Visibility Security
VISIBILITY
Logically one would think that a JNIOR connected to the Internet would be safe
as no one would know that it is there. However there are 100s of thousands of
systems out there searching random IP addresses for responses. In fact we see
several packets arriving from various sources every minute. Each of those
attempting to make connections on every possible TCP/IP port. You are not safe
even if you set custom ports for accessing your JNIOR.
In fact, knowledge of the presence of computers on the Internet is a valuable
asset. As a result systems search for computers or devices using various
techniques but only to identify that the IP address is possibly available to
be explored more thoroughly. We see connections made and then immediately
dropped without exploitation. We suspect that the IP address is then added to
a list and that list later sold to the highest bidder. The list is then fed
to some malicious program that spends time not searching for prey but in
working to own it.
For a long time
PING was the preferred method to confirm that a computer resided
at an IP address. The security industry has been recommending that you disable
PING for this reason. You can disable it on JNIOR by setting
IpConfig/PingReply
to "disabled".
As a result the searches use a different approach and attempt connections to
random ports at a target IP address hoping to get some response. One response
might be the acceptance of the connection request but more typically they might
receive a "Port Unreachable" ICMP message. JANOS does not provide the ICMP
response for this security reason but it does by default handle PING requests.
We recommend that PING be disabled on any JNIOR connected to the Internet. This
works in combination with
Greylisting to mask the presence of your automation
from the bad actors. Both are valid means of defense against unwanted cyber
activity.
[/flash/manpages/manpages.hlp:1945]