By Mike Mullins
Large blocks of networks have recently taken advantage of zero-day exploits to steal financial data. Attackers manipulated an exploit to transmit an individual's financial information to a country with a poor record of tracking and prosecuting Internet criminals.
I won't mention the name of the country, but these networks are beyond the law enforcement boundaries of most civilized nations. How do you prevent hackers from performing such an attack on your organization's network?
You can regain control of your network by answering a few questions about the purpose of your organization's network:
Answering these questions can greatly limit your company's exposure to attacks beyond the reach of law enforcement in your country. If your business is local or regional, you only need to worry about who else is in your area of the world.
Do your research
The Internet is a big place, and one organization runs it: the Internet Assigned Numbers Authority (IANA). It divides all public IP addresses among the Regional Internet Registries (RIRs) to distribute blocks of IP addresses.
There are four RIRs:
By performing a little bit of detective work at each site, you can determine which IP addresses originate from each country or region.
Combining this information with your answers to the questions about the purpose of your organization's network, you can begin to diminish your vulnerability to hostile networks and concentrate on serving your organization's target communities.
Limit network exposure
Let's look at an example. If a business network serves only the European community, then you could block every IP address at the network boundary that doesn't originate from this area. For example, you would block everything except the following networks:
188.8.131.52 - 184.108.40.206
220.127.116.11 - 18.104.22.168
22.214.171.124 - 126.96.36.199
188.8.131.52 - 184.108.40.206
220.127.116.11 - 18.104.22.168
22.214.171.124 - 126.96.36.199
188.8.131.52 - 184.108.40.206
220.127.116.11 - 18.104.22.168
22.214.171.124 - 126.96.36.199
188.8.131.52 - 184.108.40.206
220.127.116.11 - 18.104.22.168
22.214.171.124 - 126.96.36.199
188.8.131.52 - 184.108.40.206
220.127.116.11 - 18.104.22.168
22.214.171.124 - 126.96.36.199
188.8.131.52 - 184.108.40.206
220.127.116.11 - 18.104.22.168
Apply this block or access list to both inbound and outbound traffic. In addition, integrate this strategy into any existing blocks or filters for services you already have in place.
This simple strategy defines the business area of your network, and it reduces your organization's exposure to hostile attacks.
The Internet is global, but your network might not need to reach every corner of the globe. Take action to regain control over your security: Define the purpose of your network and whom it serves to reduce your network's exposure to potential vulnerabilities.
Mike Mullins has served as a database administrator and assistant network administrator for the U.S. Secret Service. He is a Network Security Administrator for the Defense Information Systems Agency.