Table of Contents
Advertisement
Example: Several lines can be deleted at the same time by selecting them with the Ctrl key held
down, then by clicking on Delete.
You can perform several actions in the profile:
Applying a model
Several templates allow configuring the profile of alarms by defining their action (Allow or Block)
and their level (Ignore, Minor or Major).
The templates LOW, MEDIUM and HIGH are distinguished essentially by the action of the
Protections alarms, such as alarms relating to peer-to-peer networks or instant messaging. By
default, Applications alarms allow traffic and Malware alarms block it.
The INTERNET template disables alarms that may hinder the typical use of the internet, usually
due to bad practices that are too common to be prohibited. An example of this is an alarm raised
when there is a URL containing non-ASCII characters.
By default, the profile (1) IPS_ 01 is based on the INTERNET template, since it is intended for
traffic with a source address that is part of a protected network (see Inspection profiles). Other
profiles are configured based on the MEDIUM template that ensures a standard level of security.
Internet
Low
MEDIUM
HIGH
New alarms
Approve new alarms
Selection
There are some buttons that allow you to sort the alarms of the inspection profile. These alarms
fall under 3 categories: Applications, Protections and Malware. They can be selected by clicking
on either of the 3 buttons with the same name. The button All resets the selection.
Applications
Protection
Malware
Search
This field allows displaying only the alarm(s) containing the letter or word entered. Search results
appear instantaneously, in order to filter profiles and contexts more easily, without the need to
press "Enter".
Filter
This list contains several protocols and services covered by the alarms. You can sort them and
display only the alarms that belong to the following categories:
Page 42/448
This configuration is adapted to outgoing traffic. Most alarms are configured with the
action "Allow" when they do not pose a risk to the internal network.
The least critical alarms are configured with the action "Allow".
This template is a compromise between security and excessively strict blocking; it is
applied by default to incoming traffic.
Most alarms are set to "Block".
If this option is selected, all new alarms represented by the icon
This allows validating the action and alarm level set by default.
This type of alarm is raised when commonly used applications are used. Selecting this
makes it possible to prepare an application security policy.
These alarms are raised by the ASQ scan: they result from blocked known attacks and
the abnormal use of protocols as defined in the RFCs.
These alarms are based on the known signatures of malicious programs, recognized
by suspicious types of activity. The examination of hosts at the source of this alarm
category is recommended.
SNS - USER CONFIGURATION MANUAL V.3
sns-en-user_configuration_manual-v3 - Copyright © Stormshield 2016
APPLICATIONS AND PROTECTIONS
will be accepted.
- Quick Links:
- Administrator Management
Hide quick links:
Advertisement
Table of Contents
