02-10-2017 07:48 AM - edited 02-10-2017 07:50 AM
Hi !
That's a tricky one!
the only real way to filter out good from junk is to 'know' the network
this will most likely require a little legwork where you talk to whomever is responsible for a set of servers to see if they can tell you which connections are needed and which arent, which in most cases will result in the sysadmin replying "ALL PORTS NEED TO BE OPEN" or something along those lines 😉
you can go about creating some custom reports that highlight the overall app category, that should split up most 'business' traffic from 'not so business' and then you can tune from there
02-10-2017 08:57 AM
Good idea reaper I have been trying to use the ACC too. I am trying to tighten up our DMZ 😛
02-10-2017 10:21 AM
Sadly DMZs take a long time to actually secure properly if they are already running production services. Mgmt doesn't want you to bring anything down, but at the same time I've seen DMZ that was configured to allow anything between their internal zone and had outside RDP open to the servers. Took me a very long time to explain that they had destroyed any reason to have a DMZ in the first place.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
