While networks and network traffic differ from organization to organization, there are some best practices we recommend when it comes to setting up your policies for the first time. By default, policies will start in an Allow All state* so that if they are activated, there aren't unforeseen blocks occurring.
*If default Denied Lists have been enabled, these lists will also be enabled by default for all new policies.
Once you are ready for your first blocking policy, we recommend starting with a deny all stance for countries then allowing countries you know should be allowed onto your network.
NOTE: RESERVED and UNASSIGNED IPs are also in the Country list. Be sure to enable these from the table on the righthand side if you don't want your internal IPs to be blocked. You can find them by typing RESERVED or UNASSIGNED into the search box.
See details about our each threat list and threat categories in the Default Lists article.
We recommend starting by enabling all categories with the default baseline of 90. If you need to block more IPs in a certain category, lower the score in that category. If you need to block less IPs in a certain category, raise the score in that category.
See details about each denied list in the Default Lists article.
We recommend unchecking the "Inherit Defaults" option and enabling all Denied Lists except for Zoom. Zoom may be enabled at your discretion.
By disabling "Inherit Defaults", you are able to choose which denied lists to use per policy. For example, if you have a list of IPs that should be denied at your datacenter but not your HQ.
We recommend unchecking the "Inherit Defaults" option and choosing just the lists/services you want allowed for the specific policy.
By disabling "Inherit Defaults", you are able to choose which allowed lists to use per policy. For example, if you have a list of IPs that should be allowed at your datacenter but not your HQ.
Creating an Allow All Policy
Allow all policies can be used as a "break glass" policy in cases where a business critical site or service must be accessed, but is being blocked. By using an allow all policy, all traffic is allowed through the device and logged. We recommend using this policy instead of putting the device into bypass mode if you don't know whether or not the Bandura Cyber ThreatBlockr platform is denying this traffic. In bypass mode, no traffic is logged.
To create an Allow All policy:
- Country: Allow All
- Risk Thresholds: Disable/uncheck all categories
- Denied Lists: Disable/uncheck all denied lists*
*Did you know? You can quickly move through all items by unchecking the first box then using your keyboard, press tab then space. Repeat this until all denied lists are disabled.