Responder: Responder is a unique defense based on military dazzlement technologies widely used in World War II. It creates cognitive dissonance in human attackers and tools they employ to analyze your network. Without interfering with your normal work, responder rapidly and automatically detects and responds to many attacks, leaving extensive audit trails and providing the means to lock out serious offenders. It slows many Internet worms, impedes intelligence efforts against networks, and can prevent unauthorized users from attaching to your network.
| Platform: | X86 platform running White Glove Linux |
|---|---|
| Interfaces: | 3 10/100baseT, Serial port, SVGA, KB, Mouse |
| Throughput: | Burst 66Mbps, Sustained, 33Mbps |
| Memory: | 256Meg RAM, 4Gig Permanent |
| Size: | Less than 12"x6"x2" |
| Power: | 120V adapter provided |
| Weight: | Under 5 Lbs. |
| Services: | Get-only Web, Secure DNS, Firewall software, network logging, sniffing, responder |
| Control: | Configurable to Console, Ethernet, Serial port |
| Shipping: | Typically 15 days from order |
Responder is a unique security technology designed as an active defense for a reasonably well controlled environment. It provides three advantages over other defenses in use today:
Slows Down Attacks: The responder technology has a slowing effect on most modern attack processes because it make the intelligence gathering portion of the attack process less reliable by causing cognitive dissonance in the tools and users involved in attacks. It also has configurations that cause the mechanisms of many worms and viruses to fail, and in some modes can make computers with those worms crash or stop moving from computer to computer.
Detects Attempts Quickly: The use of dazzlements only against illicit access attempts creates an extensive and comprehensive audit trail indicative of the attack and attack processes Underway. In many cases, it can be used to detect attack long before they succeed, providing added capabilities for preventing attackers from accessing systems even if they should discover legitimate access points.
Does not interfere with normal use: In experiments we found that the responder technology has the unique capability of cutting off attackers without negatively impacting normal users. In many cases this is accomplished without altering any features of the systems under attack. In one example, we placed attackers on the same LAN as legitimate users and servers, provided user IDs and passwords to the workstations and server, and told the attackers the IP addresses of the servers. They still could not get in, while legitimate users continued to access without delay.
Responder is a one-of-a-kind technology for securing your network without altering other network devices. While it cannot solve all of your security problems, it certainly helps handle many of them.
Responder is licensed on a year-by-year basis and includes initial configuration and quarterly maintenance. Only through authorized dealers.