• Welcome to Demakis Technologies! We are waiting to help you!

Monthly Archives: October 2021

Great Firewall of China

Understanding the Great Firewall of China

Today, we’re going to talk about the Great Firewall of China (GWF). 

You will learn:

  • What is the Great Firewall of China?
  • How does it work?
  • How it impacts people, business, technology, and the world

So if you want to understand the world’s most sophisticated censorship system, then you’ll enjoy this.

Let’s start. 

What Is the Great Firewall of China?

The Great Firewall of China is a popular term for mainland China’s internet censorship system. Both legislative actions and enforcement technologies are used to regulate and control the country’s internet. 

The Great Firewall blocks foreign websites, apps, social media, VPNs, emails, instant messages, and other online resources considered inappropriate or offensive by authorities. 

china firewall

How Does the Great Firewall Block Content and Access?

China controls the Internet gateways where traffic travels between China and the rest of the Internet. Using a combination of firewalls and proxy servers at these gateways, they can manipulate internet traffic. 

There are several sophisticated ways the Great Firewall blocks content and access to various foreign websites. 

Check them out. 

DNS Poisoning

DNS (Domain Name System) is the technology that links domain names and routes them to the right IP address location. One part of the Chinese Firewall is made of liar DNS servers and DNS hijackers returning incorrect IP addresses. 

For example, if you want to visit Facebook’s website, your computer contacts its DNS servers and asks for the IP address associated with the website. China “poisons” its DNS caches with wrong addresses for websites like Facebook on purpose, making them inaccessible.

Blocking Access to IPs

China’s Great Firewall can also block access to certain IP addresses. Equipped with a blacklist of undesirable IP addresses, routers automatically drop all packets destined to blocked IPs (network black-holing). For instance, this could include the address of a sensitive site like the New York Times, or of a public DNS resolver like Google’s.

Analyzing and Filtering URLs

The GWF of China is made of transparent proxies. These proxies can scan URLs and block connections if they contain sensitive keywords.

According to Harvard Law School research results (2003), when searching for, for example, dissident/democracy sites, of the top 100 sites Google returned, 40 were blocked for a “democracy china” search, while 37 “dissident china” sites were blocked, 32 were

blocked for “freedom china,” and 30 for “justice china.

Inspecting and Filtering Packets

Deep packet inspection (DPI) is a content inspection method that can be used to examine unencrypted packets, looking for sensitive material. DPI uses components from an Intrusion Detection System (IDS).

Filtering routers pass copies of passing traffic to out-of-band devices based on IDS technology. The packets continue on their path freely while IDS technology inspects the copies. The point is to determine whether the content of the packets matches the Chinese government’s blacklist of keywords. 

great firewall

Resetting Connections

After blocking the packets with sensitive content, the Great Firewall will block the connection between both computers for some time. How? By sending a “reset packet” 一practically by lying to both computers that the connection was reset so they can’t talk to each other. 

Blocking VPNs

In late 2012, the GFW of China started trying to block VPNs. VPNs were previously used to bypass the Great Wall. In the same year, companies providing VPN services claimed the Great Firewall of China became able to learn and identify what encrypted VPN traffic looks like and then kills VPN connections. 

The Impact of the GFW of China

It’s no surprise that China has the largest number of Internet users 一 989 million by far. 

The majority of these citizens take no steps to penetrate the Great Firewall. 

With this number of people strictly controlled online, you can only imagine the huge impact of the GFW of China.

Let’s see how this impact reflects. 

#1 Social and Political Impact 

The Chinese government sees censorship as a way to maintain social cohesion by maintaining it as a unified national ideology for as long as possible. 

By keeping Chinese citizens in the dark about other ideologies different from Communism, citizens are less likely to revolt because they are not enticed with alternatives. 

#2 Economic Impact

By blocking international internet companies, the Great Firewall protects domestic industries and companies that may have been too weak to compete with US counterparts. 

That’s how China has grown its own internet giants, such as Tencent, Alibaba, Baidu, etc. 

China is predicted to become the world’s biggest economy by gross domestic product in the next 10 years. 

#3 Impact on Creativity

With no easy access to the ideas of the West, it’s likely that this kind of cultural isolation affects creatives in a big way.

Not only that 一 slow VPNs also cause big headaches for writers, designers, and creatives. 

Understanding the Great Firewall of China

The Takeaway for Your Business

For overseas companies whose core business is not directly affected by the Great Firewall, the effects on productivity and day-to-day operations should be considered. 

Many companies either set up their own corporate VPNs for internal use or subscribe to a corporate VPN package for their China offices, regardless of their industry.

Want to know more?

The Great Firewall of China is generally considered the largest, most extensive, and most advanced cybersecurity system in the world. 

If you want to learn more on the cybersecurity topic, please follow Demakis Technologies and continue reading about it on our blog.

malicious activity

Detecting Suspicious and Malicious Activity on Your Network

In this post, we will explain how you can detect suspicious and malicious activities on your network.

We’ll not only address what threatens your network security, but also what tools you can use to detect these threats before they harm your system, data, or other valuable assets.

So if you want to learn how to protect your network and detect suspicious activities that endanger its security, you’ll enjoy this article. 

Let’s begin!

What Constitutes Malicious Activity on Your Network?

Malicious network activity can include different behaviors that involve unusual access patterns, file and database changes, or any other suspicious activity that could indicate a data breach or an attack.

Detecting malicious activity on time helps you identify the source of the breach and its nature so you could fix it as soon as possible.

malicious network activity

How Does Malicious Traffic Threaten Your Network?

When a malicious HTTP request enters your command and control servers, your network devices can become part of the attacker’s botnets.

Cybercriminals who manage to compromise your network security are able to see how many computers your organization has. They can also issue commands and launch more malicious actions to perform ransomware attacks or data theft.

How Can You Detect Suspicious Network Activity?

Malicious traffic detection tools provide constant monitoring of network traffic for signs of suspicious files, links, or actions. 

In order to identify malicious internet activity, the tools check whether the suspicious item is coming from a bad URL or C2 channels.

The tools verify suspicious links against security data collected from millions of devices worldwide and that is how they offer protection against known and unknown threats.

Network Security Tools

There are a variety of tools designed to detect malicious network activity. 

You can use these systems to enforce a variety of security measures to protect your networks from potential threats.

In this part of the article, we’ll explain some of them, and what they can do for your network security.

IDS (Intrusion Detection System)

The Intrusion Detection System is the pioneer in the category of security network management. 

An IDS keeps track of the system’s vulnerabilities and analyzes network activities to spot patterns and signs of known threats.

IDS alerts the IT staff about malicious network traffic, it does not take action to prevent it.

detecting malicious activity

There are two main categories of IDS:

  • NIDS (Network Intrusion Detection System) handles a whole subnet at the network level.
  • HIDS (Host Intrusion Detection System) takes care of a single host system.

IPS (Intrusion Prevention System)

IPS is considered an expanded version of the IDS.

Their functions and capabilities are similar, but there is one important difference – IPS can take action to prevent cyber attacks by blocking suspicious network activity.

IPS can also be referred to as IDPS which stands for Intrusion Detection Prevention System.

DLP (Data Loss Prevention)

Since sensitive data, such as credit card numbers, secret corporate information, or intellectual property information is the most common target of cyberattacks.

DLP specifically handles data protection. It makes sure that confidential information does not get compromised.

DLP is able to enforce data handling policies and to automatically detect information such as credit card numbers based on their format and alert the teams to prevent unauthorized disclosures.

SIEM (Security Incident and Event Management)

SIEM tools help organizations manage all the data and signals, and correlate potential threat information in a single centralized view of the network infrastructure.

Although SIEMs can offer different features, most of them control network activity to spot security incidents in real-time. These systems also notify IT departments so they can take proper action on time.

NBAD (Network Behavior Anomaly Detection)

Simply monitoring and looking for an activity that falls out of the ordinary is another way to spot suspicious network traffic.

NBAD systems first establish what regular and normal behavior on a given network looks like. Then they monitor all traffic and activity in real-time to identify any malicious internet activity.

Since anomaly detection monitors unusual activity instead of waiting for signs of specific threats, it can help identify zero-day attacks which are normally not easy to spot.

network security management

Take Action for Effective Cybersecurity

Each of the malicious traffic detection tools comes with its advantages and disadvantages. 

The effectiveness of network security management depends on how well the tools were implemented, and how ready your team is to take action in case of a security breach.

Proper network security requires experienced cybersecurity professionals that can help you manage the output of security tools and take immediate action to prevent dangerous attacks.

If you’re concerned about your network security, reach out to our cybersecurity experts at Demakis Technologies and get professional help.