beautypg.com

Blacklisting hosts and networks – Amer Networks E5Web GUI User Manual

Page 486

background image

6.7. Blacklisting Hosts and Networks

Overview

cOS Core implements a Blacklist of host or network IP addresses which can be utilized to protect
against traffic coming from specific Internet sources.

Certain cOS Core subsystems have the ability to optionally blacklist a host or network when
certain conditions are encountered. These subsystems are:

Intrusion Detection and Prevention (IDP).

Threshold Rules.

Blacklisting Options

The automatic blacklisting of a host or network can be enabled in IDP and in threshold rules by
specifying the Protect action for when a rule is triggered. Once enabled, there are three
blacklisting options:

Time to Block Host/Network in
seconds

The host or network which is the source of the traffic will
stay on the blacklist for the specified time and then be
removed. If the same source triggers another entry to the
blacklist then the blocking time is renewed to its original,
full value (in other words, it is not cumulative).

Block only this Service

By default, blacklisting blocks all services for the triggering
host.

Exempt already established
connections from Blacklisting

If there are established connections that have the same
source as this new Blacklist entry then they will not be
dropped if this option is set.

IP addresses or networks are added to the list then the traffic from these sources is then blocked
for the period of time specified.

Note: cOS Core reboots do not affect the blacklist

The contents of the blacklist is not lost if the Clavister Security Gateway shuts down and
restarts.

Whitelisting

To ensure that Internet traffic coming from trusted sources, such as the management
workstation, are not blacklisted under any circumstances, a Whitelist is also maintained by cOS
Core. Any IP address object can be added to this whitelist

Tip: Important IP addresses should be whitelisted

It is recommended to add the Clavister Security Gateway itself to the whitelist as well as
the IP address or network of the management workstation since blacklisting of either
could have serious consequences for network operations.

Chapter 6: Security Mechanisms

486

This manual is related to the following products:
See also other documents in the category Amer Networks Computer Accessories: