1. Manuals
  2. Brands
  3. Authonet Manuals
  4. Gateway
  5. Cybersecurity A300
  6. Operation manual

Authonet Cybersecurity A300 Operation Manual

Zero trust network access
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
1

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the Cybersecurity A300 and is the answer not in the manual?

Questions and answers

Related Manuals for Authonet Cybersecurity A300

Summary of Contents for Authonet Cybersecurity A300

  • Page 2 (ZTNA) Cybersecurity Gateway Authonet ZTNA Gateway Cybersecurity Protection and Product Operation Manual This manual was prepared by Fire4 Systems (UK) Ltd for the Authonet ZTNA range of cybersecurity products Copyright © Fire4 Systems (UK) Ltd. 2023. All rights reserved Last revision: September 2023 If you have any questions or comments about the contents of this manual please send them to: info@authonet.com...

  • Page 3: Table Of Contents

     Prepare a Ransomware Attack Recovery Plan for the Business Data  Cyber Attack Risks Summary PART 2: Authonet ZTNA Gateway Installation and Operation ………….… 27  Introduction to Authonet Zero Trust Network Access Operation  Authonet ZTNA Gateway Functional Overview ...
  • Page 4  Performance Charts  Network Activity  Network Access Log  Reports PART 5: Configuring the Authonet ZTNA Gateway for Use ….………….… 64  Sending Email Alerts  Customizing the Login Page  Network Configuration  Set the Time Zone ...
  • Page 5  Cybersecurity Planning  Configuration Example to Block a Phishing Attack PART 9: Reset the Authonet Gateway to the Factory Default Setting ….. 126  Reset the A300 to the Factory Default Setting  Reset the A1000 to the Factory Default Setting PART 10: Authonet Product Support and Customer Assistance ………...

  • Page 6: Part 1: What Is Cybersecurity And Why Do We Need It

    Authonet Zero Trust Network Access (ZTNA) Gateway Manual PART 1: What is Cybersecurity and why do we need it? Copyright (c) Fire4 Systems (UK) Ltd, 2023. All rights reserved...

  • Page 7: All Businesses Are At Risk From Cyber Criminal Theft

    Authonet Zero Trust Network Access (ZTNA) Gateway Manual All Businesses are at Risk from Cyber Criminal Theft Businesses always have a risk of physical theft; criminals can break into the building and steal items or money. Businesses respond by putting locks on doors and windows, and installing CCTV with intruder alarms.
  • Page 8 Authonet Zero Trust Network Access (ZTNA) Gateway Manual  Rogue states that operate criminal activities to steal information, usually trade secrets, to copy products, and also theft of crypto currency and extortion to fund criminal activities. These states are known and many governments restrict or ban commerce with these states.
  • Page 9 Authonet Zero Trust Network Access (ZTNA) Gateway Manual  47% of 2022 ransomware attacks were to US businesses.  $570K was the average small business ransomware payment in 2021.  60% of executives believe the ransomware threat is exaggerated.  20% of small businesses have implemented multi-factor authentication.

  • Page 10: Methods Of Computer Network Attack Used By Cyber Criminals

    Authonet Zero Trust Network Access (ZTNA) Gateway Manual Methods of Computer Network Attack Used by Cyber Criminals There are two methods of cyber attack, an external threat, and an internal threat. An external cyber attack is an attempt by the cyber criminal to access the business network remotely, there are several channels.
  • Page 11 Authonet Zero Trust Network Access (ZTNA) Gateway Manual An internal attack is made when the cyber criminal is able to install software on a computer inside the business network, which gives the criminal remote access to that computer. This method permits the criminal to bypass the firewall and also...
  • Page 12 Authonet Zero Trust Network Access (ZTNA) Gateway Manual Phishing is the most frequently used method that criminals choose to launch a cyber attack for data theft or ransomware extortion and this method is successful 98% of the time. After installation, the Trojan virus gives the cyber criminal remote access to the computer and to all other computers and servers in the business network.
  • Page 13 Authonet Zero Trust Network Access (ZTNA) Gateway Manual  The cyber criminal programs the computer to get access to the data servers.  The user is not aware that the cyber criminal is using the computer in the background.  The cyber criminal encrypts the server data files with ransomware.

  • Page 14: Protecting Businesses From Cyber Criminal Attacks

    Authonet Zero Trust Network Access (ZTNA) Gateway Manual Protecting Businesses from Cyber Criminal Attacks There are two important actions that a business must take in order to reduce the probability of a cyber attack.  Employee training to recognize and alert a potential cyber attack. Most cyber criminals plan an attack through employees, with password theft or phishing.

  • Page 15: Technical Cybersecurity Upgrades For The Business Network Infrastructure

    Authonet Zero Trust Network Access (ZTNA) Gateway Manual identified the clock is counting until the criminal installs ransomware, so it is necessary to act quickly to remove the threat before it is too late. The cybersecurity awareness staff training should include the following subjects;...

  • Page 16: Install Anti-Virus On Each User Computer, Update Frequently

    Authonet Zero Trust Network Access (ZTNA) Gateway Manual 5) Allow users to access the network via the ZTNA gateway only with multi- factor authentication. At the minimum 2-factor authentication to ensure that only trusted people have network access. 6) Monitor network accesses at the end-point security and alert any attempted unauthorized access;...

  • Page 17: Frequently Update Software And Firmware Security Patches

    Authonet Zero Trust Network Access (ZTNA) Gateway Manual 2) Frequently Update Software and Firmware Security Patches All software and equipment vendors issue security patches when a security weakness has been found. Cyber criminals exploit the security weaknesses to attack the network. Some software vendors have automatic security patch updates;...

  • Page 18: Install A Firewall Between The Network And Internet

    Authonet Zero Trust Network Access (ZTNA) Gateway Manual 3) Install a Firewall Between the Network and Internet Reduce or eliminate the risk of an external attack to the network from the Internet by installing a firewall, many different firewall products are available. With no firewall installed the ISP router can be easily attacked because the cyber criminal identifies the router type and the vulnerabilities.
  • Page 19  Continuous monitoring of network activity can identify potential threats and provides the opportunity to take effective action quickly. Features of the Authonet Zero Trust gateway are listed below.  Authentication rules. o Verify the MAC of the device, connection allowed.

  • Page 20: Multi-Factor Authentication And 2-Factor Authentication

    List IP requests but not authenticated, check for intruder. o List failed authentication, send alert to admin. The details of the Authonet Zero Trust network access gateway that incorporates the network access rules is described in the next part of this manual.
  • Page 21 Authonet Zero Trust Network Access (ZTNA) Gateway Manual  The user opens a login screen and enters a password.  A one-time password (OTP) is obtained from the users personal phone, usually a 6-digit numerical code that is valid for a limited time.

  • Page 22: Monitor Network Access Locally And Via The Cloud

    Authonet Zero Trust Network Access (ZTNA) Gateway Manual 6) Monitor Network Access Locally and via the Cloud Network access is monitored using the Zero Trust security gateway that logs network access to provide a real time display.  Authenticated devices.

  • Page 23: Additional Points To Note For The Network Infrastructure Update

    Authonet Zero Trust Network Access (ZTNA) Gateway Manual Additional Points to Note for the Network Infrastructure Update There are some additional points to note when upgrading the network infrastructure. The first point is that any remote access to the network for staff outside the business must use virtual private network (VPN) security and must also be subject to 2-factor authentication.

  • Page 24: Prepare A Ransomware Attack Recovery Plan For The Business Data

    Authonet Zero Trust Network Access (ZTNA) Gateway Manual Prepare a Ransomware Attack Recovery Plan for the Business Data Even with the best cybersecurity precautions there remains a small probability of a successful ransomware attack, usually due to human error. All businesses should prepare and test a recovery plan that will restore business operations in a short time without paying the ransom demand.

  • Page 25: Cyber Attack Risks Summary

    Authonet Zero Trust Network Access (ZTNA) Gateway Manual Prepare and test a ransomware attack recovery plan with the following points.  Write an attack recovery procedure; plan a budget.  Backup business data daily or hourly to offsite storage.  Keep 1 to 3-months of backups for a recovery history.
  • Page 26 Authonet Zero Trust Network Access (ZTNA) Gateway Manual  Install Zero Trust network access (ZTNA) gateway to monitor network use; Authonet is an accessible product for smaller businesses.  Install 2-factor authentication, an essential deterrent.  A security expert should make regular checkups.

  • Page 27: Part 2: Authonet Ztna Gateway Installation And Operation

    Authonet Zero Trust Network Access (ZTNA) Gateway Manual PART 2: Authonet ZTNA Gateway Installation and Operation Copyright (c) Fire4 Systems (UK) Ltd, 2023. All rights reserved...

  • Page 28: Introduction To Authonet Zero Trust Network Access Operation

    Authonet Zero Trust Network Access (ZTNA) Gateway Manual Introduction to Authonet Zero Trust Network Access Operation The purpose of a firewall is to block any external attack to the business network. The purpose of a Zero Trust Network Access (ZTNA) gateway is to block internal attacks, such as.
  • Page 29 A diagram of the Authonet ZTNA gateway configuration features is shown in the next diagram. Access of any user or device to the network is blocked until the authentication process has been completed.

  • Page 30: Authonet Ztna Gateway Functional Overview

    Authonet ZTNA Gateway Functional Overview The purpose of the Authonet gateway is to protect the business network from a cyber attack, especially a password theft attack or a phishing attack. The Authonet ZTNA gateway has five principal functions: ...
  • Page 31  Impose pre-configured WAN public IP and domain name restrictions on each device and user. The block diagram shown below illustrates the internal operation of the Authonet ZTNA gateway. All rules are configured into the database using the administrator GUI. The administrator connects via a dedicated admin port (out of band). The admin port must not be connected to the LAN network.

  • Page 32: Installing The Authonet Ztna Gateway In A Business Network

    Authonet Zero Trust Network Access (ZTNA) Gateway Manual Installing the Authonet ZTNA Gateway in a Business Network The Authonet ZTNA gateway is installed in the network so that all user devices are connected to the gateway LAN ports, with the exception of LAN4, which is only for administrator use.
  • Page 33 Authonet Zero Trust Network Access (ZTNA) Gateway Manual When configuring the network infrastructure follow these rules.  The Authonet admin console is connected to the dedicated out-of-band port (LAN4), this port must not be connected to the network infrastructure.  All local users should be configured for 2FA or 3FA, a registered device...

  • Page 34: Authonet Ztna Products

    LAN4, other LAN and WAN ports do not have administrator access  The LAN4 port is dedicated for the administrator console and must not be connected to the user network.  The Authonet cloud service will be available for remote management and monitoring. LAN1...

  • Page 35: A300: Product Connections

    Authonet Zero Trust Network Access (ZTNA) Gateway Manual A300: Product Connections The Authonet A300 is designed to provide Zero Trust Network Access cybersecurity for smaller businesses. There is no limit to the number of devices and users that can be registered with the A300, however we recommend this product for a business with less than 15 staff members.

  • Page 36: A1000: Product Connections

    Authonet Zero Trust Network Access (ZTNA) Gateway Manual A1000: Product Connections The Authonet A1000 is designed to provide Zero Trust Network Access cybersecurity for smaller businesses. There is no limit to the number of devices and users that can be registered with the A1000, however we recommend this product for a business with less than 50 staff members.

  • Page 37: Part 3: Initial Product Configuration And Administrator Login

    Authonet Zero Trust Network Access (ZTNA) Gateway Manual PART 3: Initial Product Configuration and Administrator Login Copyright (c) Fire4 Systems (UK) Ltd, 2023. All rights reserved...

  • Page 38: Quick Start Guide

    Authonet Zero Trust Network Access (ZTNA) Gateway Manual Quick Start Guide Each Authonet product includes a quick start guide; this is shown in the figures below. The quick start guide has eight sections that will help the customer with the product initialization process. On completion this manual should be consulted to configure the product.
  • Page 39 LAN4 is connected to the administrator’s computer using an Ethernet cable.  Open a browser; open a new browser tab.  If the Authonet setup page does not open automatically then type the login page name: www.ulogin.com. The Authonet setup; page will open; the screen is shown in the next figure.
  • Page 40 LAN4 port. The administrator will require network down-time to configure all network devices and users during the installation of the Authonet ZTNA gateway before the users can connect to the network. The administrator will have configured 2FA for the users (recommended) and so each user will configure the mobile device 2FA code generator using the QR code provided by the administrator.
  • Page 41 Authonet Zero Trust Network Access (ZTNA) Gateway Manual The dashboard gives an overview of the computer network security.  Four reports.  System connection.  Network performance. The menu to select the configuration functions has 14 entries. The configuration functions are described on the following pages.
  • Page 42 Authonet Zero Trust Network Access (ZTNA) Gateway Manual The User Interface (UI) Configuration Parameters The graphic user interfaces is accessed upon login. The management functions are divided into three sections as shown in the figure. Status: Information about the network utilization and performance.
  • Page 43 The administrator will enter the credentials using the browser login box. Username: admin, password: entered during the initial setup If the password is forgotten or lost the Authonet ZTNA gateway will have to be reset to the factory default setting.
  • Page 44 Authonet Zero Trust Network Access (ZTNA) Gateway Manual Administrator Access to the Internet Administrators can request access to the Internet, however this action is not advisable as it is a security risk. See the warning later in this section. After login, the administrator has access to the configuration UI, however the administrator does not have access to the Internet.
  • Page 45 Authonet Zero Trust Network Access (ZTNA) Gateway Manual Next click on the three horizontal bars to the right of the workstation IP address. This opens a window that is shown in the next figure. Click the button “Log in as admin”...
  • Page 46 Authonet Zero Trust Network Access (ZTNA) Gateway Manual The next screen shows that the administrator computer has been moved to the section “Authenticated LAN devices” The administrator can configure the Authonet gateway and has full access to the Internet. WARNING Giving Internet access to the administrator's computer is a serious security risk.
  • Page 47 Authonet Zero Trust Network Access (ZTNA) Gateway Manual PART 4: Status and Reporting Copyright (c) Fire4 Systems (UK) Ltd, 2023. All rights reserved...
  • Page 48 If the administrator wishes to open a support ticket first get the serial number and current firmware version from this page to submit with the support ticket request. Note that the Authonet gateway is given a name, this name is used when sending out alert emails and communicating with the cloud.
  • Page 49 Authonet Zero Trust Network Access (ZTNA) Gateway Manual Four Information Bars on the Dashboard The dashboard has four colored information bars. Each bar opens a report page when clicked. The top left information bar is a shortcut to the activity page and shows both authenticated and connected devices.
  • Page 50 Authonet Zero Trust Network Access (ZTNA) Gateway Manual Clicking the question mark symbol displays additional information about the data being displayed. Copyright (c) Fire4 Systems (UK) Ltd, 2023. All rights reserved...
  • Page 51 Authonet Zero Trust Network Access (ZTNA) Gateway Manual The top right information bar is a shortcut to the authentication reports. Data statistics for authenticated devices and users is listed in the report. Copyright (c) Fire4 Systems (UK) Ltd, 2023. All rights reserved...
  • Page 52 Authonet Zero Trust Network Access (ZTNA) Gateway Manual Clicking the question mark symbol displays additional information about the data being displayed. Copyright (c) Fire4 Systems (UK) Ltd, 2023. All rights reserved...
  • Page 53 Authonet Zero Trust Network Access (ZTNA) Gateway Manual The bottom left information bar is a shortcut to the events log page. The last 10,000 events are displayed. Older events are deleted. The cloud service stores the event history up to 1 year.
  • Page 54 Authonet Zero Trust Network Access (ZTNA) Gateway Manual Clicking the question mark symbol displays additional information about the data being displayed. Copyright (c) Fire4 Systems (UK) Ltd, 2023. All rights reserved...
  • Page 55 Authonet Zero Trust Network Access (ZTNA) Gateway Manual The bottom right information bar is a shortcut to the authentication report page. Copyright (c) Fire4 Systems (UK) Ltd, 2023. All rights reserved...
  • Page 56 Authonet Zero Trust Network Access (ZTNA) Gateway Manual Clicking the question mark symbol displays additional information about the data being displayed. Copyright (c) Fire4 Systems (UK) Ltd, 2023. All rights reserved...
  • Page 57 LAN server. Verify that the gateway utilization is not constantly operating at the maximum. If this is the case then it is necessary to upgrade to an Authonet gateway with a higher throughput. Copyright (c) Fire4 Systems (UK) Ltd, 2023. All rights reserved...
  • Page 58  Authenticated LAN devices: devices and users that have been authenticated and have access to the LAN and to the Internet are listed.  All LAN devices: devices that are connected to the Authonet user LAN ports are listed; this list includes both recognized devices and unrecognized devices.
  • Page 59 Authonet Zero Trust Network Access (ZTNA) Gateway Manual The status of any devices listed in ‘authenticated LAN devices' can be changed. Click on the gear symbol shown to open a box with two status change options.  Log out device.
  • Page 60 When the 'add to devices' option is clicked the device is added to the device list. This feature provides a quick method of adding all network devices into the device list when the Authonet ZTNA gateway is first installed in the business network.
  • Page 61 Administrators and Network IT installers should follow this procedure to add devices during the Authonet ZTNA gateway installation and configuration process. Copyright (c) Fire4 Systems (UK) Ltd, 2023. All rights reserved...
  • Page 62 Authonet Zero Trust Network Access (ZTNA) Gateway Manual Network Access Log The log of events records each device access to the network with the action that was taken and a time stamp. The device log stores the last 10,000 records. The cloud log stores up to 1 year of records.
  • Page 63 Authonet Zero Trust Network Access (ZTNA) Gateway Manual Reports Reports show events that were selected for the log and reporting when a rule was created. The attempt to breat a rule might indicate an attempted intrusion. Copyright (c) Fire4 Systems (UK) Ltd, 2023. All rights reserved...
  • Page 64 Authonet Zero Trust Network Access (ZTNA) Gateway Manual PART 5: Configuring the Authonet ZTNA Gateway for Use Copyright (c) Fire4 Systems (UK) Ltd, 2023. All rights reserved...
  • Page 65 Authonet Zero Trust Network Access (ZTNA) Gateway Manual Sending Email Alerts Potential intrusion situations that require urgent attention can be notified to the administrator with an email alert. There are two situations that are of concern., unknown devices that connect to the LAN network, and user authentications that...
  • Page 66 Authonet Zero Trust Network Access (ZTNA) Gateway Manual Customizing the Login Page Any user device that connects to a user LAN port will obtain an IP address from the LAN network and when a new browser tab is opened the login page will be displayed by default.
  • Page 67 Authonet Zero Trust Network Access (ZTNA) Gateway Manual  Failed login attempts; if a number of login attempts (e.g. 3) has failed then the user must wait for the specified time before attempting a login again. An alert email to the administrator can be triggered by failed logins.
  • Page 68 Authonet Zero Trust Network Access (ZTNA) Gateway Manual Examples of customized login pages are shown in the following two figures. The business logo is displayed on the upper left of the screen. A customer can create a customized background image that incorporates the business logo plus additional information, such as instructions for use.
  • Page 69 Authonet Zero Trust Network Access (ZTNA) Gateway Manual Network Configuration The Authonet ZTNA gateway is a network bridge. DHCP requests from user computers connected to the Authonet gateway user LAN ports are forwarded to the network DHCP server that is usually the ISP network router. The ISP router will be configured for one of the private address ranges: ...
  • Page 70 Authonet Zero Trust Network Access (ZTNA) Gateway Manual Set the Time Zone The time zone has to be set for the region where the Authonet gateway is installed. The functioning of the one time password (OTP) phone app depends on the correct setting of the time zone, which must correspond to the time zone of the mobile phone.
  • Page 71 Authonet Zero Trust Network Access (ZTNA) Gateway Manual Upgrade Firmware Authonet frequently release firmware upgrades for the ZTNA gateway products. There is no charge for the firmware upgrades. Upon receiving and configuring an Authonet gateway the administrator should check the firmware upgrade page to verify the version of the installed firmware and the latest version that is currently available.
  • Page 72 Authonet Zero Trust Network Access (ZTNA) Gateway Manual Backup Settings When the administrator has completed the Authonet ZTNA gateway configuration a backup of the configuration must be saved on the administrator’s computer. The configuration file uses the JSON format. The backup can be full or partial.
  • Page 73 Adding Staff and Admins Several people in an organization or in an IT service provider can manage the Authonet ZTNA gateway. Administration has two roles, 'Admin' and 'Staff'. The admin role has access to all the features and can manage staff. The admin user can add staff and other admins and change anybody's password.
  • Page 74 Authonet Zero Trust Network Access (ZTNA) Gateway Manual A login can be added for each admin and staff member. The primary administrator is added during product setup, this is a requirement to begin using the product. Subsequently additional admins and staff can be added using the staff menu.
  • Page 75 Authonet Zero Trust Network Access (ZTNA) Gateway Manual When the lock symbol is clicked a password entry box is opened. Click the pen symbol on the right to auto-generate a password that meets the strength requirements. Click the update button to save the password.
  • Page 76 Authonet Zero Trust Network Access (ZTNA) Gateway Manual A staff member must login using the LAN4 connection, which is the admin connection. Open a browser and open a new tab. A login box will open. Enter the staff member username and the password generated for that staff member.
  • Page 77 Authonet Zero Trust Network Access (ZTNA) Gateway Manual Reboot Reboot can be initiated after a configuration change, although most configuration parameters do not require a reboot. Exceptions are the network change from DHCP to static and upon completion of a firmware upgrade.
  • Page 78 Authonet Zero Trust Network Access (ZTNA) Gateway Manual PART 6: Configuration for Devices, Users and Rules Copyright (c) Fire4 Systems (UK) Ltd, 2023. All rights reserved...
  • Page 79 Authonet Zero Trust Network Access (ZTNA) Gateway Manual Authentication and Rule Application The Authonet Zero Trust Network Access (ZTNA) gateway prevents any device or user accessing the business computer network until that user or device has been authenticated; this is the Zero Trust part of the functionality. The Network...
  • Page 80 Authonet Zero Trust Network Access (ZTNA) Gateway Manual A device may be connected to the network but the device credential may not have been registered during the configuration process. If not registered the network access will be blocked for the device and the device will be logged.
  • Page 81 Authonet Zero Trust Network Access (ZTNA) Gateway Manual Authentication Prioritization There are two types of network authentication.  As a device. o or  As a user. A computer can be logged in as a user or device, not both. A computer may at first be logged in as a device with device rules applied, but when a user logs in, only user rules and policies apply.
  • Page 82 Authonet Zero Trust Network Access (ZTNA) Gateway Manual The Rules Decision Process The device and user rules are applied in a sequence of four steps. If a device has a user then the rules set for the user have priority over the device rules. First individual rules are evaluated followed by the default rule.
  • Page 83 Until the Authonet ZTNA gateway has been configured, devices connected to the Authonet user LAN ports will not have access to the LAN network or Internet. If a browser tab is opened on a user computer then the login page will be displayed, however users have no login credentials until they have been configured.
  • Page 84 Authonet Zero Trust Network Access (ZTNA) Gateway Manual The administrator computer is connected to LAN4 and has no access to the local network or to the Internet until the administrator adds appropriate authorizations and rules for the device and administrator.
  • Page 85 Authonet Zero Trust Network Access (ZTNA) Gateway Manual The user menu page is shown in the next figure. The rules menu page is shown in the next figure. Copyright (c) Fire4 Systems (UK) Ltd, 2023. All rights reserved...
  • Page 86 Authonet Zero Trust Network Access (ZTNA) Gateway Manual Add Devices to the Device List All devices that are connected to the user network must be added to the device list. Any device not added to this list is blocked by default. Devices are added to the list by entering the MAC address and a description is added to identify the device.
  • Page 87 Authonet Zero Trust Network Access (ZTNA) Gateway Manual To simplify adding the MAC addresses to the device table, install the Authonet ZTNA gateway in the network with all devices connected. Then open the activity page and add each device to the device table as shown in the next figure.
  • Page 88 Authonet Zero Trust Network Access (ZTNA) Gateway Manual When rules are created using the rules page, one or more rules can be applied to each device in the list by adding the rules to the default rules box, with the corresponding rules policy of, allow, block or login.
  • Page 89 Authonet Zero Trust Network Access (ZTNA) Gateway Manual A default policy can apply to all devices in the list. Devices without a user, such as IoT devices will have the device rules and policies applied. Devices with users (computers, mobile devices) will have the user rules and policies take preference over device rules and policies.
  • Page 90 Authonet Zero Trust Network Access (ZTNA) Gateway Manual Add Users to the User List The administrator adds the names of user to the user list. The administrator creates a username, this might be the users first name, or the initial of the users first name followed by the surname.
  • Page 91 Authonet Zero Trust Network Access (ZTNA) Gateway Manual When the rules have been enabled (next section) the rules box is displayed to the right of each user entry. The rule names can be added to this box; where a comma separates each rule. There is no limit to the number of rules that can be added for each entry.
  • Page 92 Authonet Zero Trust Network Access (ZTNA) Gateway Manual The next step is to assign a password for the user. Click the lock symbol for each user. Click the pen symbol to the right of the password box to auto-generate a strong password.
  • Page 93 Authonet Zero Trust Network Access (ZTNA) Gateway Manual The next step is to generate the QR code for the optional one time password (OTP) for 2-factor authentication. The user has to install an OTP app on a personal mobile phone. There are many apps available, some free and some providers charge for the app, either a one- time charge or a monthly fee.
  • Page 94 Authonet Zero Trust Network Access (ZTNA) Gateway Manual The administrator clicks the QR code symbol for each user and a window will open with a QR code. The app such as FreeOTP is used to read the QR code to initialize the app.
  • Page 95 Authonet Zero Trust Network Access (ZTNA) Gateway Manual Some of the OTP apps available for mobile phones are listed in the next table. Google Authenticator Authy Microsoft Authenticator LastPass LastPass Authenticator FreeOTP TOTP Authenticator – 2FA Cloud andOTP - OTP Authenticator...
  • Page 96 Authonet Zero Trust Network Access (ZTNA) Gateway Manual When the administrator clicks the printer symbol for each user a box opens showing the password and OTP authentication code to print the welcome page. Using this box the password and OTP authentication code can be changed.
  • Page 97 Authonet Zero Trust Network Access (ZTNA) Gateway Manual The 2FA phone app will scan the authentication QR code. Subsequent access to the 2FA phone app will permit the 6-digit OTP code to be read and entered into the login page.
  • Page 98 Authonet Zero Trust Network Access (ZTNA) Gateway Manual Create Rules using the Rules List For some applications the simple rules available with the device and user list will be sufficient to protect the business network. For many applications however additional rules must be prepared to provide access control to parts of the local area network and also to the Internet.
  • Page 99 Authonet Zero Trust Network Access (ZTNA) Gateway Manual When the “show network rules” button is clicked the page shown below is displayed. The text on the page describes the rules. Network access rules Rules can be associated with a device (MAC address) or a user. Rules are applied at login.
  • Page 100 Authonet Zero Trust Network Access (ZTNA) Gateway Manual A rule provides an exception to the allow, block or login rules. Examples of rules are:  Allow access to specific local network IP addresses only or blocks of IP addresses.  Block access to specific local network IP addresses or blocks of IP addresses.
  • Page 101 Authonet Zero Trust Network Access (ZTNA) Gateway Manual A rule is added by clicking on the rule box, a box will open to enter the rule parameters.  IP address or domain name.  CIDR: Classless Inter-Domain Routing specifies the range of IP addresses in a block and is written as /number.
  • Page 102 Authonet Zero Trust Network Access (ZTNA) Gateway Manual Each rule is given a unique name and the name is added to the device or user list. Each rule has a type that specifies to allow network access, block network access or require a login, which redirects the user to the login page that requires a password and option OTP.
  • Page 103 Authonet Zero Trust Network Access (ZTNA) Gateway Manual An alert is selected for the rule; this can be none or log the rule access attempt. With log selected, any attempt to break the rule will be logged and alerted. The next figure shows the drop down alert menu. Example rules are also shown in the figure.

  • Page 104: Add Rules To The Device List

    Authonet Zero Trust Network Access (ZTNA) Gateway Manual Add Rules to the Device List After rules has been enabled and rules have been added to the list, open the device list and prepare the set the rule for each device. First select the policy for each device as shown in the next figure.
  • Page 105 Authonet Zero Trust Network Access (ZTNA) Gateway Manual When the choose rules box opens click on the down arrow in the rule box. A drop down list will open with a list of all the rules. Select the required rule from the list.
  • Page 106 Authonet Zero Trust Network Access (ZTNA) Gateway Manual The devices page also has the default policy and default rules list. This is applied to all devices pre login. When one rule has to be applied to all devices this is added to the default rules box as shown in the next figure.
  • Page 107 Authonet Zero Trust Network Access (ZTNA) Gateway Manual When the choose rules box is closed the selected rules are shown in the default rules box, as shown in the next figure. Rule order matters when multiple rules are added. A later rule might override the instruction of a previous rule.
  • Page 108 Authonet Zero Trust Network Access (ZTNA) Gateway Manual If the admin decides that an additional rule is necessary to achieve the access control objective then a new rule is created and added to the device or user. Each of the MAC addresses in the list has a policy (allow, block, login) and a list of rules.

  • Page 109: Add Rules To The User List

    Authonet Zero Trust Network Access (ZTNA) Gateway Manual Add Rules to the User List Next open the user list in preparation to add rules for each user. Click the first rule box corresponding to a user to open the choose rules box, then select the appropriate rule or rules for the user.
  • Page 110 Authonet Zero Trust Network Access (ZTNA) Gateway Manual When the user rules box is clicked, the choose rules box opens as shown in the next figure. Click the down arrow in the rule box to show the drop down list of rules that have been configured.

  • Page 111: Examples Of Rules And Their Implementation

    Authonet Zero Trust Network Access (ZTNA) Gateway Manual Examples of Rules and their Implementation Some examples of rules are presented in this section to provide guidance for admins who are creating rules for specific business requirements. RULE-1: Block access to the LAN but allow access to two servers at the IP's 192.168.10.122 and 192.168.10.44...
  • Page 112 Authonet Zero Trust Network Access (ZTNA) Gateway Manual RULE-3: allow access to the LAN but block a list of servers from IP's 192.168.10.64 to 192.168.100.72 This rule is not straightforward, and not a recommended network configuration starting from an IP address that is mid-block to another IP that is mid-block. It is necessary to use a subnet calculator to work out the subnets to block and create a rule for each one.

  • Page 113: Part 7: The Users View Of Ztna Management

    Authonet Zero Trust Network Access (ZTNA) Gateway Manual PART 7: The Users View of ZTNA Management Copyright (c) Fire4 Systems (UK) Ltd, 2023. All rights reserved...

  • Page 114: Staff Login Preparation

    Authonet Zero Trust Network Access (ZTNA) Gateway Manual Staff Login Preparation The administrator will add each member of staff to the user database. The administrator will then give each staff member a printed sheet like the one shown below, with the following information.
  • Page 115 Authonet Zero Trust Network Access (ZTNA) Gateway Manual The staff member must be instructed to store the login information in a safe place and not share with others. The security of the business information depends on each member of staff maintaining login information in a secure place. The information provided on the printed sheet must not be stored on the computer to protect the security of the information.
  • Page 116 Authonet Zero Trust Network Access (ZTNA) Gateway Manual Copyright (c) Fire4 Systems (UK) Ltd, 2023. All rights reserved...

  • Page 117: Staff Login Procedure

    Staff Login Procedure Assume that a member of staff is configured for login with 2FA. With the staff computer connected to the Authonet ZTNA gateway LAN network, the browser will show the login window when a new tab is opened. Alternatively the user can type the name of the login page, or set the login page as the browser home page.
  • Page 118 Authonet Zero Trust Network Access (ZTNA) Gateway Manual The user then has to use the personal phone to get the one time password (OTP).  Open FreeOTP.  Tap the icon with the username.  The OTP will be displayed, enter this code in the login page.
  • Page 119 Authonet Zero Trust Network Access (ZTNA) Gateway Manual After entry of the password the login page displays a box to enter the 6-digit OTP code. The code is typed into the box and then the login button is clicked. The OTP code entry is shown in the next figure.

  • Page 120: Part 8: Protection Against Password Theft And Phishing Attacks

    Authonet Zero Trust Network Access (ZTNA) Gateway Manual PART 8: Protection Against Password Theft and Phishing Attacks Copyright (c) Fire4 Systems (UK) Ltd, 2023. All rights reserved...

  • Page 121: Protecting A Businesses Against A Cyber Attack

    Password theft protection can be implemented using an end-point security product with 2-factor authentication. Implementation of 2-factor authentication using the Authonet ZTNA gateway is described in this manual. With 2-factor authentication, a password alone is not sufficient to access the network.

  • Page 122: Phishing Protection

    2-factor authentication for staff, customers and suppliers. The technology is economical and easy to implement with Authonet products. Cost is not a barrier to protecting a business from a cyber attack with 2-factor authentication.

  • Page 123: Cybersecurity Planning

    Authonet Zero Trust Network Access (ZTNA) Gateway Manual Internet access then a second computer is provided with the following characteristics.  The staff Internet computer has full access to the Internet, however all access to the local network is blocked. If a Trojan virus is installed on this computer the criminal has no access to the local network servers.

  • Page 124: Configuration Example To Block A Phishing Attack

    Authonet Zero Trust Network Access (ZTNA) Gateway Manual Configuration Example to Block a Phishing Attack Allow user access to specific Internet domains, block access to all other domains to prevent a phishing attack link installing a Trojan virus after it is clicked.

  • Page 125: Part 9: Reset The Authonet Gateway To The Factory Default Setting

    Authonet Zero Trust Network Access (ZTNA) Gateway Manual PART 9: Reset the Authonet Gateway to the Factory Default Setting Copyright (c) Fire4 Systems (UK) Ltd, 2023. All rights reserved...
  • Page 126 Authonet Zero Trust Network Access (ZTNA) Gateway Manual Reset the A300 Gateway to the Factory Default Setting The A300 gateway has a reset button to the left of the LAN1 port. Follow the steps listed below to reset the gateway to the factory default setting.
  • Page 127 Authonet Zero Trust Network Access (ZTNA) Gateway Manual Reset the A1000 Gateway to the Factory Default Setting The A1000 gateway does not have a reset button. To reset to the factory setting follow the configuration listed below: 1. Connect a computer to the WAN port of the gateway.

  • Page 128: Part 10: Authonet Product Support And Customer Assistance

    Authonet Zero Trust Network Access (ZTNA) Gateway Manual PART 10: Authonet Product Support and Customer Assistance Copyright (c) Fire4 Systems (UK) Ltd, 2023. All rights reserved...

  • Page 129: Authonet Product Support And Customer Assistance

    Authonet Zero Trust Network Access (ZTNA) Gateway Manual Authonet Product Support and Customer Assistance Authonet provides free on-line installer and customer technical support. Customers and installers should consult this manual and the training videos before contacting technical support. The technical support is available at the Authonet website.

  • Page 130: Authonet Cybersecurity And Product Training

    Authonet Cybersecurity and Product Training Authonet provides a series of training presentations in a video format for both customers and installers. There are 5-minute introductory videos and 30-minute training videos. The videos are hosted on Youtube and can be accessed through the Authonet website.

  • Page 131: Partner Cybersecurity Training

    Authonet Zero Trust Network Access (ZTNA) Gateway Manual Partner Cybersecurity Training Authonet has a partnership with Internet Technology Answers Inc to provide training services that are available in modules. All modules in a course can be accessed after the payment of one fee for the course. After purchase the training courses can be viewed multiple times.
  • Page 132 Authonet Zero Trust Network Access (ZTNA) Gateway Manual If you have questions that were not answered in this manual please contact our technical support team. Free support: https://authonet.com/support.html Copyright (c) Fire4 Systems (UK) Ltd, 2023. All rights reserved...
  • Page 133 Authonet Zero Trust Network Access (ZTNA) Gateway Manual Copyright (c) Fire4 Systems (UK) Ltd, 2023. All rights reserved...

This manual is also suitable for:

Cybersecurity a1000

Table of Contents