With its launch in January 2012, PacketViper became the first and only country-blocking network firewall available for sale world-wide. In just a few seconds a network administrator can block a country, group of countries, or whole continents from accessing the administrator's network resources. Using traditional network firewalls, this process would essentially be impossible. There are over 4 billion IPv4 public network addresses in the world. If a network administrator started receiving a lot of break-in attempts from a country like China and wanted to block that country from their network, they would have to research the network ranges that are assigned to that country and manually add them to their firewall system. For a country like China with over 3,200 distinct network ranges (and millions of individual IP addresses), blocking the country would take a large amount of time to research network ranges assigned to China and manually load the ranges into the firewall. These increased rule sets will also impact firewall performance. Going forward, it would be difficult and time consuming to keep the ranges up to date.
PacketViper's patent-pending technology make this process quick and easy. By simply clicking to block China and then clicking Apply button, the more than 3,200 networks will instantly be blocked. PacketViper's IP allocations are automatically updated to make sure that all of China remains blocked, even as IP addresses are reassigned with no intervention required by the administrator.
Furthermore, Viper Network Systems provides Global Network Lists (GNL's) to PacketViper systems. GNL's are comprehensive lists containing network addresses of popular Internet based businesses which a user may wish to allow or block. For instance, GNL's allow an administrator to block traffic from known spammers and vulnerable networks from within the United States without blocking the entire country. GNL's provide a mechanism to block bad actors from network hopping onto a VPS or compromised system within a friendly country to gain access to a company's network resources.
PacketViper's aim is not to be a replacement for traditional firewalls and Intrusion Detection/Prevention Systems. Rather, PacketViper complements existing systems by making them more efficient and effective. Country blocking is a different way of thinking in terms of network security. Without PacketViper, a publicly accessible network's Global Threat Profile is 100%. This means the network is 100% exposed to the world. We have found a typical business receives traffic from 150 to 200 countries every day! Most of this traffic from foreign countries consists of spam and network vulnerability scans. Viper Network Systems' philosophy is “why guess at a user's intent”. If a company doesn't have any legitimate reason for receiving network traffic from particular country, then block it.
In a typical scenario, a US-based business may need to allow SSH access to some servers for management purposes and VPN access to remote users. With traditional tools, there would be no way to limit access to these network resources to users in the US only. This means the company is open to break-in attempts from China, India, Russia, Ukraine, etc. With PacketViper, the company can choose to open network resources to only those countries with legitimate business reasons to access those resources. This drastically reduces the network's Global Threat Profile. PacketViper provides the ability to block countries on a port-by-port basis, meaning a company may wish to allow SMTP traffic from the US, Canada, and Western Europe, while blocking SMTP traffic from the rest of the world. At the same, allowing SSH access only from the US.
By blocking countries that a company doesn't do business with, in addition to greater network security, their public systems become more efficient and effective. With less network traffic accessing their routers, IDS/IPS, and spam filters, they can process traffic faster. Logs are clearer and detection algorithms can focus in on the smaller set of data. The company's bandwidth usage also decreases. With PacketViper, the small new connection request packet is dropped. The large payload in the data stream that would follow is never sent. Whereas without PacketViper, for instance, a spam filter doing Bayesian analysis would have to receive the entire email message before deciding if the email was legit or not.
Blocking countries a company doesn't do business with has other benefits as well, such as spam prevention and DDoS mitigation. PacketViper users typically experience a 30-70% reduction of spam by blocking unnecessary countries. The reduction is even greater by utilizing the Global Network Lists. This corresponds into a real savings. According to the “2009 National Technology Readiness Survey SPAM Report”, the average employee spends 1.4 minutes per day on spam email. If the amount of spam is reduced by 50%, the savings for a company of 50 users making an average of $20/hr would be over $3,000 per year!
PacketViper can severely disrupt a Distributed Denial of Service attack. By blocking unnecessary countries, a network administrator can drastically limit the number of IP addresses that can be used to launch the attack. The remaining IPs that are allowed through have a smaller impact than they otherwise would and are easier to deal with. An administrator can now easily pick off the remaining individual networks participating in the attack.
PacketViper also reduces the effectiveness of viruses, worms, phishing, and other network malware. In addition to limiting the amount of traffic coming onto a network, PacketViper can also be configured to limit which countries traffic can be sent to. This means, for instance, if a system was compromised by a virus that sends credit card information to a hacker in Russia, the virus wouldn't be able to get it's payload to its destination.
Country blocking isn't PacketViper's only unique feature. It also sports a revolutionary dashboard interface that displays network traffic (including source and destination countries) in real time. This patent-pending interface allows a network administrator to tell at a glance the type of traffic that is accessing their network. If a network administrator is interested in a particular IP address, they simply click on the IP to perform a “NetCheck”
PacketViper was built by network administrators, for network administrators™