Friday, October 4, 2013

Frank Trama Reviews of PacketViper 2.0

Below I'm going to describe the changes from 1.4 to 2.0, which has just been released, then break down those changes in PacketViper 2.0, our Geo IP filter.  I do have a little bias, but will keep it as neutral as possible.

Deployment and Installation Reviews


Fairly straight forward.  When the appliance is turned on you will notice the option to add an IP address or use DHCP.  Most customer choose the DHCP options. Once plugged into your secure LAN, and an IP is obtained, the system will display the web address for you to access.  From here you simply open a web browser and enter the address.

Once logged in you are required to register the product by clicking on a red box. This takes you to the setup area where you paste your license into.  Once applying the license, the red box goes away and you are all set. One thing to note is the PacketViper will require internet access to register. This is done using the management port interface IP address.


Once the product is registered it is recommended you perform an update.  This is simply done by clicking on the update now button in setup. Once updated, you are now set to place the appliance inline in the front of your gateway.

Schedule a brief outage, then connect the internet side to one of the bridge ports, and the other bridge port to your router/firewall. Once these are connected, you can begin geo ip filtering. You can go to its Home page and see the traffic passing.

A new installation of PacketViper hasn't changed much from 1.4.  The biggest changes and noticeable difference is the new optimized GUI screen, starting with the log in screen. You will find the interface is more dynamic and responsive, with better color coordination.
Filtering, Blocking, Alerting Reviews



PacketViper offers you a suite of options for Geo Ip filtering  We will review the features and capabilities of five of them.  One other big change is we allowed the ability from the Custom rules, Triggers, and Destination NAT areas to base rules on any country, or global network list. So customers can now create a rule any area to either trigger, block, rate limit, alert, or redirect traffic.

Home Screen

PacketViper Home Screen.  Click on real time logs to see the complete IP details, along with its assigned networks, country and any associated lists.  This is probably one of the most useful administrative tools administrators can use to filtering country network traffic. You will see in 2.0 the color coordination is much easier on the eyes, and more dynamic when resizing the screen.



Country Filtering Page:

The clickable country map area is very simple to use.  You can choose to country filter using a clickable map, or the text version of the countries.  Using your scroll button on your mouse you can quickly zoom in and out on the map.  This makes it easier to target those small countries.  This was a significant change from 1.4.

Mousing over an area of the map displays the traffic information any related rules, triggers  and triggers. The map can be displayed in several different heat maps, which gives you a variety of views for you to identify how you are filtering countries;

    •    Inbound: Displays countries that you have filter rules set for inbound operations
    •    Outbound: Display countries which have filter rules set for outbound operations
    •    Threat: shows country threat levels based your traffic.
    •    Inbound Blocked: Shows the countries where you have blocked the most traffic from
    •    Outbound Blocked: Shows the countries where you have blocked the most traffic To.

The map can be clicked on and ports entered on a by country basis.  A small pop up will appear where you can restrict ports specifically to and from that country. You can also use the text version of the country filtering page where you can accomplish the exact same as you would if you click on the country on the map.
The Country Filtering map display the amount of traffic you dropped shown in MB and connections.  In addition you are able to add notes and display logging for any particular country.

This is a good forensic tool for digging into your gateway traffic.
2.0 incorporated a information link, which when click displays the complete details, along with a map of that country.  Some the details provided:

Country Code
Continent
Threat Level
Network Hosts
Users
User Rank

Global Network Lists
Are proprietary network lists which contains well known global businesses, and high risk networks that customers can quickly enable to allow or protect themselves from. Customers can choose to restrict these lists bi-directionally by port, trigger, and shape traffic to their business needs.

You can use the custom filter at the top to narrow your search criteria to zero in on the right Global Network Lists for your company. Global Network Lists are evaluated second.







Netcheck 
Can be accessed from any page.  Use NetCheck is used to view the complete details of any IP address.  In addition, is capable of blocking the IP, Network Range, Global Network Lists, or Country by port bi-directionally. NetCheck provides DNS and IP whois, Country, Region, City information, including assigned network ranges.
V2.0 now displays the a map based on the business address of the registered IP address.  This has changed from 1.4 from linking coordinates to Google map. This saves opening up a new window for each lookup.

Custom Rules:
is an area for customer to enter specific networks relating to their business. Something outside of the country filter and Global Network Lists evaluation layer.  Custom rules are good to add this obscure networks which are could fall with a Global Network List which you may want to exclude for those rules.

Within custom rules you can also specific a rule and base it on the country, or Global Network lists. This allows the customer to add their our specific rules based on their business model. Customer can apply global settings, to multiple rules, create groups, and disable logging within this area.


Triggers,
Alerts;  Triggers and alerts can be setup to perform a variety of task to protect your networks. Triggers cab be set to alert you on based on a country, global network lists, IP, or port. Each trigger can be set with thresholds to and should the be exceed can auto block, rate limit, or notify. Trigger rules can also be set a priority evaluation so they can be moved anywhere in the security chain.



Management, Administration Reviews

The GUI interface makes our product one of the easiest to manage.  With its intuitive integration of the geo location database to the logs, reporting modules, connections area, customers can quickly click any IP address and see its immediate IP details.  The system is capable of exporting its logs to your own event manager, and importing PCAP files so they can be analyzed faster.

PacketViper can be configured to accept updates which best suites you business needs, multiple users, login captcha, and many other features to simple network management.

Viper Network Systems took the guessing out at the gateway by providing simple interface to view what traffic is accessing from which country, and it networks.

How to Get It:
Visit http://wwww.packetviper.com and request a free trial.





These reviews written by: Frank Trama, President 7 Co-Founder of Viper Network Systems

No comments:

Post a Comment