Grizzly Steppe - TA18-106A - Filter incoming protocols

Firewalling
Log in to reply
  • J

    I was reading through the information in Alert (TA18-106A) https://www.us-cert.gov/ncas/alerts/TA18-106A Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices, aka Grizzly Steppe from US CERT. Near the bottom of that document it lists commands that may be used from the Internet to gather information. I am sure it is only the tip of the iceberg for the number of possibilities that are capable.

    What technology in a Firewall will inspect the Allowed incoming data stream and block these keywords? Would this be what Suricata and Snort are used for? Or is there a lighter weight alternative?

    So as I envision it. I have created a firewall, and set up rules to allow traffic, but now as the traffic is passed through if there are certain parts of the protocol that I don't want to transmit to the internal system the system will inspect, classify and block or filter.

    Perhaps a proxy is what I am looking for?

    Thanks!

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy