The Pittsburgh Post Gazette, a local paper wrote a small blurb on what PacketViper is doing to improve network security environments. During the interview we disabled PacketViper and took a picture of a Barracuda Spam Filter which was being protected. As you can see in the photo, a huge spike in traffic immediately appeared, signifying it was processing 400x the amount of traffic prior to disabling PacketViper, our Geo IP Network Filter.
The thinking for per port Geo IP is simple, does every country need access to every port, or does your environment really have to process every network request from the world? Before you answer yes so quickly. Think about that question. Technically, doesn’t your firewalls, IDS, or IPS systems look for malicious traffic an drop it? So the answer is undoubtedly no. The idea all exposed ports have to be accessible from all corners of the world is unfathomable, and perplexing to me.
The fact is globally exposed ports have always been a weakness in all security designs today. Sure we can lessen the the risk with strong password policies, intense scrutiny using algorithmic analysis, or secure portals to name some methods. But who’s protecting the secure portals log in pages, or if the attacker changes their pattern, a patch is not applied immediately, or rule is fat fingered? If I’m an attacker, I’m finding some other method then a well beaten path to breach you.
So again, why should the globe have access to ports used for key employees, target customers, or vendors? Per port Geo IP filters like PacketViper, can surgically restrict specific ports to and from any country bi-directionally, there by alleviating the pressure through your security environment, while hardening security, without restricting your bushiness globally.
I sometimes wonder if we got so smart in threat detection, we have over looked the basic persistent problem of opening ports through our firewalls, and allowing anyone with a smart phone, or computer access.
By: Francesco Trama