Firewall Deep Inspection Signatures
Posted by Joe Rebis (Import) on 12 December 2007 05:23 PM
To accomplish this we are adding attack signatures to various Internet protocals (e.g. HTTP, FTP) which will trigger a blocking action when when an attack is detected. A blocking action will TEMPORARILY block ALL incoming requests from sending IP address t the EPhost Network. The block is released AUTOMATICALLY shortly after the attack stops. |
These signatures are designed to stop automated systems from "hammering" our network. However, it may be possible for you to trrigger blocking action accidentially, as some of our signatures are designed to enforce our Acceptable Use Policy. We test each signature without blocking first to ensure minmal impact to valid users and to reduce the possibility of users accidentially triggering a blocking action.
For instance, you may experience a block due to:
1) Use of a "common" password. Passwords should not be a dictionary word or name. Passwords should contain a unique set of numbers and letters and should be minimum of 5 digits long.
2) Mutiple failed attempts to login to a particular service (e.g. FTP, SQL...) over a short period of time. You should never attempt to login to any of our services more than 1 time per minute (with the exception of web mail).
3) Excessive use of 3rd party monitoring systems. Some customers may be using a 3rd party monitoring system to see if their website or a particular service is available. If monitoring system is too aggressive in performing these checks it may trigger a block. Never test more than onece per minute. We suggest a 5 minute testing time.
4) Attempts to "test" our security either manually or by a 3rd party testing system (e.g. PCI Compliance Test). We consider attempts to "test" our security as actual attacks which may result in your account being closed without warning. For instance, a PCI compliancy test is network intensive and disruptive. We encourage you to run such checks, but require advanced notice. Further, you are required to submit in writing the source testing IP so that we may allow the tests through our firewall. This is required for a PCI test anyway.
5) A virus/hack that has infected your local computer and is attempting to contact our network unknown to you. Certain viruses may attempt to make it's way on to the EPhost Network via your computer so they may spread.
6) Use of our services beyond standard RFC policies (Internet Standards).
If you experience a block and are unable to visit the EPhost Network:
1) Refrain from the accessing our network for 5 minutes and try your activity again.
2) Shut down and restart your computer to cease any background activity which may cause the block.
3) Please contact customer service by TELEPHONE if the block persists even after you stop accessing our network.
If you belive that our policies are affecting your normal use of our network-- we certainly WANT to know. Please open a support ticket so we may review and address the issue. You will need to specify the steps to reproduce the issue, your IP address (http://www.ephost.com/myip.cfm) and your reasons for requesting the polciy to be re-reviewed.
We hope that these new security measures will provide you with a safer environment to grow your business.