![]() Best Practise for full shutdown of all nodes in a Simplivity Cluster Hardware.I assume suggestions like Ebay and Facebook Marketplace will pop u. They bought some nice Surface Books and a Dell PowerEdge server last year and would like to know fair market value and best places to sell this gear. Company closing - suggestions for liquidating laptops and server Hardware. ![]() The bad guys learn fast - once everybody will use GeoIP, they will just shift their proxies closer to you and all your problems will be back at full scale. It would not be bad if WatchGuard would also include GeoIP information based filtering in their products, but one has to be aware, that it will not solve anything - it will just partially limit things. Some of those features show their usefulness and get adopted by other vendors in the industry, other features are forgotten in a few months. Would be nice if it really would be so - we all would have a lot less work to do. When they implement a new feature, than they often start promoting it as if just that feature alone will solve all of your problems. Specially application blocking can help a lot if it is correctly set up.Ĭonferences 'someone visited' often serve the promotion of a certain product of a certain vendor. If the traffic is not http based, than things start relying just on application blocking and IPS. WatchGuard's RED also is able to block some of those and not to forget IPS and AV. So if a contractor has been compromised, than you got a problem too.įor that outgoing traffic, as long as it is http traffic there are categories in Webblocker, that will possibly catch at least some of the dangerous connections. In many cases people just 'open up' the VPN and don't set decent policies for that traffic. The bad news, if it is to believe a report I have been reading lately, is that many of the large scale intrusions happened trough contractors networks that are connected to your network over VPN. ![]() You are correct - that is the whole idea behind spear pfishing. I guess not? You should take care, that a breach won't happen, no matter where it originated from. I would use GeoIP blocking just and only to get rid of some annoying connection attempts to allowed services that are not meant for visitors from certain countries.Īfter all - is there a difference, if your network was breached from an IP located in your country or anywhere else in the world? But I would NEVER use it for SAFETY - this has to be accomplished by your security policy and a decent firewall configuration that you can trust. ![]() I don't deny, that in some cases GeoIP based blocking can be useful. If someone seriousely believes, that the bad guys come just from IP's located in China and Russia, than he has nothing lost in the security business. The biggest disadvantage in relying on GeoIP is the fact, that it does not fix a bad firewall configuration. So in overall, there is not really a big gain from blocking based on GeoIP information, from my point of view. It doesn't fix ANY firewall misconfiguration Most malware is delivered by a click on a email link or attachment - that was NOT sent from China or Russia (at least not on the first look)Ĥ. 'real' hacking attacks rarely come directly from one of those 'bad' countries - these guys know to hide behind proxies in your own countryģ. When looking at blocking traffic on GeoIP information, you should know, why you want to do that in the first place.ġ.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |