In modern networks, the most damaging attacks do not start with malware. They start with discovery. If an attacker can see a device, enumerate its ports, or fingerprint its services, they already have an advantage. Network cloaking removes that advantage by making critical assets invisible to anything that is not explicitly trusted.

In this demonstration, CSOI shows how cloaking can be deployed quickly, without re-IPing devices or redesigning the network, while still enabling secure access for authorized systems.

The Problem: Visibility Equals Risk

The demo begins with a simple /24 network segment. From a standard Linux virtual machine, a routine network scan immediately reveals responsive hosts and open ports. One system stands out: a MySQL (MariaDB) server responding on port 3306.

From the same network segment, the database server is easily accessed through its web administration interface using only a username and password. Databases, tables, and schemas are fully exposed. This is the reality of flat networks. If a device is reachable, it is targetable.

The CSOI Approach: Cloak First, Then Allow Access

Instead of relying on traditional firewall rules or ACLs, CSOI introduces a virtual Airwall gateway in front of the asset being protected.

Key points from the deployment:

• The MySQL server keeps the same IP address.

• No re-IP, no routing changes, and no downtime.

• The Airwall assumes the exposed address and enforces policy in front of the asset.

Once the Airwall is in place, cloaking is immediately active.

What Cloaking Looks Like in Practice

When the same network scan is run again from the original Linux VM, the protected device disappears. The IP address no longer responds with open ports. Even a deep scan against the specific address reveals nothing useful.

The only response allowed is a basic ping from the Airwall itself. There is:

• No port enumeration

• No service fingerprinting

• No banner grabbing

From an attacker’s perspective, the asset is effectively invisible.

Attempts to access the MySQL web interface from the original machine now fail completely. The device does not possess the cryptographic identity or policy membership required to communicate through the Airwall.

Policy-Based Access Across Network Segments

Cloaking does not mean isolation from legitimate users.

From the CSOI command and control dashboard, trust is granted to a second Linux system located in a completely different network segment. With policy applied:

• The authorized system can immediately access the MySQL server.

• The connection is encrypted and identity-verified.

• Physical location and IP topology no longer matter.

When that trust is removed, access stops instantly. No firewall edits, no rule cleanup, no residual exposure.

Why This Matters

This demonstration highlights several core advantages of CSOI cloaking:

• Critical assets are hidden by default.

• Access is identity- and policy-driven, not IP-based.

• Deployment does not require network redesign.

• Trust can be granted or revoked in real time.

• East-west movement is effectively neutralized.

Cloaking turns discovery into a dead end while still allowing operations to continue securely.

Cloaking Does Not Have to Be Hard

As shown in this walkthrough, protecting sensitive systems like databases can be fast, surgical, and reversible. CSOI enables organizations to reduce attack surface immediately without disrupting existing infrastructure.

If you are securing databases, OT systems, surveillance networks, or legacy assets that cannot protect themselves, cloaking is one of the most effective controls you can deploy.