I could not agree more with this Huffington Post blogger.  Small business is the soft under belly of network security and everyone needs to wake up.  Think about it, small business have just as valuable data as the large organization, and their security is weaker.  So it makes them an obvious target to siphon data from.

Its a two front problem.  these smaller businesses contain valuable customer information the attackers salivate over, and should these less secure businesses have secure connections,  username and password to a larger organization, then its a twofer for the attacker. More disturbing is these side doors may not be discovered for 3-6, months,  an estimate many security firms are showing, so its a pretty serious problem.

It’s not necessarily their fault though. The cost for security can be very expensive, which forces them to purchase out of the box solutions that sometimes gives them a false sense of security,  not mentioning their security talent may not be there.

By Francesco Trama

 

“Smaller targets can mean big rewards for cyber criminals
Small and medium-sized businesses are equally susceptible to attacks from hackers as are large entities and even government agencies. According to the National Cyber Security Alliance, an astonishing one in five small businesses falls victim to cyber crime each year. Even more frightening: According to an August 2013 story in PCWorld, of those small businesses whose systems are breached, roughly 60 percent go out of business within six months after the attack.”

http://www.huffingtonpost.com/mike-pugh/no-your-small-business-is_b_4164015.html

Since the UN Identified this back in February, do you think the infections have spread, or have been curtailed? I would say with near certainty they have grown exponentially like a plague in every direction uncontrollably.  Here in the US we are finding it difficult to manage our own break outs, even though at times we can slow the growth. Now imagine the “up and coming” tech areas to our south, still getting their “%^&*” together.

By no means am I saying “we” (US) has theirs together, I just consider us further along is all.

Given they are still in their “tech growing phase” these or any under developed tech areas should be considered high risk, and treated with higher scrutiny and limited how your networks are exposed to these areas.

By Francesco Trama

 

Explainer: Cybercrime in Latin America

” Illegal botnets, or networks of remote-controlled computers infected with malware, have been found throughout Latin America. Also known as “zombie computers,” these networks can be used for a variety of cybercrimes, ranging from stealing personal information to sending spam. Trustnet’s study found that nearly half of all global cybercrime takes place through remote access with methods like botnets.

Cybercriminals from anywhere in the world can control the botnets through command and control servers, or C&Cs. A February 2013 UN draft report identified significant clusters of C&Cs in the Caribbean basin, as well as Central America. Two types of malware spawned zombie computers in the region last year—one called Dorkbot that infected 80,000 computers in 10 Latin American countries, the other called the Flashback virus, which harmed 40,000 Latin American computers.”

Source: http://www.as-coa.org/articles/explainer-cybercrime-latin-america

I got this alert today that one of our local media outlets got hit with a possible DDoS.  Just a few miles from them sits PacketViper, LLC, and PacketViper, something which would have shutdown the attacking countries at their port without the need of an global outage.

By Francesco Trama

Surge in web requests temporarily shuts down Trib Total Media website

By Tribune-Review

Published: Friday, Oct. 11, 2013, 11:48 a.m.

A large volume of Internet traffic overwhelmed Trib Total Media websites Friday, preventing users from accessing them. The incident started about 9 a.m. and lasted for about three hours, causing the Trib’s websites to become unavailable or run slowly. The Trib reported the event to the FBI as a precaution.

Read more: http://triblive.com/news/adminpage/4867159-74/trib-attack-computers#ixzz2iUu5aC1t
Follow us: @triblive on Twitter | triblive on Facebook

Luckily this is not an issue with our customers, all they have to do is limit their access. I would image most of our US customers have already limited this access.

By Francesco Trama

http://www.pcmag.com/article2/0,2817,2425836,00.asp

Cyber attacks are on the rise, but where are they originating from? If you guessed China, you’re close, but most of the attack traffic during the quarter actually originated in Indonesia, according to a new report from Akamai.

In the second quarter, Akamai found that attacks originated in 175 countries, with Indonesia accounting for 38 percent of those attacks – up from 21 percent in the first quarter. China came in at No. 2 with 33 percent, down 1 percent this quarter. The U.S. stayed at No. 3, but dropped from 8.3 percent to 6.9 percent.

Every Cyber Attack has one thing in common. They can be launched and distributed from around the world, giving the attacker limitless possibilities, mobility, stealth, and time.

PRLog (Press Release)Oct. 15, 2013PITTSBURGHNetwork attacks are an unfortunate reality for everyone, and regardless of the size of your business, eventually the odds are that you will become a target. The world is a big place and every  IP address in every country is another potential hacker that could cost you time and money.  At some point, when you weigh the heightened cyber-risks that certain countries pose versus the amount of business transacted, the prudent businessman asks himself “Do I really need all this network traffic?”

Ask the folks at Viper Network Systems, developers of PacketViper Geo-IP Network Filter and experts in geographical filtering and security, and you will surely learn that in fact you do NOT need all that traffic.  In fact, Viper Network Systems will quickly show you that not only are you taking a huge unnecessary and unwarranted risk by thoughtlessly accepting all traffic from everywhere,  they will show you how you can quickly and easily eliminate the risk without any negative impact on your business.

According to Francesco Trama, President and CEO of Viper Network Systems, “No matter what industry your business falls in, the fact is that a good percentage of the traffic your security environment is dealing with is unnecessary.”

And once again, unnecessary traffic is unnecessary risk.For example, suppose you have an employee VPN, HR, or some Admin portal. Does the whole world need access to it?  Chances are, right now they have that access whether you want them to or not.  That needs to change.

Consider a typical cyber-threat scenario.  Most network attacks start with a simple scan or probing of the target’s public network space. Often, these attacks scan the entire network range and attempt to analyze business links within your web portal to see who you know and with whom you communicate.

These scans give the attacker valuable information about what options they should pull out of their bag of tricks to deploy against the exposed network services. Once they identify what type of Web, Mail, DNS, or other discrete port or server is available, the attacker will attempt to penetrate your exposed ports and test them for vulnerabilities and kinks. And again, since these hackers could be anywhere in the world and they can access a global network of proxies, they work and scheme under the safety of anonymity of compromised PC’s and poorly managed public spaces around the world.  With the attacker’s endless possibilities to exploit, probe, and attack vulnerabilities with little chance of being caught, these criminals can scan millions of networks around the world at their leisure looking for the right opportunity to present itself.  Unfortunately, in the cyber-security world, for the present, time is on the attacker’s side, and reports prove that eventually, they will breach someone’s network.  The question is, will it be yours?

If that scenario seems depressing or the prospect of being sued for damages caused by a breach to your network keeps you up at night, maybe it’s time to turn the tables on the hackers with Viper Network System’s enhanced Geo-IP filtering that puts you back in control of who gets to access your network.

The power and genius of Viper Network System’s flagship product “PacketViper” stems from its unique capability to restrict countries to a specific network port bi-directionally.  This one-of-a-kind tool makes it possible to block, limit, redirect, or alert which network ports countries may access.  This makes PacketViper the industry standard in Geo-IP filtering and puts it light-years ahead of its competitors in terms of both its power to protect and its precision and flexibility to match filter settings to an individual business needs.  And while PacketViper is already the best Geo-IP filter on the market, Viper Network Systems proprietary Global Network Lists, Redirection, Country Triggers, and Network Alerts all come standard with the PacketViper system, providing comprehensive and flexible geographical filtering that shapes global network traffic to each customer’s needs.

Amazingly, with all that power, Viper Network Systems developed PacketViper to install seamlessly inline, in front of your existing security environment, with a low startup cost and with no need to modify anything else in your network or security setup. This is a huge benefit for those environments which need updated, hardened, or simply feel they need to do something more.

In a matter of minutes, your security environment can be dramatically hardened and improved without the need of complex policies or steep learning curves for new and expensive security devices. PacketViper’s low latency, transparent, and near wire performance is a formidable opponent for the cyber-criminal, but its user-friendly and intuitive format will allow your network administrators to harness its power without missing a beat.

Interested in adding this essential additional layer to your security environment? Can’t believe it can be this simple? Viper Network Systems has recently released several videos which show definitively how Geo-IP network filtering improves your security landscape, and how the entire process can be completed in a few minutes and clicks of a mouse.  You can’t afford not to take a look at this next-generation complement to your security network.

About Viper Network Systems

Viper Network Systems has developed PacketViper, a intelligent Geo IP Network Filter capable of bi-directionally filtering any country at the network port level.   PacketViper removes unwanted probing, fights against DDOS attacks, spam, dramatically improves network performance, and much, much more. With PacketViper on the front line, security environments are less congested and more effective.

About PacketViper:

PacketViper replaced complex geo-location filtering, and turned it into a practical tool against cyber crime and attacks. PacketViper’s new advances in bi-directional per-port filtering performed at the gateway eliminate unwanted network traffic before it enters the security environment.   This has proved to combat DDOS, spam, port probing, breaches, and scanning threats, all while reducing bandwidth usage and improving performance.

 

By Francesco Trama

Time and time again the question is asked “How Does PacketViper compare to a <Insert Firewall Name Here>?

We explain what we do, compared to what they do.  The very next sentence is We can do that now with <Insert Firewall Name Here>

Can you Really?

I’m going to explain the differences between <Insert Firewall Name Here> and PacketViper. What you have to keep in mind is PacketViper is designed to remove the traffic before entering the security environment. It quickly eliminates unwanted traffic to improve the performance throughout the entire security environment.  PacketViper’s sits inline, fail-open bypass, transparent Geo IP layer has a significant positive impact to every gateway, spam filter, mail and web servers, VPN portals, and so on. It immediately hardens even the most exposed networks with a few clicks, and no complex configuration.

Although many want to compare us to <Insert Firewall Name Here>, we are in the security layer to to help them work more efficiently. Our layer can do many different things which they can not offer because of their Layer3+ inspections. if you activated every feature to its fullest on <Insert Firewall Name Here>, what would the latency cost be to your traffic? I would say pretty great, not to mention log and alert overload, false positives, troubleshooting connection issues, and customer complaints.

Technically we are a firewall, but <Insert Firewall Name Here> is not a PacketViper, a Layer2, bi-direction, per port, Country Network Filter, with detailed actionable geo location linking through-out the entire system. <Insert Firewall Name Here> would show significant performance impacts should they try to be a PacketViper.

CheckPoint IPS blade note from a commentator ” Please Note enabling the perform all IPS inspection on all traffic, can have a adverse effect on the performance of the firewall”

1. PacketViper is a inline appliance or software which operates at Layer 2, transparent, and adds no network hop to the packet.

Explanation: Although some firewalls could operate at Layer2, most are not used in this capacity because of the other features which are generally built in. L3 + is the method they prefer given the deep packet inspection they perform. Layer2 along with our Geo location database sets PacketViper far apart from the <Insert Firewall Name Here>. PacketViper operates at near wires speeds but provides more actionable IP, Network, Region, City, ISP, and Country information than any <Insert Firewall Name Here>.

Some of these complex firewalls are like a small child; they touch and get into everything, need constant handling, and coddling – Francesco Trama

Netcheck_small

2. PacketViper looks “only” at the header information of the packet.  This is how we keep near wire speeds, negligible latency, and yet provide better details.

Explanation: PacketViper keeps its high performance by only looking at the header information that is then matched to our Geo Location database. <Insert Firewall Name Here> runs the packet through a gambit of tests, checks, patterns, and anything else you can imagine. But PacketViper is not some dumb layer2 device by no means.  Here is a comparison of just one aspect in our detail and practicality of PacketViper.

PacketViper Active Connections

SonicWall’s Active Connections

BrarracudNG Active/Live Connections (Extracted from BNIK video, see it here)

CheckPoint IPS Blade - (Extracted from video from Jafer Jabir video, which you can see in its entirety here)

4. PacketViper is very simple to filter out unwanted country traffic.

Explanation:  PacketViper is one of the simplest devices to use, to filter unwanted traffic into the environment.  Looking at the <Insert Firewall Name Here> configuration is a challenge. I understand the devil is in the details, but when you are being flooded with email, web requests, DDoS, dictionary attacks, probes, or NMAP’s on a daily basis, so to us the devil is the common sense.  Do you really need someone from some country probing your VPN port? You see some firewall vendors show statements like;

<Insert Firewall Name Here> Next-generation firewalls protect you from denial of service (DoS) attacks using a policy-based approach that ensures accurate detection. You can deploy DoS protection policies based on a combination of elements including type of attack, or by volume (both aggregate and classified), with response options including allow, alert, activate, maximum threshold and drop.

Then you get into it, and its back to the same policy building, group attaching, priority placing, endless pop-up screens, to get awesome granularity. Let me show how a simple Layer2 geo ip network filter does the exact same thing.

PacketViper Triggers to prevent DDoS, By Country, Global Network List, or Global Network Lists

5. PacketViper blocks countries by ports.

Explanation: Even though blocking a country is not new, the way we do it is. We do not just filter the country but rather the country, its ports bi-directionally, and some.  It is so simple with PacketViper you will wonder how this can be.  I found one video from Fortinet that was tolerable. The others would just lose you in the details trying to block a country at a port.

If you take a look at everything these super firewall and IDS systems do, it would amaze and awe anyone, until you get into them.  Like looking down from space at the earth its breathtaking. Until you get to the ground to find billions roadways, buildings, offices, rooms, closets, and alcoves. – Frank Trama

PacketViper combating network attacks by blocking countries

Foritnet Blocking a Country – As you can see with Fortinet, they are not really geared for quick country control.

6.  PacketViper can quickly redirect traffic based on the source IP, network, country, or Global Network List.

Explanation:  DNat is not a new thing, but with PacketViper you have a much more common sense method, and more details.

Aside from a constant labor intensive management, false positives, log overload, and long learning curve complex firewalls or IDS. They are an absolute must in the security environment.  Which ever one you choose or have chosen, PacketViper will eliminate the pressure to and through them.  PacketViper stops the traffic and the SYN request so the remainder of the packet will not traverse, thereby freeing up valuable bandwidth, and resources.

PacketViper improves the entire security layer by removing the unwanted traffic through them.

 

By Francesco Trama

This is a good read (The Sydney Morning Herald).

Geo IP network security layer

As I read through the article I couldn’t help wonder how each method the writer

described could have been complicated for the attacker if there was a Geo IP Layer as the first and last inspection.

Point 1

Attacks are not limited just to theft and can take the form of denial of service assaults on a bank’s online operations to prevent customers from accessing their accounts. Last year, HSBC became the victim of one of the largest attacks of this kind yet recorded, causing the failure of its online banking services. Stuart Gulliver, chief executive of HSBC, and other senior managers at Britain’s largest bank, believe cyber threats are one of the biggest dangers to the industry.

COuntryMap_smallBecause of the distribution of the attack this could have been watered-down to a non event if these banks employed an additional Geo IP layer to limit their network port exposure to the world. The Geo IP layer would have absorbed the blunt of the traffic to before it entering the environment, or the touching the attacked service.

Point 2

One of the biggest areas of weakness is lax security among employees. In particular, the use of unauthorised applications.

Again, the Geo IP filter in this case would have prevented unknown outbound connections to high risk networks in the app.  The Geo IP layer is your first and last line in defense for these rogue applications to enter or escape.  For instance:  Bad user downloads Facebook widget X, which is coded to siphon and collect data to send it to country Y, using some common port X. which tricks IDS using your very own internal web filter/proxy. Unfortunately for the hacker application, the Geo IP filter isn’t fooled by the apps stealth or program trickery, it only cares where its going.

Ernst & Young, says the use of outside technology, as well as social networks, such as Facebook and LinkedIn, have proved a boon for those looking to circumvent banks’ online defences.

Point 3

Criminals have also begun targeting the physical hardware underpinning banks’ systems. Last month, a gang was arrested after a man posing as an engineer attempted to fit a device to a computer in Santander UK’s Surrey Quays branch that would have allowed the alleged criminals to remotely access customer accounts.

Stateful Connections

Even with a physical chip, the attacker/hacker will need to know what the Geo IP layer is allowing traffic to.  So lets say the chip is designed to capture passwords and personal information, then send it to some obscure location in some eastern block country, well if the company whom they are trying to siphon data from doesn’t allow certain ports or traffic to that area, the chances of the data ever leaving diminish exponentially, and the better you IDS picks up the traffic anomaly.

You can read the full article here:

http://www.smh.com.au/it-pro/security-it/every-minute-of-every-day-a-bank-is-under-cyber-attack-20131008-hv1yi.html

 

By Francesco Trama

Quote  —  Posted: October 9, 2013 in Cyber Crime, Cyber Security, Geo IP Filtering, Network Security, PacketViper