Design Your Defense with Fognigma
With the rapid development of sophisticated cyber attack methodologies and the threat of weaponized quantum computing on the horizon, traditional security systems are being exploited continually. To operate safely and effectively in the digital battlespace, entities must adopt more sophisticated means of protection, without sacrificing efficiency or maneuverability.
In v3.0, the architecture of Fognigma has been redesigned to address the greatest cybersecurity threats of today – and tomorrow.
The latest Fognigma build embodies the core principles of Zero Trust, Moving Target Defense, Post-quantum Cryptography, and Software-defined Networking & Architecture. With v3.0, Fognigma is not just a cybersecurity or VPN tool – it’s an entire defense system that allows entities to leverage the public cloud to efficiently deploy custom-made cyber architectures and defense methodologies tailored for any purpose.
The Architecture of Fognigma
Charon: Layered Zero Trust Protection
v3.0 introduces Charon, a new Zero Trust security element built into the Fognigma architecture. Charon is a WireGuard-based capability that provides, user-specific, end-to-end encryption of user data within a Fognigma VPN – like putting a safe inside of a safe.
Charon serves as a transport layer between Fognigma’s VPN clients and the VPN exit, ensuring end-to-end encryption for all destination traffic outside the VPN. This peer-to-peer VPN is established within the primary VPN, separating user data from anonymity data, and is maintained to prevent destination traffic from being exposed while in transport. Even high-level malicious users are prevented from compromising user data.
Charon is an extension of the core Zero Trust and least privilege principles found throughout Fognigma. Users can also access protected resources without ever needing to know where they are by using web-hosted, misattributed access points. Similarly, users can also authenticate with the central server without connecting to it directly.
Fognigma is thoughtfully designed with Zero Trust principles at every step, allowing entities to operate in any environment and with anyone, without risk of a single point compromise affecting the network as a whole or any other users, even with a malicious user inside the network.
Ephemeral Moving Target Defense
One of Fognigma’s greatest strengths is its ability to remain totally invisible from the moment it’s installed. The central server never connects with public cloud providers directly, instead using disposable intermediaries to provision machines from providers and connect to them.
By leveraging multiple public cloud providers in over 150 data centers around the world, Fognigma allows users to create microsegmented networks anywhere with virtually no administrative effort. Specific elements or even entire networks can be destroyed and rebuilt in minutes with different providers and in different locations, becoming drops in the ocean of activity in the public cloud.
Users and the means they use to access networks and resources are also protected in a similar way. A single network can leverage any number or distinct network exit points around the world, allowing end users to instantly generate traffic anywhere with a single click. Disposable proxy instances ensure that interactions with resources in the network are hidden in user traffic.
Fognigma is capable of maintaining a constant state of automated change and regeneration during operation, facilitating quick and effective responses to new threats.
In v3.0, the wolfSSL tunnels between elements of a Fognigma network now use NTRU’s lattice-based cryptography in the outermost encryption layer in lieu of RSA, Diffie–Hellman, and Elliptic-curve Diffie–Hellman key systems. The OpenVPN layer within it now incorporates tls-crypt to pre-shared secret keys to ensure authentication is required before the TLS layer is even established, and also includes the benefit of encrypting the TLS control channel. Charon’s WireGuard encryption also uses pre-shared keys.
These new features add additional protection against man-in-the-middle attacks, empowering entities with layered protection against high-level threats in even the most hostile environments.
Software-defined Networking & Architecture
Fognigma embodies the principles of software-defined architecture and networking, automatically handling tedious administrative IT, networking, and encryption key generation and management tasks behind the scenes, only requiring administrators to make simple configurations through the interface before Fognigma takes over. Fognigma manages provisioning of required machines and resources from public cloud infrastructure and completes all networking, security, and resource configurations in the background as networks are being constructed.
Deploy networks complete with end-to-end encrypted collaboration tools like file servers and videoconferencing through a few clicks or through a fully automated provisioning system. Collaborate freely without ever needing to worry about exchanging encryption keys or wasting labor time-consuming IT infrastructure and security tasks. Administrators simple deploy resources and access points and let Fognigma handle the rest.
Fognigma software-defined perimeters make it the ultimate mission facilitator, granting entities the ability to design complex, mission-specific networks, resources, security measures, and per-user access control quickly and easily through a simple interface. Fognigma allows users to harness the potential of an entire world of cloud-based resources at the press of a button, using any device.
Secure Your Future Now
In Fognigma v3.0, the principles listed above are implemented out of the box, allowing entities to rapidly generate and tailor mission-specific networks and instantly respond to threats. Fognigma is not merely a VPN solution – it’s the factory that assembles them to your specifications, completely invisibly, with minimal effort, anywhere in the world.
The architecture of Fognigma ensures immediate compatibility with local facilities, infrastructures, and environments – without ever endangering them. Collaborate with anyone, no matter who or where they are.
Design defensive strategies, systems, and methodologies to address the threats of today and protect yourself from the threats of tomorrow.