Bandura Cyber TIG BT-10G Скачать руководство пользователя | Manualshive

Страница: 21 / 93

background image

Resource Groups

determine if a packet should be dropped or passed through the Bandura

Cyber TIG. A Resource Group filters internet traffic traveling in one direction:

● Inbound:

filters traffic entering your network

● Outbound:

filters traffic leaving your network

A resource group includes a list of

Resources

, which lists internet addresses within your

network. These lists operate slightly different, depending on the direction of the resource group:

● Inbound:

rules identify what services your local computers offer to the internet

● Outbound:

rules identify what services your local computers can access on the internet

When you plan your Bandura Cyber TIG configuration, first determine what services or protocols
you want to expose to the world, and which machines will offer these services. You can also
determine what services and protocols you want your local machine to access. You can create
numerous resource groups corresponding to various classes of machines.

Example: Your office computers may need only web and email access, and no outside
computer should be able to access them for any reason. Your web and email services need to
expose their services to the internet, which your router will need to query outside domain name
servers.

You can configure custom resource groups to cover all the above circumstances. When you
explicitly allow only particular services, you close large numbers of network protocol backdoors
that could otherwise be used by intruders.

There are two resource groups on the Bandura Cyber TIG that cannot be deleted. The

DEFAULT_INBOUND

and

DEFAULT_OUTBOUND

are applied to any packet containing a local

internet address that cannot be found in a custom resource group.

2.6 Configuring a Resource Group

Resource groups filter traffic flowing through the Bandura Cyber TIG, with each particular
resource group filtering either inbound or outbound traffic. Examine your local network,
considering your security needs as well as the internet services you need to offer to the world,
and those you need to access.

A new Bandura Cyber TIG allows all traffic to and from the internet. Any internet address within
your network, unless blocked, will be allowed.

Resource groups contain the following parts:

● Direction:

resource group either filters inbound or outbound

● Resources:

list of external internet addresses and countries to allow or block

20

«
...
19
20
21
22
23
...
»

Содержание TIG BT-10G

Страница 1: ...August 2019 Version 3 72 USER S MANUAL...

Страница 2: ...ocument may be reproduced or transmitted in any form or by any means electronic or mechanical or translated into another language without the prior written consent of Bandura Cyber Inc This edition pu...

Страница 3: ...Bandura Cyber TIG can Access the Internet 2 3 Console Modes 2 4 Overview of Bandura Cyber TIG Configuration 2 5 Configuring the Bridge Filters 2 6 Configuring a Resource Group 2 7 Configuring Adminis...

Страница 4: ...User 3 5 2 Maintenance Users 3 5 3 Change Password 3 6 Network 3 6 1 Admin Interface 3 6 1 1 HTTPS Access Settings 3 6 1 2 Ping Access Settings 3 6 2 Bridging Interface 3 6 3 IPsec Settings 3 6 4 ARP...

Страница 5: ...em Providers 3 8 2 HIPPIE Provider 3 9 Update Software 3 10 System 3 10 1 Active Sessions 3 10 2 Reboot 3 10 3 Shutdown 3 10 4 Self Test 3 10 5 Maintenance Mode 3 10 6 System Information 3 10 7 Licens...

Страница 6: ...roviding visibility into threats and unwanted traffic that s bypassing your firewall Bandura Cyber TIG incorporates the unique HIPPIE High Speed Internet Protocol Packet Inspection Engine technology w...

Страница 7: ...STIX TAXII support can easily integrate with additional threat intelligence sources Transparent Bridging The Bandura Cyber TIG acts as a bridge placed in between a firewall and the external or intern...

Страница 8: ...s A transparent bridge reduces the configuration complexity and saves time In addition to its use in large corporate and government networks it is ideal for branch offices and smaller networks which m...

Страница 9: ...Copper RJ45 10 100 1000 Copper RJ45 10 100 1000 Copper RJ45 10 100 1000 Copper RJ45 10 100 1000 Copper RJ45 Throughput Limits 500 Mb 1 Gb 1 Gb 2 x 1 Gb 10 Gb Connections per Second 10 000 10 000 40 0...

Страница 10: ...IG administration interface 2 1 Initial Configuration YOUR BANDURA CYBER TIG ARRIVES WITH AN ALLOW ALL POLICY CONFIGURATION Once the appliance is powered on take a look at the back of the Bandura Cybe...

Страница 11: ...ministration Interface is 192 168 1 1 with a network mask of 255 255 255 0 Configure the Bandura Cyber TIG according to this manual and your security plan and place the Bandura Cyber TIG in your netwo...

Страница 12: ...and prompt window Mac Go to your System Preferences and click on Network Find your network adaptor on the left and select Advanced Go to TCP IP Settings and configure as follows Configure IPv4 Manuall...

Страница 13: ...the best time to register an account with the support site Otherwise please be sure to register as soon as possible after completing the setup process You can do so by going to https support banduracy...

Страница 14: ...of the page Enter a new password and enter it again to confirm Click Submit to save your changes YOUR PASSWORD CAN ALSO BE CHANGED FROM THE USERS CHANGE PASSWORD MENU OPTION By default a new Bandura C...

Страница 15: ...2 2 4 Changing Date Time It is important that your Bandura Cyber TIG has the correct time Navigate to Settings Date Timezone and set the correct timezone Set the date and time if necessary 2 2 5 Chan...

Страница 16: ...the Bandura Cyber TIG into HTTPS IPv4 Access You cannot ping the Bandura Cyber TIG unless your IP address is added into the appropriate list Add your network and any other networks you would like to h...

Страница 17: ...admin port Replace the default address with an open address on your private network and the corresponding subnet mask and input your Gateway and DNS Server addresses Once you have confirmed your addr...

Страница 18: ...ox back to DHCP or your prior settings Linux Visit our Help Desk Article for assistance in reverting your network settings If you come across a screen stating that your connection is not secure you ll...

Страница 19: ...rocess you will want to navigate to Network Bridging Interface to confirm your settings You will see details about your Inside and Outside ethernet interfaces Both interfaces should read No Link Detec...

Страница 20: ...rial device server to your Bandura Cyber TIG in order to remotely access console mode may be a security risk 2 4 Overview of Bandura Cyber TIG Configuration Your Bandura Cyber TIG comes with three act...

Страница 21: ...m for any reason Your web and email services need to expose their services to the internet which your router will need to query outside domain name servers You can configure custom resource groups to...

Страница 22: ...guring Administration The Bandura Cyber TIG comes with a single administrative port that is used to configure and monitor your Bandura Cyber TIG This port is configured separately from the bridge port...

Страница 23: ...andura Cyber TIG screen There are also general operation and maintenance activities Logout to end a login session Reboot to restart the Bandura Cyber TIG Bandura Cyber TIG will be in bypass mode durin...

Страница 24: ...rouping has a separate bar showing if the connections were inbound or outbound You can hover over the bars to see tooltips with the exact numbers they represent 3 1 2 Threat Summary Threat Summary sho...

Страница 25: ...End Traffic Direction Resource Group Time Frame Presets can be selected to quickly see the last 30 minutes 1 hour 24 hours 7 days 30 days or 360 days If you want to view data from a specific period o...

Страница 26: ...s found in a Resource then the Bandura Cyber TIG will allow communications based on the Resource Group s restrictions If a computer is not included in any Resources it will follow the restrictions fou...

Страница 27: ...Resource Groups Edit Rename the Resource Group change its description and assign a Policy Resources Add a specific network protocol and port range to the Resource Group Country Policies Select countri...

Страница 28: ...es Risk Thresholds Exception Lists Country Policies Throttles and Alerts 3 2 2 Edit You can rename a Resource Group change its description direction drop action preference blacklist or whitelist inclu...

Страница 29: ...es and place restrictions on your local network An address found in a Resource gets processed based on its associated Resource Group but if an address is not found in any Resource Group then it will b...

Страница 30: ...rity Payload AH Authentication Header GRE Generic Routing Encapsulation Note that if the Bandura Cyber TIG allows traffic in one direction it will also allow response traffic If you allow outbound tra...

Страница 31: ...f countries to search The countries displayed in green are allowed and red shows those that are blocked 3 2 5 Risk Thresholds You can edit the Risk Thresholds associated with a policy by clicking the...

Страница 32: ...clicking the Exception Lists icon shown in the actions list To apply exceptions to a Resource Group you first have to create the exception within your Exception Lists The Exception Lists will not inf...

Страница 33: ...igger the alert Activation Interval is the amount of time in seconds that the traffic has to be excessive before the alert is triggered Re raise timeout is the amount of time delay before the Bandura...

Страница 34: ...ection Inbound Outbound or both Refresh Update the data shown every 1 3 10 30 or 60 seconds You can select which countries you want to be displayed from the list By default none are selected 3 2 11 De...

Страница 35: ...lows or blocks internet traffic by country Each list should be a collection of similar sites For example a list of remote offices of your organization or a list of networks that have need to know acce...

Страница 36: ...description Exceptions Add networks to Exception Lists Delete Delete the Exception List and all of its associated networks Click on the Exceptions icon to add entries to the list Add computers or netw...

Страница 37: ...efined services Click on the Add Service Group to create a new Service Group Enter a name and description then click on the Resources icon to view any defined protocols and ports Click on Add Service...

Страница 38: ...vided blacklists or search for a specific IP across all blacklists Blacklists block inbound and outbound requests to IPs in enabled lists 3 3 3 2 Domain Blacklists Domain lists block outbound requests...

Страница 39: ...lt This can be changed by editing an individual Resource Group Enter the Address Maskbits and a Description in your IPv4 or IPv6 entries to add it to the Whitelist 3 3 4 2 Domain Whitelists Domains in...

Страница 40: ...eption lists must be included in your policies in order for the domain whitelist to take effect 3 3 5 REACT REACT is a part of our open API that can be set up to ingest requested blacklist entries aut...

Страница 41: ...d system events You can browse these log files and send the data to external syslog servers You can also set up alarms to notify you if any of these files become filled 3 4 1 Connections The Connectio...

Страница 42: ...r a more precise search or export the logs via CSV or PDF 3 4 3 System System Logs allow you to display internal operating messages of the Bandura Cyber TIG and administer command history You can also...

Страница 43: ...udit trail encourages individual accountability and decreases the risk of fraud and misunderstanding When you no longer need a user account disable it rather than deleting it A disabled User ID cannot...

Страница 44: ...ngs found in the Bandura Cyber TIG Configuration General Settings If you are unfamiliar with the Bandura Cyber TIG s password policy you may want to review the settings before creating a new password...

Страница 45: ...Allowed Networks lists Identify local trusted networks and add them to this list Once you add the trusted networks delete the Allow All networks You can limit what times a user can log into the Bandu...

Страница 46: ...Show User Sessions icon shown in the actions list This brings up a list of the administrators last sessions with login and logout times You can view the details of a specific session by clicking on Vi...

Страница 47: ...ization or is reassigned you should disable their account You can set an account to Disabled to restrict its use Even if the correct password is entered the user will not be able to login If you set t...

Страница 48: ...nt can be used Allowed Networks restricts login to specific trusted networks listed here By default login is allowed from all networks Day Time Restrictions limits when an account can be used Login at...

Страница 49: ...t in a disabled state you will retain easy access to audit information for that account 3 5 2 Maintenance Users Maintenance User accounts are used when the Bandura Cyber TIG is in System Maintenance M...

Страница 50: ...assword Change Password allows you to change the password on your own account If you are unfamiliar with the Bandura Cyber TIG s password policy you may want to review the settings before creating a n...

Страница 51: ...t computer both need ready access to network cabling for both the old and new networks Properly identify the Administrative Ethernet Network Port on the Bandura Cyber TIG as illustrated in the Physica...

Страница 52: ...d a list of trusted management networks The Bandura Cyber TIG will accept ping requests from these networks and deny them from all others You can authorize access from both Internet Protocol version 4...

Страница 53: ...es Tunnel Mode between the Bandura Cyber TIG and all the computers on a specific network This is done via a peer node which has two network ports one that connects to the Bandura Cyber TIG via an untr...

Страница 54: ...ider before creating an IPsec connection Do not use Tunnel mode when your Bandura Cyber TIG is on the same network as your destination since your data will travel twice on the same network once encryp...

Страница 55: ...ocol NDP of IPv6 are used to determine the Media Access Control MAC addresses of nodes on the same network segment as the Bandura Cyber TIG The Bandura Cyber TIG may know the internet address of a nod...

Страница 56: ...ter the MAC address for that IPv6 address If you don t provide a static entry for that IPv6 address the Bandura Cyber TIG might not be able to establish the IPsec connection You can add an entry to th...

Страница 57: ...due to wrong guesses and will fail at logging in even if the correct password is eventually guessed An account will automatically be unlocked after Lockout Time or another administrator can manually u...

Страница 58: ...character from that number of groups A password group is one of the following sets of characters uppercase letters lowercase letters numbers and symbols Minimum Password Length sets the lower limits...

Страница 59: ...the Bandura Cyber TIG is turned off Startup Mode will dictate what mode the Bandura Cyber TIG boots into Last Mode will boot the Bandura Cyber TIG into the mode enabled during the last shutdown 3 7 3...

Страница 60: ...urces of threat intelligence commercial threat feeds open source threat feeds threat intelligence platforms and threat information from your own firewalls Bandura Cyber TIG allows you to enable or dis...

Страница 61: ...he Bandura Cyber TIGs internal consistency checks failed Auto Update Failure Attempt to download new versions of HIPPIE data or PCELs failed Seeing this problem occasionally is not a problem but if th...

Страница 62: ...the Banner Refused Text is displayed 3 7 8 HTTPS The Bandura Cyber TIG is normally managed through a standard browser for the World Wide Web This feature allows you to manage the Bandura Cyber TIG fr...

Страница 63: ...Certificates Manage Public Key Certificates for secure communications on the Bandura Cyber TIG HTTP Access Limit administrative access to the Bandura Cyber TIG from only specific networks 62...

Страница 64: ...vents wiretappers and eavesdroppers from deciphering your Bandura Cyber TIG communications and may be particularly useful when you access the Bandura Cyber TIG from a public network This security is p...

Страница 65: ...d possibly expense Your Bandura Cyber TIG administration account must be assigned the Crypto Admin Role to make any changes in this section You can perform the following tasks from this menu Generate...

Страница 66: ...ve its own Certificate Authority or you can purchase one from a commercial organization Please note that an authoritatively signed certificate may take some time to process For many uses a self signed...

Страница 67: ...Country Two letter country name abbreviation Use SSL Country Codes listed here http www digicert com ssl certificate country codes htm State Spell out the full name of your state or province Location...

Страница 68: ...jects security certs included A list of trusted CAs will be found pre installed in your web browser In Firefox select the menu items Tools Options Advanced View Certificates Authorities For Internet E...

Страница 69: ...ificate You may want to save your Bandura Cyber TIG s public and private keys for safekeeping This may be useful in the future if you have to restore your Bandura Cyber TIG to its factory default sett...

Страница 70: ...ient certificates signed by one specific Certificate Authority which you define in the Upload CA Certificate screen Networks change personnel change cryptographic keys may become compromised and event...

Страница 71: ...rk Node Manager The Bandura Cyber TIG simultaneously supports two versions of SNMP the simple Community based SNMPv2c and the more complex SNMPv3 which includes the security features of device authent...

Страница 72: ...TECHGUARD Bandura Cyber TIG MIB bypassChange 3 7 9 1 General Settings This is where you add information that will identify the Bandura Cyber TIG and its administrator to your network manager These va...

Страница 73: ...ching the internet address is allowed access to the Bandura Cyber TIG s management data as long as they have the right authentication as defined under the SNMP Users menu If you do not provide a list...

Страница 74: ...and coordinated with the computers in your organization The Bandura Cyber TIG supports NTP version 3 Enter the IPv4 or IPv6 Internet address of your organization s NTP server or if one isn t available...

Страница 75: ...following parameters in SMTP Enable SMTP Alerts SMTP Host The hostname or IP address of the mail server SMTP Port The port of the mail server typically 25 or 587 for SMTP or 465 for SMTPS SMTP Protoc...

Страница 76: ...System Providers The System Providers page gives you the following information Name Description URL Last Updated Current Key Current Certificate You can also generate and upload a new Key File or Ser...

Страница 77: ...filters internet packets at line speeds This technology allows you to rapidly determine the country of origin of internet traffic The allocation of Internet addresses worldwide is decentralized with...

Страница 78: ...Site https support banduracyber com This website requires registration and you need your devices serial number and registration code to access the firmware updates This information can be found in Sys...

Страница 79: ...of last activity You can view an audit trail of administrative activities or logout another administrator Here are the available actions for Active Sessions View Show an audit trail of the administrat...

Страница 80: ...front of the device THE Bandura Cyber TIG WILL BE IN BYPASS MODE WHILE TURNED OFF AND WILL NOT FILTER PACKETS Press the power switch on the front of the device to turn the Bandura Cyber TIG back on I...

Страница 81: ...ich is a monitor and keyboard attached to the Bandura Cyber TIG or a text terminal program connected to the serial port The Bandura Cyber TIG will also enter Maintenance Mode if it fails a Self Test 3...

Страница 82: ...IG The information included is Registration Code Serial Number License Start Time License Expiration Time Max Alerts Max DCEL Providers Max DCEL Sources Max Exception List Max Exceptions Max Groups In...

Страница 83: ...on your web browser Microsoft Internet Explorer Do you want to save this file or find a program online to open it Click the save button and select a destination for the configuration file Mozilla Fir...

Страница 84: ...de Console when the Bandura Cyber TIG has entered Maintenance Mode The Maintenance Mode Console is a menu driven interface that requires special authentication to enter The Maintenance Mode Console is...

Страница 85: ...nality of the Maintenance Mode Console The user must answer yes to a confirmation prompt 2 Display Admin Interface Settings This will display all current admin interface settings including the IP addr...

Страница 86: ...Alarms on the Bandura Cyber TIG that have not been acknowledged or closed This can be used to determine why the Bandura Cyber TIG has entered Maintenance Mode 3 Reboot This will reboot the Bandura Cyb...

Страница 87: ...roblems may make your Bandura Cyber TIG inaccessible and require the use of the Recovery Console to restore your Bandura Cyber TIG The Recovery Console is a low level control program which can restore...

Страница 88: ...R Restart Bandura Cyber TIG This will reboot the Bandura Cyber TIG When the device is restarted select Bandura Cyber TIG from the menu to initialize the appliance You can now remove the monitor and ke...

Страница 89: ...k mask default gateway and DNS Server to use on the Administration Interface All items are required to be specified for the network connection to work If a mistake is made the settings can be changed...

Страница 90: ...Cyber TIG the IPv4 packet log the IPv6 packet log and the message log The Administrator is able to clear log records from the log file reinitialize the log files and overwrite the log files with eith...

Страница 91: ...1 Reinstall Current Firmware This is used reinstall the current firmware on the Bandura Cyber TIG 2 Download Latest Firmware This is used to download the latest firmware from the Bandura Cyber TIG su...

Страница 92: ...is to make the Internet work better by producing high quality relevant technical documents that influence the way people design use and manage the Internet http www itu int rec T REC X 509 en Internat...

Страница 93: ...Missouri Maryland 1 855 765 4925 www banduracyber com 92...

Отзывы:

Нет отзывов

Похожие инструкции для TIG BT-10G

SecPath F1000-AI-X0

Бренд: H3C Страницы: 73

Бренд: Watchguard Страницы: 41

Email Security 6000

Бренд: SonicWALL Страницы: 37

NetDefend DFL Series

Бренд: D-Link Страницы: 4

Бренд: D-Link Страницы: 2

DFL-1100 - Security Appliance

Бренд: D-Link Страницы: 2

DFL-210 - NetDefend - Security Appliance

Бренд: D-Link Страницы: 32

NetDefend DFL-860

Бренд: D-Link Страницы: 20

NetDefend DFL-260E

Бренд: D-Link Страницы: 32

DFL-210 - NetDefend - Security Appliance

Бренд: D-Link Страницы: 20

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды