BitNinja Security Starting Point - A Short Educational Program
Here at BitNinja we think that cyber security should be simple. So, we’ve designed BitNinja to make your life easier. We’ve built features and capabilities that can greatly simplify your work.
Here is a short guide to our product with tips and helpful hints. These educational articles should help you properly utilise BitNinja's features to grow your company while having a clear understanding of how it works!
1. Network Attacks - What are they and how can you filter them with BitNinja?
2. Malware Detection - Set up, schedule, catch and quarantine with BitNinja
3. WAF- Managing patterns and testing the BitNinja WAF
4. IP filtering - Blacklists, whitelists, greylists and the BitNinja logic
In this article you will get to know more about:
Our IP reputation system relies on a huge set of IP addresses. On average, BitNinja has around 1,300,000 actively greylisted or blacklisted IP addresses, In addition, BitNinja has historical information about 100,000,000 IP addresses.
So, we know A LOT.
Anyway, here are the basics:
📌 Good to know: There are domains whitelisted by default like Google crawlers, Yandex and Bing bots etc. You can find the complete list here.
Now, what are the pros and cons of whitelisting, blacklisting and greylisting?
With our Unified approach, if one of your machines gets attacked by a bad actor, all of your other machines will receive the necessary information and will gain protection against the attacker in a matter of seconds. This way, we can reduce the load by not wasting precious resources on malicious traffic.
It's super simple. Just type or paste the IP address on admin.bitninja.io on the top and click "SEARCH IP ADDRESS". You can search for server hostnames and domains across your servers the same way by clicking on the down arrow.
After searching you will be redirected to our report page. Here you can see the details on the IP such as:
Whenever you believe an IP address is on the greylist, whitelist, blacklist search for the IP address on the top search bar.
In the results, you can see additional information such as when the first incident occurred, and what exactly happened. And of course, you can take action by delisting the IP from the graylist, blacklist or whitelist.
Blacklisting/whitelisting normally happens in the firewall area. You can pretty much block/allow an entire country, ASN or just a simple IP address if you wish. This can be done to a specific server or even for a limited time.
📌 You can find the technical details and customizations here: Documentation - IP Filter