Improving IoT Security

Imagine a world where IoT security is simple, affordable, and absolute. VPNs and firewalls have vanished, along with the pain associated with having to track and manage static IP addresses, not to mention the endless configuration demands. 

The way things are today, IoT security is focused on managing attack surfaces. Instead, we asked ourselves, What if an IoT device could have no attack surface at all? How close can we get to that ideal?

Thanks to Atsign’s Co-founder and CTO, Colin Constable, we’ve done just that. Ssh! No ports is an open-source tool that allows system administrators to remotely connect to a device without needing to open any ports. Yes, you read that right. Using Ssh! No ports, and the underlying atPlatform as the foundation, there is no network attack surface on your IoT devices.

Photo by Kristina Flour on Unsplash

Reducing Attack Surface

Having a single sshd (the ssh daemon) to manage is fine, but having hundreds, maybe thousands of sshds to manage and keep up-to-date is harder. That gets trickier as the only way to update many IoT devices is via firmware.   

On top of that, if you have an ssh daemon on the Internet, how often do you change the keys? (Yup—if you are like Noble, never.) Ssh! No ports creates new ssh keys for each session and then deletes them after the client connects. All connections are outbound, so there’s no need for firewalls or VPNs (or even a known IP address), and they are handled by an Internet microservice that solely communicates between known atSigns (unique identifiers for people and things on the atPlatform). As long as the device itself has an IP address, DNS, and Internet access, you can connect to it.  

Eliminating Network Pain

Network administrators can deploy Ssh! No ports to each one of their devices or systems, and never have to open a port again, eliminating the network attack surface. The underlying atProtocol is a zero-trust Internet protocol which ensures that only those you give permission to ever have access to the data being shared; even the microservice handling the connections never sees the data as everything is end-to-end encrypted. 

With this end-to-end encrypted control plane, you no longer have to worry about things like static IPs, NAT (Network Address Translation), port forwarding, and firewall rules as all traffic is outbound from the device.

You might use Ssh! No ports for…

• Remote access to Home Lab where the ISP may change the IP address.
• Remote access to IoT devices where you do not want to deploy or configure firewalls, or VPNs. 
• Remote access to Virtual Machines so you can switch off port 22 being connected to the Internet. 
• Remote access to Web UIs, using TCP port forwarding, again without having any ports open on the device.

Building the Future

Where do we go from here?

Ssh! No ports proves that end-to-end encryption can serve as the control plane that enables new solutions to old problems.

And this just scratches the surface. We are so excited about all the cool stuff this will enable, especially all the things we haven’t even thought of yet.

We invite you to think about what you can do with Ssh! No ports to help us flip the Internet. 

Check us out on GitHub

Contact us at info@atsign.com for a demo