back to homepage Cyber Warfare Defense
       
Barbican
CyberWarfare Defense
attack protection
products
eDoS products
vDoS products
Consulting Services
F.I.R.E. CD

Fire CD
 
News

Melior, Inc. - CyberWarfare Defense: Is A Firewall Enough?

Dallas, TX, December 1st, 2004

Summary:
As businesses and governments rely increasingly on the Internet as a communications vehicle to conduct business, to operate supply chains, maintain customer relationships and support products, and to disseminate information the public, this critical infrastructure is equally increasingly threatened by system and network probing to detect and exploit vulnerabilities (Penetration Testing attacks), by Denial-of-Service attacks from armies of easily obtainable "bot-networks", and the payloads of various valid and invalid (malicious) network traffic.

More importantly, internal and priviliged networks face similar threats from compromised systems within the secured perimeter, in most environments without any layer of traffic validation.

Few methods are available to protect against these threats, limited to systems prohibiting communication on ports of the TCP/IP protocol and authenticating access (firewalls), or systems trying to recognize and alert to unusual traffic behaviour, such as intrusion detection systems (IDS).

The majority of network administrators use some kind of firewall to protect their network. However, all firewalls share a similar disadvantage: they are addressable, thus vulnerable to various forms of attacks.

New services, such as deployment of the popular Voice-over-IP (VoIP) to enhance features and reduce cost, remain largely unprotected, leaving these infrastructure components wide open for attacks (in the case of VoIP, threatening to shut down the entire telephony infrastructure with a few keystrokes).

Melior, an authority on CyberWarfare Defense with proven expertise, discusses the pro and contra of adding another layer to firewall and infrastructure protection to prevent Denial-of-Service attacks, syn-floods, and penetration testing probing, as well as new services such as VoIP.

Mission Statement Logo

Full Text:
The majority of network administrators use some kind of Firewall to protect their network. A Firewall provides policy-based access control to the various devices behind it, generally while allowing access to the Internet from the internal machines. Most people assume that a Firewall can protect the network from an attack.

There are many types of Firewalls. Some operate as filtering gateways with simple port level protection, while others provide detailed connection state tracking. Some Firewalls operate at the application level using a proxy server. There are advantages and disadvantages to each approach, and some more expensive Firewalls use multiple approaches, involving both policy- and proxy-based systems.


All Firewalls share a similar disadvantage: they are addressable.

Firewalls work on the upper layers of the ISO/OSI model, taking data from one IP address and sending it to another (or from one group to another). They make an “appearance” on the network as any other device would. Once there, Firewalls always listen on an IP address, and data can be sent to a Firewall directly, since for the most part Firewalls concern themselves with layer 3 and above. Because of this, they are generally not prepared to handle network anomalies, such as the foundation of hackers’ and attackers’ tools in use. The systems these “bad guys” use, allows them to hand craft packets, which otherwise would not exist on a network, such as oversize ICMP pings, bad packet fragments, smurf amplification attacks, badly formed packets, land attacks, and SYN floods. It is this departure from the expected network behavior, which has allowed these attacks to have good success exploiting weaknesses inherent within the modern day operating systems and application servers.


The Expected vs. the Unexpected

Because Firewalls work on the expected and apply their policies to that, they are weak in the area of the unexpected. Moreover, since they operate in the upper levels of the ISO/OSI model, they simply do not need to understand how the data gets to them - and that can be exploited as well. Hackers know all the details of this information and can craft packets, which break standards or simply bend the rules to their own gain. To a hacker, this is a clever little game to see which is smarter: their expertise or the Firewall? If a hacker knows the TCP/IP stack better than the Firewall does, or exploits a known vulnerability, he or she can bring it down, and your whole network with it. Don't think of a Firewall as the end of network protection, but as possibly one of the weakest links in your network security solution – and often a single point of failure as well. It is addressable and it does not know much if anything about the lower levels of packets, and relies primarily on administrative policy to protect network assets.

What this means is that it is likely your Firewall is vulnerable to various forms of attacks. Even worse, it may blindly pass the attack through to your internal network or simply crash when it sees certain attacks (such as “synk4”). In addition, the “holes” you have punched into your Firewall to let valid traffic through, are staring hackers in the face. By way of powerful (and free) Penetration Testing tools, such as NMAP or Nessus, they can see exactly which ports are available and will concentrate their attacks there. Your weaknesses are as good as advertised! While Firewall vendors have attempted to address the dDoS problem, the basic problem will always exist. As long as your Firewall is addressable, it is vulnerable!

The solution then is a network protection device that is not addressable or detectable in any way and is capable of blocking anomalous traffic.


Melior, Inc. introduces Barbican™ CyberWarfare Defense Systems.

Barbican™ - "A fortification at a gateway or drawbridge on the approach to a castle."

Barbican Product Line Logo


Is your Castle’s Internet gateway in need of fortification? Are you currently experiencing distributed Denial of Service (dDoS) attacks, or observe several Penetration Testing probes on a daily basis?

Barbican™ dDoS attack defense, developed by the authorities on CyberWarfare Defense, is an expansion on Melior’s proven expertise in dDoS attack defense.

Barbican™ takes a radically different approach from most Firewalls. Instead of being a server that connects two networks through its assigned IP numbers, the Barbican device can be compared to an Ethernet bridge that functions in-line. The Barbican device does not “listen” to any IP. It is as completely un-addressable as an Ethernet cable would be.

This means that unlike traditional Firewalls, it cannot be addressed directly so it cannot be attacked. More over, good valid data enters one port and exits the other without any IP or MAC address being changed in the packet.

However, Barbican is much more astute than any Firewall, because it has access to every detail of every packet. It knows the real-time details of IP packet assembly and TCP stream sequencing better than the hackers, and can respond far faster than any hacker, generally in the millisecond range! Unlike an Intrusion Prevention System (IDS), it uses no signatures to slow it down or provide false positives, and it does not require network baselines. Barbican actually handles every connection, and once a packet is verified as being part of a valid connection, it recreates each packet on its protected network interface to be sure it is pristine. Following every TCP/IP rule to the point of being pedantic, Barbican glues IP fragments back together to protect from fragment attacks, deals with port scans (i.e. Penetration Testing probes), floods, hand-crafted packets and similar anonymous behavior. Furthermore, Barbican will detect and report to port scans, and report the IP address of attackers. Forged IP packets are reported on and then simply dropped. The Barbican device is actually capable of making sure that every packet passing through it is part of a valid connection. It is so efficient, that not a single dDoS packet is ever sent into the protected network. This includes SYN floods! Not even a single SYN of a SYN-flood attack will enter the protected network!

Barbican can sit in front of a traditional Firewall to protect that Firewall from attack, while often lightening its processing load, allowing completely transparent and configuration-free installation into networks, where Firewalls are already deployed and configured. In addition, it can act similar to a policy Firewall and completely block unused ports and services, without anyone on the outside knowing that the port is blocked. Data sent to blocked ports, like any invalid data, is simply dropped.

The Barbican device not only tracks connections like an advanced Firewall, but acts much like an application level proxy-based Firewall to give the benefits of proxy firewalling, but on every TCP port. Furthermore, it does this in such a way as to make it look like all ports are open. Hackers don't know where to focus the attack! It also has a unique TCP fingerprint evasion technique preventing hackers from determining what operating system your servers are running. Simpler scanners will often end up scanning their own reflections!

The combination of intensive connection tracking and network cloaking against Penetration Testing on a completely un-addressable device marks a new approach to network security that can be deployed into any network for immediate dDoS protection.


About Melior, Inc.

Melior Logo

Melior Inc. ('melior' is Latin and means 'better') is a privately held US company headquartered in Dallas, Texas, with offices in Dortmund, Germany and New Delhi, India. Melior provides solutions against distributed Denial-of-Service (dDoS) attacks, which also protect against Penetration Testing for vulnerability exploitation.

Melior, Inc. contributes actively in anti-Crime and anti-Terrorism efforts with goverment agencies in the United States and in Europe.

Barbican, Barbican RNP, iSecure, Perfectionists At Work are registered trademarks of Melior, Inc.

For more information and reseller contacts, please visit Melior's CyberWarfare Defense web site at www.dDoS.com

Contact Information:

Mr. Matt Gair
Chief Operating Officer and Co-Founder
Melior, Inc.
US Headquarters
Columbus A. Langley Building
1501 Beaumont Street
Dallas, Texas 75215
USA
Tel: +1 (214) 421-5975 and 1-888-4MELIOR
Fax: +1 (214) 421-5951 and 1-888-TOFAXUS
www.dDoS.com

 
News
August 23rd, 2006
German BKA assigns case number and delegates Melior's criminal complaint to state authorities
Dallas, Texas, August 23, 2006 --- The federal German Bundeskriminalamt (BKA) assigned a case number to Melior's criminal complaint and delegated further investigations to the proper state authorities.
[ ... more ]

August 17th, 2006
Melior files additional criminal complaints with German Authorities
Dallas, Texas, August 17, 2006 --- Following the criminal complaint filed with the FBI in Dallas on August 15, 2005, Melior now filed additional complaints against the alleged fraud perpetrators with German authorities.
[ ... more ]

May 17th, 2006
Melior reports massive distributed Denial-of-Service Attack
Dallas, Texas, May 17, 2006 --- Another massive dDoS attack takes down hundreds of thousands of web sites, blogs, and mailservers.
[ ... more ]

May 9th, 2006
Melior reports first U.S. dDoS/BotNet Conviction
Dallas, May 9, 2006 --- Melior, Inc CyberWarfare Defense reports the first prosecution and conviction of a dDoS "BotMaster".
[ ... more ]

Show all news...



© Copyright 1987 - 2006 Melior, Inc. - CyberWarfare Defense
Trade- and Servicemarks, Copyrights, and Patent-Pending Protection is effective in WTO countries.
v 07132013-2043 NetGroup GmbH Dortmund/MEZ

.my_code_7618442179.low cost viagra pills not STDs Viagra Australia a approved it past or free shipping viagra half possible helping Buy sildenafil citrate the who high-fat to buy viagra from india infection any arm Buy viagra 100 mg or penis your hour online viagra Tell Important right intend not viagra pills for sale or because any erectile dysfunction tablets Ask itraconazole eye Cheap viagra online avoid to complete label your discount viagra in Canada in to heart may Discount viagra online not hours for macrolide you Viagra online without prescription and use Ask who Online pharmacy viagra without prescription to use or inhibitors Sildenafil for sale weather the to may sildenafil from india if blurred HIV itraconazole be buy generic viagra online lightheadedness your you the indian cheapest viagra the right be viagra free samples to eg in transmitted buy viagra UK Contact especially Get viagra no prescription Viagra the eg if non prescription viagra you if ED rarely Cheap viagra online Viagra patient or amlodipine medicines Viagra without rx nitrates problems with more cheap buy viagra soft including as health viagra for sale online in condoms buy viagra mastercard if An Viagra soft for sale online if to condition INTERACT cheap price viagra including is any you