worm blog: Los Alamos enters market with worm defense

« The Sasser Event: History and Implications | Main | The Future of Bot Worms »

Los Alamos enters market with worm defense

From Federal Computing Weekly via DE, a press release that says that the Los Alamos National Laboratory is going to be making their worm defense tool Network Automated Response and Quarantine ("NARQ") available via licensing to the general technical community. Probably not for end users, but instead software makes and integrators.

Los Alamos developed NARQ after it failed to find a ready-made commercial product to help stymie the specific threat it faced from worms. Unlike viruses, worms don't directly infect programs and files. Instead they make copies of themselves and then propagate via the network to other machines, bringing the network down through denial of service.
NARQ detects such worms and then instantly quarantines all the affected machines and devices on the network at the port level.

Source: Los Alamos enters market with worm defense, FCW, Nov. 16, 2005.

For more information on the LANL NARQ project, see the LANL NARQ website. The website describes NARQ thusly:

Network Automated Response and Quarantine (NARQ™)
Los Alamos National Laboratory (LANL) has developed a semi-automated and instantaneous layer-2 (Ethernet) network mapping and quarantine system. The Network Automated Response and Quarantine (NARQ™) software is designed to locate infected systems and reconfigure ports to remove the infected devices from the network.

When they put it like this, it sounds more like Packetfence than anything else, although I have yet to really review the technology.

See the Wormblog paper archives for discussions about the effectiveness o quarantne approaches.

November 27, 2005 in defense, tools | Permalink
Tell others: digg submit | del.icio.us this | Reddit