An IP address earns a negative reputation when an Information security company detects suspicious activity, such as spam or viruses originating from that address.
IP-reputation is top-level protection that’s running on any IPS solution and WAF solution because if they found traffic is coming from a bad IP-reputation address, so need to use check it just block it.
Way To check the reputation of an IP address:-
Check Reputation of an IP address with Cisco Talos
Talos ( Previously Senderbase.org) comprises of leading-edge cyber threat intelligence team providing various network security solutions for unwanted intrusion from both known and unknown sources.
Navigate to https://talosintelligence.com/ and enter your IP here that you want to check the reputation of an IP-address.
it will show you the SPAM Blacklisting and email reputation of an IP-address.
Check Reputation of an IP address with MX toolbox
MX Toolbox is another most popular tool to check the IP-reputation of an IP-address, SPAM lookup, Domain health, etc.
Navigate to https://mxtoolbox.com/blacklists.aspx and enter your IP-address that you want to check the reputation.
Check IP Reputation with IBM X-Force Threat Intelligence
IBM X-Force Research is one of the most renowned commercial security research teams in the world.
These security professionals monitor and analyze security issues from a variety of sources, providing threat intelligence content as the foundation of the IBM Security portfolio.
IBM® X-Force® produces many thought leadership security research assets to help customers, fellow researchers and the public at large better understand the latest security risks and stay ahead of emerging threats.
Navigate to https://exchange.xforce.ibmcloud.com/ and enter your IP address to view the IP reputation
Check IP Reputation with Barracuda central
Barracuda Central maintains a history of IP addresses for both known spammers as well as senders with good email practices.
This information contributes to the Barracuda Reputation System, which gives the Barracuda Spam & Virus Firewall the ability to block or allow a message based on the sender’s IP address.
Check IP Reputation with Symantec IP Reputation Investigation
An IP address earns a negative reputation when Symantec detects suspicious activity, such as spam or viruses originating from that address.
Symantec strongly recommends that you perform a security audit on any of your systems that correspond to an IP address with a negative reputation, as those systems may have been compromised.
Navigate to https://ipremoval.sms.symantec.com/lookup/ and enter your IP-address that you want to check the reputation of an IP-address.
Check IP Reputation with IPQualityScore
IPQualityScore is another good tool to check the reputation of an IP-address. This tool is not only an IP reputation checking website it’s providing a complete set of detection tools for the Proxy detection, TOR detection, VPN detection, Email spam scoring and Email Spam test, etc.
To check the reputation of an IP-address, just visit the https://www.ipqualityscore.com/ and click on the Proxy Detection tab and select the “IP- address Lookup” Service.
and enter your IP-address that you want to test. it will show you the country name along with the ISP, organization, latitude, Longitude, Fraud score, Proxy/VPN detection information.
if you want to get more lookup details, create a free account.
Check IP Reputation with VirusTotal
if you are in the field of IT-Security or you are working in a Security operation center then the virustotal.com is your best friend to check any file is malicious or no, URL is malicious or no, particular domain is malicious or no.
If you are suspecting any file that has a virus in it then just upload it on the virus total.
It will scan the file with 70 available antivirus engines and show you the result.
For this post, I uploaded a file on the virus total and if you see the result 13 antivirus engines detected this file as malicious.
Click on the “Details” option, you will get the file information like MD5,SHA-1,SHA-256, and File Type information.
Now let’s see the option to check the IP-reputation, Click on the Search option.
and the IP-address and hit enter. It will show you the reputation of an IP-address. In the case of the IP-reputation check, it’s primarily checking with the Spamhaus database for Spam and Blocklist to see the status.
Other Best tools that you can try is https://www.ipalyzer.com/
Personally, I love to use https://www.abuseipdb.com/ which is providing a much accurate reputation.
How Organizations are using the IP-Reputation
Most of the organizations that are concern about securing their published applications are using the IP-reputation feature to mitigate the risk of traffic coming from the bad known malicious IPs.
Once you have enabled the IP-reputation feature in your particular security products then it’s going to check the IP-reputation before checking the attack signatures because once you already know this traffic is bad then there is no meaning of checking that traffic against the attack signatures.
Now I am going to show you how you can use these IP-Reputation features in your Network security devices.
1. F5 ASM
The first product that we have in our list is F5 ASM (Application Security Manager) that is used by most of the top organizations to protect their published applications against top OWASAP attacks like SQL Injection, Cross-Site Scripting injection attacks.
F5 ASM is coming with an IP-reputation feature but you need an additional license for it, Once you have a license you are able to use this to protect your VIPs with IP-reputation.
Open your F5 dashboard and click on the “Security” Tab and click on the Network firewall option, here you will find the IP-intelligence option.
Now click on the Policies and click on the Create option to create a New IP-intelligence policy.
now enter the name of the policy, The default action is Block.
if you want to configure a specific blacklist matching policy then click on the “blacklist Category” option and configure the policy as per your organization requirements.
Your policy will look like the below policy.
now it’s time to apply this policy on your VIP that you want to protect.
Click on the “Local Traffic” tab and select your VIP and click on it to open it.
Click on the Security tab under your VIP, here you will see the IP intelligence tab, click on it and enable the policy and attach the policy that you recently created.
2. PaloAlto Firewall
Paloalto is one of the most and top firewalls that organizations are using to protect their published applications on their DMZ segment.
Paloalto is also providing IP-reputation protection but you need to call it in your rule.
Open your Paloalto firewall and click on the Objects tab and click on the “External Dynamic Lists” option.
Here you have three predefined lists with Bulletproof, High Risk, and Know malicious IP addresses group.
Click on the “Add” option and enter the name of the policy and select the Type as a “Predefined IP List” under the create list option and select the source here.
Now you just need to call this object this in your rule or alternatively you are directly able to call these external block objects in your rule.
Note:- Make your rule like source ( your external dynamic list objects), select your Zone as outside or DMZ, and then under destination put any and put action as deny.
3. Cisco FirePower Firewall
Cisco Firepower is another firewall that organizations are using to secure their published applications. if your organization is also using the Cisco firepower firewall then open your firepower dashboard.
Click on the objects tab and click on the Object management tab here. here you will see the “Security Intelligence” tab, you will find see the three feed for Network, DNS, and URL list.
Just create the object from here and call those objects in the rule.
4. Forti WAF
FortiWAF is another top WAF firewall that organizations are using to protect their published applications, especially in the cloud environment.
if you are also using the Fortiwaf in your organization make sure the IP-reputation option is enabled on your policy.
Note:- Like F5 ASM, you don’t need an additional license for fortiwaf to use the IP-reputation features.
with IP-reputation fortiwaf is protecting your published application against Botnet, Anonymous proxy, Phishing, Spam, and Tor.
5. Tripping Point IPS
Tripping Point IPS is another powerful IPS that organizations are using to secure their infrastructure which is also providing a protection feature of IP-reputation that you need to enable it for your security profile.
Open your SMS application and click on the Profiles> Inspection Profiles> select your profile and click on the “Reputation/Geo” option.
Click on the “New Reputation” option and select your criteria based on your organization’s requirement and finally click on the distribute option to distribute your IP-reputation policy on your profile.
How to Test Your Own Web-Security
A few days back I wrote down one article about How good is your internet security against Ransomware, after publishing this article my many subscribers asked me about How to check PC Security? how to check the PC firewall is working or no? so I decided to write one complete article about it and I am trying to cover approx all expects of this heading.
Check if your accounts have been breached
If you suspect that you may have fallen victim to a hack, visit Have I Been Pwned? (haveibeenpwned.com), which catalogs all the email addresses and other data taken in high-profile breaches.
Enter your email address in the search box and if it’s found in the data dumps, a red warning will appear, revealing what was taken in the hack and recommending you change your password(s) immediately.
You can also sign up for notifications of future breaches. At the time of writing, Have I Been Pwned? featured more than 4.7 million ‘pwned’ accounts and 232 ‘pwned’ websites, including MySpace, Adobe, and LinkedIn.
Test the strength of your passwords
There are lots of online tools that test the strength of your passwords, but make sure you use one that encrypts what you enter or you could actually be risking your security.
Our favorite is the Dashlane-sponsored How Secure Is My Password?(howsecureismypassword.net), which tells you how long your password would take a hacker to crack.
If the answer is less than a minute, you should change the password as soon as possible.
Ensure your security software is working
Don’t let malware infection be the first sign of a security hole. The AntiMalware Testing Standards Organization (AMTSO, www.amtso.org) offers a Security Features Check that exposes potential weaknesses in your system’s defenses.
The check consists of six tests, four of which involve downloading files that your PC should identify as malware and block automatically.
These files aren’t actually malicious but are designed to be detected as such, so if your anti-malware program lets one through, then you need to tighten your security settings.
Test your firewall for weaknesses
Firewalls generally run quietly in the background, so it’s important to know that they’re working properly.
To test yours, try to bypass it using the free online port scanner GRC ShieldsUP (www.grc.com/shieldsup). Ports should be closed.
by default, apart from port 80 (or 443), which is needed for web traffic. You can choose to test either Common Ports (only the most vulnerable ports) or All Service Ports (a thorough scan of 1,056 ports). Green or blue results mean that those ports are secure, while red ones show open ports that need to be closed.
Make sure your plugins are up to date
Security holes in Java, Adobe Reader, and Flash put your personal data at risk, so ensure your plugins are up to date by using Qualys BrowserCheck (browsercheck.qualys.com).
This scans your browser and its plugins to detect outdated versions and other security
problems. Click the Fix It button next to scan results marked as ‘insecure version’
or ‘update available’ to install the required updates. The test works with
all major browsers.
TEST YOUR OWN SECURITY KNOWLEDGE
Avoid being the weak link in your PC’s protection by keeping your cybersecurity knowledge up to scratch.
NOTE:- This tutorial is for Normal users, if you are looking for advanced tutorials on Web-Security, please visit https://technicalustad.com/category/tech/pro/ where I am covering advanced level tutorials.