BitNinja Security Starting Point - A Short Educational Program

Here at BitNinja we think that cyber security should be simple. So, we’ve designed BitNinja to make your life easier. We’ve built features and capabilities that can greatly simplify your work.

Here is a short guide to our product with tips and helpful hints. These educational articles should help you properly utilise BitNinja's features to grow your company while having a clear understanding of how it works!

1. Network Attacks - What are they and how can you filter them with BitNinja?
2. Malware Detection - Set up, schedule, catch and quarantine with BitNinja
3. WAF- Managing patterns and testing the BitNinja WAF
4. IP filtering - Blacklists, whitelists, greylists and the BitNinja logic

In this article you will get to know more about:

1. What are blacklists, whitelists and greylists?
2. How to search in the IP Reputation Database?
3. How to delist an IP?
4. How to blacklist/whitelist?

What are blacklists, whitelists and greylists?

Our IP reputation system relies on a huge set of IP addresses. On average, BitNinja has around 1,300,000 actively greylisted or blacklisted IP addresses, In addition, BitNinja has historical information about 100,000,000 IP addresses. 

So, we know A LOT.

Anyway, here are the basics:

• Blacklisted IPs in our database will be unable to reach any server that runs BitNinja.
• The whitelist works similarly to the blacklist, anything on the whitelist will bypass BitNinja. As an example, Google's servers are globally whitelisted so they can reach any server.
• Greylisted IPs will be challenged by our CAPTCHA to inform the user regarding the block to the domain/website and give the opportunity to remove himself from the greylist.

📌 Good to know: There are domains whitelisted by default like Google crawlers, Yandex and Bing bots etc. You can find the complete list here.

Now, what are the pros and cons of whitelisting, blacklisting and greylisting?

• Whitelisting allows an IP to bypass BitNinja and give easier remote access, however, it is a security vulnerability and can be problematic for dynamic IPs. 
• Blacklisting an IP address can give you better security against known threats. Maintaining it though might be a pain. 
• Greylisting IP protects your server from known threats, while still giving the owner of the IP a chance to flexibly delist his IP address.

With our Unified approach, if one of your machines gets attacked by a bad actor, all of your other machines will receive the necessary information and will gain protection against the attacker in a matter of seconds. This way, we can reduce the load by not wasting precious resources on malicious traffic.

How to search in the IP Reputation Database?

It's super simple. Just type or paste the IP address on admin.bitninja.io on the top and click "SEARCH IP ADDRESS". You can search for server hostnames and domains across your servers the same way by clicking on the down arrow.

After searching you will be redirected to our report page. Here you can see the details on the IP such as:

• Global greylist status
• Greylist by user
• Number of incidents
• Country
• Detailed information on historical attacks

How to delist an IP?

Whenever you believe an IP address is on the greylist, whitelist, blacklist search for the IP address on the top search bar.

In the results, you can see additional information such as when the first incident occurred, and what exactly happened. And of course, you can take action by delisting the IP from the graylist, blacklist or whitelist.

How to blacklist/whitelist?

Blacklisting/whitelisting normally happens in the firewall area. You can pretty much block/allow an entire country, ASN or just a simple IP address if you wish. This can be done to a specific server or even for a limited time.

📌 You can find the technical details and customizations here: Documentation - IP Filter