Geo IP Effect on Barracuda Spam FIlter – Network Security Gaps
The Pittsburgh Post Gazette, a local Pittsburgh paper wrote a small blurb on what Viper Network Systems is doing to improve network security environments. During the interview we
disabled PacketViper and took a picture of a Barracuda Spam Filter which
was being protected. As you can see in the photo, a huge spike in
traffic immediately appeared, signifying it was processing 400x the
amount of traffic prior to disabling PacketViper, our Geo IP Network
The thinking for per port Geo IP is simple, does every country need
access to every port, or does your environment really have to process
every network request from the world? Before you answer yes so quickly.
Think about that question. Technically, doesn’t your firewalls, IDS, or
IPS systems look for malicious traffic an drop it? So the answer is
undoubtedly no. The idea all exposed ports have to be accessible from
all corners of the world is unfathomable, and perplexing to me.
The fact is globally exposed ports have always been a weakness in all
security designs today. Sure we can lessen the the risk with strong
password policies, intense scrutiny using algorithmic analysis, or
secure portals to name some methods. But who’s protecting the secure
portals log in pages, or if the attacker changes their pattern, a patch
is not applied immediately, or rule is fat fingered? If I’m an attacker
I’m finding some other method then a well beaten path to breach you.
So again, why should the globe have access to ports used for key
employees, customers, or vendors? Per port Geo IP filtering like what
PacketViper does can surgically restrict specific ports to and from any
country bi-directionally, there by alleviating the pressure through your
security environment, and overall hardening your security.
I sometimes wonder if we got so smart in threat detection, we have
over looked the basic persistent problem of opening ports through our
firewalls, and allowing anyone with a smart phone, or computer access.