21-04-2021

Download Trust Network & Wireless Cards Driver



Spin up your network in minutes, combining networking and security (SASE) across all of your use cases.
NetFoundry manages the Fabric as a service while you control it.

AllTrust manages the country’s largest consumer biometric database, with over 9 million enrolled customers and has processed more than $55-billion through its network of independent retailers, grocery stores and banks. Headquartered in Herndon, VA, AllTrust is committed to serving the alternative financial services community. Trust International B.V. Was founded in 1983 and is globally active with 4 brands: Trust, Trust Gaming, Trust Mobile and Trust Smart Home. Sign up for the newsletter! I agree to receive the newsletters and know that I can easily unsubscribe at any time, see our privacy policy. Zero Trust is a security model that doesn't trust any entity, whether inside or outside the network. Unlike traditional security systems which follow the 'Trust but verify' approach, Zero Trust Models follow a 'Never Trust, always verify' approach, using strict access control policies and constant monitoring to secure enterprise networks from. VMware Workspace ONE Trust Network provides a comprehensive & modern approach to enterprise zero trust security for your employees, apps, endpoints and networks.

  • “Integrating our IoT Edge solution with NetFoundry SDKs enables customers to meet their goals without the hassle of deploying VPNs, firewalls, or proprietary hardware. We can jointly be deployed as part of golden image on any IoT or edge device to provide our customer a turn-key solution which is secure, scalable and future-proof.”
    Paul Edrich
    CTO, IMS Evolve
  • “Our partnership with NetFoundry is accelerating our business outcomes and our ability to deliver innovative new solutions to our customers. By integrating NetFoundry’s zero trust platform capabilities into our analytics solutions deployed at the edge, TOOQ is transforming the retail industry in Brazil by delivering unique insights into customer behavior powered with live data.”
    Ronaldo Moura
    CEO, TOOQ
  • “NetFoundry's cloud native networking has been the perfect match to aid FWD on our digital transformation and cloud-native application journey. In the current pandemic situation, although our usage has multiplied, NetFoundry easily scaled to cater to our demands to facilitate work from home in a few simple clicks, for both internal users and external parties.”
    Shilpa Tumma
    Information Security Officer, FWD
  • “The level of efficiency OSM Maritime gains from working with an innovator like NetFoundry can't be overstated. It is critical to give our org the ability to access all apps and to have this access secure is no longer optional but a must. For that reason, we have decided to work with NetFoundry.”
    Chakib Abi Saab
    CTO, OSM Maritime Group
  • “NetFoundry extends the WAN all the way to the application endpoint without CPE, over the Internet. We integrated NetFoundry’s AppWANs into the networking solutions we sell to financial institutions to enable them to meet their strict regulatory and security requirements.”
    Chris Williams
    VP at PliantCloud, Alliance Technology Group

eBook

Enable Your Teams to Work From Anywhere

Zero trust networking from NetFoundry enables you to eliminate or supplement your VPNs to easily meet your remote work needs.

Download the eBook

Netfoundry has been recognized as a Representative Vendor in the June 2020 Gartner Market Guide for Zero Trust Network access. Read this report to learn more about our recognition in this space and how NetFoundry can help you achieve your goals.

See how CSPs, MSPs, SIs and SPs use NetFoundry to enable their customers to evolve to a converged SASE framework:

Blazeclan Case Study

Blazeclan, 2019 AWS APN Partner of the Year, used NetFoundry's programmable zero trust networking to enable cloud migration for a leading global document provider, without Direct Connect or VPN.

Trust

Download Trust Network & Wireless Cards Drivers

Download

Learn More »

Itelligence NTT Data Case Study

See how Itelligence NTT Data Accelerated their AWS CloudEndure Replication for SAP 3X with NetFoundrys high-performance secure zero-trust networking solution in less than 6 hours.

Learn More »

Supermicro Case Study

Get uCPE network functions, powerful edge compute optimized for edge app management, and global zero trust networking. All in one turnkey solution in a SASE framework delivered by Supermicro, NodeWeaver and NetFoundry.

Learn More »

Azure Stack Edge Case Study

Leverage edge compute with local private LTE and 5G, and global private networking to WAN & cloud assets. Azure Private Edge Zones, with Azure Stack embedded NetFoundry NaaS, delivered as a simple, turnkey, integrated solution.

Learn More »

Replace MPLS or VPN with direct Internet breakout, zero trust networking in a SASE framework.

No hardware or SD-WAN controller deployments. All infrastructure managed by NetFoundry as NaaS.

No forklift. Spin up instant zero trust overlays from existing WAN to any cloud or edge.

Download Trust Network & Wireless Cards Driver Windows 10

Cloud native: manage your network with Ansible, Jenkins, Terraform, Azure Resource Manager, Cloud Formation.

View a quick video

NetFoundry is built on leading open source software, Ziti. NetFoundry developed the Ziti platform, and is the leading contributor to the open source projects.

LEARN MORE

Download Trust Network & Wireless Cards Driver Free

Summary

  • With this week’s eero firmware update (3.8) we’ve added a public key infrastructure—a new innovative technological architecture that allows eeros to communicate locally and directly with each other and with the devices in your home without relying on the global “internet.”
  • This firmware update lays the foundation to build a truly independent and isolated home network infrastructure while maintaining our rigorous security standards. This ultimately ensures eero networks will be more secure, more private, and more reliable.
  • We will be releasing even more updates that build on this technological foundation to make every network more autonomous and more reliable. With our sophisticated automatic over-the-air update process, eeros continue to get better and better.

Your home network is not “the internet”

At eero, our goal is to provide the perfect network experience, whether that’s connecting to the internet or using the local network in your home. We’re interested in providing our customers with reliable and secure internet but also in improving the way software on your home network functions. We want to give our customers the ability to be less dependent on the broader internet so they can rely on their own autonomous local network as much as possible. It’s more secure, and it gives our customers more control and more privacy protection. With our newest firmware update (3.8) and recent app releases, we’ve taken significant steps to make this even better for our customers.

It might seem odd that we’re thinking about local area networks when people are excited about the Internet of Things and globally distributed ledgers. But, it’s exactly this growing enthusiasm that raises important questions about how to be responsible leaders of a totally connected landscape. At eero, we have a unique view into the future of the internet and the connected home, which is only becoming more important as users continue to bring connected devices online.

Our networks link devices together with reliable, low latency, high bandwidth communication channels. But these benefits often disappear when traffic leaves your local network for the broader internet. When devices are all connected on a local network, users are typically comfortable allowing software services—like streaming media centers and network file sharing (e.g., AirDrop)—to securely access and exchange private information. As a router, an eero is responsible for forwarding packets to the correct destination, wherever it sits. And, as a member of the digital home, we are also responsible for maintaining the intimacy of our users’ personal information and devices.

Our challenge was to figure out how to fulfill both goals at the same time and to do so while still putting privacy and security at the forefront. We did this by creating a mesh of trust—an entirely new trust model that ensures each customer’s network can be private and secure, yet still reliably connected to the global Internet when necessary.

Evolving our trust model

From eero’s founding, we deeply believed that customers deserved better than the “security optional” offerings available from other vendors. We committed to doing hard work for our users and guarantee that eero networks truly operate securely. We did this by designing a chain of trust, linking both users and eero nodes to our cloud. When a network is provisioned, a trusted user is associated with a corresponding trusted set of nodes, thus forming their network. When the user wants to update a network setting or view information, our cloud leverages the relationships to broker the deal.

As we’ve grown, we’ve also realized that we can adapt our trust model to not only be incredibly secure but also more autonomous—and so, we decided to complete the chain.

Doing this allows us to:

  1. Enable independent management of our hardware directly from the app without needing to consult our remote cloud service.
  2. Leverage the beneficial properties of local networks (low latency, high bandwidth, intimate & private) to enable features that enhance the product experience beyond what we’ve been able (or willing) to deliver with a cloud service.
  3. Include users and their hardware, formally, as trust authorities to underscore the fact that they are the true owners of their home network and the data that flows across it.

With these three principles in mind, we set out to introduce trust relationships between the LAN software components that comprise an eero system.

Selecting a trust authority

As most things go, we started with the foundational question of identity. If two peers are to communicate securely with each other, then they must be able to verify that they are talking to the correct entity. To do this, each peer must first actually have an identity. We already employ industry grade asymmetric transport layer security (TLS) between eero nodes and our cloud, so we decided to do the same between our app and eero nodes, and also between eero nodes—giving every eero node and every mobile app a cryptographic identity.

Cryptographic identities exist in the form of X.509 digital certificates. Global entities called certificate authorities (CAs) underwrite trust for the public internet by issuing certificates to the hosts with global addresses and domain names. The problem is, these CAs don’t have access to your private networks—therefore we needed a local trust authority.

One option is to have the user be the trust authority. This would give users agency within the trust model but fails plenty of usability tests. Phones become lost. Apps get accidentally uninstalled. And, with the current state of mobile operating systems, phones are really designed to be “client OS platforms.” They only work well when a user is interacting with them, and they aren’t always available or awake. Paving over these issues for a user is one of the big advantages of something like a cloud service.

Maybe your network, then, can be the trust authority? It turns out this isn’t a great idea either. In a traditional router model where the only piece of network infrastructure is the single WiFi router, it might work. But eero is a mesh WiFi system—each eero unit participates independently and equally. Conversely, maintaining a single network authority means it has to either live on only one eero unit, or all eero units have to share secret keys. The former is not very usable, and the latter is obviously poor SecOps but also complicated to implement since the network needs to be rekeyed when a node is removed.

If we think about the scope of a local network, it’s certainly not “web scale.” We don’t suffer from the same logistical problems of the global internet (where giving every host an independent identity becomes both a technical and social burden), and our integrated system can automate identity management on behalf of our users. It’s plausible for us to maintain lists of trusted authorities for networks since the distribution is localized. In a true mesh fashion, we decided to make all eero nodes independent authorities on the network.

What about the mobile app? If we don’t allow the user to be an authority, then some service layer has to exist that allows the technical authorities (eero nodes) to extend tokens of trust to their “users.” We don’t want to reinvent a cloud services platform, that’s a little much; and, recall our 3rd guiding principle: we see users as first-class participants. So we made the entire model technically egalitarian. Users and eeros are all trust authorities.

Doing so allows us to get the best of both worlds. We avoid the usability issues of keeping the trust authority solely on a user’s phone, and it’s still easy to add and remove nodes and new mobile devices to the circle of trust.

TLS for your local network

Now that everyone is an authority, the problem is actually relatively simple. Instead of long trust chains and certificate revocation list synchronization, we simply need to manage the list of trusted certificate authorities itself and make sure that the app and our nodes only communicate with peer nodes authorized by an entity on the list. This list can be plugged directly into TLS (SSL) engines as the trust anchors, and things tend to just work. In fact, why wouldn’t they? Nothing in any standard limits TLS to a global internet context.

This also means that mutual TLS becomes simple. Everyone can issue themselves a TLS certificate, even things that traditionally only ever initiate connections like the mobile clients. Not only do clients verify “servers” but servers also verify inbound connections. Every peer is authenticated—security level 11.

A convenient property of our layer 2 mesh is that everything connected to an eero network is considered on link. Two on link devices can communicate using their IPv6 link-local addresses. Modern phones and all eero nodes are configured to support IPv6 which means their interfaces are assigned link-local addresses regardless of whether further IPv6 provisioning is enabled on the network. TLS allows for IP addresses (and in fact many other types of identifiers besides domain names) to appear as entries in the Subject Alternate Name extension used during hostname verification. We made sure each node includes its link-local address as an IP SAN entry when issuing itself a TLS certificate, so that hostname verification works.

If you’ve been following closely, you’ll notice I’ve skipped over a critical component: compiling the initial trust list. The list does not appear out of thin air. Just like physical chains, we build it one link at a time. We leverage our existing trust relationships between our cloud and users and our cloud and nodes to bootstrap the trust list during initial network provisioning. Afterward, the list can be freely updated by any trusted peer. We are not required to start with our cloud, either. In the future users and nodes might agree on a list early in the provisioning process and then complete the rest of the chain when online services become available.

eero PKI

To recap, we’ve added a public key infrastructure to every eero network capable of operating in isolation from the global internet’s TLS system. This addition to our identity model lays the technical foundation required to build out truly independent and isolated home network infrastructure without sacrificing security. Enabling our systems to operate independently reduces the impact of internet outages and failures on users. And, perhaps most importantly, it empowers users and reinforces their position as the true arbiters of their home infrastructure.

Using our newly minted PKI to enable TLS for secure local network management is a good first step, but having enterprise-grade security infrastructure at hand means we can also start exploring certificate-friendly protocols like EAP-TLS, DNSSEC/DNSCrypt, ACME, and LDAP. Imagine never needing to enter a network password, unspoofable DNS queries, automatically issuing and updating TLS certificates for all hosts on your private network, and cryptographically managing access to your network resources. Conveniences like these are usually only available to enterprise IT customers with a budget for integrated solutions or to power users who have the time and knowhow to deck out their networks for fun. Perhaps eero can begin to fill the gap.

Written by David Cowden, Engineer working on eero’s local network management infrastructure.