North Korea, China, and Russia are making themselves nuisances on the Internet. They create the majority or malware, exploit vulnerabilities, are major cyber-criminals, and are now trying to attack our infrastructure using cyber terrorism.
If we do our jobs, we can capture addresses and filter them out at the firewall. However, there might be thousands of entries and, needless to say, your firewall would grind to a crawl. Another option would be to put in a range of addresses. Again, there would be a huge amount of entries and performance would be an issue.
Would it be great to be able to filter out an entire country? Techguard, a small security company that addresses National Cyber Defense initiatives, makes a device called PoliWall that can filter Internet Registries, network ranges, or an entire country with just a click of a button. You can click on a country from a map or select from a list a country to block.
The device uses a proprietary High-speed Internet Protocol Packet Inspection Engine (HIPPIE) for filtering capabilities. HIPPIE allows granular filtering control across the entire address space.
Let's look at a scenario where we could use the device. Your administration team notices a large amount of ICMP requests at your firewall. They are able to capture the IP addresses that are sending them. They do an IP to geographic location lookup and see that the requests are coming from North Korea. Since the device is installed between the firewall and the external network, you are able to filter out the requests by clicking on North Korea and blocking them before they get to your firewall.
In my opinion, this device could save a company money by reducing firewall maintenance while maintaining network performance. How are you filtering out the bad guys at your firewall?