Archive for September, 2013

PacketViper 2.0 is in its final stages to be released.  Already in many customer sites, which has been made a heads turn with its optimized GUI interface and additional features. Here are some of them;

1. Country Redirection:  redirect any country traffic to some other IP on your network

2. Global Network List Redirection: Redirect any Global Network Lists to some other IP address on your network

3. Triggers based Countries or Global Network Lists:  Set triggers to fire based on activity from any country or Global Network Lists.  Use triggers to slow down, auto block, or alert you based on specific traffic.

4. Integrated mapping with NetCheck

Image

5. Newly Designed and Optimized Home Screen, and GNL area

ImageImage

6. Custom Rules based on Country and GNL’s

7. Logging Filters:  Capable of disabling logging based on specific countries, GNL, or custom rules

8. Custom Error messages for blocked SMTP traffic

9. Custom Splash pages for blocked sites

10. Outbound port fields for filtering country or GNL outbound

11. Newly designed Country Filtering area with zoom in map, hover over statistics, heat maps for simpler views of filtering.

Image

Much more…..

Francesco Trama, Chief Executive Officer

Geo IP (Country) filtering is growing more and more popular given the distribution of global network attacks. IDS/IPS systems do their best in anticipating malicious network activities. Some of problems network security teams have experienced is extended implementation times, cost, learning curves, false positives, complex management, and how to deal with distributed large attacks or the speed in how attacks, viruses, and malware adapt.

Intrusion Detection/Prevention Systems (SecurityWizardy.com)
Intrusion Detection Systems form a small but critical piece of the computer security jigsaw, alerting to intrusions and attacks aimed at computers or networks.  They’re not the computer security panacea.  But, they are your eyes and ears, essential in knowing whether you are under attack. Intrusion Prevention Systems take this concept to the next level and sit inline blocking the packets you tell them to based on signatures as per the IDS.  They can be highly effective as a defensive tool but need to be configured with great care and attention in stages…… Read More

Unfortunately there is no silver bullet in network security! Network Security needs to be approached in layers, and most will say it should look like this:

  • Firewall /NDIS (network Intrusion and Detection)
  • Email Scanning
  • Web Security
  • Sever Level Virus
  • Workstation Virus
  • Patch Updating Systems
  • Attentive Employees
This is where I believe security environments fall short, and why Geo IP (country) filtering layers are vital in the network security. I’m not saying to throw some broad stroking country blocker into your environment, what I am saying is having a robust Geo IP  filtering system, which is granular and simple to operated! Blindly blocking country ranges is just not practical if you are a global business.

Our security layer looks like this

Image

I’ve seen several vendors which have integrated Geo-IP filtering into their appliances, but when you actually start using their Geo-IP tools you quickly realize their Geo-IP is not the products strong point. Some would say it was added only for marketing reasons, even not taken seriously.

In the small Geo IP (country) blocking market there really is not too much to choose from. It seems most of the products consist of downloading some sort of list regularly, then applying them to a firewall. The lists come in many different formats to accommodate the varieties of firewall systems. There are many problems with these services like accuracy, manual updating, implementation complexity, support, and troubleshooting to name some.

I’ve also seen services, which provide you code for your web site. The code is inserted into your web pages, and as traffic accesses your web service, it’s evaluated, and filtered like a country RBL. These types of services, although creative seem they would generate more traffic, just like RBL services do. I’m sure in a very small percentage would be useful useful, but high-volume web servers would suffer. Not to mention you are only protecting the web server, and it would need to be applied to all web servers. The few hardware-based products I found range from; little to no country filtering smarts, to price points in excessive of 75K. The higher priced product I found seems to claim 50-100K is the right price for country filtering? I would emphatically disagree.

Because we do not to have many choices when it comes to Geo IP (country) filters, we could conclude country filtering is not really important to firewall manufacturers. In fact, it seems the perception is ” Geo IP (country) blocking is impractical ” and unnecessary in some circles. I couldn’t disagree completely.

If I would tell you there is a product which;

  • Low cost
  • Inline and Transparent
  • Fail open NIC’s
  • Used on your own hardware
  • Filters countries by port bi-directionally
  • Includes alerts, country/network/ip triggers, honeypots, tarpits, country redirection
  • Complete with its own global network lists of well known/bad networks
  • Web based and accessible from mobile devices
  • Purchased as an appliance or downloadable software
  • Works in VM Environments.

Wouldn’t you get it immediately?

Viper Network Systems (VNS) launched a product called PacketViper in 2011 we does exactly what everyone has been missing, per port geo IP filtering,  The product quickly installs into most hardware platforms, or can be purchased as an appliance. PacketViper likes to sit in front of the security environment, to clean up the unwanted traffic before entering.

Viper Network Systems ripped a few pages out of VMWare ESXi, and released PacketViper Starter. It’s completely free, and never expires. You wonder what the catch would be? No catch other than some limitation on how many countries you can block at once, NetCheck (IP Search/Block feature), Global Network Lists are limited, and a couple of other minor limitations. Other than that the product is free to use.

PacketViper was built for security teams to quickly respond to global threats in real time. Frank Trama, President & Co-Founder whose roots stem from network administrations, design, and management found there was need that needed to be filled. Partnering with Dan Gynn, now Chief product Officer & Co-Founder turned this need into an incredible and practical product call PacketViper, a security layer I cannot see my network without. The products’ focus is Geo IP (country) filtering with a style and grace not seen in any other product in the market today. PacketViper fills the gaps which all environments are missing.

PacketViper blocks countries by simply clicking on a map, setting which ports to block/allow (all or some), and clicking apply. It’s really that simple. There is so much more though like real time clickable logs, which you can quickly select and see the complete details of the IP, which is called NetCheck;

Image

NetCheck is the feature administrators have been waiting for. The cure-all for understanding the IP origins, its assigned network ranges, and much more. NetCheck can quickly block the IP or every registered network range it’s assigned to. A great tool when you want to eliminate complete spamming networks. We could go on for a while with its features, just check them out at here.

So is country filtering impractical? Let’s all admit it. IP Blocking is a pain! What the folks at Viper Network Systems did is put it all together in an affordable package. Image what happens when you start filtering out the unwanted country traffic (SQL management port attempts from China, RPC attempts from Russia, Telnet attacks from Romania, spam from Africa and Brazil). IDS/IPS experiences fewer false positives, which can be dialed in better to become more effective, spam and system loads are reduced; bandwidth is freed up of unproductive global traffic, and network security is further hardened. Why you ask? It’s simple; you reduce the attack space to your exposed ports in your security environment. There is less intention analysis needed.

If you filter out just 30% of the unwanted traffic to your internet facing servers and devices. That’s 30% you do not have to worry about again, then dial in the country blocker like PacketViper to drop 50% of your global traffic. That’s 50% less you have to sift through, 50% fewer loads on your security systems, and 50% fewer chances of malicious traffic finding a vulnerability.

Why would you then allow that obscure country access at VPN, FTP, and the thousands of other ports? I can tell you wouldn’t or wouldn’t want to. This is why smart country blockers are important and needed. —-Frank Trama

Overall Geo IP (Country) blocking can be practical and should be a required layer for every security environment. Personally, I cannot see any of my environments without this feature. For full disclosure, I have the product and contributed to its design.

CEO & Co-Founder
PacketViper, LLC

To me it seems the insurance liability side is overlooked, but something that needs to be seriously taken. The breach alone could take your company to the brink, but the liability aftermath expenses could collapse your business.

By Francesco Trama, CEO

Data Breach Verison Report 2013Every day there are news reports of companies being hacked and breached.  In 2011 alone some 23 million confidential records were exposed through more than 414 reported security breaches, as reported by the national nonprofit Identity Theft Resource Center (ITRC).

In 2012 these breaches just got bigger according to the 2012 Cyber Liability & Data Breach Insurance Claims Studyby NetDiligence.  Highlights include: Global Payments (1.5 million records), Yahoo! (400 thousand passwords) Wyndham Hotels (600 thousand credit cards), eHarmony (1.5 million passwords), LinkedIn (6.5 million passwords) and the lists continue to grow.

New information recently released by Verzion, 2013 Data Breach Investigations Report, indicates that there’s no letup in sight.  Here are six observations from this material: 

  1. All organizations, large or small, profit or nonprofit, are appealing to hackers.  75% of attacks took advantage ofnon-specific targets
  2. These breaches happen quickly.  84% happen within minutes to hours
  3. These breaches…

View original post 219 more words

The preconception we always run into is that Geo Location filtering is more cumbersome than its worth.  If you would have told me 5 years ago “You should block countries“, I would be the first one to push back.  It was such a nightmare if you turned off a country given the global makeup of business. We had to rip out the pages and start new when building PacketViper, and knew the fight would be more the preconceive thinking of country blocking.

PacketViper solved the problem of filtering countries by allowing customers to drop or allow specific ports.  This started new security layer called the Geo IP filtering layer. Piling on features such as per port Global Network Lists, Custom rules, Triggers, and alerts which can be assigned to countries, and Global Network Lists. This created a new layer of defense that improved current environments with out having to rip or replace the existing security environment.

Here’s a video I created that shows how PacketViper helps.

By Francesco Trama

The Pittsburgh Post Gazette, a local paper wrote a small blurb on what PacketViper is doing to improve network security environments.   During the interview we disabled PacketViper and took a picture of a Barracuda Spam Filter which was being protected. As you can see in the photo, a huge spike in traffic immediately appeared, signifying it was processing 400x the amount of traffic prior to disabling PacketViper, our Geo IP Network Filter.

The thinking for per port Geo IP is simple, does every country need access to every port, or does your environment really have to process every network request from the world? Before you answer yes so quickly.  Think about that question. Technically, doesn’t your firewalls, IDS, or IPS systems look for malicious traffic an drop it?  So the answer is undoubtedly no. The idea all exposed ports have to be accessible from all corners of the world is unfathomable, and perplexing to me.

The fact is globally exposed ports have always been a weakness in all security designs today. Sure we can lessen the the risk with strong password policies, intense scrutiny using algorithmic analysis, or secure portals to name some methods. But who’s protecting the secure portals log in pages, or if the attacker changes their pattern, a patch is not applied immediately, or rule is fat fingered? If I’m an attacker, I’m finding some other method then a well beaten path to breach you.

So again, why should the globe have access to ports used for key employees, target customers, or vendors?  Per port Geo IP filters like PacketViper, can surgically restrict specific ports to and from any country bi-directionally, there by alleviating the pressure through your security environment, while hardening security, without restricting your bushiness globally.

I sometimes wonder if we got so smart in threat detection, we have over looked the basic persistent problem of opening ports through our firewalls, and allowing anyone with a smart phone, or computer access.

Image

By: Francesco Trama

As I sit driving back from Chicago thinking about everyone we met at ASIS, and the excitement from the new customers we signed on.  It’s nice to see something you believe in, and worked so hard on is appreciated and beneficial to our customers. PacketViper is the solution every one has been missing because it solves simply a big network security problem.

Image

 

 

By Francesco Trama