Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 1 subscriber
  • Views 4495 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firewall Policies - Applications

stauer

Good Morning,

i need your help.

First some facts:

- Company with 100 Clients

- Need only 1 Firewall Policy

- Mode: Block by default

I need to create a Policy.

I want to enable some Programms, which can be used by our employee.

But I don't know how?

Do I have to do this on the tab Checksums, where I can add new applications by Checksum?

 - But is this checksum for all programms like Firefox, or do I have to add for each PC a new checksum?

OR

Do I have to this on the tab Applications, where I can add new applications?

- Do I have to create a Rule for each Programm? Like - Application Firefox allows where the remote adress is 192.168.10.*

I dont know the difference between these two?

Please help me

(sorry for bad englisch, im german^^)

:2196


This thread was automatically locked due to age.
Parents
  • 0

    Hello stauer

    (wenn etwas nicht klar ist, senden Sie mir eine Private Message - und nicht vergessen: PM im Profil erlauben, sonst kann ich nicht antworten)

    The question is IMO about two distinct areas: Concepts and Configuration.

    Let's start with concepts:

    You don't have to use checksums, but you can. If you use checksums (and don't use interactive mode) an application is blocked when it's checksum can't be found in the list, otherwise the next step is the check for an application rule. See security implications of configuring applications or the German version Auswirkungen auf die Sicherheit bei der Konfiguration von Anwendungen. The articles contain links to articles for the other options.

    Do not forget that an application's checksum usually changes when it's updated. So if you have enabled automatic updates for Firefox (and you are not using interactive mode) it will be blocked after an update until you add the new checksum to your policy.

    Configuration:

    Basically you have three options (assuming you are using SEC9/SCF2.0)

    1) "Manual configuration" of the policy - you have to have a good knowledge of your needs and also to add a checksum you need access to the executables so that the configuration editor can calculate the checksum - I don't recommend it.

    2) Using interactive mode on a client start the needed and create the required rules (you can first assign a "predefined" rule e.g. Browser and then restrict IP-ranges). Once done export the policy and import it to SEC.

    3) with SEC9 you can use "monitor" mode. You (or someone else) also run the applications on the client, processes and applications are permitted (unless blocked by an already existing rule) but alerts to SEC are generated. You can then use the Event Viewer to create the required rules.

    Please see also the Policy Setup Guide (here in German) and the overview of SCF2 (Überblick)   

    Christian

    :2199
Reply
  • 0

    Hello stauer

    (wenn etwas nicht klar ist, senden Sie mir eine Private Message - und nicht vergessen: PM im Profil erlauben, sonst kann ich nicht antworten)

    The question is IMO about two distinct areas: Concepts and Configuration.

    Let's start with concepts:

    You don't have to use checksums, but you can. If you use checksums (and don't use interactive mode) an application is blocked when it's checksum can't be found in the list, otherwise the next step is the check for an application rule. See security implications of configuring applications or the German version Auswirkungen auf die Sicherheit bei der Konfiguration von Anwendungen. The articles contain links to articles for the other options.

    Do not forget that an application's checksum usually changes when it's updated. So if you have enabled automatic updates for Firefox (and you are not using interactive mode) it will be blocked after an update until you add the new checksum to your policy.

    Configuration:

    Basically you have three options (assuming you are using SEC9/SCF2.0)

    1) "Manual configuration" of the policy - you have to have a good knowledge of your needs and also to add a checksum you need access to the executables so that the configuration editor can calculate the checksum - I don't recommend it.

    2) Using interactive mode on a client start the needed and create the required rules (you can first assign a "predefined" rule e.g. Browser and then restrict IP-ranges). Once done export the policy and import it to SEC.

    3) with SEC9 you can use "monitor" mode. You (or someone else) also run the applications on the client, processes and applications are permitted (unless blocked by an already existing rule) but alerts to SEC are generated. You can then use the Event Viewer to create the required rules.

    Please see also the Policy Setup Guide (here in German) and the overview of SCF2 (Überblick)   

    Christian

    :2199
Children
No Data
Unfiltered HTML