Paradox simplifies the use of namespaces for fine-grained network control and process isolation
What are Network Namespaces?
Namespaces are a feature of Linux that partition and control kernel resources such that one set of applications sees one set of resources, while another set sees a different set of resources. Network namespaces can be used to force applications to use a specific network interface, or to provide isolation of network traffic between processes. As an example, network namespaces are one of the technologies used to create Linux Container isolation.
So what’s the news?
As with many of the powerful features of Linux, network namespaces can be tricky to configure to meet specific needs within enterprise environments, or protect against advanced network threats, so tend in practice to be rarely used (except for their use under the hood e.g. for Linux Containers).
Advanced threats – really?
A relevant attack was recently highlighted by the Leviathan Security Group (TunnelVision CVE-2024-3661) that allows VPN tunneling to be completely bypassed. The Leviathan Group positioned network namespaces as the only complete mitigation.
So what’s the Paradox offer?
Becrypt’s security focused operating system Paradox now enables and simplifies the configuration of Network Namespaces. Policies can be easily defined and deployed via a centralised management platform, allowing isolation of high-risk activities, such as system administration, from general network access.
Please get in touch if you’d like to find out more.
