Out of the box all of our Firewall-Z routers are configured to do country blocking. Whether you use the embedded, install-able, virtual machine, rack mounted, etc versions…they’re all the same. Country blocking is a pay for extra on many routers or you have to go above and beyond to hack your router begging it to do country blocking. A Cisco ASA firewall for example is a hack fest of scripts and it’s not easy to implement. Thankfully, firewall-z is easy!
It’s important to country block by default (deny both inbound and outbound connections). Why? A blog I subscribe to and enjoy reading recently talked about the “Home Router Botnet Resumes Attacks“. The web application firewall known as “Wordfence” (which we use) protects web servers and reports statistics back to the Wordfence folks for further analasys. They saw an increase in attacks last week (June 12th, 2017)…again. They identified the attackers as a home router botnet. These are home routers generally given to you by your ISP that are unsecured, hacked and leveraged in large scale attacks to various targets online. The customers and the ISPs don’t often even know the routers have been compromised.
In April they published a list of 28 ISPs (Internet Service Providers) who were on the naughty list as hosting these compromised routers many of which are “state owned” ISPs. Here’s the list form April:
- India (6 times on the list)
- Philippines (2 times on the list)
- Brazil (2 times on the list)
- Saudi Arabia
- Russia (2 times on the list)
- Sri Lanka
- Poland Tunisia
If you’re a client of EITS, we block countries you don’t do business with by default and these attacks are moot…nothing to see here folks! They’re blocked. The latest round of home router attacks…practically the same list – blocked! To make things “just work” we also identify your non-US partners and poke holes in the firewall to allow communication with those specific foreign partners (email for example). We block Japan but you have a customer or customers in Japan…we open the firewall up to allow communication to those specific customers or clients. We’ve unblocked specific countries in these cases also if you have anyone and everyone in that country that may need to find you or communicate with you. Mexico and Canada are frequently unblocked in large part.
Country blocking is phase one in our security stack and not the only thing we do to protect networks.
You should add country blocking to your firewall and if you don’t have an easily manageable firewall where you can add country blocking you should try Firewall-Z. Country blocking is a wide sweeping preventative measure to minimize your footprint. The smaller the target you make your organization online, the less likely you’ll be attacked, hacked and whacked by online threats. This can maximize up-time and thus improve efficiency in your organization.
If you’re having security problems we can help!
Comments or questions are welcome.