16
©
SOLIDA SYSTEMS INTERNATIONAL 2017
5. Reputation Threat List Updates
The Solida appliances obtain their threat information by downloading proprietary threat lists
from a cloud-based server. There are three categories of lists, which are domain reputation
blacklist, IP reputation blacklist and Tor exit node list. The factory default is to allow for all these
lists to be included in the cloud updates. Changing this factory default should only be done in
very special cases. Disabling a list results in the possibility of malicious packets being able to
penetrate the network and cause escalating damage.
To change the factory default setting, start the configuration utility and navigate to
“Configuration”. Locate the block titled “Reputation Threat List Updates”. It will look as shown
in the picture below.
Figure 5.1 Reputation threat list updates window.
The following settings are available:
Domain Reputation Blacklist
-
Enabled – update once per hour (default)
-
Disabled
IP Reputation Blacklist
-
Enabled – update once per hour (default)
-
Disabled
Tor Exit Nodes
-
Enabled – update once per hour (default)
-
Disabled
The “reputation threat list” updates configuration window includes a button labeled “Test
Connection”. When pressing this button, the appliance will try to connect with Solida’s cloud
server the exact same way it would do for an update of the threat intelligence. If this test fails,
the installation must be checked to identify the cause of the failure. This test must complete
successfully for the appliance to be able to download the threat intelligence data and function
as designed.