Zone protection for scan up / ports from internet ( untrust)

Reply
Highlighted
L0 Member

Zone protection for scan up / ports from internet ( untrust)

Hi ,

Anyone enable zone protection for protect and drop scan ip and ports from untrust / internet to DMZ or untrust ?

i enabled it but I have alerts only from DMZ to untrust and not from untrust to DMZ or untrust to untrust.

Highlighted
Cyber Elite

Re: Zone protection for scan up / ports from internet ( untrust)

@AudioCodes,

Have you actually toned it for your environment. The thing with ZPP is that they need to be customized to your environment; the defaults won't do you any good. 

Highlighted
L3 Networker

Re: Zone protection for scan up / ports from internet ( untrust)

@BPry 

How do you determine the right settings, are there general guidelines or some reference available? 

 


Bruce.

Learn at least one new thing every day.
Highlighted
Cyber Elite

Re: Zone protection for scan up / ports from internet ( untrust)

@BruceBennett,

When it comes to flood protection you need to adjust the alarm rate based off of the information you can gather through a netflow capture, or you can simply take a guess and adjust as needed. Just ensure that you are only lowering the alarm rate and not the activate and maximum values and you'll only trigger a log when that rate is hit.

 

For Reconnaissance Protection you can set the action to alert and mess around with the interval/threshold value as you see fit. Again, as long as it is only set to alert no negative action will take place. 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!