Part of a defense in depth strategy for cyber security is having the hostile attacker deal with multiple obstacles before reaching the his objective. You can thwart many script kiddies with a just a couple layers. However, a determined attacker, won’t stop after encountering your firewall and anti-virus. Do yourself a favor and add another layer of defense with blacklists added to your security devices.
Use the IP address blacklists as additions to your firewall deny lists. Add the URL and domain blacklists to your content filters. If you don’t employ the use of content filters, then you can have the same effect with a simple hosts file hack (for free). By adding the hostile domains on the blacklist to your hosts file (or a local DNS server if you have one) and then most importantly setting the IP addresses of each one to localhost (or a bogus IP), you will stop any attempt to reach those domains. Also, if you are utilizing a Snort IDS as one of your layers, the rules have been provided to copy and paste.
- Malware domains blacklist
- Malware IP address blacklist
- Snort rules for malware domains
- Snort rules for malware IP addresses
- Snort rules for malware URLs
Special Thanks to OptivMSS for providing these blacklists.