s

collections/tech/innovations/network/mycelium_inno.md

@@ -1,7 +1,9 @@
 
 
-![](img/mycelium00.png)
+![](img/peer2peer_network.jpg)
 
 ## Mycelium: A New Network Layer for the Internet
 
-!!wiki.include page:mycelium_innovation_short.md
+![](img/mycelium00.png)
+
+!!wiki.include page:mycelium_inno0.md

collections/tech/innovations/network/mycelium_inno0.md

@@ -11,6 +11,7 @@ Mycelium is an overlay network layer designed to enhance the existing internet i
 
 ### The Benefits
 
+
 - **Continuous connectivity:** Mycelium ensures uninterrupted connectivity by dynamically rerouting traffic through available connections (friends, satellites, 4/5G, fiber).
 - **End-to-end encryption:** robust encryption stops man-in-the-middle attacks, guaranteeing secure communication.
 - **Proof of authenticity ([POA](p2p:poa.md))**: ensures that we know who we are communicating with 

collections/tech/innovations/network/mycelium_shortest_path_routing_inno.md

@@ -0,0 +1,59 @@
+![](img/shortest_path_routing.jpeg)
+
+# Shortest Path Routing
+
+## Empowering Connectivity with an End-to-End Encrypted Overlay Network
+
+### The Concept of End-to-End Encryption
+
+End-to-end encryption (E2EE) ensures that data is encrypted on the sender's device and only decrypted on the recipient's device. This means that no intermediaries, including service providers, can access or alter the data while it is in transit. 
+
+### Shortest Path Routing in Overlay Networks
+
+An overlay network is a virtual network built on top of an existing physical network. 
+
+Each enduser mycelium agent will execute custom routing logic and protocols to improve connectivity. 
+
+- In the context of a Mycelium peer-to-peer (P2P) overlay network, nodes (participants) can dynamically discover and connect to each other, forming a mesh-like structure.
+- Shortest Path Routing: The network can use algorithms to find the shortest or most efficient path between nodes. This ensures that data packets travel the minimum distance required to reach their destination, reducing latency and improving performance.
+
+### Multi-Hop Communication
+
+In a P2P overlay network, data can hop through multiple nodes to reach its destination. This means that if a direct connection is not available, the data can be relayed through intermediary nodes. For example:
+
+1. **Node A** wants to send data to **Node D**.
+2. There is no direct connection, but **Node A** can reach **Node B**, which can reach **Node C**, which finally reaches **Node D**.
+3. The data is encrypted end-to-end, so it remains secure throughout its journey.
+
+Network usage tracking and billing can be used to make sure all participants are rewarded.
+
+### Leveraging Existing Networks
+
+This overlay network operates on top of existing internet infrastructure. 
+
+This leads to:
+
+1. **Cost Efficiency**: By leveraging existing infrastructure, there is no need for extensive new investments in physical hardware.
+2. **Flexibility**: The network can dynamically adapt to changing conditions, such as network congestion or outages.
+
+### Improving Connectivity for Underserved Populations
+
+Currently, around 4 billion people lack decent internet access. 
+
+Mycelium can significantly improve their connectivity:
+
+1. **Decentralized Access**: People in remote or underserved areas can connect to the network through nearby nodes, which may belong to friends, community members, or even commercial providers offering bandwidth.
+2. **Community-Driven Networks**: Local communities can set up nodes that connect to the broader overlay network, creating a resilient and scalable web of connectivity.
+3. **Increased Bandwidth**: By aggregating available bandwidth from multiple sources, the overlay network can provide higher data rates and more reliable connections.
+
+### Example Scenario
+
+Imagine a remote village with limited internet access. The villagers set up several nodes that connect to each other and to nearby towns with better connectivity, also some of the nodes can be connected to Internet over satelite, mobile 4g or other mechanisms.
+
+Here’s how it works:
+
+1. **Local Node Setup**: Villagers install nodes on their devices, which form a local mesh network.
+2. **Connecting to Broader Network**: Some nodes have access to satellite internet or long-range Wi-Fi that connects to nearby towns.
+3. **Dynamic Routing**: When a villager wants to access online resources, their data is encrypted end-to-end and routed through the shortest path available, which may include local nodes, satellite links, and commercial internet providers.
+4. **Enhanced Access**: This setup leverages all available bandwidth sources, providing more reliable and faster internet access to the village.
+

collections/tech/innovations/network/mycelium_whitelist_inno.md

@@ -0,0 +1,54 @@
+![](img/whitelists.jpeg)
+
+# Mycelium Whitelists
+
+> Rethinking Network Security: Beyond Traditional Firewalls
+
+### The Limitations of Traditional Firewalls
+
+Firewalls have long been the cornerstone of network security, operating as gatekeepers to keep malicious actors out. 
+
+They work by monitoring incoming and outgoing network traffic and applying security rules to block or allow data packets based on predefined criteria. However, while firewalls are effective at creating a barrier, they have inherent limitations:
+
+1. **Perimeter Focus**: Firewalls are designed to protect the perimeter of the network. This approach assumes that threats come from outside the network, but it does not adequately address threats from within.
+2. **Static Rules**: Firewalls rely on static rules that can be bypassed by sophisticated attacks. They do not adapt dynamically to changing threat landscapes.
+3. **Single Point of Failure**: As a centralized barrier, firewalls represent a single point of failure. If a firewall is compromised, the entire network can be exposed.
+
+### The Need for Strong Authentication and Peer-to-Peer Communication
+
+To address these limitations, a more modern approach to network security involves strong authentication and decentralized communication. By ensuring that all participants on the network are strongly authenticated, we can establish trust at the individual level rather than relying solely on perimeter defenses.
+
+#### Strong Authentication
+
+Strong authentication involves verifying the identity of network participants using robust methods such as:
+
+- **Multi-Factor Authentication (MFA)**: Requires multiple forms of verification, such as passwords, biometrics, and hardware tokens.
+- **Public Key Infrastructure (PKI)**: Uses cryptographic keys to authenticate users and devices.
+
+By implementing strong authentication, we can ensure that only legitimate users and devices can access the network, significantly reducing the risk of unauthorized access.
+
+#### Peer-to-Peer Communication Over an Overlay Network
+
+Instead of routing all traffic through a central firewall, participants can communicate directly with each other and applications using a peer-to-peer (P2P) overlay network. An overlay network, called Mycelium, can facilitate this decentralized communication.
+
+- **Mycelium Overlay Network**: This overlay network functions like a mesh, allowing nodes (participants) to connect directly with each other and applications. It provides a resilient and scalable architecture where each node can dynamically find the best path for communication.
+
+### Whitelists and Group-Based Access Control
+
+To further enhance security, applications can use whitelists and group-based access control. This approach involves:
+
+1. **Whitelisting Users**: Only allowing access to users who are explicitly permitted. This can be based on strong authentication credentials.
+2. **Group-Based Access Control**: Organizing users into groups with specific permissions. Each application can define which groups have access based on their source IP addresses and other criteria.
+
+#### Example Scenario
+
+Consider an application hosted on the network. Instead of relying on a firewall to block unauthorized access, the application uses Mycelium to communicate with authenticated peers. It employs a whitelist to specify which users or groups can access the application. For instance:
+
+- **Group A**: Developers with access to development resources.
+- **Group B**: Administrators with access to administrative tools.
+- **Group C**: End-users with access to specific application features.
+
+Each group’s access is controlled by specifying the allowed source IP addresses and other authentication factors. This ensures that only authorized users can access the application, regardless of their location.
+
+> only available in the enterprise edition.
+

collections/tech/innovations/network/network_wall_inno.md

@@ -7,4 +7,7 @@
 The Network Wall offers 100% separation between where compute workloads are and where services are exposed, proving an extremely high level of security.
 
 
-!!wiki.include page:network_wall_innovation_short
+!!wiki.include page:network_wall_inno0
+
+> Available in Enterprise and OEM editions ony.
+

collections/tech/innovations/network/virtual_browser.md

@@ -0,0 +1,71 @@
+![](virtual_browser.jpeg)
+
+## Secure Remote Browser Concept
+
+### Overview
+
+In this concept, users interact with a secure web application through their web browsers without running JavaScript locally. 
+
+Instead, the actual browser logic and JavaScript execution occur in a secure, remote virtual browser hosted in a secure part of a private cloud. This setup provides enhanced security and control, ensuring that users are protected from malicious scripts and other threats.
+
+### Key Components
+
+1. **Client-Side Browser (Local Browser)**
+   - **Rendering Only**: The user's local browser is responsible only for rendering content. It draws the user interface using technologies like HTML5 Canvas.
+   - **No Local JavaScript Execution**: No JavaScript code runs on the local browser, eliminating the risk of client-side script attacks.
+
+2. **Remote Browser (Virtual Browser)**
+   - **Secure Execution Environment**: The remote browser runs within a secure container in the cloud. For example, this could be within the secure network of a bank.
+   - **JavaScript Execution**: All JavaScript execution happens in the remote browser. This environment is tightly controlled and monitored.
+   - **Context Validation**: Each JavaScript file executed is checked to ensure it originates from the original, built application. This prevents unauthorized or malicious scripts from running.
+
+3. **Session Management**
+   - **Ephemeral Sessions**: Each user session is temporary. After a session ends, the context is destroyed and rebuilt for the next session, ensuring a clean state each time.
+   - **Session Recording**: Sessions can be recorded, similar to screen CCTV, for auditing and security purposes. This allows for detailed monitoring and review if needed.
+
+4. **Network Service Lists and Mycelium Integration**
+   - **Secure Communication**: The connection between the local browser and the remote browser uses end-to-end encryption. The Mycelium overlay network ensures the shortest path and secure, peer-to-peer communication.
+   - **Access Control**: Network service lists and group-based access control manage which users can access specific applications, enhancing security and control.
+
+### Example Workflow
+
+1. **User Initiates Connection**
+   - The user opens their local browser and navigates to the bank's application URL.
+   - The local browser connects to the remote browser hosted in the bank's secure cloud environment.
+
+2. **Remote Browser Setup**
+   - A new, secure container is instantiated for the user's session.
+   - The remote browser loads the bank's application and validates all JavaScript files.
+
+3. **Rendering in Local Browser**
+   - The remote browser executes the JavaScript and sends the rendered output to the local browser.
+   - The local browser draws this output on the canvas, providing a seamless user experience.
+
+4. **Session Management**
+   - Throughout the session, all interactions are processed by the remote browser.
+   - User interactions (e.g., clicks, form submissions) are sent to the remote browser, which processes them and updates the rendered output accordingly.
+
+5. **Session Termination**
+   - When the user finishes their session, the remote browser context is destroyed.
+   - Any recorded session data is stored securely for auditing purposes.
+
+### Benefits
+
+1. **Enhanced Security**
+   - By not running JavaScript locally, the risk of client-side attacks such as cross-site scripting (XSS) is eliminated.
+   - The remote browser's secure environment ensures that only validated scripts execute.
+
+2. **Controlled Environment**
+   - The bank has full control over the execution environment, allowing for stringent security policies and monitoring.
+   - Ephemeral sessions ensure that each user starts with a clean slate, reducing the risk of persistent threats.
+
+3. **Auditing and Compliance**
+   - Session recording provides a detailed audit trail, which is valuable for security reviews and compliance with regulatory requirements.
+
+4. **Improved User Experience**
+   - Users benefit from a secure browsing experience without performance degradation, as rendering is offloaded to the client's local browser.
+
+### Integration with Mycelium and Network Service Lists
+By combining this remote browser concept with Mycelium and network service lists, we can ensure secure and efficient communication:
+- **Mycelium Overlay Network**: Ensures that the connection between the local and remote browser is routed through the most efficient path, leveraging peer-to-peer connections where possible.
+- **Network Service Lists**: Manage which users and groups can access the remote browser and specific applications, providing fine-grained access control.