The Pittsburgh Post Gazette, a local paper wrote a small blurb on what PacketViper is doing to improve network security environments. During the interview we disabled PacketViper and took a picture of a Barracuda Spam Filter which was being protected. As you can see in the photo, a huge spike in traffic immediately appeared, signifying it was processing 400x the amount of traffic prior to disabling PacketViper, our Geo-IP Network.
The thinking for per port Geo-IP is simple, does every country need access to every port, or does your environment really have to process every network request from the world? Before you answer yes so quickly. Think about that question. Technically, doesn’t your firewall, IDS, or IPS systems look for malicious traffic and drop it? So the answer is undoubtedly no. The idea all exposed ports have to be accessible from all corners of the world is unfathomable, and perplexing to me.
The fact is globally exposed ports have always been a weakness in all security designs today. Sure we can lessen the the risk with strong password policies, intense scrutiny using algorithmic analysis, or secure portals to name some methods. But who’s protecting the secure portals log in pages, or if the attacker changes their pattern, a patch is not applied immediately, or rule is fat fingered? If I’m an attacker, I’m finding some other method then a well beaten path to breach you.
So again, why should the globe have access to ports used for key employees, target customers, or vendors? Per port Geo-IP filters like PacketViper, can surgically restrict specific ports to and from any country bi-directionally, there by alleviating the pressure through your security environment, while hardening security, without restricting your bushiness globally.
I sometimes wonder if we got so smart in threat detection, we have overlooked the basic persistent problem traffic volume and opening ports through our firewalls, then allowing anyone with a smart phone, or computer access.