beautypg.com

Amer Networks E5Web GUI User Manual

Page 217

background image

All the saved filters can be displayed with the command:

Device:/> appcontrol -filter -show_lists

To delete all saved filters, use the command: All the saved filters can be deleted with the
command:

Device:/> appcontrol -delete_lists=all

Individual saved filters can be deleted by specifying the number of the filter after -delete_lists=.

Selecting All Signatures

If the administrators aim is to find out what applications users are accessing, application control
can be used to do this by triggering on all signatures and allowing instead of blocking the traffic.
The log events generated will indicate the applications that are being detected.

Selecting all signatures is done through a checkbox in the Web Interface or InControl and can be
done with the CLI by using wildcarding with an ApplicationRuleSet object. The CLI cannot be used
when using application control directly with IP rules.

Signature Inheritance

The application control signatures have a hierarchical structure and it is important to remember
that permissions are also inherited. An example of this is the http signature. If the administrator
configures application control to block all http traffic they are also blocking all applications that
use http such as facebook and dropbox.

However, if the administrator configures application control to allow the http signature they are
also allowing all applications that use http. For instance, the signature for DropBox is a child of
the http signature so allowing http traffic also allows dropbox traffic. If dropbox is to be blocked
while still allowing http, it must be blocked separately.

Risk Guidelines

The following are guidelines for how the risk parameter for each application control signature
should be viewed by the administrator:

Risk Level 5

Very high risk. This traffic should be blocked unless special circumstances or requirements
exist. For example, PHP-, CGI-, HTTPS-proxies; known attack sites.

Risk Level 4

High risk. This traffic should be reviewed and a block or allow action taken. Site-to-site
tunnelling should be used where possible. For example, SSH, LDAP, RADIUS, Dropbox and
similar.

Risk Level 3

Medium risk. Signatures with this risk level can affect network security, bandwidth usage and
company integrity if care is not taken. For example, Facebook and other social networks,
Google Analytics and similar aggregators, P2P/filesharing

Risk Level 2

Moderate risk. Signatures with this risk level can affect network security and/or affect

Chapter 3: Fundamentals

217

This manual is related to the following products:
See also other documents in the category Amer Networks Computer Accessories: