Blocking countries is a bit tricky using traditional methods, and a broad stroke approach will be followed with headaches the more and more you block. Not mentioning proxies, which leaves the broad stroke approach a weak methodology, and somewhat a waste of time. Even with the obvious choices of countries that are frequently suggested to block, you run a greater risk of precluding legitimate businesses into your public services when blocking.

The trick to Geo-IP blocking is not turning off the country from accessing critical areas of your network, its filtering them to receive only the traffic that is necessary to your business. Firewalls just do not get you there.

Even with well made firewalls like Sonicwall, Foritnet, Checkpoint, and several others that have geo-ip capabilities. Their approach is broad stroking when tackling Geo-IP management. It’s not that they do not care; it could be as simple as a marketing move, limitations given all they do, or simply put “It’s not their focus” for the product line.

If you ever tried really cranking up the geo-ip for any of them you will find internal hardship for your users, latency, load, and frustration. Understandable because the feature isn’t treated very seriously, or an after thought.

The fact is Geo-IP should not be done on any application layer inspecting anything, rather MUST be done within its own layer given the scope of the Geo-IP task.

The question is always asked “What countries should I block?”, as if judging the name of the country, and ideology is the gauge on how to filter it. The fact is there are no borders on the internet, ideology, and greed so asking what country to block is not the best measuring stick. Sure the attackers motivation could stem from that country, but it rarely starts and ends there. An attackers attack surface, and their resources are limitless because of their ability to traverse country to country without resistance. There are many factors why they can do this, and it all starts with what we call “The Human Condition”. The two main traits being imperfection, and the inability to predict the future yet.

Asking the question strictly as a business service need though can yield more accurate results when identifying who needs access to our public services. So in this perspective we can trim away the unnecessary, and focus on the necessary in global network traffic. Even if your business is ideologically based, you can still apply this same consideration when sculpting traffic from around the world.

Sculpting network traffic is the key though! Restricting global traffic based on its value to your business internet services is vital. For instance does the entire world need access to your secure VPN, Webmail, or SFTP servers? Most likely not, so in order for geo-ip filtering to work in your favor you have to accomplish this with little effort and complexity.

Let’s not forget the dreaded logging, reporting, and alerting associated with the large volumes of traffic having carte blanche to essentially every service port opened through firewalls. This in my opinion has become one of the top problems that lulls us into a false sense of security. The reality though of excessive logging, reporting, and alerting associated is in actuality a smoke screen for our enemies, making them virtually invisible for months and years. We are killing ourselves looking at everything because “we must stay in front” of the threats. BUT if you take a breath, step back, and ask yourself “Why am I receiving this traffic in the first place?”. You will find the answer very enlightening.

A product like PacketViper is vital to the security layer because it controls how the country, company, network, or IP accesses to, and from the public areas of your network. This seemingly simple layer is so impactful, most of our customers can not believe the difference it has made. I speak of this not as the CEO of PacketViper, but an early adopter of the technology as a Director.

With PacketViper instead of blocking a country you can filter it, its companies, and networks on how you see fit, instead of the other way around. We are all smart people, and in most cases the smartest to our business. So use this knowledge in shaping the best way customers, vendors, and employees enter and exit. Trust me the downside will be loss of private data or intellectual property to some country you thought you had blocked completely.

There are many upsides to globally limiting how the world enters and exits your environment, it’s just mind boggling. The simple elimination of huge volumes of unwanted traffic before it enters the security inspection process is the one that does it for me. Dropping the traffic volume has built in bonuses like lowering the global risk, logging, alerting, and most importantly curtailing the capabilities of attackers, proxied connections including.

So rethink the question if you are blocking a country with traditional methods. It might not make as much sense.

Francesco Trama, CEO and Co-Founder PacketViper, LLC

Because of Ebay, Your Other Accounts Could Be Compromised!.

As I read through the news on the Ebay breach, I got to thinking,  it’s not just the Ebay account informationEbay you have to worry about, rather ANY other account that matches.

For instance you can log into Ebay with either your email address, or userID. Now let’s say you are using the same email address and password for PayPal, Amazon, Facebook, YouTube, WordPress, Twitter, or some other fairly popular public site.

Since the hackers stole your information from Ebay, they could simply troll through other sites on the web with your login information, and see if the door opens.

Change All Your Passwords!You do not need to be a brain surgeon to put two and two together.  So after you change your Ebay account password, do the same for your other accounts.

Written by: Francesco Trama, CEO, PacketViper

 

Today I woke and found this alert in my email:

ON WORLD Press Freedom Day, Saturday May 3, Panama’s TVN channel 2 received another “cyber-attack” on its website (tvn-2.com). The network said that the attacks have gone on continuously for five days leading up to Sunday’s election and a TVN broadcaster has been threatened via Twitter. read http://www.newsroompanama.com/panama/7645-press-freedom-day-marred-by-cyber-attack-on-tvn.html” 

Network Security Driving Me NutsMy opinion is this: There needs to be a point when “we” as security professionals take responsibility to clearly explain to customers the 10, 20, and 100K security systems they have purchased or being sold to them have a disclaimer.

Disclaimer: This security device will get you 80% secure at best, with hard work, and commitment; This device will need constant attention, managing, and there’s a good possibility if you  forget, or ignore something on it your network and all its data will be compromised! 

I’m sure it might say something in twenty paragraphs of the EULA.

There are many factors on why I say this, and some that come to mind are: complexity, learning curve, commitment to product, lack of firewall and security knowledge, management, and false sense of security after the sale.

Look at network #security like this: Just because you purchased a $50,000.00 car loaded with heated seats, self adjusting signal mirrors, night vision, auto sensing collision control, mustache trimmer (that was a joke), and self parking doesn’t mean it will protect you in an accident. The accident will still happen, but the severity “could” be lessened because of the driver.

Some key things you need to understand as the “purchasee” , is;

  • If  training courses are offered on the firewall,  there will huge management commitment. Training is always good though. (read next point)
  • Remember, it took several years, and scores of very smart technologist building those expensive  firewalls. Don’t expect simplicity.
  • What if you took that 50K firewall, enabled every single feature it offers, and threw a load on it? Performance, latency?  Most likely,

Forget the “set it, and forget it”, there is no such thing! Your company is committing in the expense, so you must commit to the technology. Most of our customers realized the firewalls they already have are pretty good once they placed our product in front.  Why you ask? Because they are not seeing the chaos at the gateway anymore.

Some things are meant to stand by themselves to do the job right, and the one who tries to do it all will be forced to compromise quality. – Francesco Trama -

Also….putting the same complex product platform into cheaper hardware, then restricting features DOES NOT mean the customer will understand your product any better! One other thing, doe’s stripping features away to make a product “affordable, with  base protection” a good idea? Having a base protection, is like having nothing at all,. To me it screams “You won’t have “this”problem” or “Don’t worry about!”.  Last I looked small business is the achilles heel of network security Ask the floral shop or doctors office  to manage what ever version of <insert firewall name here>.

PacketViper Home Screen

Quickly filter and block any country, network, or IP with a click from our actionable real time logs.

At #PacketViper  we started with a simple solution, and kept it simple, Possibly why we are so effective.  People always ask us how do we compare with ” <name here> “, and we always say ” How does <name here> compare with #PacketViper?”. We are extremely effective in what we do, and how we do it. I would go as far as saying “We make the customers existing security systems look good”.

When we tell customers you can simply filter, block, alert, and discover traffic information of any company, region, or country “with a click”; We mean what we say.  You may hear us say  “LOW COST, PRACTICAL SOLUTION”.  That is the truth in what we do.

By: Francesco Trama: Chief Executive Officer and Co-Founder: PacketViper, LLC

I could not agree more with this Huffington Post blogger.  Small business is the soft under belly of network security and everyone needs to wake up.  Think about it, small business have just as valuable data as the large organization, and their security is weaker.  So it makes them an obvious target to siphon data from.

Its a two front problem.  these smaller businesses contain valuable customer information the attackers salivate over, and should these less secure businesses have secure connections,  username and password to a larger organization, then its a twofer for the attacker. More disturbing is these side doors may not be discovered for 3-6, months,  an estimate many security firms are showing, so its a pretty serious problem.

It’s not necessarily their fault though. The cost for security can be very expensive, which forces them to purchase out of the box solutions that sometimes gives them a false sense of security,  not mentioning their security talent may not be there.

By Francesco Trama

 

“Smaller targets can mean big rewards for cyber criminals
Small and medium-sized businesses are equally susceptible to attacks from hackers as are large entities and even government agencies. According to the National Cyber Security Alliance, an astonishing one in five small businesses falls victim to cyber crime each year. Even more frightening: According to an August 2013 story in PCWorld, of those small businesses whose systems are breached, roughly 60 percent go out of business within six months after the attack.”

http://www.huffingtonpost.com/mike-pugh/no-your-small-business-is_b_4164015.html

Since the UN Identified this back in February, do you think the infections have spread, or have been curtailed? I would say with near certainty they have grown exponentially like a plague in every direction uncontrollably.  Here in the US we are finding it difficult to manage our own break outs, even though at times we can slow the growth. Now imagine the “up and coming” tech areas to our south, still getting their “%^&*” together.

By no means am I saying “we” (US) has theirs together, I just consider us further along is all.

Given they are still in their “tech growing phase” these or any under developed tech areas should be considered high risk, and treated with higher scrutiny and limited how your networks are exposed to these areas.

By Francesco Trama

 

Explainer: Cybercrime in Latin America

” Illegal botnets, or networks of remote-controlled computers infected with malware, have been found throughout Latin America. Also known as “zombie computers,” these networks can be used for a variety of cybercrimes, ranging from stealing personal information to sending spam. Trustnet’s study found that nearly half of all global cybercrime takes place through remote access with methods like botnets.

Cybercriminals from anywhere in the world can control the botnets through command and control servers, or C&Cs. A February 2013 UN draft report identified significant clusters of C&Cs in the Caribbean basin, as well as Central America. Two types of malware spawned zombie computers in the region last year—one called Dorkbot that infected 80,000 computers in 10 Latin American countries, the other called the Flashback virus, which harmed 40,000 Latin American computers.”

Source: http://www.as-coa.org/articles/explainer-cybercrime-latin-america

I got this alert today that one of our local media outlets got hit with a possible DDoS.  Just a few miles from them sits PacketViper, LLC, and PacketViper, something which would have shutdown the attacking countries at their port without the need of an global outage.

By Francesco Trama

Surge in web requests temporarily shuts down Trib Total Media website

By Tribune-Review

Published: Friday, Oct. 11, 2013, 11:48 a.m.

A large volume of Internet traffic overwhelmed Trib Total Media websites Friday, preventing users from accessing them. The incident started about 9 a.m. and lasted for about three hours, causing the Trib’s websites to become unavailable or run slowly. The Trib reported the event to the FBI as a precaution.

Read more: http://triblive.com/news/adminpage/4867159-74/trib-attack-computers#ixzz2iUu5aC1t
Follow us: @triblive on Twitter | triblive on Facebook