Category: Network

Blacklisting and Whitelisting: Differences

Should you block all the bad actors you already know and leave all the rest of the traffic freely, or should you just allow the trusted entities and block anything else? This is the dilemma between Blacklisting and Whitelisting. Let’s explore them a bit deeper and see the differences. 

​What is Blacklisting? 

Blacklisting is a method of access limitation that cuts the access to a network or a system to those entities that were added to a blacklist, based on their unique identifier, which in most cases is their unique IP addresses. 

The essence of Blacklisting is that ALL entities that are added to the BLACKLIST don’t have access to the protected object. 

You can use the Blacklisting technique for many applications like:

  • A network administrator can use a blacklist to stop incoming traffic from entities that are known to spread malicious software. That way, they secure the network. 
  • You can blacklist some websites and make them not accessible from your work network. That way, you can provide better protection. You can use it to block social media sites to try to boost productivity. 
  • Limiting can be applied to phone calls. You can forbid incoming calls from certain numbers that you don’t want to hear or spam callers. 

You can manually add entities to the blacklist, or software can do it automatically, based on different criteria. 

In general, it is an effective solution that is easy to manage, but it has its caveats. 

The disadvantage of Blacklisting is that your system or network will still be vulnerable to attacks from criminals that are not yet on your blacklist. Everybody that is not on the list will have access. 

​What is Whitelisting? 

Whitelisting is a method of access permit that gives access to a network or a system to those entities that were already added to a list – whitelist, based on their unique identifier, which in most cases is their unique IP addresses. 

The essence of Whitelisting is that ONLY entities that are added to the WHITELIST, will have access to the protected object. 

It is a very defensive approach to object protection. 

You can use the Whitelisting technique for many applications like:

  • You can limit the traffic to only trusted sources. If you have a server, you can limit the access to just a few trusted IP addresses.  
  • Limit access to the administrator’s panel on a website to trusted-only IP addresses. 
  • Allow only specific applications and sites. 

The Whitelisting method can stop all incoming traffic from unknown sources and keep the object (network or system) safe. You should consider that it can limit the normal work by stopping everything that is not yet on the trusted list. 

​Differences between Blacklisting and Whitelisting 

  • Blacklisting is threat-centric, and Whitelisting is trust-centric. 
  • Blacklist limits the access for those on its list while Whitelisting permits access to those on its list.
  • Default is allowed in Blacklisting, while in Whitelisting, default is blocked. 
  • Both Blacklisting and Whitelisting could be hard to manage if we are talking about a large network with multiple variables. 

​Conclusion

Blacklisting is a good method if you know who exactly is your bad actor. You can add it to the list and be safe until a new one comes. Whitelisting is more extreme, but its default behavior of denying access can often be safer. 

Leave a Comment

Teardrop attack – What is it and how to prevent it?

Online “attacks” are a really upsetting topic. But like with many uncomfortable things in life, ignoring them doesn’t prevent or fix them. So let’s face the fact that they exist, and they can hit us and learn more about how we can protect our online business.

What is a teardrop attack?

A teardrop attack is a DoS (denial of service) type of attack. A teardrop attack makes a network, server, or computer inaccessible by sending them altered, oversize data packets. 

It’s very common for the attackers to use a bug to affect the reassembly function of TCP/IP or its fragmentation codes to enable the teardrop attack.

The victim will struggle due to the difficulty of reassembling those altered data packets in the proper order. It will fail the reconstruction, try again and again, until an overlap of packets occurs and the victim finally crashes.

To ensure its success, the teardrop attack also involves sending big amounts of traffic to stress even more its victim. The constant repetition of the failing reassembly and traffic demanding for being attended will derive from the exhaustion of the victim’s resources to operate and its lack of availability.

Attackers seem to choose a teardrop attack to hit aged operating systems. Let’s say Linux versions former to 2.0.32 and 2.1.63. Windows NT, Windows 3.1x, Windows 95, Windows 7, Windows Vista. 

Based on this, and considering that new operating systems are not teardrop attack’s target, this threat could sound outdated. And perhaps it is for most regular users, but it’s not for big government and healthcare organizations in many countries.

If you think about the last time you visit such an office, what type of equipment did you see around? Modern computers? It depends on the country, but many still use old computers for daily tasks.

How to prevent a teardrop attack?

  • Use a firewall. There are different types of firewalls. For sure, one will suit your network’s needs. What is important is to enable an efficient filter that can detect and stop infected data trying to access your network.
  • Define MSS to strengthen security. What maximum segment (MSS) size does is to determine a size limit (bytes) for data packets. 
  • Get a secure proxy. It examines every incoming data packet to detect possible bugs. Only packets without bugs will be welcome on the system.
  • Disable the SMB. This is a useful tip for users of old operating systems like Windows 7 or Windows Vista. The server message block (SMB) is the way to access shared files, printers, or serial ports. Experience points that TCP ports number 139 and 445 on the firewalls of the SMB are the weakness that teardrop attackers use to hit such systems. What you can do is disable the SMB, together with its ports (139, 445).
  • Don’t use an outdated OS. Keep your OS updated and evade using computers with very old OSes installed. 
  • Avoid the segmentation of packets. Through the use of path maximum transmission unit discovery (PMTUD), it is possible to determine the maximum transmission unit dimension between two IP hosts on the path of a network.

Conclusion.

Strength the security of your systems today! It will cost you less than what you could lose in case you experience an attack.

Leave a Comment

How does CDN (Content Delivery Network) work?

CDN is currently very popular. It works backstage, so don’t worry if you haven’t heard of it. Without it, a lot of companies all around the world would not be able to deliver their content to their visitors.

Thanks to the CDN, you can have your music, movie, news, or social network’s images quickly in milliseconds. Right when you want them. So let’s explain a little bit more about it.

What does CDN mean?

A content delivery network, or CDN for short, is a network of servers. It covers a significant geographic area, and these servers are placed in very specific locations. The purpose of such a thing is to fully cover the area from where the potential clients come from. When you have servers that cache data (video, images, etc.) closer to your visitors, you are capable of providing faster service. Furthermore, their experience is going to be better.

How does CDN work?

CDN requires a big servers’ network for caching data, which is the desired content that is going to be distributed to a particular group of customers from different locations. So, it’s essential to get that infrastructure. Thus, providers of CDN strategically place their PoPs. It demands analysis of Internet exchange points (IXPs), that physical infrastructure Internet service providers (ISP) are applying. Exactly on those IXPs, the location and speed are the most useful. Providers of CDN have to determine the location of the PoPs. Otherwise, if they choose to establish them in each available IXP, it could be extremely expensive.

When you are using GeoDNS, your website visitors will connect to the closest server to them. This is a really effective connection that doesn’t depend on receiving the information from the web hosting. It saves you a lot of time, which is great for your business.  

The CDN providers do not directly own the infrastructure. They are making use of the already existing one. Providers of CDN are offering their service, and customers choose them for delivering their content to their users. Afterward, CDNs are paying the carriers, ISPs, and operators of networks to use their data centers to host CDNs’ servers.

How to create a CDN?

If you want to build even a simple content delivery network, you are going to need the following things:

  • First: a domain name or a subdomain
  • Second: at least two servers in separate areas. These servers could be virtual or dedicated. 
  • Last: GeoDNS tool. When you are implementing it, visitors making a request to the domain are sent to the server closest to them. 

Main advantages

Content Delivery Network (CDN) has its proven benefits. The main advantages of implementing CDN services include the following:

  • Your content availability is significantly increased. CDNs handle more traffic and help with avoiding network failures, rather than the origin server, which is placed far away from some visitors.
  • Your webpage will load faster. Your customers won’t abandon it, like a slow-loading site or e-commerce application where purchases are left only in the shopping cart.
  • Adding a various mix of web content optimization and performance services that are beneficial for cached site content.

Conclusion

High speed is one of the critical factors for defining the website’s efficiency. Better performance and satisfying users’ experiences are possible with CDN.

Leave a Comment