Friday, May 20, 2016

Ransomeware Firewall Lockdown causing Destruction of UDP VoIP Packets

Due to Ransomeware, we've been very tight with our clients security processes, reviewing and tightening security processes for each client.

Our clients have been very accommodating with us when asked to upgrade their existing firewalls, if they don't have a SonicWall or business class firewall.

Over the last few weeks we have been reviewing many directives and white papers based on  this nasty malware, learning and blocking where we can without affecting out clients productivity.

Did you know you have a bit of time before the full program is installed and starts encrypting the specific files before it goes after network shares. It does try to distract you. Move fast and stay alert. Educate your users. Tell them to pull the ethernet cord out of their computer or press and hold that power button down. Education goes a long way in ransomeware protection.

Well, in the process we have blocked the following:

  • Sites
  • IP Ranges
  • Our Sonics have the following turned on with specific settings in each:
  • Gateway Anti-Virus 
  • Gateway Anti-Spyware
  • Content Filter
  • App Control

It is in APP Control > Advanced where Sonicwall requests that two services be blocked.

Category: PROXY-ACCESS   APPLICATION: Tor
Category: PROXY-ACCESS   APPLICATION: Encrypted Key Exchange

It is in the Encrypted Key Exchange where the client uses VoIP that the UDP packets get truly mangled.

We have a SonicWll TZ 500. The power of the TZ500's 1000Ghz Quad Core CPU  does nothing to improve the pulsating sound of your VoIP quality.


The only way we could resolve the issue is turning off Encrypted Key Exchange.

We also had an issue with a medical office where Encrypted Key Exchange was also not allowing a specific pop up in an app on Wifi only, not to show. Talk about troubleshooting and isolating an issue. But...once we turned off Encrypted Key Exchange the pop up worked in the medical offices application.

There is a fine line between protection and productivity. As the malware develops and more directives are released from our security vendors we will be testing and rolling out security updates for our clients to guard against this vicious form of malware.



1 comment:

jaqulin said...

People want to secure with medical office IT which has gain a lot of attention now a days. I have also got help from them and their service is too damn good. Hope they will continue with their quality in the future too.