Page 31 - index
P. 31
+0- "-1"- . /%" ./ &*" +# 3 "- "#"*."
- $(( + (. & ! ' # & & ! $)( '( $! & ! &
Since the days of medieval castle design, architects have cleverly engineered concentric
defensive layers along with traps, to thwart attackers, and protect the strong hold. Today many
people still believe that the moat was a water obstacle designed to protect the outer wall, when
in fact it was often inside the outer wall and structured as a reservoir to flood any attempt at
tunneling in. Much like these kingdoms of old, today companies are leveraging similar design
strategies to protect themselves from Internet attackers.
The last line of defense is always the structure of the wall, and guards of the castle keep itself.
Today the keep is your network server that provides customers with web content, partners with
business data, and employee’s remote access. All traffic that enters your servers comes in
through a network interface card (NIC). The NIC represents both the wall, and the guards for the
castle keep. Your NIC should support a stateless packet filtering firewall application that is
authorized to drop all unacceptable packets. By operating within both the NIC, and the kernel
driver, this software application can drop packets from know Internet marauders, rate limit all
inbound traffic, filter off SYN floods, and only pass traffic on acceptable ports. By applying all
these techniques your server can be far more available for your customers, partners, and
employees.
Stateless Packet Filtering Firewall on the NIC & Address Based Filtering
Filtering off traffic from known bad actors on the Internet requires two things: a current list of the
malicious IP address (or address ranges) and a filter engine capable of apply this list to all
inbound traffic coming through the NIC. Several companies provide up-to-date address based
lists of known cyber terrorists. For example Norse has a product called the Norse Darklist™ that
is an enormous collection of confirmed high-risk IP addresses, which is continuously updated.
Every address on the list has a threat score, a country of origin, threat category, and the date it
was last detected. Here is a snippet of what this list looks like:
One could subscribe to this list, then cull it down to only those addresses above a certain score,
and seen in the past six months. The resultant list could then be loaded into a NIC with
stateless packet filtering firewall technology like those offered by Solarflare in their Flareon
series of adapters. With one of these NICs running SolarSecure™, Solarflare’s stateless
firewall technology, all traffic from these high-risk IP addresses would be dropped. Both the
I25B /1B>9>7C &171J9>5 M +5@D5=25B 49D9?>
?@IB978D K I25B 565>C5 &171J9>5 << B978DC B5C5BF54 G?B<4G945
