Invi-server: Reducing the attack surfaces by making protected server invisible on networks

The advantage of having remote access motivates network administrators to connect mission-critical servers (e.g., enterprise management systems) as well as public web servers via the Internet, even though connecting these mission-critical servers to the Internet is not recommended. These mission-critical or public servers are accessible from any host on the Internet, allowing cyber attackers to engage the targeted server as part of a process to discover potential exploits and unpatched vulnerabilities. Although it would be difficult to eradicate all the potential vulnerabilities in advance, accessibility to a server can be controlled to limit or minimize the chance of exposing a vulnerable surface. We aimed to address the accessibility issue by designing and prototyping an Invi-server system, in which the IP and MAC addresses of the protected secret server remain invisible from external scanning and eavesdropping trials and even from compromised internal hosts on the network. This Invi-server system can be used as a way to reduce the attack surface of a protected server while allowing authorized users to send and receive packets via the protected server. We also implemented a prototype of the Invi-server system to demonstrate that our proposed system has the ability to reduce the attack surfaces significantly without increasing network performance overhead to any significant extent.