Introduction
Policies allow users to determine what is or is not allowed through specific networks or network segments. As there are no limits to the number of policies that can be created, users can create as many or as few policies as they need to protect each of their networks as they deem necessary.
There are various actions used to configure each policy:
|
Action |
Description |
|
Edit |
Rename the policy or change its description. |
|
Country |
Select countries to allow or deny from a world map or table. |
|
Risk Thresholds |
Block IP addresses that have been categorized as threats based on adjustable confidence scores. |
|
Exception Lists |
Note: Only for ThreatBlockr 1.0 appliances. Apply Exception Lists to your policies or apply your Allowed Domain A or MX Records. |
|
Denied Lists |
Apply available Denied Lists per policy. |
|
Allowed Lists |
Apply available Allowed Lists per policy. |
|
Delete |
Delete a policy along with its associated Countries, Risk Thresholds, and Exception Lists. |
Policy Configurations
Edit
Rename the policy or change its description.
The Set as Default Inbound and Set as Default Outbound toggles are used as visual indicators.
Country Policies
Users can edit the world map associated with a policy by clicking on the Country icon shown in the actions list.
The world map lets you allow or deny internet traffic to various countries of the world.
Click on a country to select it or use the list of countries on the right hand side to search. The countries displayed in green are allowed, and the red shows those that are blocked.
Risk Thresholds
Users can edit the Risk Thresholds associated with a policy by clicking the Risk Threshold icon shown in the actions list.
There are nineteen threat categories that can be enabled on this screen. All IPs included in the threat lists are placed in one or more of these categories.
Each category has an associated risk threshold slider which has a range of 1 to 100. Each IP in the threat intelligence also has an associated score that can range from 1 to 100, with a higher score representing a higher chance of it being malicious. Moving the sliders allows you to control how strong of a policy you want to apply. A slider set at 90, the default, will block IPs in that category with a score of 90 or higher. Moving the slider to the left, and decreasing the threshold, will strengthen your policy by blocking more IPs with lower scores.
As an example, if the Endpoint Exploit category is enabled with a threshold of 90, any IP identified as an Endpoint Exploit with a score of 90 or above will be blocked by the threat list. If the Endpoint Exploit category was not enabled, the connection would be allowed through by the threat list, but could still be blocked by denied lists or country policy.
Exception Lists
| Note: Exception Lists have been deprecated in ThreatBlockr 2.0, and can only be used with ThreatBlockr 1.0 appliances. |
You can edit the exceptions associated with a Resource Group by clicking the Exception Lists icon shown in the actions list.
Click on the green allow arrow or the red deny arrow for the desired list to apply it to your policy.
Exception Lists do not influence traffic until added to a Policy.
Denied Lists
Users can enable or disable denied lists per policy. This allows you to specify IPs that should be denied on a specific policy.
Denied Lists do not influence traffic until enabled on a Policy.
Inherit Defaults
If Inherit Defaults is checked, only lists enabled under Denied Lists > IPv4 will be enabled on the policy.
Allowed Lists
Users can enable or disable allowed lists per policy. This allows you to specify IPs that should be allowed on a specific policy, and in doing so, only allow through the minimum required for business purposes.
Allowed Lists do not influence traffic until enabled on a Policy.
Inherit Defaults
If Inherit Defaults is checked, only lists enabled under Allowed Lists > IPv4 will be enabled on the policy.
Related Articles
Comments
0 comments
Article is closed for comments.