Monday, October 06, 2014

How To Foil Chinese Hackers

I saw the news article today where FBI director James Comey drew an analogy between Chinese hackers and drunken thieves.  If only there were a way to totally insulate one's self from attacks which emanate in hostile foreign countries.  </sarcasm>

If you have custody over a network with internet accessibility and don't have Country Blocking capabilities, get a new firewall that has this feature.  Sophos' UTM appliance is a good example.

Additional diligence by network administrators - especially when there is no legitimate opportunity or use case requiring access to or from China as an example - could render much of the discussion about Chinese hackers moot.

Looking at websites like Norse that do data visualization for internet attacks on an awesome, 21st century version of the "War Games" big map (see http://map.norsecorp.com), show that the U.S. is under constant attack from foreign countries.  Most attacks originate from predictable sources.  Blocking any and all communication to or from those countries with prejudice is pretty effective, and if we're honest, has very little downside to a vast majority of private network operators.

For our part, we have blocked incoming access from just about every country where we have no business interests (most of them), as well as outgoing access to many of those countries.  This limits the attack surface for compromising machines, and limits the ability of any compromised machine to communicate with whomever is controlling it if they're offshore.

In the movies, doing many hops between controlled systems to hide your tracks is made to look extremely simple - in reality, very few people have the time or inclination to pull this off.  They're usually looking for targets of opportunity - don't give them any, and they'll move along.

No comments: