. Caller IP – which could be attacked through bugs like heartbleed
  3.  – which could be hacked, lost or stolen