Filter an Entire Country with Just a Click

Ralph DeFrangesco

North Korea, China, and Russia are making themselves nuisances on the Internet. They create the majority or malware, exploit vulnerabilities, are major cyber-criminals, and are now trying to attack our infrastructure using cyber terrorism.

 

If we do our jobs, we can capture addresses and filter them out at the firewall. However, there might be thousands of entries and, needless to say, your firewall would grind to a crawl. Another option would be to put in a range of addresses. Again, there would be a huge amount of entries and performance would be an issue.

 

Would it be great to be able to filter out an entire country? Techguard, a small security company that addresses National Cyber Defense initiatives, makes a device called PoliWall that can filter Internet Registries, network ranges, or an entire country with just a click of a button. You can click on a country from a map or select from a list a country to block.

 

The device uses a proprietary High-speed Internet Protocol Packet Inspection Engine (HIPPIE) for filtering capabilities. HIPPIE allows granular filtering control across the entire address space.

 

Let's look at a scenario where we could use the device. Your administration team notices a large amount of ICMP requests at your firewall. They are able to capture the IP addresses that are sending them. They do an IP to geographic location lookup and see that the requests are coming from North Korea. Since the device is installed between the firewall and the external network, you are able to filter out the requests by clicking on North Korea and blocking them before they get to your firewall.


 

In my opinion, this device could save a company money by reducing firewall maintenance while maintaining network performance. How are you filtering out the bad guys at your firewall?



Add Comment      Leave a comment on this blog post
Jul 15, 2009 3:51 AM CuMorrigu CuMorrigu  says:

Looks like a good product to me, I know I get tired of adding addys to my firewall.

Too bad the article doesn't mention an approximate price.

Reply
Jul 16, 2009 1:51 AM Ralph DeFrangesco Ralph DeFrangesco  says: in response to Konstantin Smirnov

Mr. Smirnov,

First, thank you for taking the time to make a reply. In rereading my post, no where do I say that Russia is the #1 bad guy in regards to malware. Perhaps you are reading a different post? Anyhow, more directly to your point, as you have produced a Symantec report, I can produce several reports that support what I have said. Collectively, these three countries, and more, are leading the way when it comes to malware. China is constantly in the news for trying to break into something or another. In fact just recently, trying to break into U.S. computers. North Korea trying to break into South Korea's and U.S. computers - both cyber-terrorist cases. It just goes on and on.

Look, at the end of the day every country has some other country trying to break into their computers (commercial and military computers). It's out of control. The jist of the article is that now there is a way to block IP addresses by range, country, or however you need to filter it.

-Ralph

Reply
Jul 16, 2009 5:31 AM Konstantin Smirnov Konstantin Smirnov  says: in response to CuMorrigu

Dear Ralph,

Just accidentally being from one of those "nuisance" countries... As you claim - "They create the majority or malware".

According to the report from one of the leading IT security providers (accidentally - an US-based company) Symantec, the situation is quite different.

http://www.symantec.com/connect/sites/default/files/Threat%20report%202008.pdf

See page 8, for instance

"For example, while the United States is still home to a large amount of threat activity and continues to be the top ranked country

for malicious activity-mainly due to its extensive broadband penetration and significantly developed Internet infrastructure-Symantec has noted a steady increase in malicious activity in countries not previously associated with such activities."

Well, you guys, are leading, but we may catch up!

We are second in spam, but.. after you...

See Table 2. for example.

Or page 31,Table 4. Top countries of origin for Web-based attacks

US gets 38%, China - mere 13%, Russia - 8%.

Read the report, Ralph. It may help you to be a bit more accurate.

What I want to say - we (Russians) are not angels. But slapping up such a nonsensical stuff on us - saying we are No 1 bad guys on the web - contradicting the hard facts (like Symantec report) is really something!

My best regards,

Konstantin Smirnov

CISA, CBCP

Moscow, Russia

Reply
Jul 16, 2009 11:21 AM Theodis Butler Theodis Butler  says: in response to Ralph DeFrangesco

Ralph,

Good article. Thanks for introducing IT Professionals to the product. My opinion is to use alternate means to block the "bad guys" otherwise you will end up blocking the good guys.

For instance, just because we receive a large ping to our China firewall doesn't mean we want to block all of China from accessing our network (whether it be webservers, VPN, etc.). Also, just because we receive an attack from China to our USA router doesn't mean we want to block all of China (we have a company in China).

The product looks good on paper but in practice it would do more harm than good. I check my credit score online from China because the websites block access from China...ridiculous as I am an American citizen working in China.

Reply
Jul 17, 2009 6:20 AM Konstantin Smirnov Konstantin Smirnov  says: in response to Ralph DeFrangesco

Ralph,

What I say is that you put an unsubstantiated statement "North Korea, China, and Russia are making themselves nuisances on the Internet. They create the majority or malware, exploit vulnerabilities, are major cyber-criminals".

According to what you wrote, I am a citizen of the "major cyber-criminal" state. You produced no proof (like a link to some report). I'd rather say, your statement is emotionally-motivated. I perfectly understand that such opinion is based on reading "the news" and is a by-product of an overall media hype.

"China is constantly in the news" - is a reflection of love-hate relationship your countries developed recently. It means that China IS important to US.

"just recently trying to break into the US computers", "North Korea trying to break into South Korea's and U.S. computers" - simply reflects the fact that it happens, but it lacks the important thing - the quantity. Without it, it is difficult to say, whether China is or is not Number One in cyber-terrorism.

Or... do you honestly believe that your country never tries to break into others' computer systems following some code of ethics? I am 100% she does when it suits her interests.

As to the jist of the article... there is always lock and key, shell and the armour... Mass-infecting computers in the third country and using them as attack vehicles or proxies... wouldn't that be a cheap way to get around this magic device?

Reply
Jul 17, 2009 11:31 AM Ralph DeFrangesco Ralph DeFrangesco  says: in response to Theodis Butler

User1650087,

Nice to hear from an American working abroad. Yes, blocking an entire country may be an extreme, however the tool does give you the option. More than likely, you probably will just block a range of IP addresses and it's done pretty easily with this tool. The other thing is that if you are attacked from another country, you may just want to block it for a while, then unblock. Again, fairly easy to do.

-Ralph

Reply
Aug 26, 2009 7:01 AM Anthony Anthony  says:

I like the idea a lot and I can see it being benificial for regional buisnesses having having no buisness offshore.  Russians may want to block the U.S.  I want to block Latvia.

Maybe it's only temporary, while your trying to clean an infestation.

With all the IP ranges and possibilities of those ranges changing, wouldn't it be more benificial to exclude all but US and your IT department in India?

Reply

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

null
null

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.