Posts Tagged ‘PacketViper’

By: Francesco Trama: Co-Founder: PacketViper, LLC

Network Security Driving Me NutsI woke one morning and found this alert in my email:

ON WORLD Press Freedom Day, Saturday May 3, Panama’s TVN channel 2 received another “cyber-attack” on its website (tvn-2.com). The network said that the attacks have gone on continuously for five days leading up to Sunday’s election and a TVN broadcaster has been threatened via Twitter. read http://www.newsroompanama.com/panama/7645-press-freedom-day-marred-by-cyber-attack-on-tvn.html” 

My opinion is this: There needs to be a point when “we” as security sales professionals provide a disclaimer that clearly explains:

Disclaimer: This security device may get you 80% secure at best with hard work, and commitment; This device will need constant attention, managing, and there’s a good possibility if you forget, or ignore something on it your network and all its data will be compromised! 

I’m sure it might say something in twenty paragraphs of the EULA.

There are many factors on why I say this,

1. Complexity

2. Learning curve

3. Commitment to product

4. Lack of firewall and security knowledge

5. Management

6. False sense of security after the sale.

[Read More]

Luckily this is not an issue with our customers, all they have to do is limit their access. I would image most of our US customers have already limited this access.

By Francesco Trama

http://www.pcmag.com/article2/0,2817,2425836,00.asp

Cyber attacks are on the rise, but where are they originating from? If you guessed China, you’re close, but most of the attack traffic during the quarter actually originated in Indonesia, according to a new report from Akamai.

In the second quarter, Akamai found that attacks originated in 175 countries, with Indonesia accounting for 38 percent of those attacks – up from 21 percent in the first quarter. China came in at No. 2 with 33 percent, down 1 percent this quarter. The U.S. stayed at No. 3, but dropped from 8.3 percent to 6.9 percent.

Time and time again the question is asked “How Does PacketViper compare to a <Insert Firewall Name Here>?

We explain what we do, compared to what they do.  The very next sentence is We can do that now with <Insert Firewall Name Here>

Can you Really?

I’m going to explain the differences between <Insert Firewall Name Here> and PacketViper. What you have to keep in mind is PacketViper is designed to remove the traffic before entering the security environment. It quickly eliminates unwanted traffic to improve the performance throughout the entire security environment.  PacketViper’s sits inline, fail-open bypass, transparent Geo IP layer has a significant positive impact to every gateway, spam filter, mail and web servers, VPN portals, and so on. It immediately hardens even the most exposed networks with a few clicks, and no complex configuration.

Although many want to compare us to <Insert Firewall Name Here>, we are in the security layer to to help them work more efficiently. Our layer can do many different things which they can not offer because of their Layer3+ inspections. if you activated every feature to its fullest on <Insert Firewall Name Here>, what would the latency cost be to your traffic? I would say pretty great, not to mention log and alert overload, false positives, troubleshooting connection issues, and customer complaints.

Technically we are a firewall, but <Insert Firewall Name Here> is not a PacketViper,

CheckPoint IPS blade note from a commentator ” Please Note enabling the perform all IPS inspection on all traffic, can have a adverse effect on the performance of the firewall”

1. PacketViper is a inline appliance or software that operates transparent, and adds no network hop to the packet.

2. PacketViper looks “only” at the header information of the packet.  This is how we keep near wire speeds, negligible latency, and yet provide better details.

Explanation: PacketViper keeps its high performance by only looking at the header information that is then matched to our Geo Location database. <Insert Firewall Name Here> runs the packet through a gambit of tests, checks, patterns, and anything else you can imagine.

3. PacketViper is very simple to filter out unwanted country traffic.

Explanation:  PacketViper is one of the simplest devices to use, to filter unwanted traffic into the environment.  Looking at the <Insert Firewall Name Here> configuration is a challenge. I understand the devil is in the details, but when you are being flooded with email, web requests, DDoS, dictionary attacks, probes, or NMAP’s on a daily basis, so to us the devil is the common sense.  Do you really need someone from some country probing your VPN port? You see some firewall vendors show statements like;

4. PacketViper Triggers to prevent DDoS, By Country, Company, Network, IP, or Port.

5. PacketViper blocks countries by ports.

Explanation: Even though blocking a country is not new, the way we do it is. We do not just filter the country but rather the country, its ports bi-directionally, and some.  It is so simple with PacketViper you will wonder how this can be.  I found one video from Fortinet that was tolerable. The others would just lose you in the details trying to block a country at a port.

If you take a look at everything these super firewall and IDS systems do, it would amaze and awe anyone, until you get into them.  Like looking down from space at the earth its breathtaking. Until you get to the ground to find billions roadways, buildings, offices, rooms, closets, and alcoves. – Francesco Trama

6.  PacketViper can quickly redirect traffic based on the source IP, network, country, or Global Network List.

Explanation:  DNat is not a new thing, but with PacketViper you have a much more common sense method, and more details.

Aside from a constant labor intensive management, false positives, log overload, and long learning curve with complex firewalls. They are an absolute MUST in the security environment.  Which ever one you choose or have chosen, PacketViper will eliminate the pressure to and through them.  PacketViper eliminates the unwanted traffic hereby freeing up valuable bandwidth, and resources. PacketViper improves the entire security layer by removing the unwanted traffic through them.

PRLog (Press Release)Oct. 5, 2013PITTSBURGHFrank Trama, President & Co-founder said “Our development team, and beta volunteers have worked very long, and hard hours while showing incredible patience shaking out bugs. We could not have done it without them. Working closely together we not only produced a rock solid upgrade but discovered new additional methods to improve upon PacketViper’s Geo IP filtering capabilities.”

 

By Francesco Trama

Below I’m going to describe the changes from 1.4 to 2.0, which has just been released, then break down those changes in PacketViper 2.0, our Geo IP filter.  I do have a little bias, but will keep it as neutral as possible.

Deployment and Installation Reviews

Fairly straight forward.  When the appliance is turned on you will notice the option to add an IP address or use DHCP.  Most customer choose the DHCP options. Once plugged into your secure LAN, and an IP is obtained, the system will display the web address for you to access.  From here you simply open a web browser and enter the address.

Once logged in you are required to register the product by clicking on a red box. This takes you to the setup area where you paste your license into.  Once applying the license, the red box goes away and you are all set. One thing to note is the PacketViper will require internet access to register. This is done using the management port interface IP address.
Once the product is registered it is recommended you perform an update.  This is simply done by clicking on the update now button in setup. Once updated, you are now set to place the appliance inline in the front of your gateway.

Schedule a brief outage, then connect the internet side to one of the bridge ports, and the other bridge port to your router/firewall. Once these are connected, you can begin geo ip filtering. You can go to its Home page and see the traffic passing.

A new installation of PacketViper hasn’t changed much from 1.4.  The biggest changes and noticeable difference is the new optimized GUI screen, starting with the log in screen. You will find the interface is more dynamic and responsive, with better color coordination.

A new installation of PacketViper hasn’t changed much from 1.4.  The biggest difference is the log in splash screen logo.

PVNewLoginReviewing Filtering, Blocking, Alerting of PacketViper

PacketViper offers you a suite of options for Geo IP filtering. We will review the features and capabilities of five of them.

Country Filtering Page

ImageReview: The clickable country map area is very simple to use.  You can choose to country filter using a clickable map, or the text version of the countries.  Using your scroll button on your mouse you can quickly zoom in and out on the map.  This makes it easier to target those small countries.  This was a significant change from 1.4.

Mousing over an area of the map displays the traffic information along with related rules, triggers  and triggers.

The map can be displayed in several different heat maps, which gives you a variety of views for you to identify how you are filtering countries;

CountryDropDownInbound: Displays countries that you have filter rules set for inbound operations

  • Outbound: Display countries which have filter rules set for outbound operations
  • Threat: shows country threat levels based your traffic.
  • Inbound Blocked: Shows the countries where you have blocked the most traffic from
  • Outbound Blocked: Shows the countries where you have blocked the most traffic To.

The map can be clicked on and ports entered on a by country basis.  A small pop up will appear where you can restrict ports specifically to and from that country. You can also use the text version of the country filtering page where you can accomplish the exact same as you would if you click on the country on the map.

CountryMap_Notes_LoggingThe Country Filtering map display the amount of traffic you dropped shown in MB and connections.  In addition you are able to add notes and display logging for any particular country.  This is a good forensic tool for digging into your gateway traffic.

CountryMap_CountryDetails2.0 added a information link, which when click displays the complete details, along with a map of that country.  Some the details provided:

Country Code
Continent
Threat Level
Network Hosts
Users
User Rank

Global Network Lists

ImageAre proprietary network lists which contains well known global businesses, and high risk networks that customers can quickly enable to allow or protect themselves from. Customers can choose to restrict these lists bi-directionally by port, trigger, and shape traffic to their business needs.

You can use the custom filter at the top to narrow your search criteria to zero in on the right Global Network Lists for your company. Global Network Lists are evaluated second.

ImageNetcheck

NetCheck can be accessed any page.  Use NetCheck to view the complete details of any IP address.  In addition, is capable of blocking the IP, Network Range, Global Network Lists, or Country by port bi-directionally. NetCheck provides DNS and IP whois, Country, Region, City information, including assigned network ranges.

Custom Rules:

ImageIs an area for customer to enter specific networks relating to their business.  Something outside of the country filter and Global Network Lists evaluation layer.  Custom rules are good to add this obscure networks which are could fall with a Global Network List which you may want to exclude for those rules.

Within custom rules you can also specific a rule and base it on the country, or Global Network lists. This allows the customer to add their our specific rules based on their business model. Customer can apply global settings, to multiple rules, create groups, and disable logging within this area.

Image

Triggers, Alerts, Honeypots, Tarpit;  

Triggers and alerts can be setup to perform a variety of task to protect your networks.  Triggers cab be set to alert you on based on a country, global network lists, IP, or port.  Each trigger can be set with thresholds to and should the be exceed can auto block, rate limit, or notify. Trigger rules can also be set a priority evaluation so they can be moved anywhere in the security chain.

Management and Administration Reviews

The GUI interface makes our product one of the easiest to manage.  With its intuitive integration of geo location database to the logs and reporting modules, customers can quickly click any IP address and see its immediate IP details.  The system is capable of exporting its logs to your own event manager, and importing PCAP files so they can be analyzed faster.

PacketViper can be configured to accept updates which best suites your business needs, multiple users, log in captcha, and many other features to simple network management.

PacketViper, LLC took the guessing out at the gateway by providing simple interface to view what traffic is accessing from which country, and it networks.

How to Get It:

Visit http://wwww.packetviper.com and request a free trial.

Review By: Francesco Trama, CEO

PacketViper 2.0 is in its final stages to be released.  Already in many customer sites, which has been made a heads turn with its optimized GUI interface and additional features. Here are some of them;

1. Country Redirection:  redirect any country traffic to some other IP on your network

2. Global Network List Redirection: Redirect any Global Network Lists to some other IP address on your network

3. Triggers based Countries or Global Network Lists:  Set triggers to fire based on activity from any country or Global Network Lists.  Use triggers to slow down, auto block, or alert you based on specific traffic.

4. Integrated mapping with NetCheck

Image

5. Newly Designed and Optimized Home Screen, and GNL area

ImageImage

6. Custom Rules based on Country and GNL’s

7. Logging Filters:  Capable of disabling logging based on specific countries, GNL, or custom rules

8. Custom Error messages for blocked SMTP traffic

9. Custom Splash pages for blocked sites

10. Outbound port fields for filtering country or GNL outbound

11. Newly designed Country Filtering area with zoom in map, hover over statistics, heat maps for simpler views of filtering.

Image

Much more…..

Francesco Trama, Chief Executive Officer

Geo IP (Country) filtering is growing more and more popular given the distribution of global network attacks. IDS/IPS systems do their best in anticipating malicious network activities. Some of problems network security teams have experienced is extended implementation times, cost, learning curves, false positives, complex management, and how to deal with distributed large attacks or the speed in how attacks, viruses, and malware adapt.

Intrusion Detection/Prevention Systems (SecurityWizardy.com)
Intrusion Detection Systems form a small but critical piece of the computer security jigsaw, alerting to intrusions and attacks aimed at computers or networks.  They’re not the computer security panacea.  But, they are your eyes and ears, essential in knowing whether you are under attack. Intrusion Prevention Systems take this concept to the next level and sit inline blocking the packets you tell them to based on signatures as per the IDS.  They can be highly effective as a defensive tool but need to be configured with great care and attention in stages…… Read More

Unfortunately there is no silver bullet in network security! Network Security needs to be approached in layers, and most will say it should look like this:

  • Firewall /NDIS (network Intrusion and Detection)
  • Email Scanning
  • Web Security
  • Sever Level Virus
  • Workstation Virus
  • Patch Updating Systems
  • Attentive Employees
This is where I believe security environments fall short, and why Geo IP (country) filtering layers are vital in the network security. I’m not saying to throw some broad stroking country blocker into your environment, what I am saying is having a robust Geo IP  filtering system, which is granular and simple to operated! Blindly blocking country ranges is just not practical if you are a global business.

Our security layer looks like this

Image

I’ve seen several vendors which have integrated Geo-IP filtering into their appliances, but when you actually start using their Geo-IP tools you quickly realize their Geo-IP is not the products strong point. Some would say it was added only for marketing reasons, even not taken seriously.

In the small Geo IP (country) blocking market there really is not too much to choose from. It seems most of the products consist of downloading some sort of list regularly, then applying them to a firewall. The lists come in many different formats to accommodate the varieties of firewall systems. There are many problems with these services like accuracy, manual updating, implementation complexity, support, and troubleshooting to name some.

I’ve also seen services, which provide you code for your web site. The code is inserted into your web pages, and as traffic accesses your web service, it’s evaluated, and filtered like a country RBL. These types of services, although creative seem they would generate more traffic, just like RBL services do. I’m sure in a very small percentage would be useful useful, but high-volume web servers would suffer. Not to mention you are only protecting the web server, and it would need to be applied to all web servers. The few hardware-based products I found range from; little to no country filtering smarts, to price points in excessive of 75K. The higher priced product I found seems to claim 50-100K is the right price for country filtering? I would emphatically disagree.

Because we do not to have many choices when it comes to Geo IP (country) filters, we could conclude country filtering is not really important to firewall manufacturers. In fact, it seems the perception is ” Geo IP (country) blocking is impractical ” and unnecessary in some circles. I couldn’t disagree completely.

If I would tell you there is a product which;

  • Low cost
  • Inline and Transparent
  • Fail open NIC’s
  • Used on your own hardware
  • Filters countries by port bi-directionally
  • Includes alerts, country/network/ip triggers, honeypots, tarpits, country redirection
  • Complete with its own global network lists of well known/bad networks
  • Web based and accessible from mobile devices
  • Purchased as an appliance or downloadable software
  • Works in VM Environments.

Wouldn’t you get it immediately?

Viper Network Systems (VNS) launched a product called PacketViper in 2011 we does exactly what everyone has been missing, per port geo IP filtering,  The product quickly installs into most hardware platforms, or can be purchased as an appliance. PacketViper likes to sit in front of the security environment, to clean up the unwanted traffic before entering.

Viper Network Systems ripped a few pages out of VMWare ESXi, and released PacketViper Starter. It’s completely free, and never expires. You wonder what the catch would be? No catch other than some limitation on how many countries you can block at once, NetCheck (IP Search/Block feature), Global Network Lists are limited, and a couple of other minor limitations. Other than that the product is free to use.

PacketViper was built for security teams to quickly respond to global threats in real time. Frank Trama, President & Co-Founder whose roots stem from network administrations, design, and management found there was need that needed to be filled. Partnering with Dan Gynn, now Chief product Officer & Co-Founder turned this need into an incredible and practical product call PacketViper, a security layer I cannot see my network without. The products’ focus is Geo IP (country) filtering with a style and grace not seen in any other product in the market today. PacketViper fills the gaps which all environments are missing.

PacketViper blocks countries by simply clicking on a map, setting which ports to block/allow (all or some), and clicking apply. It’s really that simple. There is so much more though like real time clickable logs, which you can quickly select and see the complete details of the IP, which is called NetCheck;

Image

NetCheck is the feature administrators have been waiting for. The cure-all for understanding the IP origins, its assigned network ranges, and much more. NetCheck can quickly block the IP or every registered network range it’s assigned to. A great tool when you want to eliminate complete spamming networks. We could go on for a while with its features, just check them out at here.

So is country filtering impractical? Let’s all admit it. IP Blocking is a pain! What the folks at Viper Network Systems did is put it all together in an affordable package. Image what happens when you start filtering out the unwanted country traffic (SQL management port attempts from China, RPC attempts from Russia, Telnet attacks from Romania, spam from Africa and Brazil). IDS/IPS experiences fewer false positives, which can be dialed in better to become more effective, spam and system loads are reduced; bandwidth is freed up of unproductive global traffic, and network security is further hardened. Why you ask? It’s simple; you reduce the attack space to your exposed ports in your security environment. There is less intention analysis needed.

If you filter out just 30% of the unwanted traffic to your internet facing servers and devices. That’s 30% you do not have to worry about again, then dial in the country blocker like PacketViper to drop 50% of your global traffic. That’s 50% less you have to sift through, 50% fewer loads on your security systems, and 50% fewer chances of malicious traffic finding a vulnerability.

Why would you then allow that obscure country access at VPN, FTP, and the thousands of other ports? I can tell you wouldn’t or wouldn’t want to. This is why smart country blockers are important and needed. —-Frank Trama

Overall Geo IP (Country) blocking can be practical and should be a required layer for every security environment. Personally, I cannot see any of my environments without this feature. For full disclosure, I have the product and contributed to its design.

CEO & Co-Founder
PacketViper, LLC