Welcome to the security fix for TCP/IP…
For the first episode in a new series ADAMnetworks School of Cyber™ we dive in with David on the technical aspects of DTTS® and how it fixes the “security design flaw of TCP/IP”.
Show notes
Don’t Talk To Strangers® (or DTTS® for short) works at a layer 3 security gateway equipped with adam:ONE® software. Individualized, per-host IP connections are opened and closed only after a permitted and successful DNS query is made. In short, here’s a logical flow:
Protected by Patents of USA and Other Countries: https://adamnet.io/dttspatent
Consequences
Demonstrations of the net result of DTTS® application as shown in the video is this:
- Endpoint proxies are unable to connect by IP address (circumvention protection)
- TOR unable to connect (malware is therefore unable to connect)
- Unauthorized DNS-over-HTTPS (DoH) is blocked (preventing C2 usage, for example)
- Beacons a-la-Cobalt Strike or Sliver fail (blocking C2)
- Telegram unable to connect, even with IP or domain-fronting (prevents Telegram malicious use)
- ExpressVPN (or any retail VPN service) that connects directly-by-IP (prevents policy circumvention)
- Psiphon fails to tunnel out of a network (good egress control test is if Psiphon is unable to connect)
The application of DTTS® is not limited to the above examples. The application of Zero Trust principles simply makes DNS the root of trust and secures that channel to make DNS filtering itself leak-proof.
Important note
Some of the demonstrations were simplified to focus on the DTTS® component. It is important to note, however, that some of the examples use domain names as well as IP addresses, so it is actually a combination of DTTS® and DNS-blocking that is required to achieve proper security.