manualshive.com logo in svg

Solida systems SL-1000, User Manual

The Solida systems SL-1000 offers outstanding performance and convenience, revolutionizing your user experience. Enhance your understanding of this remarkable product by downloading the comprehensive user manual, absolutely "free". Find this invaluable resource exclusively at manualshive.com, ensuring effortless access to all the information you need.

Share
Download
background image

 

 

 

 

 

21 

©

 SOLIDA SYSTEMS INTERNATIONAL 

2016 

6.5 Operating Mode 

 

When trialing a new rule set, it is possible to set the appliance to “monitor mode”. The rule set  

 

page contains a drop down menu where the desired operating mode can be selected. In monitor 

mode all network packets are scanned using the rules as well as the reputation detection lists, but 

no packets will be dropped. Alerts will still be generated the same way as in normal operation 

mode. This allows the user to check a new rule set to make sure it behaves as expected. Once the 

user is satisfied with the new rule set, set the operating mode back to “Normal Mode” 

 

6.6 Creating Custom Rules 

 

It is beyond this manual to explain in detail how to write custom rules. Please refer to the many 

tutorials and documentation available on the Internet on how to write detection rules. 
 

A rule is created using the configuration application. Start the application and navigate to the 

“Rule List” page. This page will display a list of all rules currently available in the appliance. 

 

At the top left side of this page a blue button labeled “+ Add rule” is located. To create a new 

custom rule, simply click this button. A new window will pop up called “Create Custom Rule”. 

 

Figure 6.3 Create a custom rule pop-up window. 

 

This window contains five tabs. Each tab contains different optional rule parameters. These 

parameters can be filled in to define the new rules behavior. For a detailed description of each 

 

Summary of Contents for SL-1000

Page 1: ...USER MANUAL Version 1 0 January 2017 WWW SOLIDASYSTEMS COM SL 1000 Security Appliance ...

Page 2: ...Email Addr 12 4 4 6 Event Notification Emails 12 4 4 REPUTATION THREAT LIST UPDATES 13 4 4 1 About Tor Exit Nodes 14 4 5 SET MOBILE APPLICATION PASSWORD 14 4 5 SETTING THE TIME ZONE 15 5 REPUTATION BASED DETECTION 16 5 1 OVERVIEW 16 5 2 DGA LIST 16 5 3 LIST UPDATES 17 6 INTRUSION DETECTION AND PREVENTION RULES 19 6 1 RULE OVERVIEW 19 6 2 RULE LIST 19 6 3 RULE SETS 20 6 4 ACTIVATING A RULE SET 20 6...

Page 3: ... 10 2 DOWNLOADING A SUPPORT BUNDLE 28 11 DATA LOGGING 30 11 1 PACKET LOGGING 30 11 2 DROPPED PACKET LOGGING 30 11 3 EVENT LOGGING 30 11 4 HTTP LOGGING 31 11 5 DOWNLOADING LOG FILES 31 11 8 DELETING LOG FILES 32 12 REMOTE MONITORING 33 12 1 SOLIDA MULTI INTRODUCTION 33 12 2 SETTING UP REMOTE MONITORING 33 ...

Page 4: ...rm of a data feed hosted in the cloud This threat feed is updated hourly and includes malicious URLs domain names and IP addresses These are harvested from various international threat intelligence sources The threat feed includes information about current threats such as ransomware phishing sites trojans and many other threat categories 1 2 Intrusion Detection and Prevention Intrusion detection a...

Page 5: ...the SL 1000 The management port is marked MGNT The default factory configuration for the high speed Ethernet ports is Port 0 WAN WAN side Internet connected router Port 1 LAN1 LAN side LAN side network switch Port 2 LAN2 MGNT Configuration and monitoring Port 3 LAN3 Unused The default factory settings can be changed through the web configuration utility that is accessed through a browser over the ...

Page 6: ...c The SL 1000 appliance operates in stealth mode It does not require any IP addresses for its ports other than for the MGNT management port Figure 2 2 Typical Installation For larger networks it might be necessary to protect multiple sections of the network with dedicated security appliances For those installations make sure that the WAN port is connected upwards towards the Internet router side C...

Page 7: ...page will appear in the browser window Enter the supplied user name and password to log in Some networks might use another IP address range other than 192 168 x x for example 10 32 x x If this is the case it will be required to change the management ports IP address before the appliance is connected to the LAN side switch To change the default IP address direct connect a computer with the applianc...

Page 8: ...applications Creating and managing the user credentials is done through the configuration application First navigate to the Configuration page and then locate the box named Manage Users To create a new user press the button named Add User and enter the new credentials in the indicated fields Figure 3 2 Add new user box The drop down menu at the top of the Add New User window contains two options M...

Page 9: ...to keep the factory default setting Figure 4 1 Ethernet Port Configuration Operating Mode The only supported operation mode is Single LAN WAN ports Port 0 usage Selects if port 0 should be facing the Internet side or the LAN side Port 1 usage Selects if port 0 should be facing the Internet side or the LAN side 4 2 Appliance Name An appliance should be given a name The name can be used as an identi...

Page 10: ...ts Only under very special circumstances should the factory default be changed Changing the factory default will prohibit the appliance from detecting all possible malwares and other threats To change the factory default setting start the configuration utility and navigate to Configuration Locate the block titled Deep Packet Inspection Configuration It will look as shown in the picture below Figur...

Page 11: ... support for sending regular emails containing information about the number of events in the system and their severity This is a useful feature since it will not be required to constantly monitor the appliance through the monitoring application 4 4 1 Setting Up Email Notification To set up email notification login to the configuration application and navigate to Admin Configuration Locate the box ...

Page 12: ...nt Email Addr This text box shows the current email address in use assuming this feature is enabled This address will be the recipient for the event status emails 4 4 5 New Email Addr Enter a valid email address into this box This is the new address that will be used to receive these emails Once the above fields have been filled in press the Activate button This will activate the new configuration...

Page 13: ...he factory default is to allow for all these lists to be included in the cloud updates Changing this factory default should only be done in very special cases Disabling a list results in the possibility of malicious packets being able to penetrate the network and cause escalating damage To change the factory default setting start the configuration utility and navigate to Configuration Locate the b...

Page 14: ...s would be in countries that censor their citizens Internet traffic In those circumstances the Tor network can be used to circumvent such censorship Then it is recommended to disable the inclusion of Tor endpoints in the IP blacklist 4 5 Set Mobile Application Password The appliance can be monitored with a mobile phone application This application requires a password to log into the cloud server t...

Page 15: ...etting The Time Zone The appliance use time stamps for various events Therefore it is required to set the time zone which the appliance is operating in Figure 4 7 Setting the time zone Select the desired time zone and press the Activate button ...

Page 16: ...eputation lists might not yet have registered this 5 2 DGA List The most important data in the threat feed is the list of Domain Generation Algorithm DGA generated domain names Many ramsomware and other serious malware use DGAs to generate a large number of domain names These domain names are used to try and connect with their command and control servers C2 The large number of auto generated domai...

Page 17: ...iance automatically connects with this cloud service once every hour to download new updated versions of the lists This guarantees that the appliance always contains information about the latest threats seen in the wild To monitor the list update process and the list sizes start the configuration application and navigate to Threat Intelligence Threat Lists A similar page is available at the same l...

Page 18: ...ion Entries The number of domain names in this list IP Reputation Entries The number of IP addresses both IPv4 and IPv6 in this list TOR endpoints The number of Tor endpoints provided this list is included The above threat lists are not user modifiable ...

Page 19: ... the packets and what action to take if a pattern match is detected Solida provides a set of system rules that includes protection from many types of penetration attempts An expert user can also create custom rules Writing custom rules requires detailed knowledge of rule writing and the different types of packets flowing over a network Such custom rules can be created using the rule editor in the ...

Page 20: ...ppliance will start its packet scanning using all the rules included in the rule set To display and create rule sets start the configuration utility and navigate to Rule Sets This will show a list over all available rule sets Figure 6 2 Rule set list in the GUI configuration utility 6 4 Activating a Rule Set To activate a rule set select the rule set by clicking on its row in the GUI Then click th...

Page 21: ... 6 6 Creating Custom Rules It is beyond this manual to explain in detail how to write custom rules Please refer to the many tutorials and documentation available on the Internet on how to write detection rules A rule is created using the configuration application Start the application and navigate to the Rule List page This page will display a list of all rules currently available in the appliance...

Page 22: ... a unique rule id that identifies the rule The rule id consists of 9 numbers It is common practice to group rules into categories As an example the first thee numbers identifies the general type of rule For example UDP rules TCP rules ICMP rules The next three digits identify the type of threat the rule concerns The last three digits could be a general identifier that is incremented by one for eac...

Page 23: ...Events are stored in a database in the appliance to allow for tracking and statistics gathering Events are also written to log files that can easily be downloaded from the appliance through the GUI These event files can then be correlated with other down loadable packet log files so that a security analyst can investigate the root cause of the event Events can be monitored using the built in monit...

Page 24: ...les of such events are DNS queries generated by a ransomware DGA engine or malwares trying to connect with a C2 server All network packets resulting in critical events will be automatically dropped to mitigate further infection to the network The event includes the source and destination IP addresses of the offending packets Which allows for prompt identification of the infected computer on the ne...

Page 25: ...mportant to remove the infected computer from the rest of the network Some advanced ransomwares are capable of propagate through the network and infect additional computers The critical events will be listed with the source and destination IP addresses visible Use the destination IP address from the event and match that with a computer in the LAN that uses this IP address This is the computer that...

Page 26: ... update start the configuration application and navigate to Software Updates in the menu side bar This will present the following window Figure 9 1 Software update GUI window The upper System Control Center box contains the following Firmware version Displays the currently active internal firmware version number JSOSD version Displays the version of the current security OS daemon The button named ...

Page 27: ...w version Please note it will take as long as 5 minutes for a software update to complete During this time no network traffic will be able to flow through the appliance After the update has completed please reset the browser history to guarantee the browser will display the latest version of the web utilities ...

Page 28: ...n the appliance experiencing a problem Navigate to Software Updates This will display a window that contains a blue button with the text Generate Support Bundle Pressing this button and answering Yes in the confirmation box will start generating a support bundle Note that it might take up to 5 minutes or more for the bundle generation to complete 10 2 Downloading a Support Bundle Once a support bu...

Page 29: ...29 SOLIDA SYSTEMS INTERNATIONAL 2016 available support bundles that are ready to be downloaded Please note it will take up to 5 minutes for a new support bundle to appear in this directory ...

Page 30: ...e resulting log files can become very large so it is important to select an appropriate rollover option to avoid filling up the disk space in the appliance Packet logging should be disabled during normal usage 11 2 Dropped Packet Logging This option will log all network packets that are dropped by the appliance Packets will be dropped by the rule engine as well as by the reputation detection engin...

Page 31: ... Figure 11 2 HTTP logging configuration window 11 5 Downloading Log Files Log files can be downloaded using either the configuration application or the monitoring application To download a log file navigate to the Log File Management menu option This will open up a file management interface as shown in the picture below Figure 11 3 Log file management window ...

Page 32: ...og file directory To delete a file within the directory right click on the file and select Delete The file will be permanently deleted from the appliance It is also possible to rename a log file Right click on the file to rename it Even though possible never delete a log file directory Please note that some log files become very large The appliance has limited space for log files Therefore always ...

Page 33: ... Multi all security related events will be pushed up to the reporting server Log files including the system log file will also be pushed up to allow the user to download these files remotely 12 2 Setting Up Remote Monitoring Enabling remote monitoring in an appliance is a simple operation The below picture shows the configuration window and its options Figure 12 1 Remote monitoring configuration S...

Page 34: ...MS INTERNATIONAL CO LTD 1000 19 20 Liberty Plaza Building Floor 12A Thonglor Sukhumvit Soi 55 Klongtan Nua Wattana Bangkok Thailand 10110 Tel 66 2 714 8900 Email info solidasystems com Website www solidasystems com ...

Reviews:

No comments

Related manuals for SL-1000

Panasonic BL-C1A - Network Camera Getting Started preview
BL-C1A - Network Camera
Brand: Panasonic Pages: 4
Panasonic SC-UA7 Owner'S Manual preview
SC-UA7
Brand: Panasonic Pages: 40
Panasonic RX-MDX55 Instruction Manual preview
RX-MDX55
Brand: Panasonic Pages: 56
Panasonic WV-BP50E Operating Instruction preview
WV-BP50E
Brand: Panasonic Pages: 8
Messoa NDR890-HN5 User Manual preview
NDR890-HN5
Brand: Messoa Pages: 32
ratiotec Soldi 120 Instruction Manual preview
Soldi 120
Brand: ratiotec Pages: 28
Eaton XB12 Technical Manual preview
XB12
Brand: Eaton Pages: 23
Panasonic BL-C111A - Network Camera - Pan Setup Manual preview
BL-C111A - Network Camera - Pan
Brand: Panasonic Pages: 2
United Technologies Interlogix TX-E231 Installation Sheet preview
Interlogix TX-E231
Brand: United Technologies Pages: 2
Axis M5054 Installation Manual preview
M5054
Brand: Axis Pages: 26
EverFocus EPTZ3150 Specifications preview
EPTZ3150
Brand: EverFocus Pages: 2
Northern HDAFDIR90WD Quick Manual preview
HDAFDIR90WD
Brand: Northern Pages: 2
Dahua ITC215-PW4I-LZF27135 User Manual preview
ITC215-PW4I-LZF27135
Brand: Dahua Pages: 109
Bornack BLOCKSTOP BS IKA 1.8 User Manual preview
BLOCKSTOP BS IKA 1.8
Brand: Bornack Pages: 16
Unimig 345S Instruction Manual preview
345S
Brand: Unimig Pages: 14
The Singing Machine SMC2040 Instruction Manual preview
SMC2040
Brand: The Singing Machine Pages: 27
Idis DC-D4511WERX Configuration Manual preview
DC-D4511WERX
Brand: Idis Pages: 37
Velleman HAM212 User Manual preview
HAM212
Brand: Velleman Pages: 31

Brands by name

Popular brands

Load more brands