Skip to main content
All CollectionsProduct InfoSecurity
External Traffic Detection
External Traffic Detection
A
Written by Alex Patnick
Updated this week

This feature enables the detection, analysis, and alert generation for external traffic (North-South). This can significantly improve your overall security posture. Faddom can give you a view of all servers with external connectivity (whether incoming or outgoing), along with the ability to set up allowed traffic policies and blacklisted countries both of which you will get Notifications and Alerts.

For this feature to work, you need to first enable external traffic for the relevant subnet(s) by following our guide How to Amend Subnets Discovery.

Traffic Policies for External Servers

You can define and manage policies for your detected external traffic to tell Faddom what is allowed providing you more control over your attack surface. In conjunction with the blacklist this provides you with a granular way to setup rules on your network to understand the external traffic.

  • You can set an allowed policy based on detected connections, or from scratch. By setting a policy, you can be notified of any abnormal or potentially harmful activity.

  • Policies can be set separately for either incoming or outgoing traffic.
    ​
    ​

To set this up you need to do the following

  1. Go to Settings > External Traffic Policy

  2. Click on Apply Current As Policy to automatically set the current detected traffic as allowed. Only traffic not matching this rule for Inbound or Outbound will be notified on

  3. Click on Add New Rule to manually add an allowed connection

  4. If you want to remove or edit an existing policy, click on the Edit icon, and you will see the policy settings. Here you can amend the rule to match your requirements.

Setting Up Blacklisted Countries

  1. To set up the blacklist of countries you wish to see, you go to Settings > External Traffic

  2. You can select the countries by searching or scrolling and selecting the tick box. You can also collapse the continent grouping. As you select them they appear at the top and you can remove the country by clicking the X

  3. Click Save

Updating the Public IPs

Faddom maintains a database to map public IP addresses to their respective countries. You can update this database under Settings -> External Traffic. There are options to update this database online or offline depending on whether you have internet access.
​

External Traffic Dashboard

On the main dashboard of Faddom, it will show you how many servers you are receiving external traffic for. The number is clickable and will take you to the External Traffic dashboard. You can also access it by selecting Secure > External Traffic. In this screen, you will see the servers listed along with the ports and countries of each connection.

You will see an alert for traffic that violates the Traffic Policies, and by clicking on the

If the blacklist has been set up, any countries that have been added to the blacklist will appear at the top with a pink background.

You can also see the results of what Faddom is found by navigating to the Security tab from the Server Properties

  1. Click on a server from a map, search, or click on the properties icon - from any list view

  2. In the properties panel, click Security in the bottom right

  3. This will take you to the Server Security Dashboard where you can see all the security information on a server including any external traffic.

Did this answer your question?